Upgrading Spring Boot and Java

harishkannarao · Feb 18, 2024 · 80d0d58 · 80d0d58
1 parent d3ef367
commit 80d0d58
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 17 deletions.
diff --git a/.github/workflows/CI-main.yml b/.github/workflows/CI-main.yml
@@ -13,10 +13,10 @@ jobs:
     - uses: actions/checkout@v1
       with:
         ref: 'main'
-    - name: Install Java 17
+    - name: Install Java 21
       uses: actions/setup-java@v1
       with:
-        java-version: '17'
+        java-version: '21'
         java-package: jdk
         architecture: x64
     - name: 'CI Build Command'

diff --git a/README.md b/README.md
@@ -6,8 +6,8 @@ This repository is to showcase Authentication and Role Base Access Control (RBAC
 [![Build Status](https://github.com/harishkannarao/spring-security-rest-api/actions/workflows/CI-main.yml/badge.svg)](https://github.com/harishkannarao/spring-security-rest-api/actions/workflows/CI-main.yml)
 
 ## Required Softwares, Tools and Version
-* Java JDK Version: 17
-* Gradle Version: 7
+* Java JDK Version: 21
+* Gradle Version: 8
 * Git Client: Any latest version
 
 ## Running the build

diff --git a/build.gradle.kts b/build.gradle.kts
@@ -3,13 +3,13 @@ import org.gradle.api.tasks.testing.logging.TestLogEvent
 plugins {
 	java
 	id("java-test-fixtures")
-	id("org.springframework.boot") version "3.0.1"
-	id("io.spring.dependency-management") version "1.1.0"
+	id("org.springframework.boot") version "3.2.2"
+	id("io.spring.dependency-management") version "1.1.4"
 }
 
 group = "com.harishkannarao"
 version = ""
-java.sourceCompatibility = JavaVersion.VERSION_17
+java.sourceCompatibility = JavaVersion.VERSION_21
 
 configurations {
 	compileOnly {

diff --git a/src/main/java/com/harishkannarao/springsecurityrestapi/configuration/SecurityConfig.java b/src/main/java/com/harishkannarao/springsecurityrestapi/configuration/SecurityConfig.java
@@ -8,6 +8,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
@@ -36,22 +37,31 @@ public class SecurityConfig {
     @Value("${feature.beta.enabled}")
     private boolean featureBetaEnabled;
 
+    @Value("${cors.origin.patterns}")
+    private String originPatterns;
+
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         Optional.ofNullable(httpSecurityCustomizers)
                 .stream().flatMap(Collection::stream)
                 .forEach(httpSecurityConsumer -> httpSecurityConsumer.accept(http));
 
         http
-                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
-                .headers().httpStrictTransportSecurity().and().and()
-                .cors().and()
-                .csrf().disable()
+                .sessionManagement(sessionManagement ->
+                        sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .headers(headers ->
+                        headers.httpStrictTransportSecurity(hstsConfig -> hstsConfig.includeSubDomains(true)))
+                .cors(cors ->
+                        cors.configurationSource(corsConfigurationSource()))
+                .csrf(AbstractHttpConfigurer::disable)
                 .authorizeHttpRequests(this::configureUrlAuthorization)
-                .exceptionHandling()
-                .accessDeniedHandler((request, response, accessDeniedException) -> response.setStatus(HttpStatus.FORBIDDEN.value()))
-                .authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED))
-                .and()
+                .exceptionHandling(httpSecurityExceptionHandlingConfigurer -> {
+                    httpSecurityExceptionHandlingConfigurer.accessDeniedHandler(
+                            (request, response, accessDeniedException) ->
+                                    response.setStatus(HttpStatus.FORBIDDEN.value()));
+                    httpSecurityExceptionHandlingConfigurer.authenticationEntryPoint(
+                            new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
+                })
                 .addFilterBefore(customAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
         ;
         return http.build();
@@ -70,8 +80,7 @@ private void configureUrlAuthorization(
         auth.anyRequest().denyAll();
     }
 
-    @Bean
-    CorsConfigurationSource corsConfigurationSource(@Value("${cors.origin.patterns}") String originPatterns) {
+    private CorsConfigurationSource corsConfigurationSource() {
         List<String> originPatternList = Stream.of(originPatterns.split(",")).toList();
         List<String> methods = List.of("GET", "PUT", "POST", "DELETE", "OPTIONS", "PATCH", "TRACE");
         String urlPattern = "/**";

diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
@@ -2,6 +2,11 @@ server:
   servlet:
     context-path: '/spring-security-rest-api'
 
+spring:
+  threads:
+    virtual:
+      enabled: true
+
 feature:
   beta:
     enabled: false