JAVA-29308 Upgrade spring-security-web-boot-5 (#15642)

Co-authored-by: timis1 <noreplay@yahoo.com>
2024-01-15 17:21:46 +02:00 · 2024-01-15 17:21:46 +02:00 · 6818b14f15
parent eb6e485b58
commit 6818b14f15
2 changed files with 17 additions and 12 deletions
--- a/spring-security-modules/spring-security-web-boot-5/pom.xml
+++ b/spring-security-modules/spring-security-web-boot-5/pom.xml
@ -11,7 +11,8 @@

    <parent>
        <groupId>com.baeldung</groupId>
-        <artifactId>spring-security-modules</artifactId>
+        <artifactId>parent-boot-3</artifactId>
+        <relativePath>../../parent-boot-3</relativePath>
        <version>0.0.1-SNAPSHOT</version>
    </parent>

@ -29,6 +30,10 @@
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
+        <dependency>
+            <groupId>io.rest-assured</groupId>
+            <artifactId>rest-assured</artifactId>
+        </dependency>
    </dependencies>

    <build>
--- a/spring-security-modules/spring-security-web-boot-5/src/main/java/com/baeldung/customauth/configuration/SecurityConfig.java
+++ b/spring-security-modules/spring-security-web-boot-5/src/main/java/com/baeldung/customauth/configuration/SecurityConfig.java
@ -8,15 +8,17 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.ProviderManager;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter;
 import org.springframework.security.web.header.HeaderWriterFilter;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
 import java.util.Collections;

@Configuration
@ -35,17 +37,15 @@ public class SecurityConfig {

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http.cors().and().csrf()
-            .disable()
-            .sessionManagement()
-            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
-            .and()
+        http.cors(Customizer.withDefaults()).csrf(AbstractHttpConfigurer::disable)
+            .sessionManagement(httpSecuritySessionManagementConfigurer -> httpSecuritySessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
            .addFilterAfter(requestHeaderAuthenticationFilter(), HeaderWriterFilter.class)
-            .authorizeHttpRequests()
-            .antMatchers(HttpMethod.GET,"/health").permitAll()
-            .antMatchers("/api/**").authenticated().and()
-            .exceptionHandling().authenticationEntryPoint((request, response, authException) ->
-                        response.sendError(HttpServletResponse.SC_UNAUTHORIZED));
+            .authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> authorizationManagerRequestMatcherRegistry
+                    .requestMatchers(HttpMethod.GET, "/health").permitAll()
+                    .requestMatchers("/api/**").authenticated())
+            .exceptionHandling(httpSecurityExceptionHandlingConfigurer -> httpSecurityExceptionHandlingConfigurer
+                    .authenticationEntryPoint((request, response, authException) ->
+                            response.sendError(HttpServletResponse.SC_UNAUTHORIZED)));

        return http.build();
    }