Migrate to Spring Security 6's `@EnableWebSocketSecurity`

[mraible]

Overview of the issue

Spring Security 6 introduces an @EnableWebSocketSecurity annotation to replace the deprecated AbstractSecurityWebSocketMessageBrokerConfigurer.

However, this annotation does not provide a way to disable CSRF for websockets.

From https://docs.spring.io/spring-security/reference/6.0/servlet/integrations/websocket.html:

NOTE: At this point, CSRF is not configurable when using @EnableWebSocketSecurity, though this will likely be added in a future release.

Motivation for or Use Case

We should not use deprecated classes where possible.

Reproduce the error

Generate an app with websockets and you'll see that WebsocketSecurityConfiguration extends a deprecated class. It'd be good to rename our Websocket classes to be WebSocket to be inline with Spring Security. However, it might be a pain for upgrading, so leaving the names as-is might be a good idea.

Related issues

• Upgrade to Spring Boot 3 #19782

[github-actions]

This issue is stale because it has been open for too long without any activity.
Due to the moving nature of jhipster generated application, bugs can become invalid.
If this issue still applies please comment otherwise it will be closed in 7 days

[atomfrede]

Keep it open.

[mdmm13]

Is there a workaround for this that does not involve using the deprecated MessageSecurityMetadataSourceRegistry?

[github-actions]

This issue is stale because it has been open for too long without any activity.
Due to the moving nature of jhipster generated application, bugs can become invalid.
If this issue still applies please comment otherwise it will be closed in 7 days

[ByungJun25]

FYI: @mdmm13 Hi, I found an issue showing a workaround. spring-projects/spring-security#12378 (comment) and spring-projects/spring-security#13640