From b990690a3f37132c39a3108bf80ee3e1f0847db4 Mon Sep 17 00:00:00 2001 From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Date: Fri, 17 Apr 2026 19:14:52 +0000 Subject: [PATCH 1/2] Upgrade Spring Boot 2.0.2 to 2.7.18, add Spring Security, fix insecure URLs - Upgrade spring-boot-starter-parent from 2.0.2.RELEASE to 2.7.18 - Fix packaging from 'pom' to 'jar' to enable compilation - Replace deprecated new Object[] JdbcTemplate query with varargs - Add spring-boot-starter-security dependency - Create SecurityConfig with public GET for / and /greeting, auth required elsewhere - Add application.properties with H2 console and datasource config - Change http:// to https:// for external API URLs in Application.java Co-Authored-By: marcel.schwager --- pom.xml | 8 ++++-- src/main/java/hello/Application.java | 7 ++--- .../java/hello/config/SecurityConfig.java | 26 +++++++++++++++++++ src/main/resources/application.properties | 4 +++ 4 files changed, 40 insertions(+), 5 deletions(-) create mode 100644 src/main/java/hello/config/SecurityConfig.java create mode 100644 src/main/resources/application.properties diff --git a/pom.xml b/pom.xml index 63f5cbd..95ffd5c 100644 --- a/pom.xml +++ b/pom.xml @@ -5,13 +5,13 @@ org.springframework gs-spring-boot - pom + jar 0.1.0 org.springframework.boot spring-boot-starter-parent - 2.0.2.RELEASE + 2.7.18 @@ -32,6 +32,10 @@ com.h2database h2 + + org.springframework.boot + spring-boot-starter-security + diff --git a/src/main/java/hello/Application.java b/src/main/java/hello/Application.java index 7cf8faf..28067ff 100644 --- a/src/main/java/hello/Application.java +++ b/src/main/java/hello/Application.java @@ -36,7 +36,7 @@ public static void main(String[] args) { } RestTemplate restTemplate = new RestTemplate(); - Quote quote = restTemplate.getForObject("http://gturnquist-quoters.cfapps.io/api/random", Quote.class); + Quote quote = restTemplate.getForObject("https://gturnquist-quoters.cfapps.io/api/random", Quote.class); log.info(quote.toString()); } @@ -80,8 +80,9 @@ public void run(String... args) throws Exception { log.info("Querying for customer records where first_name = 'Josh':"); jdbcTemplate.query( - "SELECT id, first_name, last_name FROM customers WHERE first_name = ?", new Object[]{"Josh"}, - (rs, rowNum) -> new Customer(rs.getLong("id"), rs.getString("first_name"), rs.getString("last_name")) + "SELECT id, first_name, last_name FROM customers WHERE first_name = ?", + (rs, rowNum) -> new Customer(rs.getLong("id"), rs.getString("first_name"), rs.getString("last_name")), + "Josh" ).forEach(customer -> log.info(customer.toString())); } diff --git a/src/main/java/hello/config/SecurityConfig.java b/src/main/java/hello/config/SecurityConfig.java new file mode 100644 index 0000000..543e17b --- /dev/null +++ b/src/main/java/hello/config/SecurityConfig.java @@ -0,0 +1,26 @@ +package hello.config; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.http.HttpMethod; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.web.SecurityFilterChain; + +@Configuration +@EnableWebSecurity +public class SecurityConfig { + + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + http + .authorizeRequests() + .antMatchers(HttpMethod.GET, "/", "/greeting").permitAll() + .anyRequest().authenticated() + .and() + .httpBasic() + .and() + .csrf().disable(); // Disable CSRF for REST API; consider enabling if serving browser forms + return http.build(); + } +} diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties new file mode 100644 index 0000000..10b9696 --- /dev/null +++ b/src/main/resources/application.properties @@ -0,0 +1,4 @@ +#server.port = 8081 + +spring.h2.console.enabled=true +spring.datasource.url=jdbc:h2:mem:testdb From ea9d83c16e2709ce9726741e1328916004549d09 Mon Sep 17 00:00:00 2001 From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Date: Fri, 17 Apr 2026 19:17:05 +0000 Subject: [PATCH 2/2] Fix: wrap defunct external API calls in try-catch, fix missed http->https URL - Both external quote service calls now use https:// - Wrapped in try-catch so the app starts even when the service is unavailable - The gturnquist-quoters.cfapps.io service is defunct; errors are logged as warnings Co-Authored-By: marcel.schwager --- src/main/java/hello/Application.java | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/src/main/java/hello/Application.java b/src/main/java/hello/Application.java index 28067ff..567cb39 100644 --- a/src/main/java/hello/Application.java +++ b/src/main/java/hello/Application.java @@ -36,8 +36,12 @@ public static void main(String[] args) { } RestTemplate restTemplate = new RestTemplate(); - Quote quote = restTemplate.getForObject("https://gturnquist-quoters.cfapps.io/api/random", Quote.class); - log.info(quote.toString()); + try { + Quote quote = restTemplate.getForObject("https://gturnquist-quoters.cfapps.io/api/random", Quote.class); + log.info(quote.toString()); + } catch (Exception e) { + log.warn("Could not reach external quote service: {}", e.getMessage()); + } } @@ -49,9 +53,13 @@ public RestTemplate restTemplate(RestTemplateBuilder builder) { @Bean public CommandLineRunner run(RestTemplate restTemplate) throws Exception { return args -> { - Quote quote = restTemplate.getForObject( - "http://gturnquist-quoters.cfapps.io/api/random", Quote.class); - log.info(quote.toString()); + try { + Quote quote = restTemplate.getForObject( + "https://gturnquist-quoters.cfapps.io/api/random", Quote.class); + log.info(quote.toString()); + } catch (Exception e) { + log.warn("Could not reach external quote service: {}", e.getMessage()); + } }; }