From da41c860a11ef32559b5fdf70c63162c4ea722d7 Mon Sep 17 00:00:00 2001
From: Amit Pandey <amit2103@users.noreply.github.com>
Date: Fri, 22 Mar 2024 21:51:03 +0530
Subject: [PATCH] [JAVA-29010] Upgrade spring-reactive-security to Spring Boot
 3 (#16153)

---
 spring-reactive-modules/pom.xml               |  2 +-
 .../spring-reactive-security/pom.xml          | 19 ++++++++++++++-----
 .../authresolver/CustomWebSecurityConfig.java | 13 +++++++------
 .../global/CorsGlobalConfigApplication.java   |  2 +-
 .../webfilter/CorsWebFilterApplication.java   |  2 +-
 .../webflux/EmployeeWebSecurityConfig.java    | 11 +++++------
 .../AuthResolverIntegrationTest.java          |  6 ++++--
 7 files changed, 33 insertions(+), 22 deletions(-)

diff --git a/spring-reactive-modules/pom.xml b/spring-reactive-modules/pom.xml
index 6ab85c88b4..a8a9d6de8a 100644
--- a/spring-reactive-modules/pom.xml
+++ b/spring-reactive-modules/pom.xml
@@ -24,7 +24,7 @@
         <module>spring-reactive-client-2</module>
         <module>spring-reactive-filters</module>
         <module>spring-reactive-oauth</module>
-        <module>spring-reactive-security</module>
+        <!--<module>spring-reactive-security</module> Uncomment after the parent module gets upgraded to Boot 3--> 
         <module>spring-reactive-data-couchbase</module>
         <module>spring-reactive</module>
         <module>spring-reactive-exceptions</module>
diff --git a/spring-reactive-modules/spring-reactive-security/pom.xml b/spring-reactive-modules/spring-reactive-security/pom.xml
index d501a03c46..ea886f5855 100644
--- a/spring-reactive-modules/spring-reactive-security/pom.xml
+++ b/spring-reactive-modules/spring-reactive-security/pom.xml
@@ -10,9 +10,10 @@
     <description>spring boot security sample project about new features</description>
 
     <parent>
-        <groupId>com.baeldung.spring.reactive</groupId>
-        <artifactId>spring-reactive-modules</artifactId>
-        <version>1.0.0-SNAPSHOT</version>
+        <groupId>com.baeldung</groupId>
+        <artifactId>parent-boot-3</artifactId>
+        <version>0.0.1-SNAPSHOT</version>
+        <relativePath>../../parent-boot-3</relativePath>
     </parent>
 
     <dependencies>
@@ -34,8 +35,8 @@
             <version>${reactor-spring.version}</version>
         </dependency>
         <dependency>
-            <groupId>javax.json.bind</groupId>
-            <artifactId>javax.json.bind-api</artifactId>
+            <groupId>jakarta.json.bind</groupId>
+            <artifactId>jakarta.json.bind-api</artifactId>
         </dependency>
         <dependency>
             <groupId>org.projectlombok</groupId>
@@ -51,6 +52,7 @@
         <dependency>
             <groupId>org.apache.johnzon</groupId>
             <artifactId>johnzon-jsonb</artifactId>
+            <version>${johnzon-jsonb.version}</version>
         </dependency>
         <!-- utils -->
         <dependency>
@@ -63,6 +65,11 @@
             <artifactId>spring-boot-devtools</artifactId>
             <scope>runtime</scope>
         </dependency>
+        <dependency>
+            <groupId>jakarta.json</groupId>
+            <artifactId>jakarta.json-api</artifactId>
+            <version>${jakarta.json-api.version}</version>
+        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-test</artifactId>
@@ -117,6 +124,8 @@
         <geronimo-json_1.1_spec.version>1.0</geronimo-json_1.1_spec.version>
         <reactor-test.version>3.1.6.RELEASE</reactor-test.version>
         <reactor.version>3.4.29</reactor.version>
+        <jakarta.json-api.version>2.0.1</jakarta.json-api.version>
+        <johnzon-jsonb.version>2.0.0</johnzon-jsonb.version>
     </properties>
 
 </project>
\ No newline at end of file
diff --git a/spring-reactive-modules/spring-reactive-security/src/main/java/com/baeldung/reactive/authresolver/CustomWebSecurityConfig.java b/spring-reactive-modules/spring-reactive-security/src/main/java/com/baeldung/reactive/authresolver/CustomWebSecurityConfig.java
index dc5eab3dd5..77f83be28d 100644
--- a/spring-reactive-modules/spring-reactive-security/src/main/java/com/baeldung/reactive/authresolver/CustomWebSecurityConfig.java
+++ b/spring-reactive-modules/spring-reactive-security/src/main/java/com/baeldung/reactive/authresolver/CustomWebSecurityConfig.java
@@ -2,10 +2,13 @@ package com.baeldung.reactive.authresolver;
 
