Merge pull request #733 from LukasLohoff/spring-security-deprecations

Use lambda DSL for security filter chain

shogun-config/src/main/java/de/terrestris/shogun/config/DefaultWebSecurityConfig.java

@@ -28,7 +28,7 @@ default void customHttpConfiguration(HttpSecurity http) throws Exception {
             .sessionManagement(session -> session
                 .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
             )
-            .authorizeHttpRequests()
+            .authorizeHttpRequests(authorize -> authorize
                 .requestMatchers(
                     "/",
                     "/auth/**",
@@ -55,15 +55,16 @@ default void customHttpConfiguration(HttpSecurity http) throws Exception {
                     .hasRole("ADMIN")
                 .anyRequest()
                     .authenticated()
-            .and()
-                .csrf()
-                    .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
-                    .csrfTokenRequestHandler(new CsrfTokenRequestAttributeHandler())
-                    .ignoringRequestMatchers(csrfRequestMatcher)
-                    .ignoringRequestMatchers("/graphql")
-                    .ignoringRequestMatchers("/actuator/**")
-                    .ignoringRequestMatchers("/sso/**")
-                    .ignoringRequestMatchers("/ws/**");
+            )
+            .csrf(csrf -> csrf
+                .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
+                .csrfTokenRequestHandler(new CsrfTokenRequestAttributeHandler())
+                .ignoringRequestMatchers(csrfRequestMatcher)
+                .ignoringRequestMatchers("/graphql")
+                .ignoringRequestMatchers("/actuator/**")
+                .ignoringRequestMatchers("/sso/**")
+                .ignoringRequestMatchers("/ws/**")
+            );
     }
 
     default void configure(HttpSecurity http) throws Exception {

shogun-config/src/main/java/de/terrestris/shogun/config/KeycloakWebSecurityConfig.java

@@ -66,13 +66,12 @@ public void configure(HttpSecurity http) throws Exception {
         );
 
         http
-            .csrf()
+            .csrf(csrf -> csrf
                 .ignoringRequestMatchers("/webhooks/**")
-            .and()
-                .oauth2ResourceServer()
-                    .jwt()
-                    .jwtAuthenticationConverter(authConverter);
-
+            )
+            .oauth2ResourceServer(oauth -> oauth
+                .jwt(jwt -> jwt.jwtAuthenticationConverter(authConverter))
+            );
     }
 
 }

shogun-config/src/main/java/de/terrestris/shogun/config/WebSecurityConfig.java

@@ -16,11 +16,8 @@
  */
 package de.terrestris.shogun.config;
 
-import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.context.annotation.Bean;
-import org.springframework.core.Ordered;
-import org.springframework.core.annotation.Order;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.util.matcher.RequestMatcher;

shogun-gs-interceptor/src/main/java/de/terrestris/shogun/interceptor/config/InterceptorWebSecurityConfig.java

@@ -18,10 +18,9 @@
 
 import de.terrestris.shogun.config.DefaultWebSecurityConfig;
 import org.apache.commons.lang3.StringUtils;
-import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 
@@ -36,7 +35,7 @@ public class InterceptorWebSecurityConfig implements DefaultWebSecurityConfig {
     @Override
     public void customHttpConfiguration(HttpSecurity http) throws Exception {
         http
-            .authorizeHttpRequests()
+            .authorizeHttpRequests(authorize -> authorize
                 .requestMatchers(
                     // Allow access to swagger interface
                     "/swagger-ui/index.html",
@@ -50,12 +49,12 @@ public void customHttpConfiguration(HttpSecurity http) throws Exception {
                     .hasRole("INTERCEPTOR_ADMIN")
                 .anyRequest()
                     .authenticated()
-                .and()
-                    .httpBasic()
-                .and()
-                    .csrf()
-                        .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
-                        .ignoringRequestMatchers(csrfRequestMatcher);
+            )
+            .httpBasic(Customizer.withDefaults())
+            .csrf(csrf -> csrf
+                .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
+                .ignoringRequestMatchers(csrfRequestMatcher)
+            );
     }
 
 }

shogun-proxy/src/test/java/de/terrestris/shogun/service/HttpProxyServiceTest.java

@@ -30,7 +30,6 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.http.HttpHeaders;
-import org.springframework.http.HttpMethod;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.test.context.ActiveProfiles;