JAVA-29329 Upgrade spring-security-web-rest-basic-auth (#15457)

Co-authored-by: timis1 <noreplay@yahoo.com>

spring-security-modules/spring-security-web-rest-basic-auth/pom.xml

@@ -10,8 +10,9 @@
 
     <parent>
         <groupId>com.baeldung</groupId>
-        <artifactId>spring-security-modules</artifactId>
+        <artifactId>parent-boot-3</artifactId>
         <version>0.0.1-SNAPSHOT</version>
+        <relativePath>../../parent-boot-3</relativePath>
     </parent>
 
     <dependencies>
@@ -92,8 +93,8 @@
             </exclusions>
         </dependency>
         <dependency>
-            <groupId>org.apache.httpcomponents</groupId>
+            <groupId>org.apache.httpcomponents.client5</groupId>
-            <artifactId>httpclient</artifactId>
+            <artifactId>httpclient5</artifactId>
             <exclusions>
                 <exclusion>
                     <artifactId>commons-logging</artifactId>
@@ -101,19 +102,6 @@
                 </exclusion>
             </exclusions>
         </dependency>
-        <!-- web -->
-        <dependency>
-            <groupId>javax.servlet</groupId>
-            <artifactId>javax.servlet-api</artifactId>
-            <version>${javax.servlet-api.version}</version>
-            <scope>provided</scope>
-        </dependency>
-        <dependency>
-            <groupId>javax.servlet</groupId>
-            <artifactId>jstl</artifactId>
-            <version>${jstl.version}</version>
-            <scope>runtime</scope>
-        </dependency>
         <!-- util -->
         <dependency>
             <groupId>com.google.guava</groupId>
@@ -127,9 +115,9 @@
             <scope>test</scope>
         </dependency>
         <dependency>
-            <groupId>javax.xml.bind</groupId>
+            <groupId>jakarta.xml.bind</groupId>
-            <artifactId>jaxb-api</artifactId>
+            <artifactId>jakarta.xml.bind-api</artifactId>
-            <version>${jaxb-api.version}</version>
+            <version>4.0.1</version>
         </dependency>
     </dependencies>
 
@@ -230,6 +218,7 @@
         <httpclient.version>4.5.8</httpclient.version>
         <!-- Maven plugins -->
         <cargo-maven2-plugin.version>1.6.1</cargo-maven2-plugin.version>
+        <start-class>com.baeldung.inmemory.InMemoryAuthApplication</start-class>
     </properties>
 
 </project>

spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/basic/MyBasicAuthenticationEntryPoint.java

@@ -4,9 +4,8 @@ import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
 import org.springframework.stereotype.Component;
 
-import javax.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.io.PrintWriter;
 

spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/client/HttpComponentsClientHttpRequestFactoryBasicAuth.java

@@ -2,13 +2,13 @@ package com.baeldung.client;
 
 import java.net.URI;
 
-import org.apache.http.HttpHost;
+import org.apache.hc.client5.http.auth.AuthCache;
-import org.apache.http.client.AuthCache;
+import org.apache.hc.client5.http.impl.auth.BasicAuthCache;
-import org.apache.http.client.protocol.HttpClientContext;
+import org.apache.hc.client5.http.impl.auth.BasicScheme;
-import org.apache.http.impl.auth.BasicScheme;
+import org.apache.hc.client5.http.protocol.HttpClientContext;
-import org.apache.http.impl.client.BasicAuthCache;
+import org.apache.hc.core5.http.HttpHost;
-import org.apache.http.protocol.BasicHttpContext;
+import org.apache.hc.core5.http.protocol.BasicHttpContext;
-import org.apache.http.protocol.HttpContext;
+import org.apache.hc.core5.http.protocol.HttpContext;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
 

spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/client/RestTemplateFactory.java

@@ -1,6 +1,6 @@
 package com.baeldung.client;
 
-import org.apache.http.HttpHost;
+import org.apache.hc.core5.http.HttpHost;
 import org.springframework.beans.factory.FactoryBean;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.http.client.ClientHttpRequestFactory;
@@ -35,7 +35,7 @@ public class RestTemplateFactory implements FactoryBean<RestTemplate>, Initializ
 
     @Override
     public void afterPropertiesSet() {
-        HttpHost host = new HttpHost("localhost", 8082, "http");
+        HttpHost host = new HttpHost( "http", "localhost", 8082);
         final ClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactoryBasicAuth(host);
         restTemplate = new RestTemplate(requestFactory);
         restTemplate.getInterceptors().add(new BasicAuthenticationInterceptor("user1", "user1Pass"));

spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/filter/CustomFilter.java

@@ -2,10 +2,10 @@ package com.baeldung.filter;
 
 import org.springframework.web.filter.GenericFilterBean;
 
-import javax.servlet.FilterChain;
+import jakarta.servlet.FilterChain;
-import javax.servlet.ServletException;
+import jakarta.servlet.ServletException;
-import javax.servlet.ServletRequest;
+import jakarta.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
+import jakarta.servlet.ServletResponse;
 import java.io.IOException;
 
 public class CustomFilter extends GenericFilterBean {

spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/filter/CustomWebSecurityConfigurerAdapter.java

