From bda3903057e3a426b87bf0eb427faea9aaf74773 Mon Sep 17 00:00:00 2001
From: timis1 <12120641+timis1@users.noreply.github.com>
Date: Mon, 5 Feb 2024 22:47:55 +0200
Subject: [PATCH] JAVA-29309 Upgrade spring-security-web-digest-auth (#15757)

* JAVA-29309 Upgrade spring-security-web-digest-auth

* JAVA-29309 Remove commented line

---------

Co-authored-by: timis1 <noreplay@yahoo.com>
---
 .../spring-security-web-digest-auth/pom.xml   | 37 ++++++++++---------
 .../MyBasicAuthenticationEntryPoint.java      |  9 ++---
 ...ntsClientHttpRequestFactoryDigestAuth.java | 22 +++++------
 .../com/baeldung/spring/ClientConfig.java     | 28 +++++++-------
 .../java/com/baeldung/spring/MvcConfig.java   |  6 +--
 .../src/main/resources/webSecurityConfig.xml  | 12 +++---
 .../baeldung/client/RawClientLiveTest.java    | 11 +++---
 7 files changed, 64 insertions(+), 61 deletions(-)

diff --git a/spring-security-modules/spring-security-web-digest-auth/pom.xml b/spring-security-modules/spring-security-web-digest-auth/pom.xml
index 4a20f007d5..259a4e4730 100644
--- a/spring-security-modules/spring-security-web-digest-auth/pom.xml
+++ b/spring-security-modules/spring-security-web-digest-auth/pom.xml
@@ -10,9 +10,9 @@
 
     <parent>
         <groupId>com.baeldung</groupId>
-        <artifactId>parent-spring-5</artifactId>
+        <artifactId>parent-spring-6</artifactId>
         <version>0.0.1-SNAPSHOT</version>
-        <relativePath>../../parent-spring-5</relativePath>
+        <relativePath>../../parent-spring-6</relativePath>
     </parent>
 
     <dependencies>
@@ -86,16 +86,15 @@
         </dependency>
         <!-- web -->
         <dependency>
-            <groupId>javax.servlet</groupId>
-            <artifactId>javax.servlet-api</artifactId>
-            <version>${javax.servlet-api.version}</version>
+            <groupId>jakarta.servlet</groupId>
+            <artifactId>jakarta.servlet-api</artifactId>
+            <version>${jakarta.servlet-api.version}</version>
             <scope>provided</scope>
         </dependency>
         <dependency>
-            <groupId>javax.servlet</groupId>
-            <artifactId>jstl</artifactId>
-            <version>${jstl.version}</version>
-            <scope>runtime</scope>
+            <groupId>jakarta.servlet.jsp.jstl</groupId>
+            <artifactId>jakarta.servlet.jsp.jstl-api</artifactId>
+            <version>${jakarta.jstl-api.version}</version>
         </dependency>
         <!-- util -->
         <dependency>
@@ -104,9 +103,9 @@
             <version>${guava.version}</version>
         </dependency>
         <dependency>
-            <groupId>org.apache.httpcomponents</groupId>
-            <artifactId>httpcore</artifactId>
-            <version>${httpcore.version}</version>
+            <groupId>org.apache.httpcomponents.core5</groupId>
+            <artifactId>httpcore5</artifactId>
+            <version>${httpcore5.version}</version>
             <exclusions>
                 <exclusion>
                     <artifactId>commons-logging</artifactId>
@@ -115,9 +114,9 @@
             </exclusions>
         </dependency>
         <dependency>
-            <groupId>org.apache.httpcomponents</groupId>
-            <artifactId>httpclient</artifactId>
-            <version>${httpclient.version}</version>
+            <groupId>org.apache.httpcomponents.client5</groupId>
+            <artifactId>httpclient5</artifactId>
+            <version>${httpclient5.version}</version>
             <exclusions>
                 <exclusion>
                     <artifactId>commons-logging</artifactId>
@@ -172,10 +171,12 @@
 
