Upgrade to Spring Security 6.1 for testing.

Also, to ensure Spring Framework 6.1 compatibility.

Fixes #2271.

Author: odrotbohm

spring-data-rest-tests/spring-data-rest-tests-security/pom.xml

@@ -14,7 +14,7 @@
 
 	<properties>
 		<java-module-name>spring.data.rest.tests.security</java-module-name>
-		<spring-security.version>6.0.0-M1</spring-security.version>
+		<spring-security.version>6.1.0</spring-security.version>
 	</properties>
 
 	<dependencies>

spring-data-rest-tests/spring-data-rest-tests-security/src/test/java/org/springframework/data/rest/tests/security/SecurityConfiguration.java

@@ -16,38 +16,37 @@
 package org.springframework.data.rest.tests.security;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.SecurityFilterChain;
 
 // tag::code[]
 @Configuration // <1>
 @EnableWebSecurity
-@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true) // <2>
-class SecurityConfiguration extends WebSecurityConfigurerAdapter { // <3>
-// end::code[]
+@EnableMethodSecurity(securedEnabled = true, prePostEnabled = true) // <2>
+class SecurityConfiguration { // <3>
+	// end::code[]
 	@Autowired
 	void configureAuth(AuthenticationManagerBuilder auth) throws Exception {
 
 		auth.inMemoryAuthentication()
-			.withUser("user").password("user").roles("USER").and()
-			.withUser("admin").password("admin").roles("USER", "ADMIN");
+				.withUser("user").password("user").roles("USER").and()
+				.withUser("admin").password("admin").roles("USER", "ADMIN");
 	}
 
-	@Override
-	protected void configure(HttpSecurity http) throws Exception {
+	@Bean
+	SecurityFilterChain filterChain(HttpSecurity security) throws Exception {
 
-		http.
-			authorizeRequests()
-				.antMatchers(HttpMethod.GET, "/").permitAll() // Ignore security at the root URI.
-				.anyRequest().authenticated()
-				.and()
-			.httpBasic()
-				.and()
-			.csrf().disable(); // Disable CSRF since it's not critical for the scope of testing.
+		return security
+				.authorizeHttpRequests(it -> it.requestMatchers(HttpMethod.GET, "/")
+						.permitAll().anyRequest().authenticated())
+				.csrf(it -> it.disable())
+				.httpBasic().and()
+				.build();
 	}
 }

spring-data-rest-tests/spring-data-rest-tests-security/src/test/java/org/springframework/data/rest/tests/security/SecurityIntegrationTests.java

@@ -30,7 +30,6 @@
 import org.springframework.data.rest.tests.TestMvcClient;
 import org.springframework.data.rest.webmvc.config.RepositoryRestMvcConfiguration;
 import org.springframework.mock.web.MockHttpServletResponse;
-import org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -53,7 +52,6 @@
 class SecurityIntegrationTests extends AbstractWebIntegrationTests {
 
 	@Autowired WebApplicationContext context;
-	@Autowired MethodSecurityInterceptor methodSecurityInterceptor;
 
 	@Autowired SecuredPersonRepository personRepository;
 	@Autowired PreAuthorizedOrderRepository orderRepository;