Throyer
diff --git a/‎pom.xml
Lines changed: 1 addition & 1 deletion b/‎pom.xml
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/main/java/com/github/throyer/common/springboot/Application.java
Lines changed: 3 additions & 3 deletions b/‎src/main/java/com/github/throyer/common/springboot/Application.java
Lines changed: 3 additions & 3 deletions
diff --git a/‎src/main/java/com/github/throyer/common/springboot/configurations/SpringSecurityConfiguration.java
Lines changed: 85 additions & 94 deletions b/‎src/main/java/com/github/throyer/common/springboot/configurations/SpringSecurityConfiguration.java
Lines changed: 85 additions & 94 deletions
diff --git a/‎src/main/java/com/github/throyer/common/springboot/configurations/SpringWebConfiguration.java
Lines changed: 0 additions & 1 deletion b/‎src/main/java/com/github/throyer/common/springboot/configurations/SpringWebConfiguration.java
Lines changed: 0 additions & 1 deletion
diff --git a/‎src/main/java/com/github/throyer/common/springboot/controllers/app/UserController.java
Lines changed: 4 additions & 3 deletions b/‎src/main/java/com/github/throyer/common/springboot/controllers/app/UserController.java
Lines changed: 4 additions & 3 deletions
diff --git a/‎src/main/java/com/github/throyer/common/springboot/domain/management/repository/SoftDeleteRepository.java
Lines changed: 2 additions & 2 deletions b/‎src/main/java/com/github/throyer/common/springboot/domain/management/repository/SoftDeleteRepository.java
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/main/java/com/github/throyer/common/springboot/domain/recovery/model/RecoveryRequest.java
Lines changed: 1 addition & 2 deletions b/‎src/main/java/com/github/throyer/common/springboot/domain/recovery/model/RecoveryRequest.java
Lines changed: 1 addition & 2 deletions
diff --git a/‎src/main/java/com/github/throyer/common/springboot/domain/recovery/model/Update.java
Lines changed: 6 additions & 4 deletions b/‎src/main/java/com/github/throyer/common/springboot/domain/recovery/model/Update.java
Lines changed: 6 additions & 4 deletions
diff --git a/‎src/main/java/com/github/throyer/common/springboot/domain/role/entity/Role.java
Lines changed: 9 additions & 6 deletions b/‎src/main/java/com/github/throyer/common/springboot/domain/role/entity/Role.java
Lines changed: 9 additions & 6 deletions
diff --git a/‎src/main/java/com/github/throyer/common/springboot/domain/user/model/UserDetails.java
Lines changed: 3 additions & 4 deletions b/‎src/main/java/com/github/throyer/common/springboot/domain/user/model/UserDetails.java
Lines changed: 3 additions & 4 deletions
@@ -4,7 +4,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>2.6.2</version>
+        <version>2.7.0</version>
         <relativePath /> <!-- lookup parent from repository -->
     </parent>
     <groupId>com.github.throyer.common.spring-boot</groupId>
 
@@ -1,14 +1,14 @@
 package com.github.throyer.common.springboot;
 
-import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.cache.annotation.EnableCaching;
-import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
+
+import static org.springframework.boot.SpringApplication.run;
 
 @EnableCaching
 @SpringBootApplication
 public class Application {
     public static void main(String... args) {
-        SpringApplication.run(Application.class, args);
+        run(Application.class, args);
     }
 }
@@ -1,30 +1,42 @@
 package com.github.throyer.common.springboot.configurations;
 
