Merge pull request #27 from devondragon/issue-20-Upgrade_to_SpringBoo…

…t_3_1_x

Issue 20 upgrade to spring boot 3 1 x

build.gradle

@@ -1,7 +1,9 @@
 plugins {
   id 'java'
-  id 'org.springframework.boot' version '3.0.8'
-  id 'io.spring.dependency-management' version '1.1.0'
+  id 'org.springframework.boot' version '3.1.3'
+  id 'io.spring.dependency-management' version '1.1.3'
+  id "com.github.ben-manes.versions" version "0.48.0"
+
 }
 
 group = 'com.digitalsanctuary.spring'
@@ -38,16 +40,16 @@ dependencies {
     implementation 'org.springframework.boot:spring-boot-starter-security'
     implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
     implementation 'org.springframework.boot:spring-boot-starter-web'
-    implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity6:3.1.1.RELEASE'
+    implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity6:3.1.2.RELEASE'
     implementation 'nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect'
 
     // Other dependencies
     runtimeOnly 'org.springframework.boot:spring-boot-devtools'
     // runtimeOnly 'io.micrometer:micrometer-registry-new-relic'
     runtimeOnly 'org.mariadb.jdbc:mariadb-java-client'
     runtimeOnly 'org.postgresql:postgresql'
-    implementation 'org.passay:passay:1.6.2'
-    implementation 'com.google.guava:guava:31.1-jre'
+    implementation 'org.passay:passay:1.6.3'
+    implementation 'com.google.guava:guava:32.1.2-jre'
     implementation 'org.springframework.boot:spring-boot-starter-actuator'
 
     compileOnly 'javax.validation:validation-api:2.0.1.Final'

gradle/wrapper/gradle-wrapper.properties

@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.1.1-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.3-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

src/main/java/com/digitalsanctuary/spring/user/util/WebSecurityConfig.java

@@ -151,32 +151,30 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
 
 		// Configure authorization rules based on the default action
 		if (DEFAULT_ACTION_DENY.equals(getDefaultAction())) {
-			// Allow access to unprotected URIs and require authentication for all other
-			// requests
-			http.authorizeHttpRequests().requestMatchers(unprotectedURIs.toArray(new String[0])).permitAll().anyRequest().authenticated();
+			// Allow access to unprotected URIs and require authentication for all other requests
+			http.authorizeHttpRequests((authorize) -> authorize.requestMatchers(unprotectedURIsArray).permitAll().anyRequest().authenticated());
 		} else if (DEFAULT_ACTION_ALLOW.equals(getDefaultAction())) {
-			// Require authentication for protected URIs and allow access to all other
-			// requests
-			http.authorizeHttpRequests().requestMatchers(protectedURIsArray).authenticated().requestMatchers("/**").permitAll();
+			// Require authentication for protected URIs and allow access to all other requests
+			http.authorizeHttpRequests((authorize) -> authorize.requestMatchers(protectedURIsArray).authenticated().anyRequest().permitAll());
 		} else {
 			// Log an error and deny access to all resources if the default action is not set correctly
 			log.error(
 					"WebSecurityConfig.configure: user.security.defaultAction must be set to either {} or {}!!!  Denying access to all resources to force intentional configuration.",
 					DEFAULT_ACTION_ALLOW, DEFAULT_ACTION_DENY);
-			http.authorizeHttpRequests().anyRequest().denyAll();
+			http.authorizeHttpRequests((authorize) -> authorize.anyRequest().denyAll());
 		}
 
 		return http.build();
 	}
 
 	private void setupOAuth2(HttpSecurity http, CustomOAuth2AuthenticationEntryPoint loginAuthenticationEntryPoint) throws Exception {
-		http.oauth2Login(o -> o.loginPage(loginPageURI).successHandler(loginSuccessService).failureHandler((request, response, exception) -> {
-			log.error("WebSecurityConfig.configure: OAuth2 login failure: {}", exception.getMessage());
-			request.getSession().setAttribute("error.message", exception.getMessage());
-			response.sendRedirect(loginPageURI);
-			// handler.onAuthenticationFailure(request, response, exception);
-		}).userInfoEndpoint().userService(dsOAuth2UserService)).userDetailsService(userDetailsService)
-				.exceptionHandling(handling -> handling.authenticationEntryPoint(loginAuthenticationEntryPoint));
+		http.exceptionHandling(handling -> handling.authenticationEntryPoint(loginAuthenticationEntryPoint))
+				.oauth2Login(o -> o.loginPage(loginPageURI).successHandler(loginSuccessService).failureHandler((request, response, exception) -> {
+					log.error("WebSecurityConfig.configure: OAuth2 login failure: {}", exception.getMessage());
+					request.getSession().setAttribute("error.message", exception.getMessage());
+					response.sendRedirect(loginPageURI);
+					// handler.onAuthenticationFailure(request, response, exception);
+				}).userInfoEndpoint(userInfo -> userInfo.userService(dsOAuth2UserService)));
 	}
 
 	@Bean

src/main/resources/application.yml

@@ -58,7 +58,7 @@ spring:
     properties:
       hibernate:
         dialect: org.hibernate.dialect.MariaDBDialect
-        globally_quoted_identifiers: false
+        "[globally_quoted_identifiers]": false
     show-sql: 'false'
   application:
     name: User Framework
@@ -109,17 +109,17 @@ user:
   copyrightFirstYear: 2020
 
   roles-and-privileges:
-    ROLE_ADMIN:
+    "[ROLE_ADMIN]":
       - ADMIN_PRIVILEGE
       - INVITE_USER_PRIVILEGE
       - READ_USER_PRIVILEGE
       - ASSIGN_MANAGER_PRIVILEGE
       - RESET_ANY_USER_PASSWORD_PRIVILEGE
-    ROLE_MANAGER:
+    "[ROLE_MANAGER]":
       - ADD_USER_TO_TEAM_PRIVILEGE
       - REMOVE_USER_FROM_TEAM_PRIVILEGE
       - RESET_TEAM_PASSWORD_PRIVILEGE
-    ROLE_USER:
+    "[ROLE_USER]":
       - LOGIN_PRIVILEGE
       - UPDATE_OWN_USER_PRIVILEGE
       - RESET_OWN_PASSWORD_PRIVILEGE