Hello, everyone, I'm trying to set up spring security and I think I got it working but I'd like an efficient way to filter url patterns other than using antMatchers. I've seen some people use extended xml, but I'm unaware of exactly how to leverage this feature (Where should the file go, how should it be named, where can I find more docs about this feature?). Most importantly, I was curious if there was a dedicated DSL for spring security, similar to what

router {}

does, if there is I can't seem to find the docs. Can anyone here point me in the right direction?

I keep getting 401's with CORS preflight requests. https://www.baeldung.com/spring-security-cors-preflight didn't help. Summarized my problem here with some code on SO: https://stackoverflow.com/questions/61725124/spring-security-getting-401s-with-cors-preflights-despite-http-cors

Careful, log4j remote execution exploit. Slack Conversation

anyone have spring security jwt examples for security 6? Most implementations seem highly verbose

This message was deleted.

i already completed spring security 6 with jwt. but i 've got problem implement oauth. my concept is oauth authentication -> security filter chain (isAuthenticated == true) -> jwt claim what can i do first ? i wish low-customize, default. i read https://docs.spring.io/spring-security/reference/servlet/oauth2/login/advanced.html i cannot understand about that. help me. TT i also curious about multi oauth platform branch processing. i researched about that. many people said, handled branch processing with enum class. what is the best way to handle that you guys think ?