Migrate Application from Spring Security 5 to Spring Security 6

2024-02-26 10:09:46 +00:00 · 2024-02-26 10:09:46 +00:00 · ba7d2a971d
parent c392fb7021
commit ba7d2a971d
4 changed files with 68 additions and 3 deletions
--- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/springsecuritymigration/SpringSecurityMigration.java
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/springsecuritymigration/SpringSecurityMigration.java
@ -0,0 +1,14 @@
+package com.baeldung.springsecuritymigration;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.web.servlet.config.annotation.EnableWebMvc;
+
+@SpringBootApplication
+@EnableWebMvc
+public class SpringSecurityMigration {
+
+    public static void main(String[] args) {
+        SpringApplication.run(SpringSecurityMigration.class);
+    }
+}
--- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/springsecuritymigration/configuration/WebSecurityConfig.java
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/springsecuritymigration/configuration/WebSecurityConfig.java
@ -1,8 +1,10 @@
-package com.baeldung.springsecuritymigration;
+package com.baeldung.springsecuritymigration.configuration;

 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
@ -15,11 +17,13 @@ import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
+@EnableMethodSecurity
 public class WebSecurityConfig {

    @Bean
    public WebSecurityCustomizer webSecurityCustomizer() {
-        return (web) -> web.ignoring().requestMatchers("/js/**", "/css/**");
+        return (web) -> web.ignoring()
+            .requestMatchers("/js/**", "/css/**");
    }

    @Bean
--- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/springsecuritymigration/controller/WebController.java
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/springsecuritymigration/controller/WebController.java
@ -1,5 +1,6 @@
-package com.baeldung.springsecuritymigration;
+package com.baeldung.springsecuritymigration.controller;

+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;

@ -16,6 +17,7 @@ public class WebController {
        return "Welcome User";
    }

+    @PreAuthorize("hasRole('USER')")
    @RequestMapping("/user-dashboard")
    public String dashboard() {
        return "My Dashboard";
--- a/spring-security-modules/spring-security-core-2/src/test/java/com/baeldung/springsecuritymigration/SpringSecurityMigrationIntegrationTest.java
+++ b/spring-security-modules/spring-security-core-2/src/test/java/com/baeldung/springsecuritymigration/SpringSecurityMigrationIntegrationTest.java
@ -0,0 +1,45 @@
+package com.baeldung.springsecuritymigration;
+
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.security.test.context.support.WithAnonymousUser;
+import org.springframework.security.test.context.support.WithUserDetails;
+import org.springframework.test.web.servlet.MockMvc;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+import org.springframework.web.context.WebApplicationContext;
+
+import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+@SpringBootTest(classes = SpringSecurityMigration.class)
+public class SpringSecurityMigrationIntegrationTest {
+
+    @Autowired
+    private WebApplicationContext context;
+
+    private MockMvc mvc;
+
+    @BeforeEach
+    private void setup() {
+        mvc = MockMvcBuilders.webAppContextSetup(context)
+            .apply(springSecurity())
+            .build();
+    }
+
+    @Test
+    @WithAnonymousUser
+    public void givenAnAnonymousUser_whenAccessLogin_thenOk() throws Exception {
+        mvc.perform(get("/login"))
+            .andExpect(status().isOk());
+    }
+
+    @Test
+    @WithUserDetails
+    public void givenUserDetails_whenAccessUserDashboard_thenOk() throws Exception {
+        mvc.perform(get("/user-dashboard"))
+            .andExpect(status().isOk());
+    }
+}