[JAVA-29010] Upgrade spring-reactive-security to Spring Boot 3 (#16153)

spring-reactive-modules/pom.xml

@@ -24,7 +24,7 @@
         <module>spring-reactive-client-2</module>
         <module>spring-reactive-filters</module>
         <module>spring-reactive-oauth</module>
-        <module>spring-reactive-security</module>
+        <!--<module>spring-reactive-security</module> Uncomment after the parent module gets upgraded to Boot 3--> 
         <module>spring-reactive-data-couchbase</module>
         <module>spring-reactive</module>
         <module>spring-reactive-exceptions</module>

spring-reactive-modules/spring-reactive-security/pom.xml

@@ -10,9 +10,10 @@
     <description>spring boot security sample project about new features</description>
 
     <parent>
-        <groupId>com.baeldung.spring.reactive</groupId>
-        <artifactId>spring-reactive-modules</artifactId>
-        <version>1.0.0-SNAPSHOT</version>
+        <groupId>com.baeldung</groupId>
+        <artifactId>parent-boot-3</artifactId>
+        <version>0.0.1-SNAPSHOT</version>
+        <relativePath>../../parent-boot-3</relativePath>
     </parent>
 
     <dependencies>
@@ -34,8 +35,8 @@
             <version>${reactor-spring.version}</version>
         </dependency>
         <dependency>
-            <groupId>javax.json.bind</groupId>
-            <artifactId>javax.json.bind-api</artifactId>
+            <groupId>jakarta.json.bind</groupId>
+            <artifactId>jakarta.json.bind-api</artifactId>
         </dependency>
         <dependency>
             <groupId>org.projectlombok</groupId>
@@ -51,6 +52,7 @@
         <dependency>
             <groupId>org.apache.johnzon</groupId>
             <artifactId>johnzon-jsonb</artifactId>
+            <version>${johnzon-jsonb.version}</version>
         </dependency>
         <!-- utils -->
         <dependency>
@@ -63,6 +65,11 @@
             <artifactId>spring-boot-devtools</artifactId>
             <scope>runtime</scope>
         </dependency>
+        <dependency>
+            <groupId>jakarta.json</groupId>
+            <artifactId>jakarta.json-api</artifactId>
+            <version>${jakarta.json-api.version}</version>
+        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-test</artifactId>
@@ -117,6 +124,8 @@
         <geronimo-json_1.1_spec.version>1.0</geronimo-json_1.1_spec.version>
         <reactor-test.version>3.1.6.RELEASE</reactor-test.version>
         <reactor.version>3.4.29</reactor.version>
+        <jakarta.json-api.version>2.0.1</jakarta.json-api.version>
+        <johnzon-jsonb.version>2.0.0</johnzon-jsonb.version>
     </properties>
 
 </project>

spring-reactive-modules/spring-reactive-security/src/main/java/com/baeldung/reactive/authresolver/CustomWebSecurityConfig.java

@@ -2,10 +2,13 @@ package com.baeldung.reactive.authresolver;
 
 import java.util.Collections;
 import org.springframework.context.annotation.Bean;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.ReactiveAuthenticationManager;
 import org.springframework.security.authentication.ReactiveAuthenticationManagerResolver;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
 import org.springframework.security.config.web.server.SecurityWebFiltersOrder;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
@@ -24,12 +27,10 @@ public class CustomWebSecurityConfig {
     @Bean
     public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
         return http
-          .authorizeExchange()
-          .pathMatchers("/**")
-          .authenticated()
-          .and()
-          .httpBasic()
-          .disable()
+            .csrf(csrfSpec -> csrfSpec.disable())
+            .authorizeExchange(auth -> auth.pathMatchers(HttpMethod.GET,"/**")
+                .authenticated())
+            .httpBasic(httpBasicSpec -> httpBasicSpec.disable())
           .addFilterAfter(authenticationWebFilter(), SecurityWebFiltersOrder.REACTOR_CONTEXT)
           .build();
     }

spring-reactive-modules/spring-reactive-security/src/main/java/com/baeldung/reactive/cors/global/CorsGlobalConfigApplication.java

@@ -27,7 +27,7 @@ public class CorsGlobalConfigApplication {
 
     @Bean
     public SecurityWebFilterChain corsGlobalSpringSecurityFilterChain(ServerHttpSecurity http) {
-        http.csrf().disable();
+        http.csrf(csrfSpec -> csrfSpec.disable());
         return http.build();
     }
 }

spring-reactive-modules/spring-reactive-security/src/main/java/com/baeldung/reactive/cors/webfilter/CorsWebFilterApplication.java

@@ -27,7 +27,7 @@ public class CorsWebFilterApplication {
     
     @Bean
     public SecurityWebFilterChain corsWebfilterSpringSecurityFilterChain(ServerHttpSecurity http) {
-        http.csrf().disable();
+        http.csrf(csrfSpec -> csrfSpec.disable());
         return http.build();
     }
 

spring-reactive-modules/spring-reactive-security/src/main/java/com/baeldung/webflux/EmployeeWebSecurityConfig.java

@@ -3,6 +3,7 @@ package com.baeldung.webflux;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.http.HttpMethod;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
 import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
@@ -27,15 +28,13 @@ public class EmployeeWebSecurityConfig {
 
     @Bean
     public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
-        http.csrf()
-            .disable()
-            .authorizeExchange()
+        http.csrf(csrfSpec -> csrfSpec.disable())
+            .authorizeExchange(auth -> auth
             .pathMatchers(HttpMethod.POST, "/employees/update")
             .hasRole("ADMIN")
             .pathMatchers("/**")
-            .permitAll()
-            .and()
-            .httpBasic();
+            .permitAll())
+            .httpBasic(Customizer.withDefaults());
         return http.build();
     }
     

spring-reactive-modules/spring-reactive-security/src/test/java/com/baeldung/reactive/authresolver/AuthResolverIntegrationTest.java

@@ -1,19 +1,21 @@
 package com.baeldung.reactive.authresolver;
 
 import java.util.Base64;
-
 import org.junit.FixMethodOrder;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.MethodSorters;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.reactive.AutoConfigureWebTestClient;
 import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.reactive.server.WebTestClient;
 
 @RunWith(SpringRunner.class)
-@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT, classes = AuthResolverApplication.class)
+@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT, classes = {AuthResolverApplication.class, AuthResolverController.class, CustomWebSecurityConfig.class})
 @FixMethodOrder(MethodSorters.NAME_ASCENDING)
+@AutoConfigureWebTestClient(timeout = "36000000")
 public class AuthResolverIntegrationTest {
     @Autowired
     private WebTestClient testClient;