Migrate to Spring Boot Starter Security

So far, we had a direct dependency on Spring Security Core, but it is cleaner to import it "à la" Spring Boot, so that we benefit from autoconfiguration, and the version is handled by Spring Boot.

2 files changed, 18 insertions, 1 deletions

diff --git a/backend/build.gradle b/backend/build.gradle
index 705104aa..aec1bc9e 100644
--- a/backend/build.gradle
+++ b/backend/build.gradle
@@ -23,8 +23,12 @@ configurations {
 
 dependencies {
     compile project(':game-engine')
+
     compile 'org.springframework.boot:spring-boot-starter-websocket'
-    compile 'org.springframework.security:spring-security-core:5.0.4.RELEASE'
+    compile 'org.springframework.boot:spring-boot-starter-security'
+    // required by spring security with websockets
+    compile 'org.springframework.security:spring-security-messaging'
+
     compile 'ch.qos.logback:logback-classic:1.1.8'
     compile 'org.hildan.livedoc:livedoc-springboot:4.3.2'
     compile 'org.hildan.livedoc:livedoc-ui-webjar:4.3.2'
diff --git a/backend/src/main/java/org/luxons/sevenwonders/config/WebSecurityConfig.java b/backend/src/main/java/org/luxons/sevenwonders/config/WebSecurityConfig.java
new file mode 100644
index 00000000..2cfb966d
--- /dev/null
+++ b/backend/src/main/java/org/luxons/sevenwonders/config/WebSecurityConfig.java
@@ -0,0 +1,13 @@
+package org.luxons.sevenwonders.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@Configuration
+public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+    @Override
+    protected void configure(HttpSecurity httpSecurity) {
+        // this disables default authentication settings
+    }
+}