Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions buildSrc/src/main/groovy/compile-warnings-error.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,4 @@ tasks.withType(JavaCompile) {
tasks.withType(KotlinCompile) {
kotlinOptions.allWarningsAsErrors = true
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why was this removed? I think that we still need to fail if there are kotlin warnings.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the feedback! I've restored kotlinOptions.allWarningsAsErrors = true in the Gradle configuration.

}

1 change: 1 addition & 0 deletions config/spring-security-config.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ apply plugin: 'io.spring.convention.spring-module'
apply plugin: 'trang'
apply plugin: 'security-kotlin'
apply plugin: 'test-compile-target-jdk25'
apply plugin: 'compile-warnings-error'
apply plugin: 'javadoc-warnings-error'

configurations {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -521,8 +521,10 @@ public OpaqueTokenConfigurer authenticationManager(AuthenticationManager authent
public OpaqueTokenConfigurer introspectionUri(String introspectionUri) {
Assert.notNull(introspectionUri, "introspectionUri cannot be null");
this.introspectionUri = introspectionUri;
this.introspector = () -> new SpringOpaqueTokenIntrospector(this.introspectionUri, this.clientId,
this.clientSecret);
this.introspector = () -> SpringOpaqueTokenIntrospector.withIntrospectionUri(this.introspectionUri)
.clientId(this.clientId)
.clientSecret(this.clientSecret)
.build();
return this;
}

Expand All @@ -531,8 +533,10 @@ public OpaqueTokenConfigurer introspectionClientCredentials(String clientId, Str
Assert.notNull(clientSecret, "clientSecret cannot be null");
this.clientId = clientId;
this.clientSecret = clientSecret;
this.introspector = () -> new SpringOpaqueTokenIntrospector(this.introspectionUri, this.clientId,
this.clientSecret);
this.introspector = () -> SpringOpaqueTokenIntrospector.withIntrospectionUri(this.introspectionUri)
.clientId(this.clientId)
.clientSecret(this.clientSecret)
.build();
return this;
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -286,7 +286,7 @@ class AuthorizeHttpRequestsDsl : AbstractRequestMatcherDsl {
if (factoryOfRequestAuthorizationContext != null) {
return factoryOfRequestAuthorizationContext
}
val factoryOfObjectType = ResolvableType.forClassWithGenerics(AuthorizationManagerFactory::class.java, Object::class.java)
val factoryOfObjectType = ResolvableType.forClassWithGenerics(AuthorizationManagerFactory::class.java, Any::class.java)
val factoryOfAny = context.getBeanProvider<AuthorizationManagerFactory<Any>>(factoryOfObjectType).getIfUnique()
if (factoryOfAny != null) {
return factoryOfAny
Expand All @@ -303,20 +303,20 @@ class AuthorizeHttpRequestsDsl : AbstractRequestMatcherDsl {
return defaultFactory
}

private fun resolveRolePrefix(context: ApplicationContext): String {
private fun resolveRolePrefix(context: ApplicationContext): String? {
val beanNames = context.getBeanNamesForType(GrantedAuthorityDefaults::class.java)
if (beanNames.isNotEmpty()) {
return context.getBean(GrantedAuthorityDefaults::class.java).rolePrefix
}
return "ROLE_";
return null
}

private fun resolveRoleHierarchy(context: ApplicationContext): RoleHierarchy {
private fun resolveRoleHierarchy(context: ApplicationContext): RoleHierarchy? {
val beanNames = context.getBeanNamesForType(RoleHierarchy::class.java)
if (beanNames.isNotEmpty()) {
return context.getBean(RoleHierarchy::class.java)
}
return NullRoleHierarchy()
return null
}