 import java.util.Collections;
 import org.springframework.context.annotation.Bean;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.ReactiveAuthenticationManager;
 import org.springframework.security.authentication.ReactiveAuthenticationManagerResolver;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
 import org.springframework.security.config.web.server.SecurityWebFiltersOrder;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
@@ -24,12 +27,10 @@ public class CustomWebSecurityConfig {
     @Bean
     public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
         return http
-          .authorizeExchange()
-          .pathMatchers("/**")
-          .authenticated()
-          .and()
-          .httpBasic()
-          .disable()
+            .csrf(csrfSpec -> csrfSpec.disable())
+            .authorizeExchange(auth -> auth.pathMatchers(HttpMethod.GET,"/**")
+                .authenticated())
+            .httpBasic(httpBasicSpec -> httpBasicSpec.disable())
           .addFilterAfter(authenticationWebFilter(), SecurityWebFiltersOrder.REACTOR_CONTEXT)
           .build();
     }
diff --git a/spring-reactive-modules/spring-reactive-security/src/main/java/com/baeldung/reactive/cors/global/CorsGlobalConfigApplication.java b/spring-reactive-modules/spring-reactive-security/src/main/java/com/baeldung/reactive/cors/global/CorsGlobalConfigApplication.java
index a70f937980..8be6484e68 100644
--- a/spring-reactive-modules/spring-reactive-security/src/main/java/com/baeldung/reactive/cors/global/CorsGlobalConfigApplication.java
+++ b/spring-reactive-modules/spring-reactive-security/src/main/java/com/baeldung/reactive/cors/global/CorsGlobalConfigApplication.java
@@ -27,7 +27,7 @@ public class CorsGlobalConfigApplication {
 
     @Bean
     public SecurityWebFilterChain corsGlobalSpringSecurityFilterChain(ServerHttpSecurity http) {
-        http.csrf().disable();
+        http.csrf(csrfSpec -> csrfSpec.disable());
         return http.build();
     }
 }
diff --git a/spring-reactive-modules/spring-reactive-security/src/main/java/com/baeldung/reactive/cors/webfilter/CorsWebFilterApplication.java b/spring-reactive-modules/spring-reactive-security/src/main/java/com/baeldung/reactive/cors/webfilter/CorsWebFilterApplication.java
index 7792975768..343151498a 100644
--- a/spring-reactive-modules/spring-reactive-security/src/main/java/com/baeldung/reactive/cors/webfilter/CorsWebFilterApplication.java
+++ b/spring-reactive-modules/spring-reactive-security/src/main/java/com/baeldung/reactive/cors/webfilter/CorsWebFilterApplication.java
@@ -27,7 +27,7 @@ public class CorsWebFilterApplication {
     
     @Bean
     public SecurityWebFilterChain corsWebfilterSpringSecurityFilterChain(ServerHttpSecurity http) {
-        http.csrf().disable();
+        http.csrf(csrfSpec -> csrfSpec.disable());
         return http.build();
     }
 
diff --git a/spring-reactive-modules/spring-reactive-security/src/main/java/com/baeldung/webflux/EmployeeWebSecurityConfig.java b/spring-reactive-modules/spring-reactive-security/src/main/java/com/baeldung/webflux/EmployeeWebSecurityConfig.java
index 75475a0f08..929e466169 100644
--- a/spring-reactive-modules/spring-reactive-security/src/main/java/com/baeldung/webflux/EmployeeWebSecurityConfig.java
+++ b/spring-reactive-modules/spring-reactive-security/src/main/java/com/baeldung/webflux/EmployeeWebSecurityConfig.java
@@ -3,6 +3,7 @@ package com.baeldung.webflux;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.http.HttpMethod;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
 import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
@@ -27,15 +28,13 @@ public class EmployeeWebSecurityConfig {
 
     @Bean
     public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
-        http.csrf()
-            .disable()
-            .authorizeExchange()
+        http.csrf(csrfSpec -> csrfSpec.disable())
+            .authorizeExchange(auth -> auth
             .pathMatchers(HttpMethod.POST, "/employees/update")
             .hasRole("ADMIN")
             .pathMatchers("/**")
-            .permitAll()
-            .and()
-            .httpBasic();
+            .permitAll())
+            .httpBasic(Customizer.withDefaults());
         return http.build();
     }
     
diff --git a/spring-reactive-modules/spring-reactive-security/src/test/java/com/baeldung/reactive/authresolver/AuthResolverIntegrationTest.java b/spring-reactive-modules/spring-reactive-security/src/test/java/com/baeldung/reactive/authresolver/AuthResolverIntegrationTest.java
index 9e0855d086..ca3ea19e09 100644
--- a/spring-reactive-modules/spring-reactive-security/src/test/java/com/baeldung/reactive/authresolver/AuthResolverIntegrationTest.java
+++ b/spring-reactive-modules/spring-reactive-security/src/test/java/com/baeldung/reactive/authresolver/AuthResolverIntegrationTest.java
@@ -1,19 +1,21 @@
 package com.baeldung.reactive.authresolver;
 
 import java.util.Base64;
-
 import org.junit.FixMethodOrder;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.MethodSorters;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.reactive.AutoConfigureWebTestClient;
 import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.reactive.server.WebTestClient;
 
 @RunWith(SpringRunner.class)
-@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT, classes = AuthResolverApplication.class)
+@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT, classes = {AuthResolverApplication.class, AuthResolverController.class, CustomWebSecurityConfig.class})
 @FixMethodOrder(MethodSorters.NAME_ASCENDING)
+@AutoConfigureWebTestClient(timeout = "36000000")
 public class AuthResolverIntegrationTest {
     @Autowired
     private WebTestClient testClient;