     <properties>
         <!-- Spring -->
-        <org.springframework.security.version>4.2.6.RELEASE</org.springframework.security.version>
+        <org.springframework.security.version>6.1.5</org.springframework.security.version>
         <!-- util -->
-        <httpcore.version>4.4.5</httpcore.version>
-        <httpclient.version>4.5.2</httpclient.version>
+        <httpcore5.version>5.2.4</httpcore5.version>
+        <httpclient5.version>5.3</httpclient5.version>
+        <jakarta.servlet-api.version>6.1.0-M1</jakarta.servlet-api.version>
+        <jakarta.jstl-api.version>3.0.0</jakarta.jstl-api.version>
         <!-- Maven plugins -->
         <cargo-maven2-plugin.version>1.6.1</cargo-maven2-plugin.version>
     </properties>
diff --git a/spring-security-modules/spring-security-web-digest-auth/src/main/java/com/baeldung/basic/MyBasicAuthenticationEntryPoint.java b/spring-security-modules/spring-security-web-digest-auth/src/main/java/com/baeldung/basic/MyBasicAuthenticationEntryPoint.java
index 1b9ffc3db8..487794cc7f 100644
--- a/spring-security-modules/spring-security-web-digest-auth/src/main/java/com/baeldung/basic/MyBasicAuthenticationEntryPoint.java
+++ b/spring-security-modules/spring-security-web-digest-auth/src/main/java/com/baeldung/basic/MyBasicAuthenticationEntryPoint.java
@@ -3,9 +3,8 @@ package com.baeldung.basic;
 import java.io.IOException;
 import java.io.PrintWriter;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
@@ -15,7 +14,7 @@ import org.springframework.stereotype.Component;
 public class MyBasicAuthenticationEntryPoint extends BasicAuthenticationEntryPoint {
 
     @Override
-    public void commence(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationException authException) throws IOException, ServletException {
+    public void commence(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationException authException) throws IOException {
         response.addHeader("WWW-Authenticate", "Basic realm=\"" + getRealmName() + "\"");
         response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
         final PrintWriter writer = response.getWriter();
@@ -23,7 +22,7 @@ public class MyBasicAuthenticationEntryPoint extends BasicAuthenticationEntryPoi
     }
 
     @Override
-    public void afterPropertiesSet() throws Exception {
+    public void afterPropertiesSet() {
         setRealmName("Baeldung");
         super.afterPropertiesSet();
     }
diff --git a/spring-security-modules/spring-security-web-digest-auth/src/main/java/com/baeldung/client/HttpComponentsClientHttpRequestFactoryDigestAuth.java b/spring-security-modules/spring-security-web-digest-auth/src/main/java/com/baeldung/client/HttpComponentsClientHttpRequestFactoryDigestAuth.java
index 67c2d6031f..bfbd3e84e5 100644
--- a/spring-security-modules/spring-security-web-digest-auth/src/main/java/com/baeldung/client/HttpComponentsClientHttpRequestFactoryDigestAuth.java
+++ b/spring-security-modules/spring-security-web-digest-auth/src/main/java/com/baeldung/client/HttpComponentsClientHttpRequestFactoryDigestAuth.java
@@ -1,13 +1,14 @@
 package com.baeldung.client;
 
-import org.apache.http.HttpHost;
-import org.apache.http.client.AuthCache;
-import org.apache.http.client.HttpClient;
-import org.apache.http.client.protocol.HttpClientContext;
-import org.apache.http.impl.auth.DigestScheme;
-import org.apache.http.impl.client.BasicAuthCache;
-import org.apache.http.protocol.BasicHttpContext;
-import org.apache.http.protocol.HttpContext;
+import org.apache.hc.client5.http.auth.AuthCache;
+import org.apache.hc.client5.http.auth.UsernamePasswordCredentials;
+import org.apache.hc.client5.http.classic.HttpClient;
+import org.apache.hc.client5.http.impl.auth.BasicAuthCache;
+import org.apache.hc.client5.http.impl.auth.DigestScheme;
+import org.apache.hc.client5.http.protocol.HttpClientContext;
+import org.apache.hc.core5.http.HttpHost;
+import org.apache.hc.core5.http.protocol.BasicHttpContext;
+import org.apache.hc.core5.http.protocol.HttpContext;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
 
