From 326739031bdca42fd4d2eab5649c21f457579fcb Mon Sep 17 00:00:00 2001 From: MaximHak Date: Tue, 17 Feb 2026 14:21:17 +0100 Subject: [PATCH] feat(NE-30): upgrade to Spring Boot 4 and enhance security configurations --- pom.xml | 3 ++- .../urlcrypto/config/UrlCryptoAutoConfiguration.java | 7 +++---- .../urlcrypto/springsecurity/AutoConfigTest.java | 10 ++++------ .../urlcrypto/springsecurity/PreSignedUrlTest.java | 6 +++++- .../urlcrypto/springsecurity/TestConfiguration.java | 6 ------ 5 files changed, 14 insertions(+), 18 deletions(-) diff --git a/pom.xml b/pom.xml index e938888..c95fd30 100644 --- a/pom.xml +++ b/pom.xml @@ -21,7 +21,7 @@ ${version.java} ${version.java} - 3.5.8 + 4.0.1 @@ -55,6 +55,7 @@ io.rest-assured rest-assured + 6.0.0 test diff --git a/src/main/java/com/neverpile/urlcrypto/config/UrlCryptoAutoConfiguration.java b/src/main/java/com/neverpile/urlcrypto/config/UrlCryptoAutoConfiguration.java index 90a34b8..577b734 100644 --- a/src/main/java/com/neverpile/urlcrypto/config/UrlCryptoAutoConfiguration.java +++ b/src/main/java/com/neverpile/urlcrypto/config/UrlCryptoAutoConfiguration.java @@ -1,7 +1,5 @@ package com.neverpile.urlcrypto.config; -import static org.springframework.security.web.util.matcher.AntPathRequestMatcher.antMatcher; - import jakarta.servlet.RequestDispatcher; import jakarta.servlet.http.HttpServletRequest; @@ -16,6 +14,7 @@ import org.springframework.http.HttpMethod; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; import org.springframework.security.web.util.matcher.RequestMatcher; @@ -71,13 +70,13 @@ SecurityFilterChain psuFilterChain(HttpSecurity http) throws Exception { context.getAutowireCapableBeanFactory().autowireBean(psuFilter); if(!config.getCsrfEnabled()){ - http = http.csrf().disable(); + http.csrf(AbstractHttpConfigurer::disable); } // @formatter:off http.securityMatcher(new PSURequestedMatcher()) .addFilterBefore(psuFilter, BasicAuthenticationFilter.class) .authorizeHttpRequests(auth -> auth - .requestMatchers(antMatcher(HttpMethod.OPTIONS, "/*")).permitAll() + .requestMatchers(HttpMethod.OPTIONS, "/*").permitAll() .anyRequest().authenticated() ) ; diff --git a/src/test/java/com/neverpile/urlcrypto/springsecurity/AutoConfigTest.java b/src/test/java/com/neverpile/urlcrypto/springsecurity/AutoConfigTest.java index de861bb..79fc440 100644 --- a/src/test/java/com/neverpile/urlcrypto/springsecurity/AutoConfigTest.java +++ b/src/test/java/com/neverpile/urlcrypto/springsecurity/AutoConfigTest.java @@ -5,12 +5,11 @@ import org.junit.jupiter.api.Test; import org.springframework.boot.autoconfigure.AutoConfigurations; import org.springframework.boot.autoconfigure.logging.ConditionEvaluationReportLoggingListener; -import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration; -import org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration; +import org.springframework.boot.security.autoconfigure.SecurityAutoConfiguration; +import org.springframework.boot.security.autoconfigure.web.servlet.ServletWebSecurityAutoConfiguration; +import org.springframework.boot.webmvc.autoconfigure.WebMvcAutoConfiguration; import org.springframework.boot.test.context.runner.ApplicationContextRunner; import org.springframework.boot.test.context.runner.WebApplicationContextRunner; -import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration; import com.neverpile.urlcrypto.UrlCryptoKit; import com.neverpile.urlcrypto.config.UrlCryptoAutoConfiguration; @@ -19,8 +18,7 @@ public class AutoConfigTest { private final WebApplicationContextRunner contextRunner = new WebApplicationContextRunner() // .withConfiguration(AutoConfigurations.of(UrlCryptoAutoConfiguration.class, // - // emulate @EnableWebSecurity annotation presence - WebSecurityConfiguration.class, AuthenticationConfiguration.class, SecurityAutoConfiguration.class, WebMvcAutoConfiguration.class)) // + SecurityAutoConfiguration.class, ServletWebSecurityAutoConfiguration.class, WebMvcAutoConfiguration.class)) // .withInitializer(new ConditionEvaluationReportLoggingListener()); @Test diff --git a/src/test/java/com/neverpile/urlcrypto/springsecurity/PreSignedUrlTest.java b/src/test/java/com/neverpile/urlcrypto/springsecurity/PreSignedUrlTest.java index e13abf7..4ef0e6a 100644 --- a/src/test/java/com/neverpile/urlcrypto/springsecurity/PreSignedUrlTest.java +++ b/src/test/java/com/neverpile/urlcrypto/springsecurity/PreSignedUrlTest.java @@ -2,6 +2,7 @@ import static java.nio.charset.StandardCharsets.UTF_8; import static org.assertj.core.api.Assertions.assertThat; +import static org.hamcrest.CoreMatchers.containsString; import static org.hamcrest.CoreMatchers.equalTo; import static org.hamcrest.CoreMatchers.not; import static org.springframework.web.util.UriUtils.decode; @@ -137,7 +138,10 @@ public void testThat_PSUTransportsCredentials() { .get(psu.getPath()) .then() .statusCode(200) - .body(equalTo("user/[ROLE_BAR, ROLE_FOO, ROLE_USER]")); + .body(containsString("user/")) + .body(containsString("ROLE_BAR")) + .body(containsString("ROLE_FOO")) + .body(containsString("ROLE_USER")); // @formatter:on } diff --git a/src/test/java/com/neverpile/urlcrypto/springsecurity/TestConfiguration.java b/src/test/java/com/neverpile/urlcrypto/springsecurity/TestConfiguration.java index 71774c6..fe29cb9 100644 --- a/src/test/java/com/neverpile/urlcrypto/springsecurity/TestConfiguration.java +++ b/src/test/java/com/neverpile/urlcrypto/springsecurity/TestConfiguration.java @@ -2,20 +2,14 @@ import org.springframework.boot.SpringBootConfiguration; import org.springframework.boot.autoconfigure.EnableAutoConfiguration; -import org.springframework.boot.autoconfigure.condition.ConditionalOnBean; -import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; -import org.springframework.boot.autoconfigure.security.SecurityProperties; import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Conditional; import org.springframework.context.annotation.Import; -import org.springframework.core.annotation.Order; import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; -import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.web.SecurityFilterChain;