Spring Security Many configuration tags are not recommended after Spring security version 3.1.0

When I use Spring Boot parent version 3.1.0, the default security is also 3.1.0. In my development tool, it prompts that some methods have been marked as removed and are not recommended to use. However, this warning is not available in version 3.0.1. Do I want to know any alternative configurations? Or documentation?

code:

@Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
             http.csrf().disable()
                .cors().and()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .authorizeRequests()
                .antMatchers(HttpMethod.POST,"/account/**")
                        .permitAll()
                // role
                .antMatchers("/test")
                        .hasAuthority("admin")
                .anyRequest()
                        .authenticated()
                        .and()
                        .authenticationManager(authenticationManager(authenticationConfiguration))
                        .sessionManagement()
                        .sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                        .addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class)
                ;
        http.headers().frameOptions().disable();
        return http.build();
    }

Comment From: halng

I have the same problem as you, and here's how to fix it:

http.csrf().disable()  /* change to: */  http.csrf(AbstractHttpConfigurer::disable);

http..sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)  
/* change to: */ 
http.sessionManagement(sess -> sess.sessionCreationPolicy(SessionCreationPolicy.STATELESS))

http..authorizeRequests().antMatchers(HttpMethod.POST,"/account/**").permitAll() 
 /* change to: */ 
http.authorizeHttpRequests(matcher -> matcher.requestMatchers("/pattern").permitAll().anyRequest().authenticated());

it changes to lambda expression. refer: https://reflectoring.io/spring-security/

Comment From: Jzow

@tanhaok Thanks, I'll give it a try

Comment From: mdeinum

The replacement are documented in the javadoc of the underlying configurer implementations. Like the csrf(). This applies to all top-level ones as well as the nested ones.

Related: #13273

Comment From: marcusdacoregio

In addition to @mdeinum answer, this has also been documented here https://docs.spring.io/spring-security/reference/migration-7/configuration.html#_use_the_lambda_dsl. That said, I'm closing this as solved. Thanks everyone.