Bump Spring Boot to 3.0.0-RC1 (#2620)

#### What type of PR is this? /kind improvement /area core /milestone 2.0 #### What this PR does / why we need it: - See https://github.com/spring-projects/spring-boot/releases/tag/v3.0.0-RC1 for more. - Due to [Default to Xor CSRF protection](spring-projects/spring-security#11960), we have to implement a XOR algorithm in console project to generate a XORed token. Please be aware of source code of Spring Security at [here](https://github.com/spring-projects/spring-security/blob/9cb668aec2ad14f91c122c66b7d7d4a8b6e133f7/web/src/main/java/org/springframework/security/web/server/csrf/XorServerCsrfTokenRequestAttributeHandler.java#L94-L115), @halo-dev/sig-halo-console #### Special notes for reviewers We have removed `ThemeJava8TimeDialect` due to removal of `thymeleaf-extras-java8time` module in thymeleaf/thymeleaf#912 #### Does this PR introduce a user-facing change? ```release-note None ```
halo-dev · Oct 25, 2022 · d2aa707 · d2aa707
1 parent 0a46ec8
commit d2aa707
Show file tree

Hide file tree

Showing 8 changed files with 9 additions and 211 deletions.
diff --git a/build.gradle b/build.gradle
@@ -1,6 +1,6 @@
 plugins {
-    id 'org.springframework.boot' version '3.0.0-M5'
-    id 'io.spring.dependency-management' version '1.0.14.RELEASE'
+    id 'org.springframework.boot' version '3.0.0-RC1'
+    id 'io.spring.dependency-management' version '1.1.0'
     id "checkstyle"
     id 'java'
 }
@@ -15,13 +15,9 @@ checkstyle {
 }
 
 repositories {
-    maven { url 'https://maven.aliyun.com/repository/public/' }
-    maven { url 'https://maven.aliyun.com/repository/spring/' }
-    maven { url 'https://repo.spring.io/milestone' }
-
-    mavenLocal()
     mavenCentral()
 
+    maven { url 'https://repo.spring.io/milestone' }
 }
 
 

diff --git a/settings.gradle b/settings.gradle
@@ -1,7 +1,5 @@
 pluginManagement {
     repositories {
-        maven { url 'https://maven.aliyun.com/repository/gradle-plugin' }
-        maven { url 'https://maven.aliyun.com/repository/spring-plugin' }
         maven { url 'https://repo.spring.io/milestone' }
         gradlePluginPortal()
     }

diff --git a/src/main/java/run/halo/app/security/CsrfConfigurer.java b/src/main/java/run/halo/app/security/CsrfConfigurer.java
@@ -5,6 +5,7 @@
 import org.springframework.security.config.web.server.ServerHttpSecurity;
 import org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository;
 import org.springframework.security.web.server.csrf.CsrfWebFilter;
+import org.springframework.security.web.server.csrf.ServerCsrfTokenRequestAttributeHandler;
 import org.springframework.security.web.server.util.matcher.AndServerWebExchangeMatcher;
 import org.springframework.security.web.server.util.matcher.NegatedServerWebExchangeMatcher;
 import org.springframework.stereotype.Component;
@@ -21,6 +22,9 @@ public void configure(ServerHttpSecurity http) {
             ));
 
         http.csrf().csrfTokenRepository(CookieServerCsrfTokenRepository.withHttpOnlyFalse())
+            // TODO Use XorServerCsrfTokenRequestAttributeHandler instead when console implements
+            // the algorithm
+            .csrfTokenRequestHandler(new ServerCsrfTokenRequestAttributeHandler())
             .requireCsrfProtectionMatcher(csrfMatcher);
     }
 

diff --git a/src/main/java/run/halo/app/security/authentication/pat/PatAuthenticationConverter.java b/src/main/java/run/halo/app/security/authentication/pat/PatAuthenticationConverter.java
@@ -1,8 +1,8 @@
 package run.halo.app.security.authentication.pat;
 
 import org.springframework.security.core.Authentication;
-import org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken;
-import org.springframework.security.oauth2.server.resource.web.server.ServerBearerTokenAuthenticationConverter;
+import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken;
+import org.springframework.security.oauth2.server.resource.web.server.authentication.ServerBearerTokenAuthenticationConverter;
 import org.springframework.security.web.server.authentication.ServerAuthenticationConverter;
 import org.springframework.web.server.ServerWebExchange;
 import reactor.core.publisher.Mono;

diff --git a/src/main/java/run/halo/app/theme/ThemeConfiguration.java b/src/main/java/run/halo/app/theme/ThemeConfiguration.java
@@ -11,11 +11,9 @@
 import org.springframework.web.reactive.function.server.RouterFunction;
 import org.springframework.web.reactive.function.server.RouterFunctions;
 import org.springframework.web.reactive.function.server.ServerResponse;
-import org.thymeleaf.extras.java8time.dialect.Java8TimeDialect;
 import run.halo.app.infra.properties.HaloProperties;
 import run.halo.app.infra.utils.FilePathUtils;
 import run.halo.app.theme.dialect.LinkExpressionObjectDialect;
-import run.halo.app.theme.dialect.ThemeJava8TimeDialect;
 
 /**
  * @author guqing
@@ -49,11 +47,6 @@ private Path getThemeAssetsPath(String themeName, String resource) {
             "themes", themeName, "templates", "assets", resource);
     }
 
-    @Bean
-    Java8TimeDialect java8TimeDialect() {
-        return new ThemeJava8TimeDialect();
-    }
-
     @Bean
     LinkExpressionObjectDialect linkExpressionObjectDialect() {
         return new LinkExpressionObjectDialect();

diff --git a/src/main/java/run/halo/app/theme/dialect/DefaultJava8TimeExpressionFactory.java b/src/main/java/run/halo/app/theme/dialect/DefaultJava8TimeExpressionFactory.java
diff --git a/src/main/java/run/halo/app/theme/dialect/ThemeJava8TimeDialect.java b/src/main/java/run/halo/app/theme/dialect/ThemeJava8TimeDialect.java
diff --git a/src/test/java/run/halo/app/theme/dialect/ThemeJava8TimeDialectIntegrationTest.java b/src/test/java/run/halo/app/theme/dialect/ThemeJava8TimeDialectIntegrationTest.java