Merge pull request #6342 from qmonmert/spring-boot310

Spring-boot 3.1.0

src/main/java/tech/jhipster/lite/generator/server/springboot/database/mongodb/domain/MongoDbModuleFactory.java

@@ -57,7 +57,7 @@ public JHipsterModule buildModule(JHipsterModuleProperties properties) {
         .and()
       .springMainProperties()
         .set(propertyKey("spring.data.mongodb.database"), propertyValue(properties.projectBaseName().get()))
-        .set(propertyKey("spring.data.mongodb.uri"), propertyValue("mongodb://localhost:27017"))
+        .set(propertyKey("spring.data.mongodb.uri"), propertyValue("mongodb://localhost:27017/" + properties.projectBaseName().get()))
         .and()
       .springTestProperties()
         .set(propertyKey("spring.data.mongodb.uri"), propertyValue("${TEST_MONGODB_URI}"))

src/main/resources/generator/dependencies/pom.xml

@@ -17,7 +17,7 @@
     <assertj.version>3.24.2</assertj.version>
     <mockito.version>5.3.1</mockito.version>
     <logstash-logback-encoder.version>7.3</logstash-logback-encoder.version>
-    <spring-boot.version>3.0.6</spring-boot.version>
+    <spring-boot.version>3.1.0</spring-boot.version>
     <spring-cloud.version>2022.0.0</spring-cloud.version>
     <spring-cloud-netflix-eureka-client.version>4.0.1</spring-cloud-netflix-eureka-client.version>
     <springdoc-openapi-starter-webmvc.version>2.1.0</springdoc-openapi-starter-webmvc.version>

src/main/resources/generator/server/springboot/mvc/security/jwt/authentication/main/infrastructure/primary/SecurityConfiguration.java.mustache

@@ -14,6 +14,8 @@ import org.springframework.security.config.annotation.method.configuration.Enabl
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FrameOptionsConfig;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
@@ -59,26 +61,20 @@ class SecurityConfiguration {
   @Bean
   public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
     // @formatter:off
-    return http
-        .csrf()
-        .disable()
-        .addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class)
-        .headers()
-          .contentSecurityPolicy(properties.getContentSecurityPolicy())
-          .and()
-        .referrerPolicy(ReferrerPolicyHeaderWriter.ReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN)
-          .and()
-        .permissionsPolicy().policy("camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()")
-          .and()
-        .frameOptions()
-          .deny()
-          .and()
-        .formLogin().disable()
-        .httpBasic().disable()
-        .sessionManagement()
-          .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
-          .and()
-      .authorizeHttpRequests()
+    http
+      .csrf(csrf -> csrf.disable())
+      .addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class)
+      .headers(headers -> headers
+        .contentSecurityPolicy(csp -> csp.policyDirectives(properties.getContentSecurityPolicy()))
+        .frameOptions(FrameOptionsConfig::deny)
+        .referrerPolicy(referrer -> referrer.policy(ReferrerPolicyHeaderWriter.ReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN))
+        .permissionsPolicy(permissions ->
+          permissions.policy("camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()"))
+      )
+      .formLogin(AbstractHttpConfigurer::disable)
+      .httpBasic(AbstractHttpConfigurer::disable)
+      .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+      .authorizeHttpRequests(authz -> authz
         .requestMatchers("/api/authenticate").permitAll()
         .requestMatchers("/api/register").permitAll()
         .requestMatchers("/api/activate").permitAll()
@@ -92,10 +88,11 @@ class SecurityConfiguration {
         .requestMatchers("/management/prometheus").permitAll()
         .requestMatchers("/management/**").hasAuthority(Role.ADMIN.key())
         .anyRequest().authenticated()
-        .and()
-        .apply(new JWTConfigurer(authenticationTokenReader()))
-        .and()
-      .build();
+      );
+
+      JWTConfigurer jwtConfigurer = new JWTConfigurer(authenticationTokenReader());
+      http.apply(jwtConfigurer);
+      return http.build();
     // @formatter:on
   }
 

src/main/resources/generator/server/springboot/mvc/security/oauth2/core/main/infrastructure/primary/SecurityConfiguration.java.mustache