@@ -21,8 +22,6 @@ public class HttpComponentsClientHttpRequestFactoryDigestAuth extends HttpCompon
         this.host = host;
     }
 
-    //
-
     @Override
     protected HttpContext createHttpContext(final HttpMethod httpMethod, final URI uri) {
         return createHttpContext();
@@ -34,7 +33,8 @@ public class HttpComponentsClientHttpRequestFactoryDigestAuth extends HttpCompon
         // Generate DIGEST scheme object, initialize it and add it to the local auth cache
         final DigestScheme digestAuth = new DigestScheme();
         // If we already know the realm name
-        digestAuth.overrideParamter("realm", "Custom Realm Name");
+        digestAuth.initPreemptive(new UsernamePasswordCredentials("user1", "user1Pass".toCharArray()),
+                "", "Custom Realm Name");
 
         // digestAuth.overrideParamter("nonce", "MTM3NTU2OTU4MDAwNzoyYWI5YTQ5MTlhNzc5N2UxMGM5M2Y5M2ViOTc4ZmVhNg==");
         authCache.put(host, digestAuth);
diff --git a/spring-security-modules/spring-security-web-digest-auth/src/main/java/com/baeldung/spring/ClientConfig.java b/spring-security-modules/spring-security-web-digest-auth/src/main/java/com/baeldung/spring/ClientConfig.java
index b7145daaea..9c38a6e81e 100644
--- a/spring-security-modules/spring-security-web-digest-auth/src/main/java/com/baeldung/spring/ClientConfig.java
+++ b/spring-security-modules/spring-security-web-digest-auth/src/main/java/com/baeldung/spring/ClientConfig.java
@@ -1,18 +1,19 @@
 package com.baeldung.spring;
 
-import org.apache.http.HttpHost;
-import org.apache.http.auth.AuthScope;
-import org.apache.http.auth.UsernamePasswordCredentials;
-import org.apache.http.client.CredentialsProvider;
-import org.apache.http.impl.client.BasicCredentialsProvider;
-import org.apache.http.impl.client.CloseableHttpClient;
-import org.apache.http.impl.client.HttpClientBuilder;
-import com.baeldung.client.HttpComponentsClientHttpRequestFactoryDigestAuth;
+import org.apache.hc.client5.http.auth.AuthScope;
+import org.apache.hc.client5.http.auth.CredentialsProvider;
+import org.apache.hc.client5.http.auth.UsernamePasswordCredentials;
+import org.apache.hc.client5.http.impl.auth.BasicCredentialsProvider;
+import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
+import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
+import org.apache.hc.core5.http.HttpHost;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
 import org.springframework.web.client.RestTemplate;
 
+import com.baeldung.client.HttpComponentsClientHttpRequestFactoryDigestAuth;
+
 @Configuration
 public class ClientConfig {
     private static final String DEFAULT_USER = "user1";
@@ -24,7 +25,7 @@ public class ClientConfig {
 
     @Bean
     public RestTemplate restTemplate() {
-        HttpHost host = new HttpHost("localhost", 8080, "http");
+        HttpHost host = new HttpHost("http", "localhost", 8080);
         CloseableHttpClient client = HttpClientBuilder.create().
           setDefaultCredentialsProvider(provider()).useSystemProperties().build();
         HttpComponentsClientHttpRequestFactory requestFactory =
@@ -34,10 +35,11 @@ public class ClientConfig {
     }
 
     private CredentialsProvider provider() {
-        CredentialsProvider provider = new BasicCredentialsProvider();
-        UsernamePasswordCredentials credentials =
-          new UsernamePasswordCredentials("user1", "user1Pass");
-        provider.setCredentials(AuthScope.ANY, credentials);
+        BasicCredentialsProvider provider = new BasicCredentialsProvider();
+        UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(DEFAULT_USER, DEFAULT_PASS.toCharArray());
+        //defining null and -1 it applies to any host and any port
+        final AuthScope authScope = new AuthScope(null, -1);
+        provider.setCredentials(authScope, credentials);
         return provider;
     }
 
