Remove webFlux

build.gradle.kts

@@ -36,7 +36,7 @@ testlogger { theme = ThemeType.MOCHA }
 dependencies {
     implementation(libs.spring.boot.starter.actuator)
     implementation(libs.spring.boot.starter.security)
-    implementation(libs.spring.boot.starter.webflux)
+    implementation(libs.spring.boot.starter.web)
 
     compileOnly(libs.lombok)
 

gradle/libs.versions.toml

@@ -11,8 +11,8 @@ reactor-test = { module = "io.projectreactor:reactor-test" }
 spring-boot-devtools = { module = "org.springframework.boot:spring-boot-devtools" }
 spring-boot-starter-actuator = { module = "org.springframework.boot:spring-boot-starter-actuator" }
 spring-boot-starter-security = { module = "org.springframework.boot:spring-boot-starter-security" }
+spring-boot-starter-web = { module = "org.springframework.boot:spring-boot-starter-web" }
 spring-boot-starter-test = { module = "org.springframework.boot:spring-boot-starter-test" }
-spring-boot-starter-webflux = { module = "org.springframework.boot:spring-boot-starter-webflux" }
 spring-security-test = { module = "org.springframework.security:spring-security-test" }
 
 [plugins]

src/main/java/de/bund/digitalservice/a2j/config/SecurityConfig.java

@@ -2,25 +2,23 @@
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
-import org.springframework.security.config.web.server.ServerHttpSecurity;
-import org.springframework.security.web.server.SecurityWebFilterChain;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.web.SecurityFilterChain;
 
 @Configuration
-@EnableWebFluxSecurity
+@EnableWebSecurity
 public class SecurityConfig {
 
   @Bean
-  public SecurityWebFilterChain springSecurityWebFilterChain(ServerHttpSecurity http) {
-    return http.authorizeExchange(
-            exchanges ->
-                exchanges
-                    .pathMatchers("/.well-known/security.txt")
-                    .permitAll()
-                    .pathMatchers("/actuator/health")
-                    .permitAll()
-                    .anyExchange()
-                    .denyAll())
-        .build();
+  public SecurityFilterChain springSecurityWebFilterChain(HttpSecurity http) throws Exception {
+    return http
+        .csrf(csrf -> csrf.ignoringRequestMatchers("/api/sender/submit"))
+        .authorizeHttpRequests(requests -> requests
+            .requestMatchers("/.well-known/security.txt").permitAll()
+            .requestMatchers("/actuator/health").permitAll()
+            .requestMatchers("/api/sender/**").permitAll()
+            .anyRequest().denyAll()
+        ).build();
   }
 }

src/test/java/de/bund/digitalservice/a2j/ArchitectureFitnessTest.java

@@ -17,7 +17,7 @@ static void setUp() {
     classes =
         new ClassFileImporter()
             .withImportOption(Predefined.DO_NOT_INCLUDE_TESTS)
-            .importPackages("de.bund.digitalservice.template");
+            .importPackages("de.bund.digitalservice.a2j");
   }
 
   @Test