JAVA-29306 Upgrade spring-security-web-boot-3 (#15622)

Co-authored-by: timis1 <noreplay@yahoo.com>
2024-01-15 01:32:31 +02:00 · 2024-01-15 01:32:31 +02:00 · eb6e485b58
parent 797f1e1737
commit eb6e485b58
19 changed files with 65 additions and 101 deletions
--- a/spring-security-modules/spring-security-web-boot-3/pom.xml
+++ b/spring-security-modules/spring-security-web-boot-3/pom.xml
@ -11,8 +11,9 @@

    <parent>
        <groupId>com.baeldung</groupId>
-        <artifactId>spring-security-modules</artifactId>
+        <artifactId>parent-boot-3</artifactId>
        <version>0.0.1-SNAPSHOT</version>
+        <relativePath>../../parent-boot-3</relativePath>
    </parent>

    <dependencies>
@ -30,7 +31,8 @@
        </dependency>
        <dependency>
            <groupId>de.flapdoodle.embed</groupId>
-            <artifactId>de.flapdoodle.embed.mongo</artifactId>
+            <artifactId>de.flapdoodle.embed.mongo.spring30x</artifactId>
+            <version>${de.flapdoodle.emeded.mongo.version}</version>
        </dependency>
        <dependency>
            <groupId>commons-io</groupId>
@ -65,11 +67,22 @@
            <artifactId>spring-security-test</artifactId>
            <scope>test</scope>
        </dependency>
+        <dependency>
+            <groupId>io.rest-assured</groupId>
+            <artifactId>rest-assured</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-test</artifactId>
+        </dependency>
    </dependencies>

    <properties>
        <bootstrap.version>5.1.1</bootstrap.version>
        <jquery.version>3.6.0</jquery.version>
+        <start-class>com.baeldung.cors.basicauth.SpringBootSecurityApplication</start-class>
+        <de.flapdoodle.emeded.mongo.version>4.11.0</de.flapdoodle.emeded.mongo.version>
    </properties>

 </project>
--- a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/cachecontrol/config/SpringSecurityConfig.java
+++ b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/cachecontrol/config/SpringSecurityConfig.java
@ -3,14 +3,14 @@ package com.baeldung.cachecontrol.config;

 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
-@EnableGlobalMethodSecurity(prePostEnabled = true)
+@EnableMethodSecurity
 public class SpringSecurityConfig {

    @Bean
--- a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/contentsecuritypolicy/ContentSecurityPolicyController.java
+++ b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/contentsecuritypolicy/ContentSecurityPolicyController.java
@ -6,7 +6,7 @@ import org.slf4j.LoggerFactory;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RestController;

-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;

--- a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/contentsecuritypolicy/ContentSecurityPolicySecurityConfiguration.java
+++ b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/contentsecuritypolicy/ContentSecurityPolicySecurityConfiguration.java
@ -2,7 +2,9 @@ package com.baeldung.contentsecuritypolicy;

 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.header.writers.StaticHeadersWriter;

@ -12,17 +14,14 @@ public class ContentSecurityPolicySecurityConfiguration {

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http.csrf()
-            .disable()
-            .authorizeRequests()
-            .antMatchers("/**")
-            .permitAll()
-            .and()
-            .headers()
-            .addHeaderWriter(new StaticHeadersWriter("Report-To", REPORT_TO))
-            .xssProtection()
-            .and()
-            .contentSecurityPolicy("form-action 'self'; report-uri /report; report-to csp-violation-report");
+        http.csrf(AbstractHttpConfigurer::disable)
+            .authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> authorizationManagerRequestMatcherRegistry.requestMatchers("/**").permitAll())
+            .headers(httpSecurityHeadersConfigurer ->
+                    httpSecurityHeadersConfigurer
+                            .addHeaderWriter(new StaticHeadersWriter("Report-To", REPORT_TO))
+                            .xssProtection(Customizer.withDefaults())
+                            .contentSecurityPolicy(contentSecurityPolicyConfig ->
+                                    contentSecurityPolicyConfig.policyDirectives("form-action 'self'; report-uri /report; report-to csp-violation-report")));
        return http.build();
    }
 }
--- a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/cors/basicauth/config/WebSecurityConfig.java
+++ b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/cors/basicauth/config/WebSecurityConfig.java
@ -1,21 +1,21 @@
 package com.baeldung.cors.basicauth.config;

 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.web.SecurityFilterChain;

+@Configuration
@EnableWebSecurity
 public class WebSecurityConfig {

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http.authorizeRequests()
-            .anyRequest()
-            .authenticated()
-            .and()
-            .httpBasic();
-        http.cors(); // disable this line to reproduce the CORS 401
+        http.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> authorizationManagerRequestMatcherRegistry.anyRequest().authenticated())
+            .httpBasic(Customizer.withDefaults());
+        http.cors(Customizer.withDefaults()); // disable this line to reproduce the CORS 401
        return http.build();
    }
 }
--- a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/httpfirewall/HttpFirewallConfiguration.java
+++ b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/httpfirewall/HttpFirewallConfiguration.java
@ -4,7 +4,9 @@ import java.util.Arrays;

