Add Spring Security to the all apps (#253)

* Update Spring Boot to 3.4.4

* Add Spring Security.
Add test to increase coverage.

Author: mfvanek

build.gradle.kts

@@ -9,7 +9,7 @@ description = "Experiments with Java"
 
 allprojects {
     group = "io.github.mfvanek"
-    version = "0.3.2"
+    version = "0.3.3"
 
     repositories {
         mavenLocal()

buildSrc/src/main/kotlin/sb-ot-demo.java-conventions.gradle.kts

@@ -119,28 +119,28 @@ tasks {
                 limit {
                     counter = "METHOD"
                     value = "MISSEDCOUNT"
-                    maximum = "3.0".toBigDecimal()
+                    maximum = "2.0".toBigDecimal()
                 }
             }
             rule {
                 limit {
                     counter = "LINE"
                     value = "MISSEDCOUNT"
-                    maximum = "10.0".toBigDecimal()
+                    maximum = "7.0".toBigDecimal()
                 }
             }
             rule {
                 limit {
                     counter = "INSTRUCTION"
                     value = "COVEREDRATIO"
-                    minimum = "0.90".toBigDecimal()
+                    minimum = "0.93".toBigDecimal()
                 }
             }
             rule {
                 limit {
                     counter = "BRANCH"
                     value = "COVEREDRATIO"
-                    minimum = "0.65".toBigDecimal()
+                    minimum = "0.66".toBigDecimal()
                 }
             }
         }

settings.gradle.kts

@@ -7,7 +7,7 @@ include("db-migrations")
 dependencyResolutionManagement {
     versionCatalogs {
         create("libs") {
-            val springBoot3Version = version("spring-boot-v3", "3.3.9")
+            val springBoot3Version = version("spring-boot-v3", "3.4.4")
             plugin("spring-boot-v3", "org.springframework.boot")
                 .versionRef(springBoot3Version)
             library("spring-boot-v3-dependencies", "org.springframework.boot", "spring-boot-dependencies")

spring-boot-2-demo-app/build.gradle.kts

@@ -18,6 +18,7 @@ dependencies {
     implementation("org.springframework.boot:spring-boot-starter-web")
     implementation("org.springframework.boot:spring-boot-starter-webflux")
     implementation("org.springframework.boot:spring-boot-starter-actuator")
+    implementation("org.springframework.boot:spring-boot-starter-security")
     implementation("io.micrometer:micrometer-registry-prometheus")
     implementation("org.springdoc:springdoc-openapi-ui")
 

spring-boot-2-demo-app/src/main/java/io/github/mfvanek/spring/boot2/test/config/SecurityConfig.java

@@ -0,0 +1,26 @@
+/*
+ * Copyright (c) 2020-2025. Ivan Vakhrushev and others.
+ * https://github.com/mfvanek/spring-boot-open-telemetry-demo
+ *
+ * Licensed under the Apache License 2.0
+ */
+
+package io.github.mfvanek.spring.boot2.test.config;
+
+import lombok.SneakyThrows;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration(proxyBeanMethods = false)
+public class SecurityConfig {
+
+    @Bean
+    @SneakyThrows
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) {
+        http.authorizeHttpRequests(authorize ->
+            authorize.anyRequest().permitAll());
+        return http.build();
+    }
+}

spring-boot-2-demo-app/src/test/java/io/github/mfvanek/spring/boot2/test/controllers/RedirectControllerTest.java

@@ -0,0 +1,32 @@
+/*
+ * Copyright (c) 2020-2025. Ivan Vakhrushev and others.
+ * https://github.com/mfvanek/spring-boot-open-telemetry-demo
+ *
+ * Licensed under the Apache License 2.0
+ */
+
+package io.github.mfvanek.spring.boot2.test.controllers;
+
+import io.github.mfvanek.spring.boot2.test.support.TestBase;
+import org.junit.jupiter.api.Test;
+
+import static io.github.mfvanek.spring.boot2.test.filters.TraceIdInResponseServletFilter.TRACE_ID_HEADER_NAME;
+import static org.assertj.core.api.Assertions.assertThat;
+
+class RedirectControllerTest extends TestBase {
+
+    @Test
+    void redirectShouldWork() {
+        final Object result = webTestClient.get()
+            .uri("/redirect")
+            .exchange()
+            .expectStatus().isEqualTo(303)
+            .expectHeader().exists(TRACE_ID_HEADER_NAME)
+            .expectHeader().location("https://www.google.com")
+            .expectBody(Object.class)
+            .returnResult()
+            .getResponseBody();
+        assertThat(result)
+            .isNull();
+    }
+}

spring-boot-3-demo-app/build.gradle.kts

@@ -8,13 +8,14 @@ plugins {
 
 dependencies {
     implementation(platform(project(":common-internal-bom")))
-    implementation(platform("org.springdoc:springdoc-openapi:2.6.0"))
+    implementation(platform("org.springdoc:springdoc-openapi:2.8.6"))
     implementation(platform(libs.spring.boot.v3.dependencies))
-    implementation(platform("org.springframework.cloud:spring-cloud-dependencies:2023.0.5"))
+    implementation(platform("org.springframework.cloud:spring-cloud-dependencies:2024.0.1"))
 
     implementation("org.springframework.boot:spring-boot-starter-web")
     implementation("org.springframework.boot:spring-boot-starter-webflux")
     implementation("org.springframework.boot:spring-boot-starter-actuator")
+    implementation("org.springframework.boot:spring-boot-starter-security")
     implementation("io.micrometer:micrometer-registry-prometheus")
     implementation("org.springdoc:springdoc-openapi-starter-webmvc-ui")
 