+import static com.github.throyer.common.springboot.constants.SECURITY.ACESSO_NEGADO_URL;
+import static com.github.throyer.common.springboot.constants.SECURITY.DAY_MILLISECONDS;
+import static com.github.throyer.common.springboot.constants.SECURITY.HOME_URL;
+import static com.github.throyer.common.springboot.constants.SECURITY.LOGIN_ERROR_URL;
+import static com.github.throyer.common.springboot.constants.SECURITY.LOGIN_URL;
+import static com.github.throyer.common.springboot.constants.SECURITY.LOGOUT_URL;
+import static com.github.throyer.common.springboot.constants.SECURITY.PASSWORD_PARAMETER;
+import static com.github.throyer.common.springboot.constants.SECURITY.PUBLIC_API_ROUTES;
+import static com.github.throyer.common.springboot.constants.SECURITY.SESSION_COOKIE_NAME;
+import static com.github.throyer.common.springboot.constants.SECURITY.STATIC_FILES;
+import static com.github.throyer.common.springboot.constants.SECURITY.TOKEN_SECRET;
+import static com.github.throyer.common.springboot.constants.SECURITY.USERNAME_PARAMETER;
+import static com.github.throyer.common.springboot.utils.Responses.forbidden;
+import static org.springframework.http.HttpMethod.GET;
+import static org.springframework.http.HttpMethod.POST;
+import static org.springframework.security.config.Customizer.withDefaults;
+import static org.springframework.security.config.http.SessionCreationPolicy.STATELESS;
+
 import com.github.throyer.common.springboot.domain.session.service.SessionService;
 import com.github.throyer.common.springboot.middlewares.AuthorizationMiddleware;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
-import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.stereotype.Component;
 import org.springframework.web.cors.CorsConfiguration;
 
-import static com.github.throyer.common.springboot.constants.SECURITY.*;
-import static com.github.throyer.common.springboot.utils.Responses.forbidden;
-import static org.springframework.http.HttpMethod.GET;
-import static org.springframework.http.HttpMethod.POST;
-import static org.springframework.security.config.http.SessionCreationPolicy.STATELESS;
-
 @Component
+@Configuration
 @EnableWebSecurity
 @EnableGlobalMethodSecurity(prePostEnabled = true)
 public class SpringSecurityConfiguration {
@@ -41,96 +53,75 @@ public SpringSecurityConfiguration(
         this.filter = filter;
     }
 
-    @Order(1)
-    @Configuration
-    public class Api extends WebSecurityConfigurerAdapter {
-
-        @Override
-        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-            auth.userDetailsService(sessionService)
-                .passwordEncoder(PASSWORD_ENCODER);
-        }
-
-        @Override
-        protected void configure(HttpSecurity http) throws Exception {
-            PUBLIC_API_ROUTES.injectOn(http);
+    @Bean
+    public WebSecurityCustomizer webSecurityCustomizer() {
+        return (web) -> web.ignoring().antMatchers(STATIC_FILES);
+    }
 
-            http
-                .antMatcher("/api/**")
-                    .authorizeRequests()
-                        .anyRequest()
-                            .authenticated()
-                .and()
-                    .csrf()
-                    .disable()
-                        .exceptionHandling()
-                            .authenticationEntryPoint((request, response, exception) -> forbidden(response))
-                .and()
-                    .sessionManagement()
-                    .sessionCreationPolicy(STATELESS)
-                .and()
-                    .addFilterBefore(filter, UsernamePasswordAuthenticationFilter.class)
-                .cors()
-                    .configurationSource(request -> new CorsConfiguration().applyPermitDefaultValues());
-        }
+    @Bean
+    @Order(1)
+    public SecurityFilterChain api(HttpSecurity http) throws Exception {
+        PUBLIC_API_ROUTES.injectOn(http);
 
-        @Override
-        public void configure(WebSecurity web) {
-            web
-                .ignoring()
-                    .antMatchers(STATIC_FILES);
-        }
+        http
+            .httpBasic(withDefaults())
+            .antMatcher("/api/**")
+                .authorizeRequests()
+                    .anyRequest()
+                        .authenticated()
+            .and()
+                .csrf()
+                .disable()
+                    .exceptionHandling()
+                        .authenticationEntryPoint((request, response, exception) -> forbidden(response))
+            .and()
+                .userDetailsService(sessionService)
+                .sessionManagement()
+                .sessionCreationPolicy(STATELESS)
+            .and()
+                .addFilterBefore(filter, UsernamePasswordAuthenticationFilter.class)
+            .cors()
+                .configurationSource(request -> new CorsConfiguration().applyPermitDefaultValues());
 