 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.firewall.HttpFirewall;
 import org.springframework.security.web.firewall.HttpStatusRequestRejectedHandler;
@ -16,15 +18,10 @@ public class HttpFirewallConfiguration {

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http.csrf()
-            .disable()
-            .authorizeRequests()
-            .antMatchers("/error")
-            .permitAll()
-            .anyRequest()
-            .authenticated()
-            .and()
-            .httpBasic();
+        http.csrf(AbstractHttpConfigurer::disable)
+            .authorizeHttpRequests(authorizationManagerRequestMatcherRegistry ->
+                    authorizationManagerRequestMatcherRegistry.requestMatchers("/error").permitAll().anyRequest().authenticated())
+            .httpBasic(Customizer.withDefaults());
        return http.build();
    }

--- a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/logging/SecurityConfig.java
+++ b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/logging/SecurityConfig.java
@ -20,9 +20,8 @@ public class SecurityConfig {

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http.authorizeRequests()
-            .antMatchers("/**")
-            .permitAll();
+        http.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry ->
+                authorizationManagerRequestMatcherRegistry.requestMatchers("/**").permitAll());
        return http.build();
    }
 }
--- a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/mongoauth/MongoAuthApplication.java
+++ b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/mongoauth/MongoAuthApplication.java
@ -4,11 +4,10 @@ import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.context.annotation.Import;

-import com.baeldung.mongoauth.config.MongoConfig;
 import com.baeldung.mongoauth.config.SecurityConfig;

@SpringBootApplication
-@Import({ SecurityConfig.class, MongoConfig.class })
+@Import({ SecurityConfig.class })
 public class MongoAuthApplication {

    public static void main(String... args) {
--- a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/mongoauth/config/MongoConfig.java
+++ b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/mongoauth/config/MongoConfig.java
@ -1,40 +0,0 @@
-package com.baeldung.mongoauth.config;
-
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.data.mongodb.core.MongoTemplate;
-import org.springframework.util.SocketUtils;
-
-import com.mongodb.client.MongoClients;
-
-import de.flapdoodle.embed.mongo.MongodExecutable;
-import de.flapdoodle.embed.mongo.MongodStarter;
-import de.flapdoodle.embed.mongo.config.ImmutableMongodConfig;
-import de.flapdoodle.embed.mongo.config.MongodConfig;
-import de.flapdoodle.embed.mongo.config.Net;
-import de.flapdoodle.embed.mongo.distribution.Version;
-import de.flapdoodle.embed.process.runtime.Network;
-
-@Configuration
-public class MongoConfig {
-
-    private static final String CONNECTION_STRING = "mongodb://%s:%d";
-    private static final String HOST = "localhost";
-
-    @Bean
-    public MongoTemplate mongoTemplate() throws Exception {
-
-        int randomPort = SocketUtils.findAvailableTcpPort();
-
-        ImmutableMongodConfig mongoDbConfig = MongodConfig.builder()
-          .version(Version.Main.PRODUCTION)
-          .net(new Net(HOST, randomPort, Network.localhostIsIPv6()))
-          .build();
-
-        MongodStarter starter = MongodStarter.getDefaultInstance();
-        MongodExecutable mongodExecutable = starter.prepare(mongoDbConfig);
-        mongodExecutable.start();
-        return new MongoTemplate(MongoClients.create(String.format(CONNECTION_STRING, HOST, randomPort)), "mongo_auth");
-    }
-
-}
--- a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/mongoauth/config/SecurityConfig.java
+++ b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/mongoauth/config/SecurityConfig.java
@ -3,10 +3,12 @@ package com.baeldung.mongoauth.config;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@ -38,18 +40,11 @@ public class SecurityConfig {

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http.csrf()
-            .disable()
-            .authorizeRequests()
-            .and()
-            .httpBasic()
-            .and()
-            .authorizeRequests()
-            .anyRequest()
-            .permitAll()
-            .and()
-            .sessionManagement()
-            .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
+        http.csrf(AbstractHttpConfigurer::disable)
+            .authorizeHttpRequests(Customizer.withDefaults())
+            .httpBasic(Customizer.withDefaults())
+            .authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> authorizationManagerRequestMatcherRegistry.anyRequest().permitAll())
+            .sessionManagement(httpSecuritySessionManagementConfigurer -> httpSecuritySessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
        return http.build();
    }

--- a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/mongoauth/controller/ResourceController.java
+++ b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/mongoauth/controller/ResourceController.java
@ -1,6 +1,6 @@
 package com.baeldung.mongoauth.controller;

-import javax.annotation.security.RolesAllowed;
+import jakarta.annotation.security.RolesAllowed;