}
Original file line number Diff line number Diff line change
Expand Up @@ -37,9 +37,11 @@ class HeadersDsl {
private var cacheControl: ((HeadersConfigurer<HttpSecurity>.CacheControlConfig) -> Unit)? = null
private var hsts: ((HeadersConfigurer<HttpSecurity>.HstsConfig) -> Unit)? = null
private var frameOptions: ((HeadersConfigurer<HttpSecurity>.FrameOptionsConfig) -> Unit)? = null
@Suppress("DEPRECATION")
private var hpkp: ((HeadersConfigurer<HttpSecurity>.HpkpConfig) -> Unit)? = null
private var contentSecurityPolicy: ((HeadersConfigurer<HttpSecurity>.ContentSecurityPolicyConfig) -> Unit)? = null
private var referrerPolicy: ((HeadersConfigurer<HttpSecurity>.ReferrerPolicyConfig) -> Unit)? = null
@Suppress("DEPRECATION")
private var featurePolicyDirectives: String? = null
private var permissionsPolicy: ((HeadersConfigurer<HttpSecurity>.PermissionsPolicyConfig) -> Unit)? = null
private var crossOriginOpenerPolicy: ((HeadersConfigurer<HttpSecurity>.CrossOriginOpenerPolicyConfig) -> Unit)? = null
Expand Down Expand Up @@ -120,6 +122,7 @@ class HeadersDsl {
* @deprecated see <a href="https://owasp.org/www-community/controls/Certificate_and_Public_Key_Pinning">Certificate and Public Key Pinning</a> for more context
*/
@Deprecated(message = "as of 5.8 with no replacement")
@Suppress("DEPRECATION")
fun httpPublicKeyPinning(hpkpConfig: HttpPublicKeyPinningDsl.() -> Unit) {
this.hpkp = HttpPublicKeyPinningDsl().apply(hpkpConfig).get()
}
Expand Down Expand Up @@ -167,6 +170,7 @@ class HeadersDsl {
* @param policyDirectives policyDirectives the security policy directive(s)
*/
@Deprecated("Use 'permissionsPolicy { }' instead.")
@Suppress("DEPRECATION")
fun featurePolicy(policyDirectives: String) {
this.featurePolicyDirectives = policyDirectives
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -614,6 +614,7 @@ class HttpSecurityDsl(private val http: HttpSecurity, private val init: HttpSecu
* @see [RequiresChannelDsl]
* @deprecated please use [redirectToHttps] instead
*/
@Suppress("DEPRECATION")
@Deprecated(message="since 6.5 use redirectToHttps instead")
fun requiresChannel(requiresChannelConfiguration: RequiresChannelDsl.() -> Unit) {
val requiresChannelCustomizer = RequiresChannelDsl().apply(requiresChannelConfiguration).get()
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@
* limitations under the License.
*/

@file:Suppress("DEPRECATION")

package org.springframework.security.config.annotation.web

import org.springframework.security.config.annotation.web.builders.HttpSecurity
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ class X509Dsl {
authenticationDetailsSource?.also { x509.authenticationDetailsSource(authenticationDetailsSource) }
userDetailsService?.also { x509.userDetailsService(userDetailsService) }
authenticationUserDetailsService?.also { x509.authenticationUserDetailsService(authenticationUserDetailsService) }
@Suppress("DEPRECATION")
subjectPrincipalRegex?.also { x509.subjectPrincipalRegex(subjectPrincipalRegex) }
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@
* limitations under the License.
*/

@file:Suppress("DEPRECATION")

package org.springframework.security.config.annotation.web.headers

import org.springframework.security.config.annotation.web.builders.HttpSecurity
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -68,12 +68,11 @@ class SessionFixationDsl {
internal fun get(): (SessionManagementConfigurer<HttpSecurity>.SessionFixationConfigurer) -> Unit {
return { sessionFixation ->
strategy?.also {
when (strategy) {
when (it) {
SessionFixationStrategy.NEW -> sessionFixation.newSession()
SessionFixationStrategy.MIGRATE -> sessionFixation.migrateSession()
SessionFixationStrategy.CHANGE_ID -> sessionFixation.changeSessionId()
SessionFixationStrategy.NONE -> sessionFixation.none()
null -> null
}
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -284,6 +284,14 @@ final class SerializationSamples {
Authentication authentication = TestAuthentication.authenticated(user);
SecurityContext securityContext = new SecurityContextImpl(authentication);

instancioByClassName.put(OneTimeTokenAuthenticationToken.class, () -> {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that since this is a test, we should leave this alone and suppress the warning

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point. I've reverted the changes to the test setup and instead added @SuppressWarnings("removal") directly to the Instancio.of(OneTimeTokenAuthenticationToken.class) initialization to suppress the deprecation warning.