-        @Bean
-        @Override
-        protected AuthenticationManager authenticationManager() throws Exception {
-            return super.authenticationManager();
-        }
+        return http.build();
     }
 
+    @Bean
     @Order(2)
-    @Configuration
-    public class App extends WebSecurityConfigurerAdapter {
-        @Override
-        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-            auth.
-                userDetailsService(sessionService)
-                    .passwordEncoder(PASSWORD_ENCODER);
-        }
-
-        @Override
-        protected void configure(HttpSecurity http) throws Exception {
+    public SecurityFilterChain app(HttpSecurity http) throws Exception {
+        http
+            .antMatcher("/app/**")
+                .authorizeRequests()
+                    .antMatchers(GET, LOGIN_URL, "/app", "/app/register", "/app/recovery/**")
+                        .permitAll()
+                    .antMatchers(POST, "/app/register", "/app/recovery/**")
+                        .permitAll()
+                    .anyRequest()
+                        .authenticated()
+            .and()
+                .csrf()
+                    .disable()
+                    .userDetailsService(sessionService)
+                        .formLogin()
+                            .loginPage(LOGIN_URL)
+                                .failureUrl(LOGIN_ERROR_URL)
+                                .defaultSuccessUrl(HOME_URL)
+                            .usernameParameter(USERNAME_PARAMETER)
+                            .passwordParameter(PASSWORD_PARAMETER)
+            .and()
+                .rememberMe()
+                    .userDetailsService(sessionService)
+                    .key(TOKEN_SECRET)
+                        .tokenValiditySeconds(DAY_MILLISECONDS)
+            .and()
+                .logout()
+                    .deleteCookies(SESSION_COOKIE_NAME)
+                        .logoutRequestMatcher(new AntPathRequestMatcher(LOGOUT_URL))
+                        .logoutSuccessUrl(LOGIN_URL)
+            .and()
+                .exceptionHandling()
+                    .accessDeniedPage(ACESSO_NEGADO_URL);
 
-            http
-                .antMatcher("/app/**")
-                    .authorizeRequests()
-                        .antMatchers(GET, LOGIN_URL, "/app", "/app/register", "/app/recovery/**")
-                            .permitAll()
-                        .antMatchers(POST, "/app/register", "/app/recovery/**")
-                            .permitAll()
-                        .anyRequest()
-                            .authenticated()
-                .and()
-                    .csrf()
-                        .disable()
-                            .formLogin()
-                                .loginPage(LOGIN_URL)
-                                    .failureUrl(LOGIN_ERROR_URL)
-                                    .defaultSuccessUrl(HOME_URL)
-                                .usernameParameter(USERNAME_PARAMETER)
-                                .passwordParameter(PASSWORD_PARAMETER)
-                .and()
-                    .rememberMe()
-                        .key(TOKEN_SECRET)
-                            .tokenValiditySeconds(DAY_MILLISECONDS)
-                .and()
-                    .logout()
-                        .deleteCookies(SESSION_COOKIE_NAME)
-                            .logoutRequestMatcher(new AntPathRequestMatcher(LOGOUT_URL))
-                            .logoutSuccessUrl(LOGIN_URL)
-                .and()
-                    .exceptionHandling()
-                        .accessDeniedPage(ACESSO_NEGADO_URL);
-        }
+        return http.build();
     }
 }
@@ -2,7 +2,6 @@
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.data.repository.query.SecurityEvaluationContextExtension;
 import org.springframework.web.servlet.config.annotation.CorsRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
@@ -1,12 +1,13 @@
 package com.github.throyer.common.springboot.controllers.app;
 
+import java.util.Optional;
+
 import com.github.throyer.common.springboot.domain.pagination.service.Pagination;
+import com.github.throyer.common.springboot.domain.toast.Toasts;
 import com.github.throyer.common.springboot.domain.toast.Type;
 import com.github.throyer.common.springboot.domain.user.repository.UserRepository;
-import com.github.throyer.common.springboot.domain.user.repository.custom.NativeQueryUserRepository;
 import com.github.throyer.common.springboot.domain.user.service.RemoveUserService;
-import com.github.throyer.common.springboot.domain.toast.Toasts;
-import java.util.Optional;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 
@@ -1,11 +1,11 @@
 package com.github.throyer.common.springboot.domain.management.repository;
 
