bael-6473: upgrade Spring Security to 6

2023-09-03 16:54:24 +03:30 · 2023-09-03 16:54:24 +03:30 · 0846aa401f
parent ad85139fe5
commit 0846aa401f
5 changed files with 25 additions and 22 deletions
--- a/spring-reactive-modules/spring-reactive/src/main/java/com/baeldung/reactive/debugging/consumer/ConsumerDebuggingApplication.java
+++ b/spring-reactive-modules/spring-reactive/src/main/java/com/baeldung/reactive/debugging/consumer/ConsumerDebuggingApplication.java
@ -24,10 +24,10 @@ public class ConsumerDebuggingApplication {

    @Bean
    public SecurityWebFilterChain debuggingConsumerSpringSecurityFilterChain(ServerHttpSecurity http) {
-        http.authorizeExchange()
-            .anyExchange()
-            .permitAll();
-        http.csrf().disable();
+        http.authorizeExchange(exchanges  -> exchanges
+          .anyExchange()
+          .permitAll());
+        http.csrf(csrf -> csrf.disable());
        return http.build();
    }
 }
--- a/spring-reactive-modules/spring-reactive/src/main/java/com/baeldung/reactive/debugging/server/ServerDebuggingApplication.java
+++ b/spring-reactive-modules/spring-reactive/src/main/java/com/baeldung/reactive/debugging/server/ServerDebuggingApplication.java
@ -22,9 +22,9 @@ public class ServerDebuggingApplication {
    
    @Bean
    public SecurityWebFilterChain debuggingServerSpringSecurityFilterChain(ServerHttpSecurity http) {
-        http.authorizeExchange()
-            .anyExchange()
-            .permitAll();
+        http.authorizeExchange(exchanges  -> exchanges
+          .anyExchange()
+          .permitAll());
        return http.build();
    }
 }
--- a/spring-reactive-modules/spring-reactive/src/main/java/com/baeldung/reactive/security/SecurityConfig.java
+++ b/spring-reactive-modules/spring-reactive/src/main/java/com/baeldung/reactive/security/SecurityConfig.java
@ -1,6 +1,7 @@
 package com.baeldung.reactive.security;

 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
@ -12,18 +13,19 @@ import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.server.SecurityWebFilterChain;

@EnableWebFluxSecurity
+@Configuration
@EnableReactiveMethodSecurity
 public class SecurityConfig {

    @Bean
    public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
-        return http.authorizeExchange()
-          .pathMatchers("/admin").hasAuthority("ROLE_ADMIN")
-          .anyExchange().authenticated()
-          .and()
-          .formLogin()
-          .and()
-          .csrf().disable()
+        return http
+          .authorizeExchange(exchanges  -> exchanges
+            .pathMatchers("/admin").hasAuthority("ROLE_ADMIN")
+            .anyExchange().authenticated())
+          .formLogin(formLogin -> formLogin
+            .loginPage("/login"))
+          .csrf(csrf -> csrf.disable())
          .build();
    }

--- a/spring-reactive-modules/spring-reactive/src/main/java/com/baeldung/reactive/webclient/WebClientApplication.java
+++ b/spring-reactive-modules/spring-reactive/src/main/java/com/baeldung/reactive/webclient/WebClientApplication.java
@ -16,9 +16,8 @@ public class WebClientApplication {

    @Bean
    public SecurityWebFilterChain filterChain(ServerHttpSecurity http) {
-        http.csrf().disable()
-          .authorizeExchange()
-          .anyExchange().permitAll();
+        http.csrf(csrf -> csrf.disable())
+          .authorizeExchange(exchanges  -> exchanges.anyExchange().permitAll());
        return http.build();
    }
 }
--- a/spring-reactive-modules/spring-reactive/src/main/java/com/baeldung/reactive/webflux/annotation/EmployeeWebSecurityConfig.java
+++ b/spring-reactive-modules/spring-reactive/src/main/java/com/baeldung/reactive/webflux/annotation/EmployeeWebSecurityConfig.java
@ -1,7 +1,9 @@
 package com.baeldung.reactive.webflux.annotation;

 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
 import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
@ -12,6 +14,7 @@ import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.server.SecurityWebFilterChain;

@EnableWebFluxSecurity
+@Configuration
 public class EmployeeWebSecurityConfig {

    @Bean
@ -27,12 +30,11 @@ public class EmployeeWebSecurityConfig {
    @Bean
    public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
        http
-          .csrf().disable()
-          .authorizeExchange()
+          .csrf(csrf -> csrf.disable())
+          .authorizeExchange(exchanges -> exchanges
            .pathMatchers(HttpMethod.POST, "/employees/update").hasRole("ADMIN")
-            .pathMatchers("/**").permitAll()
-          .and()
-          .httpBasic();
+            .pathMatchers("/**").permitAll())
+          .httpBasic(Customizer.withDefaults());
        return http.build();
    }