Merge pull request #138 from xdev-software/develop

Release

Author: AB-xdev

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -33,6 +33,15 @@ body:
     validations:
       required: true
 
+  - type: textarea
+    id: description
+    attributes:
+      label: Description of the problem
+      description: |
+        Describe as exactly as possible what is not working.
+    validations:
+      required: true
+
   - type: textarea
     id: steps-to-reproduce
     attributes:
@@ -47,20 +56,6 @@ body:
     validations:
       required: true
 
-  - type: textarea
-    id: expected-behavior
-    attributes:
-      label: Expected behavior
-      description: |
-        Tell us what you expect to happen.
-
-  - type: textarea
-    id: actual-behavior
-    attributes:
-      label: Actual behavior
-      description: |
-        Tell us what happens with the steps given above.
-
   - type: textarea
     id: additional-information
     attributes:

CHANGELOG.md

@@ -1,3 +1,7 @@
+# 2.1.0
+* Updated to Spring Security 6.5+ / Spring Boot 3.5+
+  * [``Extendable``] Backported some minor upstream changes
+
 # 2.0.1
 * Migrated deployment to _Sonatype Maven Central Portal_ [#155](https://github.com/xdev-software/standard-maven-template/issues/155)
 * Updated dependencies

pom.xml

@@ -6,7 +6,7 @@
 
 	<groupId>software.xdev</groupId>
 	<artifactId>spring-security-advanced-authentication-ui-root</artifactId>
-	<version>2.0.2-SNAPSHOT</version>
+	<version>2.1.0-SNAPSHOT</version>
 	<packaging>pom</packaging>
 
 	<organization>
@@ -45,7 +45,7 @@
 							<dependency>
 								<groupId>com.puppycrawl.tools</groupId>
 								<artifactId>checkstyle</artifactId>
-								<version>10.23.1</version>
+								<version>10.24.0</version>
 							</dependency>
 						</dependencies>
 						<configuration>

spring-security-advanced-authentication-ui-demo/pom.xml

@@ -7,11 +7,11 @@
 	<parent>
 		<groupId>software.xdev</groupId>
 		<artifactId>spring-security-advanced-authentication-ui-root</artifactId>
-		<version>2.0.2-SNAPSHOT</version>
+		<version>2.1.0-SNAPSHOT</version>
 	</parent>
 
 	<artifactId>spring-security-advanced-authentication-ui-demo</artifactId>
-	<version>2.0.2-SNAPSHOT</version>
+	<version>2.1.0-SNAPSHOT</version>
 	<packaging>jar</packaging>
 
 	<organization>
@@ -28,7 +28,7 @@
 
 		<mainClass>software.xdev.Application</mainClass>
 
-		<org.springframework.boot.version>3.4.5</org.springframework.boot.version>
+		<org.springframework.boot.version>3.5.0</org.springframework.boot.version>
 	</properties>
 
 	<dependencyManagement>

spring-security-advanced-authentication-ui/pom.xml

@@ -6,7 +6,7 @@
 
 	<groupId>software.xdev</groupId>
 	<artifactId>spring-security-advanced-authentication-ui</artifactId>
-	<version>2.0.2-SNAPSHOT</version>
+	<version>2.1.0-SNAPSHOT</version>
 	<packaging>jar</packaging>
 
 	<name>spring-security-advanced-authentication-ui</name>
@@ -53,13 +53,13 @@
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-web</artifactId>
-			<version>3.4.5</version>
+			<version>3.5.0</version>
 			<scope>provided</scope>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-security</artifactId>
-			<version>3.4.5</version>
+			<version>3.5.0</version>
 			<scope>provided</scope>
 		</dependency>
 
@@ -237,7 +237,7 @@
 							<dependency>
 								<groupId>com.puppycrawl.tools</groupId>
 								<artifactId>checkstyle</artifactId>
-								<version>10.23.1</version>
+								<version>10.24.0</version>
 							</dependency>
 						</dependencies>
 						<configuration>

spring-security-advanced-authentication-ui/src/main/java/software/xdev/spring/security/web/authentication/ui/extendable/filters/ExtendableDefaultLoginPageGeneratingFilter.java

@@ -29,13 +29,9 @@
 import jakarta.servlet.ServletResponse;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
-import jakarta.servlet.http.HttpSession;
 
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.web.WebAttributes;
 import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
 import org.springframework.util.Assert;
-import org.springframework.util.StringUtils;
 
 // CPD-OFF - Upstream copy
 
@@ -369,8 +365,11 @@ protected String renderHeaders(final HttpServletRequest request)
 	}
 
 	protected String renderFormLogin(
-		final HttpServletRequest request, final boolean loginError, final boolean logoutSuccess,
-		final String contextPath, final String errorMsg)
+		final HttpServletRequest request,
+		final boolean loginError,
+		final boolean logoutSuccess,
+		final String contextPath,
+		final String errorMsg)
 	{
 		if(!this.formLoginEnabled)
 		{
@@ -485,21 +484,9 @@ protected static String renderSaml2Row(final String contextPath, final String ur
 
 	protected String getLoginErrorMessage(final HttpServletRequest request)
 	{
-		final HttpSession session = request.getSession(false);
-		if(session == null)
-		{
-			return "Invalid credentials";
-		}
-		if(!(session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION)
-			instanceof final AuthenticationException exception))
-		{
-			return "Invalid credentials";
-		}
-		if(!StringUtils.hasText(exception.getMessage()))
-		{
-			return "Invalid credentials";
-		}
-		return exception.getMessage();
+		// Was changed in Spring Boot 3.5 to always return the same message
+		// https://github.com/spring-projects/spring-security/commit/c4b223266c7c4713823634326705b586b47a58c4
+		return "Invalid credentials";
 	}
 
 	protected String renderHiddenInput(final String name, final String value)

spring-security-advanced-authentication-ui/src/main/java/software/xdev/spring/security/web/authentication/ui/extendable/filters/ExtendableDefaultLogoutPageGeneratingFilter.java

@@ -27,8 +27,9 @@
 import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.core.log.LogMessage;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter;
-import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
 
@@ -41,7 +42,7 @@ public class ExtendableDefaultLogoutPageGeneratingFilter
 	extends DefaultLogoutPageGeneratingFilter
 	implements GeneratingFilterFillDataFrom<DefaultLogoutPageGeneratingFilter>, ExtendableDefaultPageGeneratingFilter
 {
-	protected RequestMatcher matcher = new AntPathRequestMatcher("/logout", "GET");
+	protected RequestMatcher matcher = PathPatternRequestMatcher.withDefaults().matcher(HttpMethod.GET, "/logout");
 
 	protected Function<HttpServletRequest, Map<String, String>> resolveHiddenInputs =
 		request -> Collections.emptyMap();