From c392fb70210723a02b56ace5dcc2f42a01e84734 Mon Sep 17 00:00:00 2001
From: michaelin007 <michaelolayemi28@gmail.com>
Date: Sat, 24 Feb 2024 23:26:33 +0000
Subject: [PATCH 1/2] Migrate Application from Spring Security 5 to Spring
 Security 6

---
 .../WebController.java                        | 23 +++++++++
 .../WebSecurityConfig.java                    | 47 +++++++++++++++++++
 2 files changed, 70 insertions(+)
 create mode 100644 spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/springsecuritymigration/WebController.java
 create mode 100644 spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/springsecuritymigration/WebSecurityConfig.java

diff --git a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/springsecuritymigration/WebController.java b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/springsecuritymigration/WebController.java
new file mode 100644
index 0000000000..f7dafd3d43
--- /dev/null
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/springsecuritymigration/WebController.java
@@ -0,0 +1,23 @@
+package com.baeldung.springsecuritymigration;
+
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class WebController {
+
+    @RequestMapping("/")
+    public String home() {
+        return "Home Page";
+    }
+
+    @RequestMapping("/welcome")
+    public String welcome() {
+        return "Welcome User";
+    }
+
+    @RequestMapping("/user-dashboard")
+    public String dashboard() {
+        return "My Dashboard";
+    }
+}
diff --git a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/springsecuritymigration/WebSecurityConfig.java b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/springsecuritymigration/WebSecurityConfig.java
new file mode 100644
index 0000000000..fba8242914
--- /dev/null
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/springsecuritymigration/WebSecurityConfig.java
@@ -0,0 +1,47 @@
+package com.baeldung.springsecuritymigration;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration
+@EnableWebSecurity
+public class WebSecurityConfig {
+
+    @Bean
+    public WebSecurityCustomizer webSecurityCustomizer() {
+        return (web) -> web.ignoring().requestMatchers("/js/**", "/css/**");
+    }
+
+    @Bean
+    SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http.cors(AbstractHttpConfigurer::disable)
+            .authorizeHttpRequests(request -> request.requestMatchers("/")
+                .permitAll()
+                .anyRequest()
+                .authenticated())
+            .formLogin(form -> form.defaultSuccessUrl("/welcome"))
+            .httpBasic(Customizer.withDefaults());
+        return http.build();
+    }
+
+    @Bean
+    public UserDetailsService userDetailsService() {
+        UserDetails user = User.withDefaultPasswordEncoder()
+            .username("User")
+            .password("password")
+            .roles("USER")
+            .build();
+
+        return new InMemoryUserDetailsManager(user);
+    }
+}

From ba7d2a971d62234ee8d62664422d46fd1e644b64 Mon Sep 17 00:00:00 2001
From: michaelin007 <michaelolayemi28@gmail.com>
Date: Mon, 26 Feb 2024 10:09:46 +0000
Subject: [PATCH 2/2] Migrate Application from Spring Security 5 to Spring
 Security 6

---
 .../SpringSecurityMigration.java              | 14 ++++++
 .../WebSecurityConfig.java                    |  8 +++-
 .../{ => controller}/WebController.java       |  4 +-
 ...pringSecurityMigrationIntegrationTest.java | 45 +++++++++++++++++++
 4 files changed, 68 insertions(+), 3 deletions(-)
 create mode 100644 spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/springsecuritymigration/SpringSecurityMigration.java
 rename spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/springsecuritymigration/{ => configuration}/WebSecurityConfig.java (82%)
 rename spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/springsecuritymigration/{ => controller}/WebController.java (74%)
 create mode 100644 spring-security-modules/spring-security-core-2/src/test/java/com/baeldung/springsecuritymigration/SpringSecurityMigrationIntegrationTest.java