 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
--- a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/mongoauth/service/MongoAuthUserDetailService.java
+++ b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/mongoauth/service/MongoAuthUserDetailService.java
@ -30,10 +30,7 @@ public class MongoAuthUserDetailService implements UserDetailsService {
        Set<GrantedAuthority> grantedAuthorities = new HashSet<>();

        user.getAuthorities()
-          .forEach(role -> {
-              grantedAuthorities.add(new SimpleGrantedAuthority(role.getRole()
-                .getName()));
-          });
+          .forEach(role -> grantedAuthorities.add(new SimpleGrantedAuthority(role.getRole().getName())));

        return new User(user.getUsername(), user.getPassword(), grantedAuthorities);
    }
--- a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/tls/SecurityConfig.java
+++ b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/tls/SecurityConfig.java
@ -10,9 +10,8 @@ public class SecurityConfig {

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http.authorizeRequests()
-            .antMatchers("/**")
-            .permitAll();
+        http.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry ->
+                        authorizationManagerRequestMatcherRegistry.requestMatchers("/**").permitAll());
        return http.build();
    }
 }
--- a/spring-security-modules/spring-security-web-boot-3/src/main/resources/application.properties
+++ b/spring-security-modules/spring-security-web-boot-3/src/main/resources/application.properties
@ -1 +1,3 @@
-spring.mongodb.embedded.version=4.4.9
+de.flapdoodle.mongodb.embedded.version=7.0.2
+spring.data.mongodb.database=mongo_auth
+spring.data.mongodb.port=27018
--- a/spring-security-modules/spring-security-web-boot-3/src/test/java/com/baeldung/cachecontrol/ResourceEndpointIntegrationTest.java
+++ b/spring-security-modules/spring-security-web-boot-3/src/test/java/com/baeldung/cachecontrol/ResourceEndpointIntegrationTest.java
@ -4,7 +4,7 @@ import io.restassured.http.ContentType;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.boot.web.server.LocalServerPort;
+import org.springframework.boot.test.web.server.LocalServerPort;
 import org.springframework.test.context.junit4.SpringRunner;

 import static io.restassured.RestAssured.given;
--- a/spring-security-modules/spring-security-web-boot-3/src/test/java/com/baeldung/contentsecuritypolicy/ContentSecurityPolicyUnitTest.java
+++ b/spring-security-modules/spring-security-web-boot-3/src/test/java/com/baeldung/contentsecuritypolicy/ContentSecurityPolicyUnitTest.java
@ -12,7 +12,7 @@ import org.springframework.http.MediaType;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;

-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;

 import java.util.Collection;

--- a/spring-security-modules/spring-security-web-boot-3/src/test/java/com/baeldung/cors/ResourceControllerUnitTest.java
+++ b/spring-security-modules/spring-security-web-boot-3/src/test/java/com/baeldung/cors/ResourceControllerUnitTest.java
@ -5,6 +5,7 @@ import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers;
 import org.springframework.test.context.junit4.SpringRunner;
@ -15,8 +16,11 @@ import org.springframework.web.context.WebApplicationContext;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.options;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;

+import de.flapdoodle.embed.mongo.spring.autoconfigure.EmbeddedMongoAutoConfiguration;
+
@RunWith(SpringRunner.class)
@SpringBootTest(classes = { SpringBootSecurityApplication.class })
+@EnableAutoConfiguration(exclude = { EmbeddedMongoAutoConfiguration.class})
 public class ResourceControllerUnitTest {

    private MockMvc mockMvc;
--- a/spring-security-modules/spring-security-web-boot-3/src/test/java/com/baeldung/httpfirewall/api/UserApiLiveTest.java
+++ b/spring-security-modules/spring-security-web-boot-3/src/test/java/com/baeldung/httpfirewall/api/UserApiLiveTest.java
@ -85,7 +85,7 @@ class UserApiLiveTest {
    void givenCredentials_whenHttpGet_thenReturnAllUsers() throws Exception {
        // @formatter:off
        MvcResult result=mockMvc
-          .perform(get("/api/v1/users/")
+          .perform(get("/api/v1/users")
            .contentType("application/json")).andReturn();
        // @formatter:on
        assertEquals(HttpStatus.OK.value(), result.getResponse().getStatus());
--- a/spring-security-modules/spring-security-web-boot-3/src/test/java/com/baeldung/httpfirewall/api/UserApiUnitTest.java
+++ b/spring-security-modules/spring-security-web-boot-3/src/test/java/com/baeldung/httpfirewall/api/UserApiUnitTest.java
@ -133,7 +133,7 @@ class UserApiUnitTest {
        when(userService.findAll()).thenReturn(UserTestUtility.createUsers());

        MvcResult result = mockMvc
-          .perform(get("/api/v1/users/")
+          .perform(get("/api/v1/users")
            .accept("application/json"))
          .andDo(print())
          .andReturn();