Upgrade to Spring Boot 3

pom.xml

@@ -11,17 +11,17 @@
 	<name>spring-custom-security</name>
 	<description>Demo project for Spring Boot</description>
 
-	<parent>
-		<groupId>org.springframework.boot</groupId>
-		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>1.4.7.RELEASE</version>
-		<relativePath/> <!-- lookup parent from repository -->
-	</parent>
+        <parent>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-starter-parent</artifactId>
+                <version>3.2.5</version>
+                <relativePath/> <!-- lookup parent from repository -->
+        </parent>
 
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
-		<java.version>1.8</java.version>
+                <java.version>17</java.version>
 	</properties>
 
 	<dependencies>

src/main/java/in/ravikalla/security/config/CustomAuthenticationFilter.java

@@ -4,10 +4,10 @@
 import java.util.HashSet;
 import java.util.Set;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

src/main/java/in/ravikalla/security/config/CustomBasicAuthenticationEntryPoint.java

@@ -6,9 +6,9 @@
 import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
 import org.springframework.stereotype.Component;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.io.PrintWriter;
 

src/main/java/in/ravikalla/security/config/HttpHeaderModificationConfig.java

@@ -5,15 +5,15 @@
 import java.util.Enumeration;
 import java.util.List;
 
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.FilterConfig;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequestWrapper;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

src/main/java/in/ravikalla/security/config/SecurityConfiguration.java

@@ -3,18 +3,23 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 
-@EnableGlobalMethodSecurity(prePostEnabled = true)
+import in.ravikalla.security.config.CustomBasicAuthenticationEntryPoint;
+import in.ravikalla.security.config.CustomAuthenticationProvider;
+
+@EnableMethodSecurity(prePostEnabled = true)
 @EnableWebSecurity
 @Configuration
-public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
+public class SecurityConfiguration {
 
 	private Logger logger = LoggerFactory.getLogger(SecurityConfiguration.class);
 
@@ -26,28 +31,29 @@ public void setCustomBasicAuthenticationEntryPoint(CustomBasicAuthenticationEntr
 
 	@Autowired
     private CustomAuthenticationProvider demoAuthenticationProvider;
-	public void setDemoAuthenticationProvider(CustomAuthenticationProvider demoAuthenticationProvider) {
-		this.demoAuthenticationProvider = demoAuthenticationProvider;
-	}
-
-    @Override
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-    	auth.authenticationProvider(demoAuthenticationProvider);
+        public void setDemoAuthenticationProvider(CustomAuthenticationProvider demoAuthenticationProvider) {
+                this.demoAuthenticationProvider = demoAuthenticationProvider;
+        }
+
+    @Bean
+    public AuthenticationManager authenticationManager(HttpSecurity http) throws Exception {
+        AuthenticationManagerBuilder builder = http.getSharedObject(AuthenticationManagerBuilder.class);
+        builder.authenticationProvider(demoAuthenticationProvider);
+        return builder.build();
     }
 
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-
-    	logger.info("43 : Start : SecurityConfiguration.configure(...)");
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        logger.info("43 : Start : SecurityConfiguration.filterChain(...)");
 
-        http.csrf().disable();
-        http.authorizeRequests().antMatchers("**/secured/**").permitAll()
-        .anyRequest().authenticated()
-        .and()
-        .httpBasic()
-        .authenticationEntryPoint(customBasicAuthenticationEntryPoint);
+        http.csrf(csrf -> csrf.disable());
+        http.authorizeHttpRequests(auth -> auth
+                .requestMatchers("**/secured/**").permitAll()
+                .anyRequest().authenticated());
+        http.httpBasic(basic -> basic.authenticationEntryPoint(customBasicAuthenticationEntryPoint));
         http.addFilterBefore(new CustomAuthenticationFilter(), BasicAuthenticationFilter.class);
 
-        logger.info("53 : End : SecurityConfiguration.configure(...)");
+        logger.info("53 : End : SecurityConfiguration.filterChain(...)");
+        return http.build();
     }
 }

src/main/java/in/ravikalla/security/config/SecurityInterceptor.java

@@ -1,14 +1,14 @@
 package in.ravikalla.security.config;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.web.servlet.ModelAndView;
-import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
+import org.springframework.web.servlet.HandlerInterceptor;
 
-public class SecurityInterceptor extends HandlerInterceptorAdapter {
+public class SecurityInterceptor implements HandlerInterceptor {
 
 	private Logger logger = LoggerFactory.getLogger(SecurityInterceptor.class);
 

src/test/java/in/ravikalla/security/SecurityApplicationTests.java

@@ -4,16 +4,16 @@
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
-import javax.servlet.http.Cookie;
+import jakarta.servlet.http.Cookie;
 
-import org.junit.Test;
-import org.junit.runner.RunWith;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.test.context.junit4.SpringRunner;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
 import org.springframework.test.web.servlet.result.MockMvcResultHandlers;
@@ -23,7 +23,7 @@
 import static in.ravikalla.security.util.Constants.CUSTOM_HEADER_NAME;
 import static in.ravikalla.security.util.Constants.METHOD_HEADER_LOOKUP;
 
-@RunWith(SpringRunner.class)
+@ExtendWith(SpringExtension.class)
 @SpringBootTest
 @AutoConfigureMockMvc
 public class SecurityApplicationTests {