nla · ato · Jan 16, 2026 · Jan 16, 2026 · Jan 16, 2026
diff --git a/ui/pom.xml b/ui/pom.xml
@@ -113,14 +113,19 @@
             <artifactId>spring-boot-starter-test</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-webmvc-test</artifactId>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-actuator</artifactId>
         </dependency>
         <dependency>
             <groupId>org.springdoc</groupId>
             <artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
-            <version>2.8.13</version>
+            <version>3.0.0</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.security</groupId>

diff --git a/ui/src/bamboo/config/DatabaseStartupConfig.java b/ui/src/bamboo/config/DatabaseStartupConfig.java
@@ -1,6 +1,10 @@
 package bamboo.config;
 
-import org.springframework.boot.autoconfigure.orm.jpa.EntityManagerFactoryDependsOnPostProcessor;
+import jakarta.persistence.EntityManagerFactory;
+import org.springframework.beans.BeansException;
+import org.springframework.beans.factory.config.BeanDefinition;
+import org.springframework.beans.factory.config.BeanFactoryPostProcessor;
+import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.jdbc.support.DatabaseStartupValidator;
@@ -23,7 +27,16 @@ public DatabaseStartupValidator databaseStartupValidator(DataSource dataSource)
      * until the database is ready.
      */
     @Bean
-    public static EntityManagerFactoryDependsOnPostProcessor databaseStartupDependency() {
-        return new EntityManagerFactoryDependsOnPostProcessor("databaseStartupValidator");
+    public static BeanFactoryPostProcessor entityManagerFactoryDependsOnPostProcessor() {
+        return new BeanFactoryPostProcessor() {
+            @Override
+            public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
+                String[] beanNames = beanFactory.getBeanNamesForType(EntityManagerFactory.class);
+                for (String beanName : beanNames) {
+                    BeanDefinition definition = beanFactory.getBeanDefinition(beanName);
+                    definition.setDependsOn("databaseStartupValidator");
+                }
+            }
+        };
     }
 }
diff --git a/ui/src/bamboo/config/MethodSecurityConfig.java b/ui/src/bamboo/config/MethodSecurityConfig.java
@@ -1,22 +1,22 @@
 package bamboo.config;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
 import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
-import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
-import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 
 /**
  * Enables the @PreAuthorize and @PostAuthorize annotations.
  */
 @Configuration
-@EnableGlobalMethodSecurity(prePostEnabled = true)
-public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
+@EnableMethodSecurity
+public class MethodSecurityConfig {
     @Autowired private BambooPermissionEvaluator permissionEvaluator;
 
-    @Override
-    protected MethodSecurityExpressionHandler createExpressionHandler() {
+    @Bean
+    public MethodSecurityExpressionHandler methodSecurityExpressionHandler() {
         DefaultMethodSecurityExpressionHandler expressionHandler =
                 new DefaultMethodSecurityExpressionHandler();
         expressionHandler.setPermissionEvaluator(permissionEvaluator);

diff --git a/ui/src/bamboo/config/SecurityConfig.java b/ui/src/bamboo/config/SecurityConfig.java
@@ -23,8 +23,6 @@
 import java.time.Instant;
 import java.util.*;
 
-import static org.springframework.security.web.util.matcher.AntPathRequestMatcher.antMatcher;
-
 @Configuration
 public class SecurityConfig {
     private static final Logger log = LoggerFactory.getLogger(SecurityConfig.class);
@@ -42,25 +40,25 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                             .jwtAuthenticationConverter(jwt -> new JwtAuthenticationToken(jwt, mapClaimsToAuthorities(jwt.getClaims())))));
             http.authorizeHttpRequests(authorize -> authorize
                     // static content
-                    .requestMatchers(antMatcher("/webjars/**")).permitAll()
-                    .requestMatchers(antMatcher("/assets/**")).permitAll()
+                    .requestMatchers("/webjars/**").permitAll()
+                    .requestMatchers("/assets/**").permitAll()
 
                     // api: solr indexer
-                    .requestMatchers(antMatcher("/collections/*/warcs/json")).permitAll()
-                    .requestMatchers(antMatcher("/collections/*/warcs/sync")).permitAll()
-                    .requestMatchers(antMatcher("/warcs/*/text")).permitAll()
+                    .requestMatchers("/collections/*/warcs/json").permitAll()
+                    .requestMatchers("/collections/*/warcs/sync").permitAll()
+                    .requestMatchers("/warcs/*/text").permitAll()
                     // api: wayback
-                    .requestMatchers(antMatcher("/warcs/*")).permitAll()
-                    .requestMatchers(antMatcher("/healthcheck")).permitAll()
+                    .requestMatchers("/warcs/*").permitAll()
+                    .requestMatchers("/healthcheck").permitAll()
 
-                    .requestMatchers(antMatcher("/")).hasRole(Role.STDUSER.name())
-                    .requestMatchers(antMatcher("/series")).permitAll()
-                    .requestMatchers(antMatcher("/series/**")).permitAll()
-                    .requestMatchers(antMatcher("/crawls/**")).permitAll()
+                    .requestMatchers("/").hasRole(Role.STDUSER.name())
+                    .requestMatchers("/series").permitAll()
+                    .requestMatchers("/series/**").permitAll()
+                    .requestMatchers("/crawls/**").permitAll()
 
-                    .requestMatchers(antMatcher("/data/**")).permitAll()
-                    .requestMatchers(antMatcher("/api/v2/**")).permitAll()
-                    .requestMatchers(antMatcher("/api/**")).hasRole(Role.PANADMIN.name())
+                    .requestMatchers("/data/**").permitAll()
+                    .requestMatchers("/api/v2/**").permitAll()
+                    .requestMatchers("/api/**").hasRole(Role.PANADMIN.name())
 
                     .anyRequest().hasRole(Role.PANADMIN.name()));
         } else {

diff --git a/ui/test/bamboo/WebTest.java b/ui/test/bamboo/WebTest.java
@@ -8,8 +8,8 @@
 import org.junit.rules.TemporaryFolder;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.webmvc.test.autoconfigure.AutoConfigureMockMvc;
 import org.springframework.http.MediaType;
 import org.springframework.mock.web.MockMultipartFile;
 import org.springframework.test.context.DynamicPropertyRegistry;