fix: make docs compile with spring-boot 4

web-padawan · web-padawan · commit 376aad2c2c51 · 2025-08-25T14:00:14.000+03:00
diff --git a/articles/flow/security/enabling-security.adoc b/articles/flow/security/enabling-security.adoc
@@ -288,8 +288,11 @@ extends VaadinWebSecurity { // <2>
 
         // Configure your static resources with public access before calling
         // super.configure(HttpSecurity) as it adds final anyRequest matcher
-        http.authorizeHttpRequests(auth -> auth.requestMatchers(new AntPathRequestMatcher("/public/**"))
-            .permitAll());
+        http.authorizeHttpRequests(
+                auth -> auth
+                        .requestMatchers(PathPatternRequestMatcher
+                                .withDefaults().matcher("/public/**"))
+                        .permitAll());
 
         super.configure(http); // <3>
 
diff --git a/articles/hilla/lit/guides/security/spring-login.adoc b/articles/hilla/lit/guides/security/spring-login.adoc
@@ -147,7 +147,8 @@ Public views need to be added to the configuration in [methodname]`securityFilte
   @Override
   protected void configure(HttpSecurity http) throws Exception {
     http.authorizeHttpRequests(registry -> {
-        registry.requestMatchers(new AntPathRequestMatcher("/public-view")).permitAll(); // custom matcher
+        registry.requestMatchers(PathPatternRequestMatcher.withDefaults()
+                .matcher("/public-view")).permitAll(); // custom matcher
     });
     super.configure(http);
   }
diff --git a/pom.xml b/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>3.5.0</version>
+        <version>4.0.0-M1</version>
     </parent>
     <!-- end::spring-version[] -->
 
diff --git a/src/main/java/com/vaadin/demo/Application.java b/src/main/java/com/vaadin/demo/Application.java
@@ -2,7 +2,7 @@
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
-import org.springframework.boot.web.servlet.ServletComponentScan;
+import org.springframework.boot.web.server.servlet.context.ServletComponentScan;
 import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.FilterType;
diff --git a/src/main/java/com/vaadin/demo/SecurityConfig.java b/src/main/java/com/vaadin/demo/SecurityConfig.java
@@ -4,21 +4,21 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher;
 
 @EnableWebSecurity
 @Configuration
 public class SecurityConfig extends VaadinWebSecurity {
 
     @Override
     protected void configure(HttpSecurity http) throws Exception {
-        http.csrf().disable();
+        http.csrf(csrf -> csrf.disable());
 
         /* Disable on docs app, but leave in place to be used as snippet // hidden-source-line
         // tag::download[]
         // Restrict access to FileDownloadEndpoint to authenticated users
         http.authorizeHttpRequests(authorize -> authorize
-                .requestMatchers(new AntPathRequestMatcher("/download/**")).authenticated());
+                .requestMatchers(PathPatternRequestMatcher.withDefaults().matcher("/download/**")).authenticated());
         // end::download[]
         */ // hidden-source-line
     }
diff --git a/src/main/java/com/vaadin/demo/fusion/security/stateless/SecurityConfig.java b/src/main/java/com/vaadin/demo/fusion/security/stateless/SecurityConfig.java
@@ -8,7 +8,7 @@
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.oauth2.jose.jws.JwsAlgorithms;
-import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher;
 
 import javax.crypto.spec.SecretKeySpec;
 import java.util.Base64;
@@ -39,19 +39,23 @@ protected void configure(HttpSecurity http) throws Exception {
 
         // Configure your static resources with public access before calling
         // super.configure(HttpSecurity) as it adds final anyRequest matcher
-        http.authorizeHttpRequests()
-                .requestMatchers(new AntPathRequestMatcher("/admin-only/**"))
-                .hasAnyRole("admin");
-        http.authorizeHttpRequests()
-                .requestMatchers(new AntPathRequestMatcher("/public/**"))
-                .permitAll();
+        http.authorizeHttpRequests(
+                (requests) -> requests
+                        .requestMatchers(PathPatternRequestMatcher
+                                .withDefaults().matcher("/admin-only/**"))
+                        .hasAnyRole("admin"));
+        http.authorizeHttpRequests(
+                (requests) -> requests
+                        .requestMatchers(PathPatternRequestMatcher
+                                .withDefaults().matcher("/public/**"))
+                        .permitAll());
 
         // tag::stateless-configure[]
         super.configure(http);
 
         // Disable creating and using sessions in Spring Security
-        http.sessionManagement()
-                .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
+        http.sessionManagement((session) -> session
+                .sessionCreationPolicy(SessionCreationPolicy.STATELESS));
 
         // Register your login view to the view access checker mechanism
         setLoginView(http, "/login");
diff --git a/src/main/java/com/vaadin/demo/fusion/security/stateless/SecurityConfigurer.java b/src/main/java/com/vaadin/demo/fusion/security/stateless/SecurityConfigurer.java
@@ -33,13 +33,12 @@ SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         // end::stateless-configure[]
         http.authorizeHttpRequests(auth -> auth
                 .requestMatchers("/admin-only/**").hasAnyRole("admin")
-                .requestMatchers("/public/**").permitAll()
-        );
+                .requestMatchers("/public/**").permitAll());
 
         // tag::stateless-configure[]
         // Disable creating and using sessions in Spring Security
-        http.sessionManagement()
-                .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
+        http.sessionManagement((session) -> session
+                .sessionCreationPolicy(SessionCreationPolicy.STATELESS));
 
         // Register your login view to the view access checker mechanism
         http.with(VaadinSecurityConfigurer.vaadin(),