@SuppressWarnings("removal")
InstancioOfClassApi<?> instancio = Instancio.of(OneTimeTokenAuthenticationToken.class);
instancio.supply(Select.all(OneTimeTokenAuthenticationToken.class),
(r) -> applyDetails(new OneTimeTokenAuthenticationToken("token")));
return instancio;
});

// oauth2-core
generatorByClassName.put(DefaultOAuth2User.class, (r) -> TestOAuth2Users.create());
generatorByClassName.put(OAuth2AuthorizationRequest.class,
Expand Down Expand Up @@ -597,8 +605,7 @@ final class SerializationSamples {
token.setDetails(details);
return token;
});
generatorByClassName.put(OneTimeTokenAuthenticationToken.class,
(r) -> applyDetails(new OneTimeTokenAuthenticationToken("username", "token")));

generatorByClassName.put(OneTimeTokenAuthentication.class,
(r) -> applyDetails(new OneTimeTokenAuthentication("username", authentication.getAuthorities())));
generatorByClassName.put(AccessDeniedException.class,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -222,7 +222,8 @@ public void loadConfigWhenMultipleWebSecurityConfigurationThenContextLoads() {
// SEC-2773
@Test
public void getMethodDelegatingApplicationListenerWhenWebSecurityConfigurationThenIsStatic() {
Method method = ClassUtils.getMethod(WebSecurityConfiguration.class, "delegatingApplicationListener", null);
Method method = ClassUtils.getMethod(WebSecurityConfiguration.class, "delegatingApplicationListener",
(Class<?>[]) null);
assertThat(Modifier.isStatic(method.getModifiers())).isTrue();
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1201,6 +1201,7 @@ SecurityFilterChain filterChain(HttpSecurity http) throws Exception {

@Configuration
@EnableWebSecurity
@SuppressWarnings("removal")
static class PermissionsPolicyConfig {

@Bean
Expand All @@ -1221,6 +1222,7 @@ SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
static class PermissionsPolicyStringConfig {

@Bean
@SuppressWarnings("removal")
SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
// @formatter:off
http
Expand All @@ -1235,6 +1237,7 @@ SecurityFilterChain filterChain(HttpSecurity http) throws Exception {

@Configuration
@EnableWebSecurity
@SuppressWarnings("removal")
static class PermissionsPolicyInvalidConfig {

@Bean
Expand All @@ -1252,6 +1255,7 @@ SecurityFilterChain filterChain(HttpSecurity http) throws Exception {

@Configuration
@EnableWebSecurity
@SuppressWarnings("removal")
static class PermissionsPolicyInvalidStringConfig {

@Bean
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1257,6 +1257,7 @@ OAuth2AuthorizationConsentService authorizationConsentService(JdbcOperations jdb
}

@Bean
@SuppressWarnings("removal")
RegisteredClientRepository registeredClientRepository(JdbcOperations jdbcOperations) {
JdbcRegisteredClientRepository jdbcRegisteredClientRepository = new JdbcRegisteredClientRepository(
jdbcOperations);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -535,6 +535,7 @@ OAuth2AuthorizationService authorizationService(JdbcOperations jdbcOperations,
}

@Bean
@SuppressWarnings("removal")
RegisteredClientRepository registeredClientRepository(JdbcOperations jdbcOperations) {
JdbcRegisteredClientRepository jdbcRegisteredClientRepository = new JdbcRegisteredClientRepository(
jdbcOperations);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -647,6 +647,7 @@ SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) th
// @formatter:on

