upgrade to spring boot 3.3

src/main/java/com/bfwg/config/WebSecurityConfig.java

@@ -1,13 +1,15 @@
 package com.bfwg.config;
 
+import static org.springframework.security.web.util.matcher.AntPathRequestMatcher.antMatcher;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
-import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
@@ -27,7 +29,7 @@
 
 @Configuration
 @EnableWebSecurity
-@EnableGlobalMethodSecurity(prePostEnabled = true)
+@EnableMethodSecurity(prePostEnabled = true)
 public class WebSecurityConfig {
 
  @Autowired
@@ -56,46 +58,45 @@ public AuthenticationManager authenticationManager(AuthenticationConfiguration a
 
  @Bean
  public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+
  http
- .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
- .exceptionHandling().authenticationEntryPoint(restAuthenticationEntryPoint).and()
- .authorizeRequests()
- .antMatchers(
- HttpMethod.GET,
- "/",
- "/auth/**",
- "/webjars/**",
- "/*.html",
- "/favicon.ico",
- "/**/*.html",
- "/**/*.css",
- "/**/*.js")
- .permitAll()
- .antMatchers("/auth/**").permitAll()
- .anyRequest().authenticated().and()
  .addFilterBefore(new TokenAuthenticationFilter(tokenHelper, jwtUserDetailsService),
- BasicAuthenticationFilter.class);
+ BasicAuthenticationFilter.class)
+ .authorizeHttpRequests(authorize -> authorize
+ .requestMatchers(
+ antMatcher(HttpMethod.GET, "/"),
+ antMatcher(HttpMethod.GET, "/auth/**"),
+ antMatcher(HttpMethod.GET, "/webjars/**"),
+ antMatcher(HttpMethod.GET, "/*.html"),
+ antMatcher(HttpMethod.GET, "/favicon.ico"),
+ antMatcher(HttpMethod.GET, "/**/*.html"),
+ antMatcher(HttpMethod.GET, "/**/*.css"),
+ antMatcher(HttpMethod.GET, "/**/*.js"))
+ .permitAll()
+ .requestMatchers("/auth/**").permitAll()
+ .anyRequest().authenticated())
+ .sessionManagement(sec -> sec.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+ .exceptionHandling(
+ exceptionHandler -> exceptionHandler.authenticationEntryPoint(restAuthenticationEntryPoint))
+ .csrf(csrf -> csrf.disable());
 
- http.csrf().disable();
  return http.build();
  }
 
  @Bean
  public WebSecurityCustomizer webSecurityCustomizer() {
  // TokenAuthenticationFilter will ignore the below paths
  return (web) -> {
- web.ignoring().antMatchers(
- HttpMethod.POST,
- "/auth/login");
- web.ignoring().antMatchers(
- HttpMethod.GET,
- "/",
- "/webjars/**",
- "/*.html",
- "/favicon.ico",
- "/**/*.html",
- "/**/*.css",
- "/**/*.js");
+ web.ignoring()
+ .requestMatchers(HttpMethod.POST, "/auth/login")
+ .requestMatchers(
+ antMatcher(HttpMethod.GET, "/"),
+ antMatcher(HttpMethod.GET, "/webjars/**"),
+ antMatcher(HttpMethod.GET, "/*.html"),
+ antMatcher(HttpMethod.GET, "/favicon.ico"),
+ antMatcher(HttpMethod.GET, "/**/*.html"),
+ antMatcher(HttpMethod.GET, "/**path/*.css"),
+ antMatcher(HttpMethod.GET, "/**path/*.js"));
  };
  }
 }

src/main/java/com/bfwg/model/Authority.java

@@ -1,48 +1,56 @@
 package com.bfwg.model;
 
-import com.fasterxml.jackson.annotation.JsonIgnore;
 import org.springframework.security.core.GrantedAuthority;
 
-import javax.persistence.*;
+import com.fasterxml.jackson.annotation.JsonIgnore;
+
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.EnumType;
+import jakarta.persistence.Enumerated;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.GenerationType;
+import jakarta.persistence.Id;
+import jakarta.persistence.Table;
 
 /**
  * Created by fan.jin on 2016-11-03.
  */
 
 @Entity
-@Table(name="AUTHORITY")
+@Table(name = "AUTHORITY")
 public class Authority implements GrantedAuthority {
 
