Merge pull request #15960 from Michaelin007/springsecurity6

Migrate Application from Spring Security 5 to Spring Security 6

spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/springsecuritymigration/SpringSecurityMigration.java

@@ -0,0 +1,14 @@
+package com.baeldung.springsecuritymigration;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.web.servlet.config.annotation.EnableWebMvc;
+
+@SpringBootApplication
+@EnableWebMvc
+public class SpringSecurityMigration {
+
+    public static void main(String[] args) {
+        SpringApplication.run(SpringSecurityMigration.class);
+    }
+}

spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/springsecuritymigration/configuration/WebSecurityConfig.java

@@ -0,0 +1,51 @@
+package com.baeldung.springsecuritymigration.configuration;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration
+@EnableWebSecurity
+@EnableMethodSecurity
+public class WebSecurityConfig {
+
+    @Bean
+    public WebSecurityCustomizer webSecurityCustomizer() {
+        return (web) -> web.ignoring()
+            .requestMatchers("/js/**", "/css/**");
+    }
+
+    @Bean
+    SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http.cors(AbstractHttpConfigurer::disable)
+            .authorizeHttpRequests(request -> request.requestMatchers("/")
+                .permitAll()
+                .anyRequest()
+                .authenticated())
+            .formLogin(form -> form.defaultSuccessUrl("/welcome"))
+            .httpBasic(Customizer.withDefaults());
+        return http.build();
+    }
+
+    @Bean
+    public UserDetailsService userDetailsService() {
+        UserDetails user = User.withDefaultPasswordEncoder()
+            .username("User")
+            .password("password")
+            .roles("USER")
+            .build();
+
+        return new InMemoryUserDetailsManager(user);
+    }
+}

spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/springsecuritymigration/controller/WebController.java

@@ -0,0 +1,25 @@
+package com.baeldung.springsecuritymigration.controller;
+
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class WebController {
+
+    @RequestMapping("/")
+    public String home() {
+        return "Home Page";
+    }
+
+    @RequestMapping("/welcome")
+    public String welcome() {
+        return "Welcome User";
+    }
+
+    @PreAuthorize("hasRole('USER')")
+    @RequestMapping("/user-dashboard")
+    public String dashboard() {
+        return "My Dashboard";
+    }
+}

spring-security-modules/spring-security-core-2/src/test/java/com/baeldung/springsecuritymigration/SpringSecurityMigrationIntegrationTest.java

@@ -0,0 +1,45 @@
+package com.baeldung.springsecuritymigration;
+
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.security.test.context.support.WithAnonymousUser;
+import org.springframework.security.test.context.support.WithUserDetails;
+import org.springframework.test.web.servlet.MockMvc;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+import org.springframework.web.context.WebApplicationContext;
+
+import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+@SpringBootTest(classes = SpringSecurityMigration.class)
+public class SpringSecurityMigrationIntegrationTest {
+
+    @Autowired
+    private WebApplicationContext context;
+
+    private MockMvc mvc;
+
+    @BeforeEach
+    private void setup() {
+        mvc = MockMvcBuilders.webAppContextSetup(context)
+            .apply(springSecurity())
+            .build();
+    }
+
+    @Test
+    @WithAnonymousUser
+    public void givenAnAnonymousUser_whenAccessLogin_thenOk() throws Exception {
+        mvc.perform(get("/login"))
+            .andExpect(status().isOk());
+    }
+
+    @Test
+    @WithUserDetails
+    public void givenUserDetails_whenAccessUserDashboard_thenOk() throws Exception {
+        mvc.perform(get("/user-dashboard"))
+            .andExpect(status().isOk());
+    }
+}