JAVA-29170: Changes made for Upgrade spring-rest-http to Spring Boot 3 (#16000)

* JAVA-29170: Changes made for Upgrade spring-rest-http to Spring Boot 3 * JAVA-29316: Changes made for Upgrade spring-rest-http to Spring Boot 3 * JAVA-29316: Changes made for Upgrade spring-rest-http to Spring Boot 3
2024-03-08 02:44:09 +05:30 · 2024-03-08 02:44:09 +05:30 · 31cbe87a55
commit 31cbe87a55
parent 59d5922f48
8 changed files with 52 additions and 80 deletions
--- a/spring-security-modules/spring-security-web-rest/pom.xml
+++ b/spring-security-modules/spring-security-web-rest/pom.xml
@ -10,9 +10,9 @@
    <parent>
        <groupId>com.baeldung</groupId>
-        <artifactId>parent-spring-5</artifactId>
+        <artifactId>parent-boot-3</artifactId>
        <version>0.0.1-SNAPSHOT</version>
-        <relativePath>../../parent-spring-5</relativePath>
+        <relativePath>../../parent-boot-3</relativePath>
    </parent>
    <dependencies>
@ -144,6 +144,12 @@
            <artifactId>commons-fileupload</artifactId>
            <version>${commons-fileupload.version}</version>
        </dependency>
        <dependency>
            <groupId>jakarta.servlet</groupId>
            <artifactId>jakarta.servlet-api</artifactId>
            <version>${jakarta.servlet.version}</version>
            <scope>provided</scope>
        </dependency>
    </dependencies>
    <build>
@ -155,6 +161,13 @@
            </resource>
        </resources>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
                <configuration>
                    <skip>true</skip>
                </configuration>
            </plugin>
            <plugin>
                <groupId>org.codehaus.cargo</groupId>
                <artifactId>cargo-maven2-plugin</artifactId>
@ -237,6 +250,9 @@
        <rest-assured.version>2.9.0</rest-assured.version>
        <!-- Maven plugins -->
        <cargo-maven2-plugin.version>1.6.1</cargo-maven2-plugin.version>
        <spring.version>6.0.13</spring.version>
        <spring-security.version>6.1.5</spring-security.version>
        <jakarta.servlet.version>6.0.0</jakarta.servlet.version>
    </properties>
 </project>
--- a/spring-security-modules/spring-security-web-rest/src/main/java/com/baeldung/errorhandling/CustomRestExceptionHandler.java
+++ b/spring-security-modules/spring-security-web-rest/src/main/java/com/baeldung/errorhandling/CustomRestExceptionHandler.java
@ -9,8 +9,8 @@ import javax.validation.ConstraintViolationException;
 import org.springframework.beans.TypeMismatchException;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.HttpStatusCode;
 import org.springframework.http.ResponseEntity;
 import org.springframework.validation.BindException;
 import org.springframework.validation.FieldError;
 import org.springframework.validation.ObjectError;
 import org.springframework.web.HttpMediaTypeNotSupportedException;
@ -31,7 +31,7 @@ public class CustomRestExceptionHandler extends ResponseEntityExceptionHandler {
    // 400
    @Override
-    protected ResponseEntity<Object> handleMethodArgumentNotValid(final MethodArgumentNotValidException ex, final HttpHeaders headers, final HttpStatus status, final WebRequest request) {
+    protected ResponseEntity<Object> handleMethodArgumentNotValid(final MethodArgumentNotValidException ex, final HttpHeaders headers, final HttpStatusCode status, final WebRequest request) {
        logger.info(ex.getClass().getName());
        //
        final List<String> errors = new ArrayList<String>();
@ -46,22 +46,7 @@ public class CustomRestExceptionHandler extends ResponseEntityExceptionHandler {
    }
    @Override
-    protected ResponseEntity<Object> handleBindException(final BindException ex, final HttpHeaders headers, final HttpStatus status, final WebRequest request) {
+    protected ResponseEntity<Object> handleTypeMismatch(TypeMismatchException ex, HttpHeaders headers, HttpStatusCode status, WebRequest request) {
        logger.info(ex.getClass().getName());
        //
        final List<String> errors = new ArrayList<String>();
        for (final FieldError error : ex.getBindingResult().getFieldErrors()) {
            errors.add(error.getField() + ": " + error.getDefaultMessage());
        }
        for (final ObjectError error : ex.getBindingResult().getGlobalErrors()) {
            errors.add(error.getObjectName() + ": " + error.getDefaultMessage());
        }
        final ApiError apiError = new ApiError(HttpStatus.BAD_REQUEST, ex.getLocalizedMessage(), errors);
        return handleExceptionInternal(ex, apiError, headers, apiError.getStatus(), request);
    }
    @Override
    protected ResponseEntity<Object> handleTypeMismatch(final TypeMismatchException ex, final HttpHeaders headers, final HttpStatus status, final WebRequest request) {
        logger.info(ex.getClass().getName());
        //
        final String error = ex.getValue() + " value for " + ex.getPropertyName() + " should be of type " + ex.getRequiredType();
