Fix Spring Security deprecations after Spring Boot 3.3.8 upgrade (#169)

jbern0rd · web-flow · commit 3a2591f116f8 · 2025-03-07T15:11:14.000+01:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -12,6 +12,7 @@ All notable changes to this project will be documented in this file.
 ### Quality
 
 - Use no more `iexec-commons-poco` deprecated code in integration tests. (#163)
+- Fix Spring Security deprecations after Spring Boot 3.3.8 upgrade. (#169)
 
 ### Breaking API changes
 
diff --git a/src/main/java/com/iexec/blockchain/chain/IexecHubService.java b/src/main/java/com/iexec/blockchain/chain/IexecHubService.java
@@ -16,9 +16,9 @@
 
 package com.iexec.blockchain.chain;
 
-import com.iexec.common.worker.result.ResultUtils;
 import com.iexec.commons.poco.chain.*;
 import com.iexec.commons.poco.utils.BytesUtils;
+import com.iexec.commons.poco.utils.HashUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.stereotype.Service;
 import org.web3j.protocol.core.methods.response.TransactionReceipt;
@@ -64,11 +64,8 @@ public TransactionReceipt contribute(final String chainTaskId,
                                          final String workerpoolSignature,
                                          final String enclaveChallenge,
                                          final String enclaveSignature) throws Exception {
-        final String resultHash = ResultUtils.computeResultHash(chainTaskId, resultDigest);
-        final String resultSeal =
-                ResultUtils.computeResultSeal(credentials.getAddress(),
-                        chainTaskId,
-                        resultDigest);
+        final String resultHash = HashUtils.concatenateAndHash(chainTaskId, resultDigest);
+        final String resultSeal = HashUtils.concatenateAndHash(credentials.getAddress(), chainTaskId, resultDigest);
 
         return iexecHubContract
                 .contribute(
diff --git a/src/main/java/com/iexec/blockchain/chain/WebSocketBlockchainListener.java b/src/main/java/com/iexec/blockchain/chain/WebSocketBlockchainListener.java
@@ -72,10 +72,10 @@ public WebSocketBlockchainListener(final ChainConfig chainConfig, final SignerSe
     @Scheduled(fixedRate = 5000)
     private void run() throws ConnectException {
         if (newHeads != null && !newHeads.isDisposed()) {
-            log.debug("nothing to do");
             return;
         }
 
+        log.warn("web socket disconnection detected");
         webSocketService.connect();
 
         final Request<?, EthSubscribe> newHeadsRequest = new Request<>(
@@ -91,14 +91,14 @@ private void run() throws ConnectException {
     }
 
     private void processHead(final NewHeadsNotification event) throws IOException {
-        log.debug("processHead");
         final BigInteger blockNumber = Numeric.toBigInt(event.getParams().getResult().getNumber());
         lastSeenBlock.set(blockNumber.longValue());
         final BigInteger pendingTxCount = web3Client.ethGetTransactionCount(walletAddress,
                 DefaultBlockParameterName.PENDING).send().getTransactionCount();
         final BigInteger latestTxCount = web3Client.ethGetTransactionCount(walletAddress,
                 DefaultBlockParameterName.LATEST).send().getTransactionCount();
-        log.info("Transaction count [pending:{}, latest:{}]", pendingTxCount, latestTxCount);
+        log.info("Transaction count [block:{}, pending:{}, latest:{}]",
+                lastSeenBlock, pendingTxCount, latestTxCount);
         pendingTxGauge.set(pendingTxCount.longValue());
         latestTxGauge.set(latestTxCount.longValue());
     }
diff --git a/src/main/java/com/iexec/blockchain/security/WebSecurityConfigurationAdapter.java b/src/main/java/com/iexec/blockchain/security/WebSecurityConfigurationAdapter.java
@@ -20,6 +20,7 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.web.SecurityFilterChain;
 
 @Configuration
@@ -34,8 +35,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                     (or PUT/DELETE/PATCH) request with a valid CSRF token
                     Will eventually activate it later.
                 */
-                .csrf(csrf -> csrf.disable())
-                .cors(cors -> cors.and())
+                .csrf(AbstractHttpConfigurer::disable)
                 .authorizeHttpRequests(auth -> auth
                         .requestMatchers(
                                 "/swagger-ui.html",