@@ -29,7 +30,7 @@ dependencies {
     implementation(project(":db-migrations"))
     implementation("org.liquibase:liquibase-core")
     implementation("com.github.blagerweij:liquibase-sessionlock")
-    implementation("net.ttddyy.observation:datasource-micrometer-spring-boot:1.0.6")
+    implementation("net.ttddyy.observation:datasource-micrometer-spring-boot:1.1.0")
     implementation("net.logstash.logback:logstash-logback-encoder:8.0")
 
     testImplementation("org.springframework.boot:spring-boot-starter-test")

spring-boot-3-demo-app/src/main/java/io/github/mfvanek/spring/boot3/test/config/OpenTelemetryConfig.java

@@ -9,8 +9,8 @@
 
 import io.opentelemetry.exporter.otlp.trace.OtlpGrpcSpanExporter;
 import io.opentelemetry.exporter.otlp.trace.OtlpGrpcSpanExporterBuilder;
-import org.springframework.boot.actuate.autoconfigure.tracing.otlp.OtlpAutoConfiguration;
-import org.springframework.boot.actuate.autoconfigure.tracing.otlp.OtlpProperties;
+import org.springframework.boot.actuate.autoconfigure.tracing.otlp.OtlpTracingAutoConfiguration;
+import org.springframework.boot.actuate.autoconfigure.tracing.otlp.OtlpTracingProperties;
 import org.springframework.boot.autoconfigure.AutoConfigureBefore;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.context.annotation.Bean;
@@ -19,17 +19,17 @@
 import java.util.Locale;
 import javax.annotation.Nonnull;
 
-@AutoConfigureBefore(OtlpAutoConfiguration.class)
+@AutoConfigureBefore(OtlpTracingAutoConfiguration.class)
 @Configuration(proxyBeanMethods = false)
 class OpenTelemetryConfig {
 
-    // Waiting for https://github.com/spring-projects/spring-boot/pull/41213
     @Bean
     @ConditionalOnMissingBean(OtlpGrpcSpanExporter.class)
-    OtlpGrpcSpanExporter otelJaegerGrpcSpanExporter(@Nonnull final OtlpProperties otlpProperties) {
+    OtlpGrpcSpanExporter otelJaegerGrpcSpanExporter(@Nonnull final OtlpTracingProperties otlpProperties) {
         final OtlpGrpcSpanExporterBuilder builder = OtlpGrpcSpanExporter.builder()
             .setEndpoint(otlpProperties.getEndpoint())
             .setTimeout(otlpProperties.getTimeout())
+            .setConnectTimeout(otlpProperties.getConnectTimeout())
             .setCompression(String.valueOf(otlpProperties.getCompression()).toLowerCase(Locale.ROOT));
         otlpProperties.getHeaders().forEach(builder::addHeader);
         return builder.build();

spring-boot-3-demo-app/src/main/java/io/github/mfvanek/spring/boot3/test/config/SecurityConfig.java

@@ -0,0 +1,26 @@
+/*
+ * Copyright (c) 2020-2025. Ivan Vakhrushev and others.
+ * https://github.com/mfvanek/spring-boot-open-telemetry-demo
+ *
+ * Licensed under the Apache License 2.0
+ */
+
+package io.github.mfvanek.spring.boot3.test.config;
+
+import lombok.SneakyThrows;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration(proxyBeanMethods = false)
+public class SecurityConfig {
+
+    @Bean
+    @SneakyThrows
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) {
+        http.authorizeHttpRequests(authorize ->
+            authorize.anyRequest().permitAll());
+        return http.build();
+    }
+}

spring-boot-3-demo-app/src/main/resources/application.yml

@@ -59,31 +59,32 @@ management:
     server:
         port: 8085
     endpoints:
-        enabled-by-default: false
         web:
             exposure.include: '*'
             cors:
                 allowed-methods: '*'
                 allowed-origins: '*'
                 allowed-headers: '*'
+        access:
+            default: read_only
     endpoint:
         health:
-            enabled: true
             probes.enabled: true
             group:
                 readiness:
                     include: readinessState, db
                     additional-path: server:/readyz # In order to collect probes from application main port
+            access: read_only
         prometheus:
-            enabled: true
+            access: read_only
         liquibase:
-            enabled: true
+            access: read_only
         info:
-            enabled: true
+            access: read_only
         threaddump:
-            enabled: true
+            access: read_only
         heapdump:
-            enabled: true
+            access: read_only
     metrics:
         distribution:
             percentiles-histogram:
@@ -111,6 +112,10 @@ management:
                 - w3c
         sampling:
             probability: 1.0
+    observations:
+        enable:
+            spring:
+                security: false
     otlp:
         tracing:
             endpoint: http://localhost:4317