fix(tunnel-server): upgrade to spring boot 3.5.11 dependency line

Copilot · hengyunabc · Copilot · commit e4ddb320a86a · 2026-02-26T17:39:23.000Z
Co-authored-by: hengyunabc &lt;1683936+hengyunabc@users.noreply.github.com&gt;
diff --git a/tunnel-server/pom.xml b/tunnel-server/pom.xml
@@ -12,11 +12,12 @@
 	<url>https://github.com/alibaba/arthas</url>
 
 	<properties>
-		<maven.compiler.target>1.8</maven.compiler.target>
-		<maven.compiler.source>1.8</maven.compiler.source>
-		<java.version>1.8</java.version>
-		<spring-security.version>5.8.16</spring-security.version>
-		<tomcat-embed-core.version>9.0.109</tomcat-embed-core.version>
+		<maven.compiler.target>17</maven.compiler.target>
+		<maven.compiler.source>17</maven.compiler.source>
+		<java.version>17</java.version>
+		<spring-boot.version>3.5.11</spring-boot.version>
+		<slf4j.version>2.0.17</slf4j.version>
+		<logback.version>1.5.32</logback.version>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
 	</properties>
@@ -39,29 +40,19 @@
 				<scope>import</scope>
 			</dependency>
 			<dependency>
-				<groupId>org.apache.tomcat.embed</groupId>
-				<artifactId>tomcat-embed-core</artifactId>
-				<version>${tomcat-embed-core.version}</version>
+				<groupId>org.slf4j</groupId>
+				<artifactId>slf4j-api</artifactId>
+				<version>${slf4j.version}</version>
 			</dependency>
 			<dependency>
-				<groupId>org.springframework.security</groupId>
-				<artifactId>spring-security-config</artifactId>
-				<version>${spring-security.version}</version>
+				<groupId>ch.qos.logback</groupId>
+				<artifactId>logback-classic</artifactId>
+				<version>${logback.version}</version>
 			</dependency>
 			<dependency>
-				<groupId>org.springframework.security</groupId>
-				<artifactId>spring-security-web</artifactId>
-				<version>${spring-security.version}</version>
-			</dependency>
-			<dependency>
-				<groupId>org.springframework.security</groupId>
-				<artifactId>spring-security-core</artifactId>
-				<version>${spring-security.version}</version>
-			</dependency>
-			<dependency>
-				<groupId>org.springframework.security</groupId>
-				<artifactId>spring-security-crypto</artifactId>
-				<version>${spring-security.version}</version>
+				<groupId>ch.qos.logback</groupId>
+				<artifactId>logback-core</artifactId>
+				<version>${logback.version}</version>
 			</dependency>
 		</dependencies>
 	</dependencyManagement>
diff --git a/tunnel-server/src/main/java/com/alibaba/arthas/tunnel/server/app/WebSecurityConfig.java b/tunnel-server/src/main/java/com/alibaba/arthas/tunnel/server/app/WebSecurityConfig.java
@@ -2,9 +2,11 @@
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.SecurityFilterChain;
 
 import com.alibaba.arthas.tunnel.server.app.configuration.ArthasProperties;
 
@@ -14,17 +16,20 @@
  *
  */
 @Configuration
-public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+public class WebSecurityConfig {
 
     @Autowired
     ArthasProperties arthasProperties;
-    @Override
-    protected void configure(HttpSecurity httpSecurity) throws Exception {
-        httpSecurity.authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).authenticated().anyRequest()
-        .permitAll().and().formLogin();
+
+    @Bean
+    SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
+        httpSecurity.authorizeHttpRequests((authorize) -> authorize
+                .requestMatchers(EndpointRequest.toAnyEndpoint()).authenticated()
+                .anyRequest().permitAll()).formLogin(Customizer.withDefaults());
         // allow iframe
         if (arthasProperties.isEnableIframeSupport()) {
-            httpSecurity.headers().frameOptions().disable();
+            httpSecurity.headers((headers) -> headers.frameOptions((frameOptions) -> frameOptions.disable()));
         }
+        return httpSecurity.build();
     }
-}
+}
diff --git a/tunnel-server/src/main/java/com/alibaba/arthas/tunnel/server/app/web/DetailAPIController.java b/tunnel-server/src/main/java/com/alibaba/arthas/tunnel/server/app/web/DetailAPIController.java
@@ -7,7 +7,7 @@
 import java.util.Map;
 import java.util.Set;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
diff --git a/tunnel-server/src/main/java/com/alibaba/arthas/tunnel/server/app/web/ProxyController.java b/tunnel-server/src/main/java/com/alibaba/arthas/tunnel/server/app/web/ProxyController.java
@@ -7,7 +7,7 @@
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.TimeoutException;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.apache.commons.lang3.RandomStringUtils;
 import org.slf4j.Logger;