@ -71,7 +56,7 @@ public class CustomRestExceptionHandler extends ResponseEntityExceptionHandler {
    }
    @Override
-    protected ResponseEntity<Object> handleMissingServletRequestPart(final MissingServletRequestPartException ex, final HttpHeaders headers, final HttpStatus status, final WebRequest request) {
+    protected ResponseEntity<Object> handleMissingServletRequestPart(final MissingServletRequestPartException ex, final HttpHeaders headers, final HttpStatusCode status, final WebRequest request) {
        logger.info(ex.getClass().getName());
        //
        final String error = ex.getRequestPartName() + " part is missing";
@ -80,7 +65,7 @@ public class CustomRestExceptionHandler extends ResponseEntityExceptionHandler {
    }
    @Override
-    protected ResponseEntity<Object> handleMissingServletRequestParameter(final MissingServletRequestParameterException ex, final HttpHeaders headers, final HttpStatus status, final WebRequest request) {
+    protected ResponseEntity<Object> handleMissingServletRequestParameter(final MissingServletRequestParameterException ex, final HttpHeaders headers, final HttpStatusCode status, final WebRequest request) {
        logger.info(ex.getClass().getName());
        //
        final String error = ex.getParameterName() + " parameter is missing";
@ -116,7 +101,7 @@ public class CustomRestExceptionHandler extends ResponseEntityExceptionHandler {
    // 404
    @Override
-    protected ResponseEntity<Object> handleNoHandlerFoundException(final NoHandlerFoundException ex, final HttpHeaders headers, final HttpStatus status, final WebRequest request) {
+    protected ResponseEntity<Object> handleNoHandlerFoundException(final NoHandlerFoundException ex, final HttpHeaders headers, final HttpStatusCode status, final WebRequest request) {
        logger.info(ex.getClass().getName());
        //
        final String error = "No handler found for " + ex.getHttpMethod() + " " + ex.getRequestURL();
@ -128,7 +113,7 @@ public class CustomRestExceptionHandler extends ResponseEntityExceptionHandler {
    // 405
    @Override
-    protected ResponseEntity<Object> handleHttpRequestMethodNotSupported(final HttpRequestMethodNotSupportedException ex, final HttpHeaders headers, final HttpStatus status, final WebRequest request) {
+    protected ResponseEntity<Object> handleHttpRequestMethodNotSupported(final HttpRequestMethodNotSupportedException ex, final HttpHeaders headers, final HttpStatusCode status, final WebRequest request) {
        logger.info(ex.getClass().getName());
        //
        final StringBuilder builder = new StringBuilder();
@ -143,7 +128,7 @@ public class CustomRestExceptionHandler extends ResponseEntityExceptionHandler {
    // 415
    @Override
-    protected ResponseEntity<Object> handleHttpMediaTypeNotSupported(final HttpMediaTypeNotSupportedException ex, final HttpHeaders headers, final HttpStatus status, final WebRequest request) {
+    protected ResponseEntity<Object> handleHttpMediaTypeNotSupported(final HttpMediaTypeNotSupportedException ex, final HttpHeaders headers, final HttpStatusCode status, final WebRequest request) {
        logger.info(ex.getClass().getName());
        //
        final StringBuilder builder = new StringBuilder();
--- a/spring-security-modules/spring-security-web-rest/src/main/java/com/baeldung/security/SecurityJavaConfig.java
+++ b/spring-security-modules/spring-security-web-rest/src/main/java/com/baeldung/security/SecurityJavaConfig.java
@ -1,11 +1,13 @@
 package com.baeldung.security;
 import static org.springframework.security.config.Customizer.withDefaults;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor;
-import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.core.userdetails.User;
@ -23,7 +25,7 @@ import com.baeldung.web.error.CustomAccessDeniedHandler;
@Configuration
@EnableWebSecurity
-@EnableGlobalMethodSecurity(prePostEnabled = true)
+@EnableMethodSecurity(prePostEnabled = true)
@ComponentScan("com.baeldung.security")
 public class SecurityJavaConfig {
@ -53,33 +55,14 @@ public class SecurityJavaConfig {
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http.csrf()
+        http.authorizeHttpRequests (authorizeRequests -> authorizeRequests.requestMatchers("/api/csrfAttacker*").permitAll()
-            .disable()
+            .requestMatchers("/api/customer/**").permitAll()
-            .authorizeRequests()
+            .requestMatchers("/api/foos/**").authenticated()
-            .and()
+            .requestMatchers("/api/async/**").permitAll()
-            .exceptionHandling()
+            .requestMatchers("/api/admin/**").hasRole("ADMIN"))
-            .accessDeniedHandler(accessDeniedHandler)
+            .formLogin(formLogin -> formLogin.successHandler(mySuccessHandler).failureHandler(myFailureHandler))
-            .authenticationEntryPoint(restAuthenticationEntryPoint)
+            .httpBasic(withDefaults())
-            .and()
+            .logout(logout -> logout.permitAll());
            .authorizeRequests()