-import com.github.throyer.common.springboot.domain.management.entity.Auditable;
 import static com.github.throyer.common.springboot.domain.management.repository.Queries.DELETE_ALL;
 import static com.github.throyer.common.springboot.domain.management.repository.Queries.DELETE_BY_ID;
 
+import com.github.throyer.common.springboot.domain.management.entity.Auditable;
+
 import org.springframework.data.jpa.repository.JpaRepository;
-import org.springframework.data.jpa.repository.JpaSpecificationExecutor;
 import org.springframework.data.jpa.repository.Modifying;
 import org.springframework.data.jpa.repository.Query;
 import org.springframework.data.repository.NoRepositoryBean;
 
@@ -2,8 +2,7 @@
 
 import javax.validation.constraints.Email;
 import javax.validation.constraints.NotEmpty;
-import javax.validation.constraints.NotNull;
-import lombok.Data;
+
 import lombok.Getter;
 import lombok.Setter;
 
 
@@ -5,11 +5,12 @@
 
 import javax.validation.constraints.Email;
 import javax.validation.constraints.NotEmpty;
-import javax.validation.constraints.NotNull;
 import javax.validation.constraints.Size;
+
+import org.springframework.validation.BindingResult;
+
 import lombok.Data;
 import lombok.NoArgsConstructor;
-import org.springframework.validation.BindingResult;
 
 @Data
 @NoArgsConstructor
@@ -31,8 +32,9 @@ public class Update {
     public Update(Codes codes) {
         copyProperties(codes, this);
     }
-        
-    public void validate(BindingResult result) { }
+
+    public void validate(BindingResult result) {
+    }
 
     public String code() {
         return format("%s%s%s%s", first, second, third, fourth);
 
@@ -1,6 +1,7 @@
 package com.github.throyer.common.springboot.domain.role.entity;
 
-import com.github.throyer.common.springboot.domain.management.entity.Auditable;
+import static com.github.throyer.common.springboot.domain.management.repository.Queries.NON_DELETED_CLAUSE;
+
 import java.util.Objects;
 
 import javax.persistence.Column;
@@ -11,13 +12,14 @@
 import javax.persistence.Table;
 
 import com.fasterxml.jackson.annotation.JsonIgnore;
-import static com.github.throyer.common.springboot.domain.management.repository.Queries.NON_DELETED_CLAUSE;
-import lombok.Data;
+import com.github.throyer.common.springboot.domain.management.entity.Auditable;
 
 import org.hibernate.annotations.Where;
 import org.springframework.security.core.GrantedAuthority;
 
-@Data
+import lombok.Getter;
+
+@Getter
 @Entity
 @Table(name = "role")
 @Where(clause = NON_DELETED_CLAUSE)
@@ -46,7 +48,8 @@ public class Role extends Auditable implements GrantedAuthority {
     @Column(nullable = true, unique = true)
     private String description;
 
-    public Role() { }
+    public Role() {
+    }
 
     public Role(String initials) {
         this.initials = initials;
@@ -87,5 +90,5 @@ public String toString() {
     public String getAuthority() {
         return this.getInitials();
     }
-    
+
 }
@@ -1,18 +1,17 @@
 package com.github.throyer.common.springboot.domain.user.model;
 
-import com.fasterxml.jackson.annotation.JsonInclude;
+import static java.util.Optional.ofNullable;
 
 import java.util.ArrayList;
 import java.util.List;
 
+import com.github.throyer.common.springboot.domain.management.model.Entity;
 import com.github.throyer.common.springboot.domain.role.entity.Role;
 import com.github.throyer.common.springboot.domain.user.entity.User;
-import com.github.throyer.common.springboot.domain.management.model.Entity;
+
 import io.swagger.v3.oas.annotations.media.Schema;
 import lombok.Getter;
 
-import static java.util.Optional.ofNullable;
-
 @Getter
 @Schema(name = "User", requiredProperties = {"id", "name", "email", "roles"})
 public class UserDetails implements Entity {