- @Id
- @Column(name="id")
- @GeneratedValue(strategy = GenerationType.IDENTITY)
- Long id;
-
- @Enumerated( EnumType.STRING)
- @Column(name="name")
- UserRoleName name;
-
- @Override
- public String getAuthority() {
- return name.name();
- }
-
- public void setName(UserRoleName name) {
- this.name = name;
- }
-
- @JsonIgnore
- public UserRoleName getName() {
- return name;
- }
-
- @JsonIgnore
- public Long getId() {
- return id;
- }
-
- public void setId(Long id) {
- this.id = id;
- }
+ @Id
+ @Column(name = "id")
+ @GeneratedValue(strategy = GenerationType.IDENTITY)
+ Long id;
+
+ @Enumerated(EnumType.STRING)
+ @Column(name = "name")
+ UserRoleName name;
+
+ @Override
+ public String getAuthority() {
+ return name.name();
+ }
+
+ public void setName(UserRoleName name) {
+ this.name = name;
+ }
+
+ @JsonIgnore
+ public UserRoleName getName() {
+ return name;
+ }
+
+ @JsonIgnore
+ public Long getId() {
+ return id;
+ }
+
+ public void setId(Long id) {
+ this.id = id;
+ }
 
 }

src/main/java/com/bfwg/model/User.java

@@ -4,23 +4,23 @@
 import java.util.Collection;
 import java.util.List;
 
-import javax.persistence.CascadeType;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.FetchType;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.JoinColumn;
-import javax.persistence.JoinTable;
-import javax.persistence.ManyToMany;
-import javax.persistence.Table;
-
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
 
 import com.fasterxml.jackson.annotation.JsonIgnore;
 
+import jakarta.persistence.CascadeType;
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.FetchType;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.GenerationType;
+import jakarta.persistence.Id;
+import jakarta.persistence.JoinColumn;
+import jakarta.persistence.JoinTable;
+import jakarta.persistence.ManyToMany;
+import jakarta.persistence.Table;
+
 /**
  * Created by fan.jin on 2016-10-15.
  */

src/main/java/com/bfwg/rest/AuthenticationController.java

@@ -5,14 +5,10 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
-import org.springframework.mobile.device.Device;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@@ -24,13 +20,15 @@
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import com.bfwg.common.DeviceProvider;
 import com.bfwg.model.User;
 import com.bfwg.model.UserTokenState;
 import com.bfwg.security.TokenHelper;
 import com.bfwg.security.auth.JwtAuthenticationRequest;
 import com.bfwg.service.UserService;
 
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
 /**
  * Created by fan.jin on 2017-05-10.
  */
@@ -49,14 +47,10 @@ public class AuthenticationController {
  @Autowired
  private UserService userService;
 
- @Autowired
- private DeviceProvider deviceProvider;
-
  @PostMapping("/login")
  public ResponseEntity<?> createAuthenticationToken(
  @RequestBody JwtAuthenticationRequest authenticationRequest,
- HttpServletResponse response,
- Device device) throws AuthenticationException, IOException {
+ HttpServletResponse response) throws AuthenticationException, IOException {
 
  // Perform the security
  final Authentication authentication = authenticationManager.authenticate(
@@ -69,8 +63,8 @@ public ResponseEntity<?> createAuthenticationToken(
 
  // token creation
  User user = (User) authentication.getPrincipal();
- String jws = tokenHelper.generateToken(user.getUsername(), device);
- int expiresIn = tokenHelper.getExpiredIn(device);
+ String jws = tokenHelper.generateToken(user.getUsername());
+ int expiresIn = tokenHelper.getExpiredIn();
  // Return the token
  return ResponseEntity.ok(new UserTokenState(jws, expiresIn));
  }
@@ -83,13 +77,11 @@ public ResponseEntity<?> refreshAuthenticationToken(
 
  String authToken = tokenHelper.getToken(request);
 
- Device device = deviceProvider.getCurrentDevice(request);
-
  if (authToken != null && principal != null) {
 
  // TODO check user password last update
- String refreshedToken = tokenHelper.refreshToken(authToken, device);
- int expiresIn = tokenHelper.getExpiredIn(device);
+ String refreshedToken = tokenHelper.refreshToken(authToken);
+ int expiresIn = tokenHelper.getExpiredIn();
 
  return ResponseEntity.ok(new UserTokenState(refreshedToken, expiresIn));
  } else {