spring boot 3.1 migration - taking care of deprecated methods + using…

… rewrite-maven-plugin

pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>3.1.0</version>
+        <version>3.1.4</version>
         <relativePath/> <!-- lookup parent from repository -->
     </parent>
 

src/main/java/gt/app/config/security/SecurityConfig.java

@@ -4,23 +4,31 @@
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
+
+import java.util.stream.Stream;
+
+import static org.springframework.security.web.util.matcher.AntPathRequestMatcher.antMatcher;
 
 @EnableWebSecurity
 @Configuration
 @RequiredArgsConstructor
+@EnableMethodSecurity(securedEnabled = true, jsr250Enabled = true)
 public class SecurityConfig {
 
     private static final String[] AUTH_WHITELIST = {
         "/swagger-resources/**",
         "/v3/api-docs/**",
-        "/h2-console/**",
         "/webjars/**",
         "/static/**",
         "/error/**",
@@ -30,13 +38,17 @@ public class SecurityConfig {
         "/" //landing page is allowed for all
     };
 
+
     @Bean
-    protected SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+    protected SecurityFilterChain filterChain(HttpSecurity http, HandlerMappingIntrospector introspector) throws Exception {
+        var mvcH2Console = new MvcRequestMatcher.Builder(introspector).servletPath("/h2-console");
         http.headers(h -> h.frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin))
-            .authorizeHttpRequests(ah -> ah.requestMatchers(AUTH_WHITELIST).permitAll()
-                .requestMatchers("/admin/**").hasAuthority(Constants.ROLE_ADMIN)
-                .requestMatchers("/user/**").hasAuthority(Constants.ROLE_USER)
-                .requestMatchers("/api/**").authenticated()//individual api will be secured differently
+            .authorizeHttpRequests(ah -> ah
+                .requestMatchers(Stream.of(AUTH_WHITELIST).map(AntPathRequestMatcher::antMatcher).toList().toArray(new AntPathRequestMatcher[0])).permitAll()
+                .requestMatchers(mvcH2Console.pattern("/**")).permitAll()
+                .requestMatchers(antMatcher("/admin/**")).hasAuthority(Constants.ROLE_ADMIN)
+                .requestMatchers(antMatcher("/user/**")).hasAuthority(Constants.ROLE_USER)
+                .requestMatchers(antMatcher("/api/**")).authenticated()//individual api will be secured differently
                 .anyRequest().authenticated())
             .csrf(AbstractHttpConfigurer::disable)
             .formLogin(f -> f.loginProcessingUrl("/auth/login")

src/main/resources/application-dev.yml

@@ -15,7 +15,9 @@ spring:
     mvc:
         static-path-pattern: /static/**
     jpa:
-        show-sql: true
+        show-sql: false
+    datasource:
+        url: jdbc:h2:mem:testdb
     h2:
         console:
             enabled: true #Access from http://localhost:8080/h2-console/

src/main/resources/application.yml

@@ -27,7 +27,7 @@ logging.level:
     org.springframework.security: INFO
     org.springframework.security.web: INFO
     org.hibernate: INFO
-    ROOT: WARN
+    ROOT: INFO
     gt: DEBUG