Merge pull request #35 from miyabayt/feature/spring-boot-v3.1.0

chore: Spring Boot 3.0.5 -> 3.1.0

build.gradle

@@ -3,7 +3,6 @@ plugins {
     id "idea"
     id "org.springframework.boot" version "${springBootVersion}"
     id "org.eclipse.jkube.kubernetes" version "${jkubeVersion}"
-    id "com.avast.gradle.docker-compose" version "0.16.12"
     id "com.diffplug.spotless" version "${spotlessVersion}"
     id "jacoco"
 }
@@ -60,6 +59,7 @@ dependencies {
     implementation "org.springframework.boot:spring-boot-starter-data-redis-reactive"
     implementation "org.springframework.session:spring-session-data-redis"
     developmentOnly "org.springframework.boot:spring-boot-devtools"
+    developmentOnly "org.springframework.boot:spring-boot-docker-compose"
 
     implementation "com.fasterxml.jackson.module:jackson-module-parameter-names"
     implementation "com.fasterxml.jackson.datatype:jackson-datatype-jdk8"
@@ -73,7 +73,7 @@ dependencies {
     implementation "org.flywaydb:flyway-core"
     implementation "org.flywaydb:flyway-mysql"
 
-    runtimeOnly "io.asyncer:r2dbc-mysql:0.9.3"
+    runtimeOnly "io.asyncer:r2dbc-mysql"
     runtimeOnly "com.mysql:mysql-connector-j"
     // runtimeOnly "io.r2dbc:r2dbc-postgresql"
     // runtimeOnly "org.postgresql:postgresql"
@@ -95,9 +95,11 @@ dependencies {
     testImplementation "org.springframework.security:spring-security-test"
     testImplementation "io.projectreactor:reactor-test"
     testImplementation "com.h2database:h2"
-    testImplementation "org.testcontainers:junit-jupiter:1.18.3"
-    testImplementation "org.testcontainers:r2dbc:1.18.3"
-    testImplementation "org.testcontainers:mysql:1.18.3"
+
+    testImplementation "org.springframework.boot:spring-boot-testcontainers"
+    testImplementation "org.testcontainers:junit-jupiter"
+    testImplementation "org.testcontainers:r2dbc"
+    testImplementation "org.testcontainers:mysql"
     testImplementation "io.r2dbc:r2dbc-h2"
 
     testImplementation "org.assertj:assertj-core"

gradle.properties

@@ -6,7 +6,7 @@ org.gradle.jvmargs=-Duser.language=ja -Duser.country=JP \
   --add-exports jdk.compiler/com.sun.tools.javac.parser=ALL-UNNAMED \
   --add-exports jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED \
   --add-exports jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED
-springBootVersion=3.0.5
+springBootVersion=3.1.0
 spotlessVersion=6.3.0
 jkubeVersion=1.8.0
 jkube.debug.enabled=true

src/main/java/com/bigtreetc/sample/r2dbc/SecurityConfig.java

@@ -23,6 +23,7 @@
 import org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler;
 import org.springframework.security.web.server.authorization.HttpStatusServerAccessDeniedHandler;
 import org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository;
+import org.springframework.security.web.server.csrf.ServerCsrfTokenRequestAttributeHandler;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.reactive.CorsWebFilter;
 import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;
@@ -57,7 +58,11 @@ public SecurityWebFilterChain securityWebFilterChain(
       ServerHttpSecurity http, ReactiveAuthenticationManager authenticationManager) {
 
     // CookieにCSRFトークンを保存する
-    http.csrf().csrfTokenRepository(CookieServerCsrfTokenRepository.withHttpOnlyFalse());
+    val tokenRepository = CookieServerCsrfTokenRepository.withHttpOnlyFalse();
+    val requestHandler = new ServerCsrfTokenRequestAttributeHandler();
+    requestHandler.setTokenFromMultipartDataEnabled(true);
+    http.csrf(
+        csrf -> csrf.csrfTokenRepository(tokenRepository).csrfTokenRequestHandler(requestHandler));
 
     String[] permittedUrls = {
       LOGIN_URL,
@@ -75,25 +80,25 @@ public SecurityWebFilterChain securityWebFilterChain(
     val customLogoutSuccessHandler = new CustomServerLogoutSuccessHandler(logoutSuccessHandler);
     val loginFailureHandler = new CustomServerAuthenticationFailureHandler(LOGIN_URL);
 
-    http.authorizeExchange()
-        .pathMatchers(permittedUrls)
-        .permitAll()
-        .anyExchange()
-        .authenticated()
-        .and()
-        .exceptionHandling()
-        .authenticationEntryPoint(new DefaultAuthenticationEntryPoint(LOGIN_URL))
-        .accessDeniedHandler(new HttpStatusServerAccessDeniedHandler(HttpStatus.FORBIDDEN))
-        .and()
-        .formLogin()
-        .loginPage(LOGIN_URL)
-        .authenticationManager(authenticationManager)
-        .authenticationSuccessHandler(authenticationSuccessHandler)
-        .authenticationFailureHandler(loginFailureHandler)
-        .and()
-        .logout()
-        .logoutUrl(LOGOUT_URL)
-        .logoutSuccessHandler(customLogoutSuccessHandler);
+    http.authorizeExchange(
+            authorize ->
+                authorize.pathMatchers(permittedUrls).permitAll().anyExchange().authenticated())
+        .exceptionHandling(
+            exceptionHandling ->
+                exceptionHandling
+                    .authenticationEntryPoint(new DefaultAuthenticationEntryPoint(LOGIN_URL))
+                    .accessDeniedHandler(
+                        new HttpStatusServerAccessDeniedHandler(HttpStatus.FORBIDDEN)))
+        .formLogin(
+            formLogin ->
+                formLogin
+                    .loginPage(LOGIN_URL)
+                    .authenticationManager(authenticationManager)
+                    .authenticationSuccessHandler(authenticationSuccessHandler)
+                    .authenticationFailureHandler(loginFailureHandler))
+        .logout(
+            logout ->
+                logout.logoutUrl(LOGOUT_URL).logoutSuccessHandler(customLogoutSuccessHandler));
 
     return http.build();
   }