            .antMatchers("/api/csrfAttacker*")
            .permitAll()
            .antMatchers("/api/customer/**")
            .permitAll()
            .antMatchers("/api/foos/**")
            .authenticated()
            .antMatchers("/api/async/**")
            .permitAll()
            .antMatchers("/api/admin/**")
            .hasRole("ADMIN")
            .and()
            .formLogin()
            .successHandler(mySuccessHandler)
            .failureHandler(myFailureHandler)
            .and()
            .httpBasic()
            .and()
            .logout();
        return http.build();
    }
--- a/spring-security-modules/spring-security-web-rest/src/main/java/com/baeldung/security/web/MySavedRequestAwareAuthenticationSuccessHandler.java
+++ b/spring-security-modules/spring-security-web-rest/src/main/java/com/baeldung/security/web/MySavedRequestAwareAuthenticationSuccessHandler.java
@ -2,10 +2,6 @@ package com.baeldung.security.web;
 import java.io.IOException;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
 import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
@ -14,6 +10,10 @@ import org.springframework.security.web.savedrequest.SavedRequest;
 import org.springframework.stereotype.Component;
 import org.springframework.util.StringUtils;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
@Component
 public class MySavedRequestAwareAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
--- a/spring-security-modules/spring-security-web-rest/src/main/java/com/baeldung/security/web/RestAuthenticationEntryPoint.java
+++ b/spring-security-modules/spring-security-web-rest/src/main/java/com/baeldung/security/web/RestAuthenticationEntryPoint.java
@ -2,13 +2,13 @@ package com.baeldung.security.web;
 import java.io.IOException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.stereotype.Component;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 /**
 * The Entry Point will not redirect to any sort of Login - it will return the 401
 */
--- a/spring-security-modules/spring-security-web-rest/src/main/java/com/baeldung/web/error/CustomAccessDeniedHandler.java
+++ b/spring-security-modules/spring-security-web-rest/src/main/java/com/baeldung/web/error/CustomAccessDeniedHandler.java
@ -2,14 +2,15 @@ package com.baeldung.web.error;
 import java.io.IOException;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.web.access.AccessDeniedHandler;
 import org.springframework.stereotype.Component;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
@Component
 public class CustomAccessDeniedHandler implements AccessDeniedHandler {
--- a/spring-security-modules/spring-security-web-rest/src/main/java/com/baeldung/web/error/RestResponseEntityExceptionHandler.java
+++ b/spring-security-modules/spring-security-web-rest/src/main/java/com/baeldung/web/error/RestResponseEntityExceptionHandler.java
@ -32,19 +32,6 @@ public class RestResponseEntityExceptionHandler extends ResponseEntityExceptionH
        return handleExceptionInternal(ex, bodyOfResponse, new HttpHeaders(), HttpStatus.BAD_REQUEST, request);
    }
    @Override
    protected ResponseEntity<Object> handleHttpMessageNotReadable(final HttpMessageNotReadableException ex, final HttpHeaders headers, final HttpStatus status, final WebRequest request) {
        final String bodyOfResponse = "This should be application specific";
        // ex.getCause() instanceof JsonMappingException, JsonParseException // for additional information later on
        return handleExceptionInternal(ex, bodyOfResponse, headers, HttpStatus.BAD_REQUEST, request);
    }
    @Override
    protected ResponseEntity<Object> handleMethodArgumentNotValid(final MethodArgumentNotValidException ex, final HttpHeaders headers, final HttpStatus status, final WebRequest request) {
        final String bodyOfResponse = "This should be application specific";
        return handleExceptionInternal(ex, bodyOfResponse, headers, HttpStatus.BAD_REQUEST, request);
    }
    // 403
    @ExceptionHandler({ AccessDeniedException.class })
    public ResponseEntity<Object> handleAccessDeniedException(final Exception ex, final WebRequest request) {
--- a/spring-security-modules/spring-security-web-rest/src/test/java/com/baeldung/web/TestConfig.java
+++ b/spring-security-modules/spring-security-web-rest/src/test/java/com/baeldung/web/TestConfig.java
@ -4,7 +4,7 @@ import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.multipart.MultipartResolver;
-import org.springframework.web.multipart.commons.CommonsMultipartResolver;
+import org.springframework.web.multipart.support.StandardServletMultipartResolver;
@Configuration
@ComponentScan({ "com.baeldung.web" })
@ -12,7 +12,7 @@ public class TestConfig {
    @Bean
    public MultipartResolver multipartResolver() {
-        CommonsMultipartResolver multipartResolver = new CommonsMultipartResolver();
+        StandardServletMultipartResolver multipartResolver = new StandardServletMultipartResolver();
        return multipartResolver;
    }