diff --git a/spring-security-modules/spring-security-web-digest-auth/src/main/java/com/baeldung/spring/MvcConfig.java b/spring-security-modules/spring-security-web-digest-auth/src/main/java/com/baeldung/spring/MvcConfig.java
index 0d9962cda0..e67bc212d6 100644
--- a/spring-security-modules/spring-security-web-digest-auth/src/main/java/com/baeldung/spring/MvcConfig.java
+++ b/spring-security-modules/spring-security-web-digest-auth/src/main/java/com/baeldung/spring/MvcConfig.java
@@ -5,13 +5,13 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.ViewResolver;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
-import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 import org.springframework.web.servlet.view.InternalResourceViewResolver;
 import org.springframework.web.servlet.view.JstlView;
 
 @Configuration
 @EnableWebMvc
-public class MvcConfig extends WebMvcConfigurerAdapter {
+public class MvcConfig implements WebMvcConfigurer {
 
     public MvcConfig() {
         super();
@@ -21,8 +21,6 @@ public class MvcConfig extends WebMvcConfigurerAdapter {
 
     @Override
     public void addViewControllers(final ViewControllerRegistry registry) {
-        super.addViewControllers(registry);
-
         registry.addViewController("/homepage.html");
     }
 
diff --git a/spring-security-modules/spring-security-web-digest-auth/src/main/resources/webSecurityConfig.xml b/spring-security-modules/spring-security-web-digest-auth/src/main/resources/webSecurityConfig.xml
index c259901cb9..cf8d474b46 100644
--- a/spring-security-modules/spring-security-web-digest-auth/src/main/resources/webSecurityConfig.xml
+++ b/spring-security-modules/spring-security-web-digest-auth/src/main/resources/webSecurityConfig.xml
@@ -1,9 +1,11 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
-    xsi:schemaLocation="
-		http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
-		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd"
->
+<beans:beans xmlns="http://www.springframework.org/schema/security"
+             xmlns:beans="http://www.springframework.org/schema/beans"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xsi:schemaLocation="http://www.springframework.org/schema/beans
+		https://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+		http://www.springframework.org/schema/security
+		https://www.springframework.org/schema/security/spring-security.xsd">
 
     <beans:bean id="digestFilter" class="org.springframework.security.web.authentication.www.DigestAuthenticationFilter">
         <beans:property name="userDetailsService" ref="userService"/>
diff --git a/spring-security-modules/spring-security-web-digest-auth/src/test/java/com/baeldung/client/RawClientLiveTest.java b/spring-security-modules/spring-security-web-digest-auth/src/test/java/com/baeldung/client/RawClientLiveTest.java
index de6dca3ec4..177d052497 100644
--- a/spring-security-modules/spring-security-web-digest-auth/src/test/java/com/baeldung/client/RawClientLiveTest.java
+++ b/spring-security-modules/spring-security-web-digest-auth/src/test/java/com/baeldung/client/RawClientLiveTest.java
@@ -2,11 +2,12 @@ package com.baeldung.client;
 
 import java.io.IOException;
 
-import org.apache.http.HttpResponse;
-import org.apache.http.client.methods.HttpGet;
-import org.apache.http.impl.client.CloseableHttpClient;
-import org.apache.http.impl.client.HttpClientBuilder;
 import com.baeldung.spring.ClientConfig;
+
+import org.apache.hc.client5.http.classic.methods.HttpGet;
+import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
+import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
+import org.apache.hc.core5.http.HttpResponse;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.test.context.ContextConfiguration;
@@ -24,7 +25,7 @@ public class RawClientLiveTest {
         CloseableHttpClient httpClient = HttpClientBuilder.create().build();
         HttpGet getMethod = new HttpGet("http://localhost:8082/spring-security-rest-basic-auth/api/bars/1");
         HttpResponse response = httpClient.execute(getMethod);
-        System.out.println("HTTP Status of response: " + response.getStatusLine().getStatusCode());
+        System.out.println("HTTP Status of response: " + response.getCode());
     }
 
 }