@@ -15,6 +15,7 @@ import org.springframework.security.config.annotation.method.configuration.Enabl
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
+import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FrameOptionsConfig;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
@@ -35,6 +36,8 @@ import org.springframework.web.filter.CorsFilter;
 import {{packageName}}.authentication.domain.Role;
 import {{packageName}}.common.domain.Generated;
 
+import static org.springframework.security.config.Customizer.withDefaults;
+
 @Configuration
 @EnableWebSecurity
 @EnableMethodSecurity(prePostEnabled = true, securedEnabled = true)
@@ -75,40 +78,33 @@ public class SecurityConfiguration {
   public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
     // @formatter:off
     return http
-      .csrf()
-      .disable()
+      .csrf(csrf -> csrf.disable())
       .addFilterBefore(corsFilter, CsrfFilter.class)
-      .headers()
-      .contentSecurityPolicy(applicationSecurityProperties.getContentSecurityPolicy())
-    .and()
-      .referrerPolicy(ReferrerPolicyHeaderWriter.ReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN)
-    .and()
-      .permissionsPolicy().policy("camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()")
-    .and()
-      .frameOptions()
-      .sameOrigin()
-    .and()
-      .authorizeHttpRequests()
-      .requestMatchers("/api/authenticate").permitAll()
-      .requestMatchers("/api/auth-info").permitAll()
-      .requestMatchers("/api/admin/**").hasAuthority(Role.ADMIN.key())
-      .requestMatchers("/api/**").authenticated()
-      .requestMatchers("/management/health").permitAll()
-      .requestMatchers("/management/health/**").permitAll()
-      .requestMatchers("/management/info").permitAll()
-      .requestMatchers("/management/prometheus").permitAll()
-      .requestMatchers("/management/**").hasAuthority(Role.ADMIN.key())
-      .anyRequest().authenticated()
-    .and()
-      .oauth2Login()
-    .and()
-      .oauth2ResourceServer()
-        .jwt()
-        .jwtAuthenticationConverter(authenticationConverter())
-        .and()
-      .and()
-        .oauth2Client()
-      .and().build();
+      .headers(headers -> headers
+        .contentSecurityPolicy(csp -> csp.policyDirectives(applicationSecurityProperties.getContentSecurityPolicy()))
+        .frameOptions(FrameOptionsConfig::sameOrigin)
+        .referrerPolicy(referrer -> referrer.policy(ReferrerPolicyHeaderWriter.ReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN))
+        .permissionsPolicy(permissions ->
+          permissions.policy("camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()"))
+      )
+      .authorizeHttpRequests(authz -> authz
+        .requestMatchers("/api/authenticate").permitAll()
+        .requestMatchers("/api/auth-info").permitAll()
+        .requestMatchers("/api/admin/**").hasAuthority(Role.ADMIN.key())
+        .requestMatchers("/api/**").authenticated()
+        .requestMatchers("/management/health").permitAll()
+        .requestMatchers("/management/health/**").permitAll()
+        .requestMatchers("/management/info").permitAll()
+        .requestMatchers("/management/prometheus").permitAll()
+        .requestMatchers("/management/**").hasAuthority(Role.ADMIN.key())
+        .anyRequest().authenticated()
+      )
+      .oauth2Login(withDefaults())
+      .oauth2ResourceServer(oauth2 -> oauth2
+        .jwt(jwt -> jwt.jwtAuthenticationConverter(authenticationConverter()))
+      )
+      .oauth2Client(withDefaults())
+      .build();
     // @formatter:on
   }
 

src/test/java/tech/jhipster/lite/generator/server/springboot/database/mongodb/domain/MongoDbModuleFactoryTest.java

@@ -90,7 +90,7 @@ void shouldBuildModule() {
       .and()
       .hasFile("src/main/resources/config/application.properties")
       .containing("spring.data.mongodb.database=jhipster")
-      .containing("spring.data.mongodb.uri=mongodb://localhost:27017")
+      .containing("spring.data.mongodb.uri=mongodb://localhost:27017/jhipster")
       .and()
       .hasFile("src/test/resources/config/application.properties")
       .containing("spring.data.mongodb.uri=${TEST_MONGODB_URI}")