Lab: Major Release Considerations ‐ 2: Update Spring Security version - shinyay/spring-boot-2-7-to-3-1-upgrade GitHub Wiki

2: Update Spring Security version Spring Security is currently being managed by the Spring Boot Parent. You'll see the Spring Security starter in the pom.xml defined like:

spring-boot-starter-security org.springframework.boot spring-boot-starter-security Currently, however, Spring Dependencies is tracking the latest Spring Security 5.7.x release. You can verify this with the Maven Dependency Tree plugin:

[~/exercises] $ ./mvnw dependency:tree | grep spring-security [INFO] | +- org.springframework.security:spring-security-config:jar:5.7.10:compile [INFO] | | - org.springframework.security:spring-security-core:jar:5.7.10:compile [INFO] | | - org.springframework.security:spring-security-crypto:jar:5.7.10:compile [INFO] | - org.springframework.security:spring-security-web:jar:5.7.10:compile Notice that the Spring Security Version is set to 5.7.10.

To prepare for Spring Security 6, you'll need to update the Spring Security version to follow the 5.8.x release. This can be accomplished by overriding the Spring Security version placeholder established by the Spring Boot parent.

Let's run through an entire SCAR pass to update our Spring Security version.

Make a Small Change Add the Spring Security version property:

17 5.8.5 You're utilizing the same practice we previously discussed regarding moving versions to Maven Properties.

In this case, however, spring-security.version has already been established by the Spring Boot Parent and you're free to override it here, locally, in your own pom.xml file. Maven will use this property to override the one previously set by the Spring Boot Parent.

That was truly a Small Change. Let's compile and see the impact.

Compile the code Now Compile the code. You should see some interesting output.

[~/exercises] $ ./mvnw clean compile ... [INFO] /course-spring-boot-2-7-to-3-1-upgrade-code/src/main/java/example/cashcard/SecurityConfig.java: /course-spring-boot-2-7-to-3-1-upgrade-code/src/main/java/example/cashcard/SecurityConfig.java uses or overrides a deprecated API. [INFO] /course-spring-boot-2-7-to-3-1-upgrade-code/src/main/java/example/cashcard/SecurityConfig.java: Recompile with -Xlint:deprecation for details. [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ The code does still compile successfully, but you should still see the deprecation messages ... SecurityConfig.java uses or overrides a deprecated API.

Before we deal with that, we should verify that we are, in fact, using Spring Security 5.8.x.

[~/exercises] $ ./mvnw dependency:tree | grep spring-security You should see the following output:

[INFO] | +- org.springframework.security:spring-security-config:jar:5.8.5:compile [INFO] | | - org.springframework.security:spring-security-core:jar:5.8.5:compile [INFO] | | - org.springframework.security:spring-security-crypto:jar:5.8.5:compile [INFO] | - org.springframework.security:spring-security-web:jar:5.8.5:compile Great! Now let's go deal with deprecations.

Assess the results Take a look at that compile output again:

[INFO] /course-spring-boot-2-7-to-3-1-upgrade-code/src/main/java/example/cashcard/SecurityConfig.java: /course-spring-boot-2-7-to-3-1-upgrade-code/src/main/java/example/cashcard/SecurityConfig.java uses or overrides a deprecated API. [INFO] /course-spring-boot-2-7-to-3-1-upgrade-code/src/main/java/example/cashcard/SecurityConfig.java: Recompile with -Xlint:deprecation for details. [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ Update our notes. Add a new section Major Release Considerations to our upgrade-notes.md file.

Upgrade Spring Security to 5.8.5
Spring Security deprecations
- [INFO] /course-spring-boot-2-7-to-3-1-upgrade-code/src/main/java/example/cashcard/SecurityConfig.java: /course-spring-boot-2-7-to-3-1-upgrade-code/src/main/java/example/cashcard/SecurityConfig.java uses or overrides a deprecated API.
- [INFO] /course-spring-boot-2-7-to-3-1-upgrade-code/src/main/java/example/cashcard/SecurityConfig.java
- Reference: https://docs.spring.io/spring-security/reference/5.8/migration/index.html React to the error output Lets address the deprecations using the SCAR method.

Most modern IDE's will help you understand what has been deprecated.

When you continue in the next step of the this lab, the Editor will show you the deprecation in the SecurityConfig class:

extends WebSecurityConfigurerAdapter WebSecurityConfigurerAdapter has been deprecated (vscode)

Here's what it would look like in IntelliJ:

WebSecurityConfigurerAdapter has been deprecated

Lab: Major Release Considerations ‐ 2: Update Spring Security version - shinyay/spring-boot-2-7-to-3-1-upgrade GitHub Wiki

⚠️ **GitHub.com Fallback** ⚠️

⚠️ GitHub.com Fallback ⚠️