@Bean
@SuppressWarnings("removal")
RegisteredClientRepository registeredClientRepository(JdbcOperations jdbcOperations) {
RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
RegisteredClientParametersMapper registeredClientParametersMapper = new RegisteredClientParametersMapper();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -469,6 +469,7 @@ OAuth2AuthorizationService authorizationService(JdbcOperations jdbcOperations,
}

@Bean
@SuppressWarnings("removal")
RegisteredClientRepository registeredClientRepository(JdbcOperations jdbcOperations) {
JdbcRegisteredClientRepository jdbcRegisteredClientRepository = new JdbcRegisteredClientRepository(
jdbcOperations);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -515,6 +515,7 @@ OAuth2AuthorizationConsentService authorizationConsentService(JdbcOperations jdb
}

@Bean
@SuppressWarnings("removal")
RegisteredClientRepository registeredClientRepository(JdbcOperations jdbcOperations) {
JdbcRegisteredClientRepository jdbcRegisteredClientRepository = new JdbcRegisteredClientRepository(
jdbcOperations);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -318,6 +318,7 @@ OAuth2AuthorizationService authorizationService(JdbcOperations jdbcOperations,
}

@Bean
@SuppressWarnings("removal")
RegisteredClientRepository registeredClientRepository(JdbcOperations jdbcOperations) {
JdbcRegisteredClientRepository jdbcRegisteredClientRepository = new JdbcRegisteredClientRepository(
jdbcOperations);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -778,6 +778,7 @@ SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) th
// @formatter:on

@Bean
@SuppressWarnings("removal")
RegisteredClientRepository registeredClientRepository(JdbcOperations jdbcOperations) {
RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
RegisteredClientParametersMapper registeredClientParametersMapper = new RegisteredClientParametersMapper();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -633,6 +633,7 @@ OAuth2AuthorizationService authorizationService(JdbcOperations jdbcOperations,
}

@Bean
@SuppressWarnings("removal")
RegisteredClientRepository registeredClientRepository(JdbcOperations jdbcOperations) {
JdbcRegisteredClientRepository jdbcRegisteredClientRepository = new JdbcRegisteredClientRepository(
jdbcOperations);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,7 @@
* {@link org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec}
*/
@ExtendWith({ SpringTestContextExtension.class })
@SuppressWarnings("removal")
public class OAuth2ResourceServerSpecTests {

private String expired = "eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE1MzUwMzc4OTd9.jqZDDjfc2eysX44lHXEIr9XFd2S8vjIZHCccZU-dRWMRJNsQ1QN5VNnJGklqJBXJR4qgla6cmVqPOLkUHDb0sL0nxM5XuzQaG5ZzKP81RV88shFyAiT0fD-6nl1k-Fai-Fu-VkzSpNXgeONoTxDaYhdB-yxmgrgsApgmbOTE_9AcMk-FQDXQ-pL9kynccFGV0lZx4CA7cyknKN7KBxUilfIycvXODwgKCjj_1WddLTCNGYogJJSg__7NoxzqbyWd3udbHVjqYq7GsMMrGB4_2kBD4CkghOSNcRHbT_DIXowxfAVT7PAg7Q0E5ruZsr2zPZacEUDhJ6-wbvlA0FAOUg";
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -167,6 +167,7 @@ void logoutWhenDefaultsThenRemotelyInvalidatesSessions() {
}

@Test
@SuppressWarnings("removal")
void logoutWhenInvalidLogoutTokenThenBadRequest() {
this.spring.register(WebServerConfig.class, OidcProviderConfig.class, DefaultConfig.class).autowire();
this.test.get().uri("/token/logout").exchange().expectStatus().isUnauthorized();
Expand Down Expand Up @@ -209,6 +210,7 @@ void logoutWhenInvalidLogoutTokenThenBadRequest() {
}

@Test
@SuppressWarnings("removal")
void logoutWhenLogoutTokenSpecifiesOneSessionThenRemotelyInvalidatesOnlyThatSession() throws Exception {
this.spring.register(WebServerConfig.class, OidcProviderConfig.class, DefaultConfig.class).autowire();
String registrationId = this.clientRegistration.getRegistrationId();
Expand Down Expand Up @@ -252,6 +254,7 @@ void logoutWhenLogoutTokenSpecifiesOneSessionThenRemotelyInvalidatesOnlyThatSess
}

