diff --git a/spring-security-modules/spring-security-oauth2-testing/pom.xml b/spring-security-modules/spring-security-oauth2-testing/pom.xml index 7e3afd00e7..1f1c441cf5 100644 --- a/spring-security-modules/spring-security-oauth2-testing/pom.xml +++ b/spring-security-modules/spring-security-oauth2-testing/pom.xml @@ -32,6 +32,7 @@ 7.1.10 + 17 \ No newline at end of file diff --git a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/java/com/baeldung/ReactiveResourceServerApplication.java b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/java/com/baeldung/ReactiveResourceServerApplication.java index 716900ea51..5dd9268092 100644 --- a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/java/com/baeldung/ReactiveResourceServerApplication.java +++ b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/java/com/baeldung/ReactiveResourceServerApplication.java @@ -22,6 +22,7 @@ import org.springframework.security.authentication.AuthenticationCredentialsNotF import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity; import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity; import org.springframework.security.config.web.server.ServerHttpSecurity; +import org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.context.ReactiveSecurityContextHolder; @@ -54,7 +55,7 @@ public class ReactiveResourceServerApplication { SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) { http.oauth2ResourceServer(resourceServer -> resourceServer.jwt(withDefaults())); http.securityContextRepository(NoOpServerSecurityContextRepository.getInstance()); - http.csrf(csrf -> csrf.disable()); + http.csrf(CsrfSpec::disable); http.exceptionHandling(eh -> eh .accessDeniedHandler((var exchange, var ex) -> exchange.getPrincipal().flatMap(principal -> { final var response = exchange.getResponse(); diff --git a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/java/com/baeldung/ReactiveResourceServerApplicationIntegrationTest.java b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/java/com/baeldung/ReactiveResourceServerApplicationIntegrationTest.java index d6bfbf4e2d..aab983429f 100644 --- a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/java/com/baeldung/ReactiveResourceServerApplicationIntegrationTest.java +++ b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/java/com/baeldung/ReactiveResourceServerApplicationIntegrationTest.java @@ -24,7 +24,7 @@ class ReactiveResourceServerApplicationIntegrationTest { @Test @WithAnonymousUser - void givenRequestIsAnonymous_whenGetGreet_thenUnauthorized() throws Exception { + void givenRequestIsAnonymous_whenGetGreet_thenUnauthorized() { api.get() .uri("/greet") .exchange() @@ -34,7 +34,7 @@ class ReactiveResourceServerApplicationIntegrationTest { @Test @WithJwt("ch4mpy.json") - void givenUserIsAuthenticated_whenGetGreet_thenOk() throws Exception { + void givenUserIsAuthenticated_whenGetGreet_thenOk() { api.get() .uri("/greet") .exchange() @@ -51,7 +51,7 @@ class ReactiveResourceServerApplicationIntegrationTest { @Test @WithAnonymousUser - void givenRequestIsAnonymous_whenGetSecuredRoute_thenUnauthorized() throws Exception { + void givenRequestIsAnonymous_whenGetSecuredRoute_thenUnauthorized() { api.get() .uri("/secured-route") .exchange() @@ -61,7 +61,7 @@ class ReactiveResourceServerApplicationIntegrationTest { @Test @WithMockAuthentication("ROLE_AUTHORIZED_PERSONNEL") - void givenUserIsGrantedWithRoleAuthorizedPersonnel_whenGetSecuredRoute_thenOk() throws Exception { + void givenUserIsGrantedWithRoleAuthorizedPersonnel_whenGetSecuredRoute_thenOk() { api.get() .uri("/secured-route") .exchange() @@ -73,7 +73,7 @@ class ReactiveResourceServerApplicationIntegrationTest { @Test @WithMockAuthentication("admin") - void givenUserIsNotGrantedWithRoleAuthorizedPersonnel_whenGetSecuredRoute_thenForbidden() throws Exception { + void givenUserIsNotGrantedWithRoleAuthorizedPersonnel_whenGetSecuredRoute_thenForbidden() { api.get() .uri("/secured-route") .exchange() @@ -88,7 +88,7 @@ class ReactiveResourceServerApplicationIntegrationTest { @Test @WithAnonymousUser - void givenRequestIsAnonymous_whenGetSecuredMethod_thenUnauthorized() throws Exception { + void givenRequestIsAnonymous_whenGetSecuredMethod_thenUnauthorized() { api.get() .uri("/secured-method") .exchange() @@ -98,7 +98,7 @@ class ReactiveResourceServerApplicationIntegrationTest { @Test @WithMockAuthentication("ROLE_AUTHORIZED_PERSONNEL") - void givenUserIsGrantedWithRoleAuthorizedPersonnel_whenGetSecuredMethod_thenOk() throws