diff --git a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/springsecuritymigration/SpringSecurityMigration.java b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/springsecuritymigration/SpringSecurityMigration.java
new file mode 100644
index 0000000000..fe2293a757
--- /dev/null
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/springsecuritymigration/SpringSecurityMigration.java
@@ -0,0 +1,14 @@
+package com.baeldung.springsecuritymigration;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.web.servlet.config.annotation.EnableWebMvc;
+
+@SpringBootApplication
+@EnableWebMvc
+public class SpringSecurityMigration {
+
+    public static void main(String[] args) {
+        SpringApplication.run(SpringSecurityMigration.class);
+    }
+}
diff --git a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/springsecuritymigration/WebSecurityConfig.java b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/springsecuritymigration/configuration/WebSecurityConfig.java
similarity index 82%
rename from spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/springsecuritymigration/WebSecurityConfig.java
rename to spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/springsecuritymigration/configuration/WebSecurityConfig.java
index fba8242914..588d98427e 100644
--- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/springsecuritymigration/WebSecurityConfig.java
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/springsecuritymigration/configuration/WebSecurityConfig.java
@@ -1,8 +1,10 @@
-package com.baeldung.springsecuritymigration;
+package com.baeldung.springsecuritymigration.configuration;
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
@@ -15,11 +17,13 @@ import org.springframework.security.web.SecurityFilterChain;
 
 @Configuration
 @EnableWebSecurity
+@EnableMethodSecurity
 public class WebSecurityConfig {
 
     @Bean
     public WebSecurityCustomizer webSecurityCustomizer() {
-        return (web) -> web.ignoring().requestMatchers("/js/**", "/css/**");
+        return (web) -> web.ignoring()
+            .requestMatchers("/js/**", "/css/**");
     }
 
     @Bean
diff --git a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/springsecuritymigration/WebController.java b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/springsecuritymigration/controller/WebController.java
similarity index 74%
rename from spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/springsecuritymigration/WebController.java
rename to spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/springsecuritymigration/controller/WebController.java
index f7dafd3d43..281e46c385 100644
--- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/springsecuritymigration/WebController.java
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/springsecuritymigration/controller/WebController.java
@@ -1,5 +1,6 @@
-package com.baeldung.springsecuritymigration;
+package com.baeldung.springsecuritymigration.controller;
 
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
@@ -16,6 +17,7 @@ public class WebController {
         return "Welcome User";
     }
 
+    @PreAuthorize("hasRole('USER')")
     @RequestMapping("/user-dashboard")
     public String dashboard() {
         return "My Dashboard";
diff --git a/spring-security-modules/spring-security-core-2/src/test/java/com/baeldung/springsecuritymigration/SpringSecurityMigrationIntegrationTest.java b/spring-security-modules/spring-security-core-2/src/test/java/com/baeldung/springsecuritymigration/SpringSecurityMigrationIntegrationTest.java
new file mode 100644
index 0000000000..9f98a8bf70
--- /dev/null
+++ b/spring-security-modules/spring-security-core-2/src/test/java/com/baeldung/springsecuritymigration/SpringSecurityMigrationIntegrationTest.java
@@ -0,0 +1,45 @@
+package com.baeldung.springsecuritymigration;
+
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.security.test.context.support.WithAnonymousUser;
+import org.springframework.security.test.context.support.WithUserDetails;
+import org.springframework.test.web.servlet.MockMvc;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+import org.springframework.web.context.WebApplicationContext;
+
+import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+@SpringBootTest(classes = SpringSecurityMigration.class)
+public class SpringSecurityMigrationIntegrationTest {
+
+    @Autowired
+    private WebApplicationContext context;
+
+    private MockMvc mvc;
+
+    @BeforeEach
+    private void setup() {
+        mvc = MockMvcBuilders.webAppContextSetup(context)
+            .apply(springSecurity())
+            .build();
+    }
+
+    @Test
+    @WithAnonymousUser
+    public void givenAnAnonymousUser_whenAccessLogin_thenOk() throws Exception {
+        mvc.perform(get("/login"))
+            .andExpect(status().isOk());
+    }
+
+    @Test
+    @WithUserDetails
+    public void givenUserDetails_whenAccessUserDashboard_thenOk() throws Exception {
+        mvc.perform(get("/user-dashboard"))
+            .andExpect(status().isOk());
+    }
+}