META-INF.rewrite.spring-security-58.yml Maven / Gradle / Ivy
Show all versions of rewrite-spring Show documentation
#
# Copyright 2023 the original author or authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
---
type: specs.openrewrite.org/v1beta/recipe
name: org.openrewrite.java.spring.security5.UpgradeSpringSecurity_5_8
displayName: Migrate to Spring Security 5.8
description: >
Migrate applications to the latest Spring Security 5.8 release. This recipe will modify an
application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have
changes between versions.
tags:
- spring
- security
recipeList:
- org.openrewrite.java.spring.security5.UpgradeSpringSecurity_5_7
- org.openrewrite.java.dependencies.UpgradeDependencyVersion:
groupId: org.springframework.security
artifactId: "*"
newVersion: 5.8.x
overrideManagedVersion: false
- org.openrewrite.java.spring.security5.AuthorizeHttpRequests
- org.openrewrite.java.spring.security5.UseNewRequestMatchers
- org.openrewrite.java.spring.security5.UseNewSecurityMatchers
- org.openrewrite.java.spring.security5.UpdatePbkdf2PasswordEncoder
- org.openrewrite.java.spring.security5.UpdateSCryptPasswordEncoder
- org.openrewrite.java.spring.security5.UpdateArgon2PasswordEncoder
- org.openrewrite.java.spring.security5.ReplaceGlobalMethodSecurityWithMethodSecurity
- org.openrewrite.java.spring.security5.ReplaceGlobalMethodSecurityWithMethodSecurityXml
---
type: specs.openrewrite.org/v1beta/recipe
name: org.openrewrite.java.spring.security5.search.FindEncryptorsQueryableTextUses
displayName: Finds uses of `Encryptors.queryableText()`
description: "`Encryptors.queryableText()` is insecure and is removed in Spring Security 6."
tags:
- spring
- security
- search
recipeList:
- org.openrewrite.java.search.FindMethods:
methodPattern: org.springframework.security.crypto.encrypt.Encryptors queryableText(..)
matchOverrides: false
########################################################################################################################
---
type: specs.openrewrite.org/v1beta/recipe
name: org.openrewrite.java.spring.security5.ReplaceGlobalMethodSecurityWithMethodSecurityXml
displayName: Replace global method security with method security
description: >
`@EnableGlobalMethodSecurity` and `` are deprecated in favor of `@EnableMethodSecurity`
and ``, respectively. The new annotation and XML element activate Spring’s pre-post annotations
by default and use AuthorizationManager internally.
tags:
- spring
- security
recipeList:
- org.openrewrite.xml.ChangeTagName:
elementName: global-method-security
newName: method-security
fileMatcher: null
- org.openrewrite.xml.ChangeTagAttribute:
elementName: method-security
attributeName: pre-post-enabled
newValue: null
oldValue: true
fileMatcher: null
---
type: specs.openrewrite.org/v1beta/recipe
name: org.openrewrite.java.spring.security5.RenameNimbusdsJsonObjectPackageName
displayName: Rename the package name from `com.nimbusds.jose.shaded.json` to `net.minidev.json`
description: Rename the package name from `com.nimbusds.jose.shaded.json` to `net.minidev.json`.
tags:
- spring
- security
recipeList:
- org.openrewrite.java.ChangePackage:
oldPackageName: com.nimbusds.jose.shaded.json
newPackageName: net.minidev.json
recursive: false
- org.openrewrite.java.dependencies.AddDependency:
groupId: net.minidev
artifactId: json-smart
version: 2.x
onlyIfUsing: com.nimbusds.jose