Revert "Replace deprecated methods"

Brutus5000 · Brutus5000 · commit 9b4ca6ccb0f5 · 2025-08-25T21:54:59.000+02:00
This reverts commit d30f4c3.
diff --git a/src/main/java/com/faforever/api/config/security/WebSecurityConfig.java b/src/main/java/com/faforever/api/config/security/WebSecurityConfig.java
@@ -4,12 +4,23 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.InternalAuthenticationServiceException;
+import org.springframework.security.authentication.LockedException;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
-import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
 import org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.AuthenticationFailureHandler;
+import org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.security.web.util.matcher.OrRequestMatcher;
+import org.springframework.security.web.util.matcher.RequestMatcher;
+
+import jakarta.servlet.http.HttpServletRequest;
+import java.util.Map;
+import java.util.regex.Pattern;
 
 @Configuration
 @EnableWebSecurity
@@ -20,21 +31,55 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
     final var bearerTokenResolver = new DefaultBearerTokenResolver();
     bearerTokenResolver.setAllowUriQueryParameter(true);
 
-    return http.headers(headersConfig ->
-        headersConfig.cacheControl(HeadersConfigurer.CacheControlConfig::disable)
-      )
-      .formLogin(AbstractHttpConfigurer::disable)
-      .oauth2ResourceServer(oauth2Config ->
-        oauth2Config
-          .bearerTokenResolver(bearerTokenResolver)
-          .jwt(jwtConfig -> jwtConfig.jwtAuthenticationConverter(new FafAuthenticationConverter()))
-      )
-      .authorizeHttpRequests(authorizeConfig ->
-        authorizeConfig
-          .requestMatchers(HttpMethod.OPTIONS).permitAll()
-          // Swagger UI
-          .requestMatchers("/swagger-ui/**", "/swagger-resources/**", "/v3/api-docs/**", "/").permitAll()
-          // Webapp folder
-          .requestMatchers("/css/*", "/favicon.ico", "/robots.txt").permitAll()).build();
+    // @formatter:off
+    http.csrf(csrfConfig -> csrfConfig.requireCsrfProtectionMatcher(new RequestMatcher() {
+      private final Pattern allowedMethods = Pattern.compile("^(GET|HEAD|TRACE|OPTIONS)$");
+      private final RequestMatcher matcher = new OrRequestMatcher(
+        new AntPathRequestMatcher("/oauth/authorize"),
+        new AntPathRequestMatcher("/login"));
+
+      @Override
+      public boolean matches(HttpServletRequest request) {
+        return matcher.matches(request) && !allowedMethods.matcher(request.getMethod()).matches();
+      }
+    }));
+    http.headers(headersConfig -> headersConfig.cacheControl().disable());
+    http.formLogin(AbstractHttpConfigurer::disable);
+    http.oauth2ResourceServer(oauth2Config -> {
+      oauth2Config.bearerTokenResolver(bearerTokenResolver);
+      oauth2Config.jwt(jwtConfig -> jwtConfig.jwtAuthenticationConverter(new FafAuthenticationConverter()));
+    });
+    http.authorizeRequests(authorizeConfig -> {
+      authorizeConfig.requestMatchers(HttpMethod.OPTIONS).permitAll();
+      // Swagger UI
+      authorizeConfig.requestMatchers(
+        "/swagger-ui/**",
+        "/swagger-resources/**",
+        "/v3/api-docs/**",
+        "/"
+      ).permitAll();
+      // Webapp folder
+      authorizeConfig.requestMatchers(
+        "/css/*",
+        "/favicon.ico",
+        "/robots.txt"
+      ).permitAll();
+    });
+    // @formatter:on
+    return http.build();
+  }
+
+  @Bean
+  public AuthenticationFailureHandler authenticationFailureHandler() {
+    Map<Object, String> exceptionMappings = Map.of(
+      InternalAuthenticationServiceException.class.getCanonicalName(), "/login?error=serverError",
+      BadCredentialsException.class.getCanonicalName(), "/login?error=badCredentials",
+      LockedException.class.getCanonicalName(), "/login?error=locked"
+    );
+
+    final ExceptionMappingAuthenticationFailureHandler result = new ExceptionMappingAuthenticationFailureHandler();
+    result.setExceptionMappings(exceptionMappings);
+    result.setDefaultFailureUrl("/login?error=unknown");
+    return result;
   }
 }
diff --git a/src/test/java/com/faforever/api/mod/ModServiceTest.java b/src/test/java/com/faforever/api/mod/ModServiceTest.java
@@ -36,7 +36,7 @@
 import java.util.zip.ZipOutputStream;
 
 import static com.faforever.api.error.ApiExceptionMatcher.hasErrorCode;
-import static org.apache.commons.lang3.RandomStringUtils.insecure;
+import static org.apache.commons.lang3.RandomStringUtils.randomAlphanumeric;
 import static org.hamcrest.CoreMatchers.is;
 import static org.hamcrest.CoreMatchers.nullValue;
 import static org.hamcrest.MatcherAssert.assertThat;
@@ -120,7 +120,7 @@ public void processUploadedMod() throws Exception {
     assertThat(savedMod.getUploader(), is(uploader));
     assertThat(savedMod.getRepositoryUrl(), is(repositoryUrl));
 
-    ModVersion savedModVersion = savedMod.getVersions().getFirst();
+    ModVersion savedModVersion = savedMod.getVersions().get(0);
 
     assertThat(savedModVersion.getId(), is(nullValue()));
     assertThat(savedModVersion.getIcon(), is("no_friendly_fire.v0003.png"));
@@ -203,14 +203,14 @@ public void testDisplayNameMissing() throws Exception {
 
   @Test
   public void testDisplayNameTooLong() throws Exception {
-    Path uploadFile = prepareModDynamic(luaContent().setName(insecure().nextAlphanumeric(111)));
+    Path uploadFile = prepareModDynamic(luaContent().setName(randomAlphanumeric(111)));
     ApiException result = assertThrows(ApiException.class, () -> instance.processUploadedMod(uploadFile, TEST_MOD_FILENAME, new Player(), null, null));
     assertThat(result, hasErrorCode(ErrorCode.MOD_NAME_TOO_LONG));
   }
 
   @Test
   public void testDisplayNameTooShort() throws Exception {
-    Path uploadFile = prepareModDynamic(luaContent().setName(insecure().nextAlphanumeric(2)));
+    Path uploadFile = prepareModDynamic(luaContent().setName(randomAlphanumeric(2)));
     ApiException result = assertThrows(ApiException.class, () -> instance.processUploadedMod(uploadFile, TEST_MOD_FILENAME, new Player(), null, null));
     assertThat(result, hasErrorCode(ErrorCode.MOD_NAME_TOO_SHORT));
   }
@@ -268,7 +268,7 @@ public void testAuthorMissing() throws Exception {
   @NotNull
   private LuaContent luaContent() {
     return new LuaContent()
-      .setName(insecure().nextAlphanumeric(50))
+      .setName(randomAlphanumeric(50))
       .setVersion("3")
       .setAuthor("The Author")
       .setCopyright("The Copyright")
