Adapt to changes in Spring Boot 4.0 and Spring Security 7.

See #693

Author: mp911de

rest/headers/src/test/java/example/springdata/rest/headers/WebIntegrationTests.java

@@ -1,11 +1,11 @@
 /*
- * Copyright 2015-2021 the original author or authors.
+ * Copyright 2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      https://www.apache.org/licenses/LICENSE-2.0
+ *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
@@ -27,7 +27,6 @@
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.restdocs.JUnitRestDocumentation;
 import org.springframework.restdocs.RestDocumentationContextProvider;
 import org.springframework.restdocs.RestDocumentationExtension;
 import org.springframework.restdocs.mockmvc.MockMvcRestDocumentation;
@@ -42,51 +41,47 @@
  */
 @SpringBootTest
 @ExtendWith(RestDocumentationExtension.class)
-public class WebIntegrationTests {
+class WebIntegrationTests {
 
-    public final JUnitRestDocumentation restDocumentation = new JUnitRestDocumentation();
+	@Autowired WebApplicationContext context;
+	@Autowired CustomerRepository customers;
 
-    @Autowired
-    WebApplicationContext context;
-    @Autowired
-    CustomerRepository customers;
+	private MockMvc mvc;
 
-    private MockMvc mvc;
+	@BeforeEach
+	void setUp(RestDocumentationContextProvider restDocumentation) {
 
-    @BeforeEach
-    public void setUp(RestDocumentationContextProvider restDocumentation) {
+		this.mvc = MockMvcBuilders.webAppContextSetup(context).//
+				apply(MockMvcRestDocumentation.documentationConfiguration(restDocumentation)).//
+				build();
+	}
 
-        this.mvc = MockMvcBuilders.webAppContextSetup(context).//
-                apply(MockMvcRestDocumentation.documentationConfiguration(restDocumentation)).//
-                build();
-    }
+	@Test
+	void executeConditionalGetRequests() throws Exception {
 
-    @Test
-    public void executeConditionalGetRequests() throws Exception {
+		var customer = customers.findAll().iterator().next();
+		var uri = new UriTemplate("/customers/{id}").expand(customer.getId());
 
-        var customer = customers.findAll().iterator().next();
-        var uri = new UriTemplate("/customers/{id}").expand(customer.getId());
+		var response = mvc.perform(get(uri)).//
+				andExpect(header().string(ETAG, is(notNullValue()))).//
+				andExpect(header().string(LAST_MODIFIED, is(notNullValue()))).//
+				andReturn().getResponse();
 
-        var response = mvc.perform(get(uri)).//
-                andExpect(header().string(ETAG, is(notNullValue()))).//
-                andExpect(header().string(LAST_MODIFIED, is(notNullValue()))).//
-                andReturn().getResponse();
+		// ETag-based
 
-        // ETag-based
+		response = mvc.perform(get(uri).header(IF_NONE_MATCH, response.getHeader(ETAG))).//
+				andExpect(status().isNotModified()).//
+				andExpect(header().string(ETAG, is(notNullValue()))).//
+				andExpect(header().string(LAST_MODIFIED, is(notNullValue()))).//
+				andDo(document("if-none-match")).//
+				andReturn().getResponse();
 
-        response = mvc.perform(get(uri).header(IF_NONE_MATCH, response.getHeader(ETAG))).//
-                andExpect(status().isNotModified()).//
-                andExpect(header().string(ETAG, is(notNullValue()))).//
-                andExpect(header().string(LAST_MODIFIED, is(notNullValue()))).//
-                andDo(document("if-none-match")).//
-                andReturn().getResponse();
+		// Last-modified-based
 
-        // Last-modified-based
-
-        mvc.perform(get(uri).header(IF_MODIFIED_SINCE, response.getHeader(LAST_MODIFIED))).//
-                andExpect(status().isNotModified()).//
-                andExpect(header().string(ETAG, is(notNullValue()))).//
-                andExpect(header().string(LAST_MODIFIED, is(notNullValue()))).//
-                andDo(document("if-modified-since"));
-    }
+		mvc.perform(get(uri).header(IF_MODIFIED_SINCE, response.getHeader(LAST_MODIFIED))).//
+				andExpect(status().isNotModified()).//
+				andExpect(header().string(ETAG, is(notNullValue()))).//
+				andExpect(header().string(LAST_MODIFIED, is(notNullValue()))).//
+				andDo(document("if-modified-since"));
+	}
 }

rest/security/src/main/java/example/springdata/rest/security/Application.java

@@ -1,11 +1,11 @@
 /*
- * Copyright 2014-2021 the original author or authors.
+ * Copyright 2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      https://www.apache.org/licenses/LICENSE-2.0
+ *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
@@ -23,9 +23,11 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
-import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.crypto.factory.PasswordEncoderFactories;
@@ -56,7 +58,7 @@ public static void main(String[] args) {
 		employeeRepository.save(new Employee("Frodo", "Baggins", "ring bearer"));
 		employeeRepository.save(new Employee("Gandalf", "the Wizard", "servant of the Secret Fire"));
 