@@ -30,14 +30,10 @@ public class CustomWebSecurityConfigurerAdapter {
 
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http.authorizeRequests()
+        http.authorizeHttpRequests(expressionInterceptUrlRegistry ->
-            .antMatchers("/securityNone")
+                        expressionInterceptUrlRegistry.requestMatchers("/securityNone").permitAll()
-            .permitAll()
+                                .anyRequest().authenticated())
-            .anyRequest()
+            .httpBasic(httpSecurityHttpBasicConfigurer -> httpSecurityHttpBasicConfigurer.authenticationEntryPoint(authenticationEntryPoint));
-            .authenticated()
-            .and()
-            .httpBasic()
-            .authenticationEntryPoint(authenticationEntryPoint);
         http.addFilterAfter(new CustomFilter(), BasicAuthenticationFilter.class);
         return http.build();
     }

spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/inmemory/InMemoryAuthWebSecurityConfigurer.java

@@ -2,6 +2,7 @@ package com.baeldung.inmemory;
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
@@ -25,13 +26,11 @@ public class InMemoryAuthWebSecurityConfigurer {
 
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http.authorizeRequests()
+        http.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry ->
-            .antMatchers("/private/**")
+                        authorizationManagerRequestMatcherRegistry.requestMatchers("/private/**").authenticated()
-            .authenticated()
+                                .requestMatchers("/public/**").permitAll()
-            .antMatchers("/public/**")
+                )
-            .permitAll()
+            .httpBasic(Customizer.withDefaults());
-            .and()
-            .httpBasic();
         return http.build();
     }
 

spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/inmemory/InMemoryNoOpAuthWebSecurityConfigurer.java

@@ -1,6 +1,7 @@
 package com.baeldung.inmemory;
 
 import org.springframework.context.annotation.Bean;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
@@ -21,13 +22,9 @@ public class InMemoryNoOpAuthWebSecurityConfigurer {
 
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http.authorizeRequests()
+        http.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> authorizationManagerRequestMatcherRegistry.requestMatchers("/private/**").authenticated()
-            .antMatchers("/private/**")
+                        .requestMatchers("/public/**").permitAll())
-            .authenticated()
+            .httpBasic(Customizer.withDefaults());
-            .antMatchers("/public/**")
-            .permitAll()
-            .and()
-            .httpBasic();
         return http.build();
     }
 }

spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/passwordstorage/PasswordStorageWebSecurityConfigurer.java

@@ -46,7 +46,7 @@ public class PasswordStorageWebSecurityConfigurer {
         PasswordEncoder defaultEncoder = new StandardPasswordEncoder();
         Map<String, PasswordEncoder> encoders = new HashMap<>();
         encoders.put("bcrypt", new BCryptPasswordEncoder());
-        encoders.put("scrypt", new SCryptPasswordEncoder());
+        encoders.put("scrypt", new SCryptPasswordEncoder(1, 1, 1, 1, 10));
         encoders.put("noop", NoOpPasswordEncoder.getInstance());
 
         DelegatingPasswordEncoder passwordEncoder = new DelegatingPasswordEncoder("bcrypt", encoders);

spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/security/MySavedRequestAwareAuthenticationSuccessHandler.java

@@ -2,9 +2,9 @@ package com.baeldung.security;
 
 import java.io.IOException;
 
-import javax.servlet.ServletException;
+import jakarta.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;

spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/security/RestAuthenticationEntryPoint.java

@@ -2,8 +2,8 @@ package com.baeldung.security;
 
 import java.io.IOException;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.AuthenticationEntryPoint;
@@ -16,8 +16,7 @@ import org.springframework.stereotype.Component;
 public final class RestAuthenticationEntryPoint implements AuthenticationEntryPoint {
 
     @Override
-    public void commence(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationException authException) throws IOException {
+    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException {
         response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
     }
-
 }

spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/web/controller/BarController.java

@@ -2,8 +2,9 @@ package com.baeldung.web.controller;
 
 import java.nio.charset.Charset;
 
-import org.apache.commons.codec.binary.Base64;
 import com.baeldung.web.dto.Bar;
+
+import org.apache.hc.client5.http.utils.Base64;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.http.HttpHeaders;
@@ -35,7 +36,7 @@ public class BarController {
     public HttpHeaders createHeaders(String username, String password){
         return new HttpHeaders() {{
               String auth = username + ":" + password;
-              byte[] encodedAuth = Base64.encodeBase64( 
+              byte[] encodedAuth = Base64.encodeBase64(
                  auth.getBytes(Charset.forName("US-ASCII")) );
               String authHeader = "Basic " + new String( encodedAuth );
               set( "Authorization", authHeader );

spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/web/dto/Bar.java

@@ -2,7 +2,7 @@ package com.baeldung.web.dto;
 
 import java.io.Serializable;
 
-import javax.xml.bind.annotation.XmlRootElement;
+import jakarta.xml.bind.annotation.XmlRootElement;
 
 @XmlRootElement
 public class Bar implements Serializable {

spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/web/dto/Foo.java

@@ -2,7 +2,7 @@ package com.baeldung.web.dto;
 
 import java.io.Serializable;
 
-import javax.xml.bind.annotation.XmlRootElement;
+import jakarta.xml.bind.annotation.XmlRootElement;
 
 @XmlRootElement
 public class Foo implements Serializable {

spring-security-modules/spring-security-web-rest-basic-auth/src/main/resources/webSecurityConfig.xml

@@ -11,6 +11,7 @@
 
         <http-basic entry-point-ref="myBasicAuthenticationEntryPoint"/>
 
+        <intercept-url pattern="/**" access="permitAll" />
     </http>
 
     <authentication-manager>
@@ -22,7 +23,7 @@
     </authentication-manager>
 
     <global-method-security pre-post-annotations="enabled"/>
-        
+
     <beans:bean id="myBasicAuthenticationEntryPoint" class="com.baeldung.basic.MyBasicAuthenticationEntryPoint" />
 
 </beans:beans>