2022-07-27

Upgrade Spring Boot from 1.5.20.RELEASE to 2.7.2


as of: 20220727_pm070452, Still editing...

Stacks

From Spring Boot + Keycloak
To: Spring Boot + Keycloak + Spring Security 


Version

from: 1.5.20.RELEASE
to: 2.7.2


Changes

  1. pom.xml
  2. CSRF - default implementation of Spring Security
    1. JSP
  3. Controllers
  4. Services
    1. Repo
      1. Batch Save
      2. Batch Delete
      3. Delete
      4. FindOne
      5. Pageable
  5. application.properties









pom.xml

Added


<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>


<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-spring-boot-starter</artifactId>
<version>18.0.2</version>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-spring-security-adapter</artifactId>
<version>18.0.2</version>
</dependency>


<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-validation</artifactId>
</dependency>







<dependency>
<groupId>org.keycloak.bom</groupId>
<artifactId>keycloak-adapter-bom</artifactId>
<version>${version.keycloak-adapter-bom}</version>
<type>pom</type>
</dependency>















Modified

from:
  <parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.20.RELEASE</version>
</parent>

to:
  <parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.7.2</version>
</parent>

from:

<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<spring-cloud.version>Edgware.SR5</spring-cloud.version>
</properties>

to:

<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<start-class>com.tiongnam.sfa.cdr.MainClass</start-class>
<spring-cloud.version>2021.0.3</spring-cloud.version>
<version.keycloak-adapter-bom>18.0.2</version.keycloak-adapter-bom>
</properties>





from:

<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-spring-boot-adapter</artifactId>
<version>4.5.0.Final</version>
</dependency>


to:

<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-spring-boot-adapter</artifactId>
<version>18.0.2</version>
</dependency>


















CSRF - default implementation of Spring Security




Added header into ajax post request

, headers: {"${_csrf.headerName}": '${_csrf.token}'}

Added spring security tag within POST form:

<sec:csrfInput />


or


turn off csrf checking


protected void configure(HttpSecurity http) throws Exception {

org.springframework.security.config.annotation.web.builders.HttpSecurity http.csrf().disable();

...
...

































Controllers:


Changed

From:
org.keycloak.KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal

To:
java.security.Principal principal











Services

Batch Save

Changed

From:
repo.save(batchList)

To:
repo.saveAll(batchList);



findOne

From:
repo.findOne(new Long("1"));


To:
repo.getReferenceById(new Long("1"));



Delete


From:
delete(entity.getId());

To:
deleteById(entity.getId());







Pageable


From:
Pageable page_req = new PageRequest(index,reqData.getLength(), orderBy(reqData), reqData.getOrder().getData());

To:
Pageable page_req = PageRequest.of(index, reqData.getLength(), orderBy(reqData), reqData.getOrder().getData());










application.properties


Added

server.tomcat.max-http-form-post-size
server.tomcat.max-swallow-size

Changed


server.contextPath

to

server.servlet.context-path






spring.http.multipart.max-file-size

to

spring.servlet.multipart.max-file-size



spring.http.multipart.max-request-size

to

spring.servlet.multipart.max-request-size









keycloak.securityConstraints[0].authRoles[0]=read-only-common
keycloak.securityConstraints[0].securityCollections[0].patterns[0]=/welcome
keycloak.securityConstraints[0].securityCollections[0].patterns[1]=/logout
keycloak.securityConstraints[0].securityCollections[0].patterns[2]=/dashboard
keycloak.securityConstraints[0].securityCollections[0].patterns[3]=/web/getDashboard



to



@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http.authorizeRequests()
.antMatchers("/vendor/**", "/css/**", "/js/**", "/img/**").permitAll()
.antMatchers("/upload").authenticated()
.antMatchers("/formd/**", "/module1/**", "/maintenance/**").authenticated()
.anyRequest().authenticated()
;
}