fix: Test

Author: osahner

pom.xml

@@ -5,7 +5,7 @@
   <parent>
     <groupId>org.springframework.boot</groupId>
     <artifactId>spring-boot-starter-parent</artifactId>
-    <version>3.0.6</version>
+    <version>3.1.0</version>
     <relativePath/> <!-- lookup parent from repository -->
   </parent>
 

src/main/kotlin/osahner/config/WebConfig.kt

@@ -9,7 +9,6 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.config.http.SessionCreationPolicy
 import org.springframework.security.web.SecurityFilterChain
 import org.springframework.web.cors.CorsConfiguration
-import org.springframework.web.cors.CorsConfigurationSource
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource
 import osahner.security.*
 import osahner.service.AppAuthenticationManager
@@ -26,43 +25,45 @@ class WebConfig(
   @Bean
   @Throws(Exception::class)
   fun filterChain(http: HttpSecurity): SecurityFilterChain? {
-    return http
-      .cors().and()
-      .csrf().disable()
-      .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) // no sessions
-      .and()
-      .authorizeHttpRequests()
-      .requestMatchers("/api/**").permitAll()
-      .requestMatchers(HttpMethod.GET, "/actuator/health/**").permitAll()
-      .requestMatchers(HttpMethod.GET, "/actuator/info/**").permitAll()
-      .requestMatchers(HttpMethod.POST, "/login").permitAll()
-      .anyRequest().authenticated()
-      .and()
+    return http.cors { config ->
+      config.configurationSource(UrlBasedCorsConfigurationSource().also { cors ->
+        CorsConfiguration().apply {
+          allowedOrigins = listOf("*")
+          allowedMethods = listOf("POST", "PUT", "DELETE", "GET", "OPTIONS", "HEAD")
+          allowedHeaders = listOf(
+            "Authorization",
+            "Content-Type",
+            "X-Requested-With",
+            "Accept",
+            "Origin",
+            "Access-Control-Request-Method",
+            "Access-Control-Request-Headers"
+          )
+          exposedHeaders = listOf(
+            "Access-Control-Allow-Origin",
+            "Access-Control-Allow-Credentials",
+            "Authorization",
+            "Content-Disposition"
+          )
+          maxAge = 3600
+          cors.registerCorsConfiguration("/**", this)
+        }
+      })
+    }
+      .csrf { csrf -> csrf.disable() }
+      .sessionManagement { sessionManagement ->
+        sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+      }
+      .authorizeHttpRequests { authorizeRequests ->
+        authorizeRequests
+          .requestMatchers("/api/**").permitAll()
+          .requestMatchers(HttpMethod.GET, "/actuator/health/**").permitAll()
+          .requestMatchers(HttpMethod.GET, "/actuator/info/**").permitAll()
+          .requestMatchers(HttpMethod.POST, "/login").permitAll()
+          .anyRequest().authenticated()
+      }
       .addFilter(JWTAuthenticationFilter(authenticationManager, securityProperties, tokenProvider))
       .addFilter(JWTAuthorizationFilter(authenticationManager, securityProperties, tokenProvider))
       .build()
   }
-
-  @Bean
-  fun corsConfigurationSource(): CorsConfigurationSource = UrlBasedCorsConfigurationSource().also { cors ->
-    CorsConfiguration().apply {
-      allowedOrigins = listOf("*")
-      allowedMethods = listOf("POST", "PUT", "DELETE", "GET", "OPTIONS", "HEAD")
-      allowedHeaders = listOf(
-        "Authorization",
-        "Content-Type",
-        "X-Requested-With",
-        "Accept",
-        "Origin",
-        "Access-Control-Request-Method",
-        "Access-Control-Request-Headers"
-      )
-      exposedHeaders = listOf(
-        "Access-Control-Allow-Origin", "Access-Control-Allow-Credentials", "Authorization", "Content-Disposition"
-      )
-      maxAge = 3600
-      cors.registerCorsConfiguration("/**", this)
-    }
-  }
-
 }

src/main/resources/application.yaml

@@ -32,14 +32,15 @@ jwt-security:
   expiration-time: 365
 management:
   endpoints:
+    #enabled-by-default: false
     web:
-    exposure:
-      include: "health,info"
+      exposure:
+        include: "health,info,env"
 ---
 spring:
   jpa:
     hibernate:
-      ddl-auto: create-drop
+      ddl-auto: update
     properties:
       hibernate.show_sql: true
   config:

src/test/kotlin/osahner/AuthenticationTest.kt

@@ -185,14 +185,14 @@ internal class AuthenticationTest(
   @Test
   @Order(11)
   fun `ping restricted but delete user before`() {
-    val login = restTemplate.postForEntity<String>("/login", loginForm)
+    val login = restTemplate.postForEntity<String>("/login", loginForm2)
     val bearer = login.headers["authorization"]?.get(0).orEmpty()
     val headers = HttpHeaders()
     headers.contentType = MediaType.APPLICATION_JSON
     headers["Authorization"] = bearer
     val requestEntity = HttpEntity<String>(headers)
 
-    userRepository.deleteAll()
+    userRepository.deleteById(2)
     userRepository.flush()
 
     restTemplate.exchange("/api/v1/restricted", HttpMethod.GET, requestEntity, String::class.java).also {