@Test
@SuppressWarnings("removal")
void logoutWhenRemoteLogoutUriThenUses() {
this.spring.register(WebServerConfig.class, OidcProviderConfig.class, LogoutUriConfig.class).autowire();
String registrationId = this.clientRegistration.getRegistrationId();
Expand Down Expand Up @@ -302,6 +305,7 @@ void logoutWhenSelfRemoteLogoutUriThenUses() {
}

@Test
@SuppressWarnings("removal")
void logoutWhenDifferentCookieNameThenUses() {
this.spring.register(OidcProviderConfig.class, CookieConfig.class).autowire();
String registrationId = this.clientRegistration.getRegistrationId();
Expand All @@ -325,6 +329,7 @@ void logoutWhenDifferentCookieNameThenUses() {
}

@Test
@SuppressWarnings("removal")
void logoutWhenRemoteLogoutFailsThenReportsPartialLogout() {
this.spring.register(WebServerConfig.class, OidcProviderConfig.class, WithBrokenLogoutConfig.class).autowire();
ServerLogoutHandler logoutHandler = this.spring.getContext().getBean(ServerLogoutHandler.class);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -737,6 +737,7 @@ public void shouldConfigureAuthorizationRedirectStrategyForOAuth2Client() {
}

@Test
@SuppressWarnings("removal")
void resourcesWhenLoginPageConfiguredThenServesCss() {
this.http.formLogin(withDefaults());
this.http.authenticationManager(this.authenticationManager);
Expand Down
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
@file:Suppress("DEPRECATION", "PLATFORM_CLASS_MAPPED_TO_KOTLIN", "UNCHECKED_CAST")

/*
* Copyright 2004-present the original author or authors.
*
Expand Down
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
@file:Suppress("DEPRECATION", "PLATFORM_CLASS_MAPPED_TO_KOTLIN", "UNCHECKED_CAST")

/*
* Copyright 2004-present the original author or authors.
*
Expand Down
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
@file:Suppress("DEPRECATION", "PLATFORM_CLASS_MAPPED_TO_KOTLIN", "UNCHECKED_CAST")

/*
* Copyright 2004-present the original author or authors.
*
Expand Down
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
@file:Suppress("DEPRECATION", "PLATFORM_CLASS_MAPPED_TO_KOTLIN", "UNCHECKED_CAST")

/*
* Copyright 2004-present the original author or authors.
*
Expand Down
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
@file:Suppress("DEPRECATION", "PLATFORM_CLASS_MAPPED_TO_KOTLIN", "UNCHECKED_CAST")

/*
* Copyright 2004-present the original author or authors.
*
Expand Down
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
@file:Suppress("DEPRECATION", "PLATFORM_CLASS_MAPPED_TO_KOTLIN", "UNCHECKED_CAST")

/*
* Copyright 2004-present the original author or authors.
*
Expand Down
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
@file:Suppress("DEPRECATION", "PLATFORM_CLASS_MAPPED_TO_KOTLIN", "UNCHECKED_CAST")

/*
* Copyright 2004-present the original author or authors.
*
Expand Down
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
@file:Suppress("DEPRECATION", "PLATFORM_CLASS_MAPPED_TO_KOTLIN", "UNCHECKED_CAST")

/*
* Copyright 2004-present the original author or authors.
*
Expand Down
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
@file:Suppress("DEPRECATION", "PLATFORM_CLASS_MAPPED_TO_KOTLIN", "UNCHECKED_CAST")

/*
* Copyright 2004-present the original author or authors.
*
Expand Down
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
@file:Suppress("DEPRECATION", "PLATFORM_CLASS_MAPPED_TO_KOTLIN", "UNCHECKED_CAST")

/*
* Copyright 2004-present the original author or authors.
*
Expand Down
Loading