Exception { + void givenUserIsGrantedWithRoleAuthorizedPersonnel_whenGetSecuredMethod_thenOk() { api.get() .uri("/secured-method") .exchange() @@ -110,7 +110,7 @@ class ReactiveResourceServerApplicationIntegrationTest { @Test @WithMockAuthentication("admin") - void givenUserIsNotGrantedWithRoleAuthorizedPersonnel_whenGetSecuredMethod_thenForbidden() throws Exception { + void givenUserIsNotGrantedWithRoleAuthorizedPersonnel_whenGetSecuredMethod_thenForbidden() { api.get() .uri("/secured-method") .exchange() diff --git a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/java/com/baeldung/SpringAddonsGreetingControllerUnitTest.java b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/java/com/baeldung/SpringAddonsGreetingControllerUnitTest.java index f31bbe3ae8..3038785921 100644 --- a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/java/com/baeldung/SpringAddonsGreetingControllerUnitTest.java +++ b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/java/com/baeldung/SpringAddonsGreetingControllerUnitTest.java @@ -39,7 +39,7 @@ class SpringAddonsGreetingControllerUnitTest { @Test @WithAnonymousUser - void givenRequestIsAnonymous_whenGetGreet_thenUnauthorized() throws Exception { + void givenRequestIsAnonymous_whenGetGreet_thenUnauthorized() { api.get().uri("/greet").exchange().expectStatus().isUnauthorized(); } @@ -47,7 +47,7 @@ class SpringAddonsGreetingControllerUnitTest { @AuthenticationSource({ @WithMockAuthentication(authorities = { "admin", "ROLE_AUTHORIZED_PERSONNEL" }, name = "ch4mpy"), @WithMockAuthentication(authorities = { "uncle", "PIRATE" }, name = "tonton-pirate") }) - void givenUserIsAuthenticated_whenGetGreet_thenOk(@ParameterizedAuthentication Authentication auth) throws Exception { + void givenUserIsAuthenticated_whenGetGreet_thenOk(@ParameterizedAuthentication Authentication auth) { final var greeting = "Whatever the service returns"; when(messageService.greet()).thenReturn(Mono.just(greeting)); @@ -67,13 +67,13 @@ class SpringAddonsGreetingControllerUnitTest { @Test @WithAnonymousUser - void givenRequestIsAnonymous_whenGetSecuredRoute_thenUnauthorized() throws Exception { + void givenRequestIsAnonymous_whenGetSecuredRoute_thenUnauthorized() { api.get().uri("/secured-route").exchange().expectStatus().isUnauthorized(); } @Test @WithMockAuthentication("ROLE_AUTHORIZED_PERSONNEL") - void givenUserIsGrantedWithRoleAuthorizedPersonnel_whenGetSecuredRoute_thenOk() throws Exception { + void givenUserIsGrantedWithRoleAuthorizedPersonnel_whenGetSecuredRoute_thenOk() { final var secret = "Secret!"; when(messageService.getSecret()).thenReturn(Mono.just(secret)); @@ -82,7 +82,7 @@ class SpringAddonsGreetingControllerUnitTest { @Test @WithMockAuthentication("admin") - void givenUserIsNotGrantedWithRoleAuthorizedPersonnel_whenGetSecuredRoute_thenForbidden() throws Exception { + void givenUserIsNotGrantedWithRoleAuthorizedPersonnel_whenGetSecuredRoute_thenForbidden() { api.get().uri("/secured-route").exchange().expectStatus().isForbidden(); } @@ -96,13 +96,13 @@ class SpringAddonsGreetingControllerUnitTest { @Test @WithAnonymousUser - void givenRequestIsAnonymous_whenGetSecuredMethod_thenUnauthorized() throws Exception { + void givenRequestIsAnonymous_whenGetSecuredMethod_thenUnauthorized() { api.get().uri("/secured-method").exchange().expectStatus().isUnauthorized(); } @Test @WithMockAuthentication("ROLE_AUTHORIZED_PERSONNEL") - void givenUserIsGrantedWithRoleAuthorizedPersonnel_whenGetSecuredMethod_thenOk() throws Exception { + void givenUserIsGrantedWithRoleAuthorizedPersonnel_whenGetSecuredMethod_thenOk() { final var secret = "Secret!"; when(messageService.getSecret()).thenReturn(Mono.just(secret)); @@ -111,7 +111,7 @@ class SpringAddonsGreetingControllerUnitTest { @Test @WithMockAuthentication("admin") - void givenUserIsNotGrantedWithRoleAuthorizedPersonnel_whenGetSecuredMethod_thenForbidden() throws Exception { + void givenUserIsNotGrantedWithRoleAuthorizedPersonnel_whenGetSecuredMethod_thenForbidden() { api.get().uri("/secured-method").exchange().expectStatus().isForbidden(); } diff --git a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/java/com/baeldung/SpringSecurityTestGreetingControllerUnitTest.java b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/java/com/baeldung/SpringSecurityTestGreetingControllerUnitTest.java index e048481ce4..c7a0659cf1 100644 --- a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/java/com/baeldung/SpringSecurityTestGreetingControllerUnitTest.java +++ b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/java/com/baeldung/SpringSecurityTestGreetingControllerUnitTest.java @@ -39,7 +39,7 @@ class SpringSecurityTestGreetingControllerUnitTest { /*-----------------------------------------------------------------------------*/ @Test - void givenRequestIsAnonymous_whenGetGreet_thenUnauthorized() throws Exception { + void givenRequestIsAnonymous_whenGetGreet_thenUnauthorized() { api.mutateWith(mockAuthentication(ANONYMOUS_AUTHENTICATION)) .get() .uri("/greet") @@ -49,7 +49,7 @@ class SpringSecurityTestGreetingControllerUnitTest { } @Test - void givenUserIsAuthenticated_whenGetGreet_thenOk() throws Exception { + void givenUserIsAuthenticated_whenGetGreet_thenOk() { final var greeting = "Whatever the service returns"; when(messageService.greet()).thenReturn(Mono.just(greeting)); @@ -72,7 +72,7 @@ class SpringSecurityTestGreetingControllerUnitTest { /*---------------------------------------------------------------------------------------------------------------------*/ @Test - void givenRequestIsAnonymous_whenGetSecuredRoute_thenUnauthorized() throws Exception { + void givenRequestIsAnonymous_whenGetSecuredRoute_thenUnauthorized() { api.mutateWith(mockAuthentication(ANONYMOUS_AUTHENTICATION)) .get() .uri("/secured-route") @@ -82,7 +82,7 @@ class SpringSecurityTestGreetingControllerUnitTest { } @Test - void givenUserIsGrantedWithRoleAuthorizedPersonnel_whenGetSecuredRoute_thenOk() throws Exception { + void givenUserIsGrantedWithRoleAuthorizedPersonnel_whenGetSecuredRoute_thenOk() { final var secret = "Secret!"; when(messageService.getSecret()).thenReturn(Mono.just(secret)); @@ -97,7 +97,7 @@ class SpringSecurityTestGreetingControllerUnitTest { } @Test - void givenUserIsNotGrantedWithRoleAuthorizedPersonnel_whenGetSecuredRoute_thenForbidden() throws Exception { + void givenUserIsNotGrantedWithRoleAuthorizedPersonnel_whenGetSecuredRoute_thenForbidden() { api.mutateWith(mockJwt().authorities(new SimpleGrantedAuthority("admin"))) .get() .uri("/secured-route") @@ -112,7 +112,7 @@ class SpringSecurityTestGreetingControllerUnitTest { /*---------------------------------------------------------------------------------------------------------*/ @Test - void givenRequestIsAnonymous_whenGetSecuredMethod_thenUnauthorized() throws Exception { + void givenRequestIsAnonymous_whenGetSecuredMethod_thenUnauthorized() { api.mutateWith(mockAuthentication(ANONYMOUS_AUTHENTICATION)) .get() .uri("/secured-method") @@ -122,7 +122,7 @@ class SpringSecurityTestGreetingControllerUnitTest { } @Test - void givenUserIsGrantedWithRoleAuthorizedPersonnel_whenGetSecuredMethod_thenOk() throws Exception { + void givenUserIsGrantedWithRoleAuthorizedPersonnel_whenGetSecuredMethod_thenOk() { final var secret = "Secret!"; when(messageService.getSecret()).thenReturn(Mono.just(secret)); @@ -137,7 +137,7 @@ class SpringSecurityTestGreetingControllerUnitTest { } @Test - void givenUserIsNotGrantedWithRoleAuthorizedPersonnel_whenGetSecuredMethod_thenForbidden() throws Exception { + void givenUserIsNotGrantedWithRoleAuthorizedPersonnel_whenGetSecuredMethod_thenForbidden() { api.mutateWith(mockJwt().authorities(new SimpleGrantedAuthority("admin"))) .get() .uri("/secured-method") diff --git a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/java/com/baeldung/ServletResourceServerApplication.java b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/java/com/baeldung/ServletResourceServerApplication.java index 8258955afe..7887089458 100644 --- a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/java/com/baeldung/ServletResourceServerApplication.java +++ b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/java/com/baeldung/ServletResourceServerApplication.java @@ -19,6 +19,7 @@ import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; @@ -50,7 +51,7 @@ public class ServletResourceServerApplication { SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http.oauth2ResourceServer(resourceServer -> resourceServer.jwt(withDefaults())); http.sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS)); - http.csrf(csrf -> csrf.disable()); + http.csrf(AbstractHttpConfigurer::disable); http.exceptionHandling(eh -> eh.authenticationEntryPoint((request, response, authException) -> { response.addHeader(HttpHeaders.WWW_AUTHENTICATE, "Bearer realm=\"Restricted Content\""); response.sendError(HttpStatus.UNAUTHORIZED.value(), HttpStatus.UNAUTHORIZED.getReasonPhrase());