The Spring Boot book will be published in late April 2018 and will cover all current topics related to Spring Boot 2. In addition to the reactive programming model with Spring 5, this includes the new actuator infrastructure, Micrometer.io support and much more. I've just updated my Spring Boot project from 1.5.x to 2.0.0. Before the update, this application works properly but after the update, I'm getting some errors are below. Before the update, this application works properly but after the update, I'm getting some errors are below.
I'm migrating an application from Spring Boot 1.5 to 2.0.5. I have a property set as security.enable-csrf=true in 1.5 version which is not available in 2.0 version of Spring Boot. I read the documents and it is said that in Spring Boot 2.0: CSRF protection is enabled by default in the Java configuration. So by default it is enabled ok fine, but there is also one class created which extends WebSecurityConfigurerAdapter this means Spring Boot default security configuration has been turned off. Is this also means security.enable-csrf is disabled now? If yes how do I enable it like I had it in the application for 1.5 version.
![Boot Boot](/uploads/1/2/5/4/125429839/887751178.jpg)
I didn't get any document which gives a clear confirmation on how to handle security.enable-csrf property in Spring Boot 2.0 and while declaring the WebSecurityConfigurerAdapter. Does anyone know about it? Also any document link which I have missed to read about this would be great help. WebSecurityConfigurerAdapter is an abstract class, when you create a class which extends WebSecurityConfigurerAdapter, you will override void configure(HttpSecurity http) method. You can disable csrf in this method, like that; http.csrf.disable; You can read this comment on top of the csrf method (in HttpSecurity class). Adds CSRF support. This is activated by default when using WebSecurityConfigurerAdapter's default constructor.
![Boot `2 Boot `2](/uploads/1/2/5/4/125429839/934482110.jpg)
You can disable it.' This comment says that, when you extends this class, default constructor of WebSecurityConfigurerAdapter works and csrf is activated.