Jakarta EE 9 migration

README.md

@@ -24,7 +24,7 @@
 
 ### Requirements
 
-Java 8 or above and `javax.servlet` version 3.
+Java 8 or above and `jakarta.servlet` version 3.
 
 > If you are using Spring, we recommend leveraging Spring's OIDC and OAuth2 support, as demonstrated by the [Spring Boot Quickstart](https://auth0.com/docs/quickstart/webapp/java-spring-boot).
 

build.gradle

@@ -13,7 +13,7 @@ plugins {
     id 'java'
     id 'java-library'
     id 'jacoco'
-    id 'me.champeau.gradle.japicmp' version '0.4.1'
+    id 'me.champeau.gradle.japicmp' version '0.2.9'
 }
 
 repositories {
@@ -81,7 +81,7 @@ project.afterEvaluate {
 
 ext {
     //baselineCompareVersion = '1.5.0'
-    testInJavaVersions = [8, 11, 17, 21]
+    testInJavaVersions = [11, 17, 21]
 }
 
 jacocoTestReport {
@@ -93,7 +93,7 @@ jacocoTestReport {
 
 java {
     toolchain {
-        languageVersion = JavaLanguageVersion.of(8)
+        languageVersion = JavaLanguageVersion.of(11)
     }
     // Needed because of broken gradle metadata, see https://github.com/google/guava/issues/6612#issuecomment-1614992368
     sourceSets.all {
@@ -107,8 +107,8 @@ java {
 }
 
 compileJava {
-    sourceCompatibility '1.8'
-    targetCompatibility '1.8'
+    sourceCompatibility '11'
+    targetCompatibility '11'
 }
 
 test {
@@ -120,7 +120,7 @@ test {
 }
 
 dependencies {
-    implementation 'javax.servlet:javax.servlet-api:3.1.0'
+    implementation 'jakarta.servlet:jakarta.servlet-api:5.0.0'
     implementation 'org.apache.commons:commons-lang3:3.12.0'
     implementation 'com.google.guava:guava-annotations:r03'
     implementation 'commons-codec:commons-codec:1.15'
@@ -130,11 +130,9 @@ dependencies {
     api 'com.auth0:jwks-rsa:0.22.1'
 
     testImplementation 'org.bouncycastle:bcprov-jdk15on:1.64'
-    testImplementation 'org.hamcrest:java-hamcrest:2.0.0.0'
-    testImplementation 'org.hamcrest:hamcrest-core:1.3'
-    testImplementation 'org.mockito:mockito-core:2.8.9'
-    testImplementation 'org.junit.jupiter:junit-jupiter:5.8.1'
-    testImplementation 'org.springframework:spring-test:4.3.14.RELEASE'
+    testImplementation 'org.hamcrest:hamcrest:2.2'
+    testImplementation 'org.mockito:mockito-core:5.12.0'
+    testImplementation 'org.junit.jupiter:junit-jupiter:5.10.0'
     testImplementation 'com.squareup.okhttp3:okhttp:4.11.0'
 }
 

gradle.properties

@@ -12,7 +12,7 @@ POM_SCM_CONNECTION=scm:git:https://github.com/auth0/auth0-java-mvc-common.git
 POM_SCM_DEV_CONNECTION=scm:git:https://github.com/auth0/auth0-java-mvc-common.git
 
 POM_LICENCE_NAME=The MIT License (MIT)
-POM_LICENCE_URL=https://raw.githubusercontent.com/auth0/java-jwt/master/LICENSE
+POM_LICENCE_URL=https://raw.githubusercontent.com/auth0/auth0-java-mvc-common/master/LICENSE
 POM_LICENCE_DIST=repo
 
 POM_DEVELOPER_ID=auth0

src/main/java/com/auth0/AuthenticationController.java

@@ -7,8 +7,8 @@
 import com.google.common.annotations.VisibleForTesting;
 import org.apache.commons.lang3.Validate;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 
 /**
@@ -284,7 +284,7 @@ public Tokens handle(HttpServletRequest request, HttpServletResponse response) t
      * when building the {@link AuthorizeUrl} that the user will be redirected to to login. Failure to do so may result
      * in a broken login experience for the user.</p>
      *
-     * @deprecated This method uses the {@link javax.servlet.http.HttpSession} for auth-based data, and is incompatible
+     * @deprecated This method uses the {@link jakarta.servlet.http.HttpSession} for auth-based data, and is incompatible
      * with clients that are using the "id_token" or "token" responseType with browsers that enforce SameSite cookie
      * restrictions. This method will be removed in version 2.0.0. Use
      * {@link AuthenticationController#handle(HttpServletRequest, HttpServletResponse)} instead.
@@ -308,7 +308,7 @@ public Tokens handle(HttpServletRequest request) throws IdentityVerificationExce
      * {@link AuthenticationController#handle(HttpServletRequest)} method. Failure to do so may result in a broken login
      * experience for users.</p>
      *
-     * @deprecated This method stores data in the {@link javax.servlet.http.HttpSession}, and is incompatible with clients
+     * @deprecated This method stores data in the {@link jakarta.servlet.http.HttpSession}, and is incompatible with clients
      * that are using the "id_token" or "token" responseType with browsers that enforce SameSite cookie restrictions.
      * This method will be removed in version 2.0.0. Use
      * {@link AuthenticationController#buildAuthorizeUrl(HttpServletRequest, HttpServletResponse, String)} instead.

src/main/java/com/auth0/AuthorizeUrl.java

@@ -5,8 +5,8 @@
 import com.auth0.exception.Auth0Exception;
 import com.auth0.json.auth.PushedAuthorizationResponse;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import java.util.*;
 
 import static com.auth0.IdentityVerificationException.API_ERROR;
@@ -39,7 +39,7 @@ public class AuthorizeUrl {
      *
      * Using this constructor with a non-null {@link HttpServletResponse} will store the state and nonce as
      * cookies when the {@link AuthorizeUrl#build()} method is called, with the appropriate SameSite attribute depending
-     * on the responseType. State and nonce will also be stored in the {@link javax.servlet.http.HttpSession} as a fallback,
+     * on the responseType. State and nonce will also be stored in the {@link jakarta.servlet.http.HttpSession} as a fallback,
      * but this behavior will be removed in a future release, and only cookies will be used.
      *
      * @param client       the Auth0 Authentication API client

src/main/java/com/auth0/RandomStorage.java

@@ -1,7 +1,7 @@
 package com.auth0;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpSession;
 
 class RandomStorage extends SessionUtils {
 

src/main/java/com/auth0/RequestProcessor.java

@@ -5,8 +5,8 @@
 import com.auth0.json.auth.TokenHolder;
 import org.apache.commons.lang3.Validate;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import java.util.Arrays;
 import java.util.List;
 

src/main/java/com/auth0/SessionUtils.java

@@ -2,8 +2,8 @@
 
 import org.apache.commons.lang3.Validate;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpSession;
 
 /**
  * Helper class to handle easy session key-value storage.

src/main/java/com/auth0/TransientCookieStore.java

@@ -2,9 +2,9 @@
 
 import org.apache.commons.lang3.Validate;
 
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import java.io.UnsupportedEncodingException;
 import java.net.URLDecoder;
 import java.nio.charset.StandardCharsets;