Lab: Update Spring Security version ‐ 3: Update Spring Security Version - shinyay/spring-boot-2-7-to-3-1-upgrade GitHub Wiki

3: Update Spring Security Version Let's run through an entire SCAR pass to update our Spring Security version.

Make a Small Change

Delete the Spring Security version property: 17 5.8.5 5.5.13.3 That was truly a Small Change. Let's compile and see the impact.

Compile the code

Now Compile the code. You should see some interesting output.

[~/exercises] $ ./mvnw clean compile ... [WARNING] ... src/main/java/example/cashcard/SecurityConfig.java:[24,13] authorizeHttpRequests() in org.springframework.security.config.annotation.web.builders.HttpSecurity has been deprecated and marked for removal [WARNING] ... src/main/java/example/cashcard/SecurityConfig.java:[27,17] and() in org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry has been deprecated and marked for removal [WARNING] ... src/main/java/example/cashcard/SecurityConfig.java:[28,17] csrf() in org.springframework.security.config.annotation.web.builders.HttpSecurity has been deprecated and marked for removal [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 1.963 s [INFO] Finished at: 2023-10-03T08:55:56-06:00 [INFO] ------------------------------------------------------------------------ Ok, what just happened? The code was compiling cleanly before -- no errors or warnings. Now, we have three (3) deprecation messages!

Assess the results

Let's check what happened with the Spring Security version using the dependency tree.

[~/exercises] $ ./mvnw dependency:tree | grep spring-security You should see the following output:

[INFO] | +- org.springframework.security:spring-security-config:jar:6.1.3:compile [INFO] | | - org.springframework.security:spring-security-core:jar:6.1.3:compile [INFO] | | - org.springframework.security:spring-security-crypto:jar:6.1.3:compile [INFO] | - org.springframework.security:spring-security-web:jar:6.1.3:compile We see that Spring Boot is now managing the Spring Security version and it is now at 6.1.3.

That's a big leap... but we made it so let's deal with those deprecations!

React to the error output

Let's update our notes.

Add a new section for the security upgrade Upgrade Spring Security Version to our upgrade-notes.md file.

• Remove Spring Security version override and upgrade Spring Security to 6.1.3
• Spring Security deprecations ``` [WARNING] ... src/main/java/example/cashcard/SecurityConfig.java:[24,13] authorizeHttpRequests() in org.springframework.security.config.annotation.web.builders.HttpSecurity has been deprecated and marked for removal [WARNING] ... src/main/java/example/cashcard/SecurityConfig.java:[27,17] and() in org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry has been deprecated and marked for removal [WARNING] ... src/main/java/example/cashcard/SecurityConfig.java:[28,17] csrf() in org.springframework.security.config.annotation.web.builders.HttpSecurity has been deprecated and marked for removal ```
• Migrating to Spring Security 6 The SCAR method has always been an iterative process. It's an especially iterative process, now - even more so!

Let's move on and address these deprecations!