-		/**
+		/*
 		 * Due to method-level protections on {@link example.company.ItemRepository}, the security context must be loaded
 		 * with an authentication token containing the necessary privileges.
 		 */
@@ -70,14 +72,13 @@ public static void main(String[] args) {
 
 	/**
 	 * This application is secured at both the URL level for some parts, and the method level for other parts. The URL
-	 * security is shown inside this code, while method-level annotations are enabled at by
-	 * {@link EnableGlobalMethodSecurity}.
+	 * security is shown inside this code, while method-level annotations are enabled at by {@link EnableMethodSecurity}.
 	 *
 	 * @author Greg Turnquist
 	 * @author Oliver Gierke
 	 */
 	@Configuration
-	@EnableGlobalMethodSecurity(prePostEnabled = true)
+	@EnableMethodSecurity(prePostEnabled = true)
 	@EnableWebSecurity
 	static class SecurityConfiguration  {
 
@@ -111,11 +112,14 @@ InMemoryUserDetailsManager userDetailsManager() {
 		@Bean
 		protected SecurityFilterChain configure(HttpSecurity http) throws Exception {
 
-			return http.httpBasic().and().authorizeRequests().//
-					requestMatchers(HttpMethod.POST, "/employees").hasRole("ADMIN").//
-					requestMatchers(HttpMethod.PUT, "/employees/**").hasRole("ADMIN").//
-					requestMatchers(HttpMethod.PATCH, "/employees/**").hasRole("ADMIN").and().//
-					csrf().disable().build();
+			return http.authorizeHttpRequests((authorize) -> {
+
+				authorize //
+						.requestMatchers(HttpMethod.POST, "/employees").hasRole("ADMIN") //
+						.requestMatchers(HttpMethod.PUT, "/employees/**").hasRole("ADMIN") //
+						.requestMatchers(HttpMethod.PATCH, "/employees/**").hasRole("ADMIN") //
+						.anyRequest().permitAll();
+			}).httpBasic(Customizer.withDefaults()).csrf(AbstractHttpConfigurer::disable).build();
 		}
 	}
 }

rest/security/src/test/java/example/springdata/rest/security/UrlLevelSecurityTests.java

@@ -1,11 +1,11 @@
 /*
- * Copyright 2014-2021 the original author or authors.
+ * Copyright 2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      https://www.apache.org/licenses/LICENSE-2.0
+ *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
@@ -20,6 +20,8 @@
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
 import static org.springframework.test.web.servlet.setup.MockMvcBuilders.*;
 
+import tools.jackson.databind.ObjectMapper;
+
 import java.util.Base64;
 
 import org.junit.jupiter.api.BeforeEach;
@@ -35,7 +37,6 @@
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.web.context.WebApplicationContext;
 
-import com.fasterxml.jackson.databind.ObjectMapper;
 
 /**
  * Test cases that verify the URL level of security by using the Spring MVC test framework.
@@ -91,8 +92,8 @@ void allowsGetRequestsButRejectsPostForUser() throws Exception {
 
 		mvc.perform(get("/employees").//
 				headers(headers)).//
-				andExpect(content().contentTypeCompatibleWith(MediaTypes.HAL_JSON)).//
-				andExpect(status().isOk());
+				andExpect(status().isOk()). //
+				andExpect(content().contentTypeCompatibleWith(MediaTypes.HAL_JSON));
 
 		mvc.perform(post("/employees").//
 				headers(headers)).//

rest/starbucks/src/main/resources/application.properties

@@ -1,2 +1,3 @@
 # Spring Data REST
 spring.data.rest.base-path=/api
+spring.mongodb.representation.uuid=standard

rest/starbucks/src/test/java/example/springdata/rest/stores/StoreRepositoryIntegrationTests.java

@@ -1,11 +1,11 @@
 /*
- * Copyright 2014-2024 the original author or authors.
+ * Copyright 2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      https://www.apache.org/licenses/LICENSE-2.0
+ *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
@@ -44,7 +44,7 @@ class StoreRepositoryIntegrationTests {
 
 	@BeforeEach
 	@AfterEach
-	public void clearDb() {
+	void clearDb() {
 		repository.deleteAll();
 	}
 

web/projection/src/test/java/example/users/UserControllerClientTests.java

@@ -24,6 +24,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.restclient.RestTemplateBuilder;
 import org.springframework.boot.resttestclient.TestRestTemplate;
+import org.springframework.boot.resttestclient.autoconfigure.AutoConfigureTestRestTemplate;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
 import org.springframework.context.annotation.Bean;
@@ -46,6 +47,7 @@
  * @author Jens Schauder
  */
 @SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
+@AutoConfigureTestRestTemplate
 class UserControllerClientTests {
 
 	@Autowired TestRestTemplate template;