Update to latest Spring Boot version

Author: AB-xdev

CHANGELOG.md

@@ -1,3 +1,7 @@
+# 2.1.0
+* Updated to Spring Security 6.5+ / Spring Boot 3.5+
+  * [``Extendable``] Backported some minor upstream changes
+
 # 2.0.1
 * Migrated deployment to _Sonatype Maven Central Portal_ [#155](https://github.com/xdev-software/standard-maven-template/issues/155)
 * Updated dependencies

pom.xml

@@ -6,7 +6,7 @@
 
 	<groupId>software.xdev</groupId>
 	<artifactId>spring-security-advanced-authentication-ui-root</artifactId>
-	<version>2.0.2-SNAPSHOT</version>
+	<version>2.1.0-SNAPSHOT</version>
 	<packaging>pom</packaging>
 
 	<organization>

spring-security-advanced-authentication-ui-demo/pom.xml

@@ -7,11 +7,11 @@
 	<parent>
 		<groupId>software.xdev</groupId>
 		<artifactId>spring-security-advanced-authentication-ui-root</artifactId>
-		<version>2.0.2-SNAPSHOT</version>
+		<version>2.1.0-SNAPSHOT</version>
 	</parent>
 
 	<artifactId>spring-security-advanced-authentication-ui-demo</artifactId>
-	<version>2.0.2-SNAPSHOT</version>
+	<version>2.1.0-SNAPSHOT</version>
 	<packaging>jar</packaging>
 
 	<organization>

spring-security-advanced-authentication-ui/pom.xml

@@ -6,7 +6,7 @@
 
 	<groupId>software.xdev</groupId>
 	<artifactId>spring-security-advanced-authentication-ui</artifactId>
-	<version>2.0.2-SNAPSHOT</version>
+	<version>2.1.0-SNAPSHOT</version>
 	<packaging>jar</packaging>
 
 	<name>spring-security-advanced-authentication-ui</name>

spring-security-advanced-authentication-ui/src/main/java/software/xdev/spring/security/web/authentication/ui/extendable/filters/ExtendableDefaultLoginPageGeneratingFilter.java

@@ -29,13 +29,9 @@
 import jakarta.servlet.ServletResponse;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
-import jakarta.servlet.http.HttpSession;
 
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.web.WebAttributes;
 import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
 import org.springframework.util.Assert;
-import org.springframework.util.StringUtils;
 
 // CPD-OFF - Upstream copy
 
@@ -369,8 +365,11 @@ protected String renderHeaders(final HttpServletRequest request)
 	}
 
 	protected String renderFormLogin(
-		final HttpServletRequest request, final boolean loginError, final boolean logoutSuccess,
-		final String contextPath, final String errorMsg)
+		final HttpServletRequest request,
+		final boolean loginError,
+		final boolean logoutSuccess,
+		final String contextPath,
+		final String errorMsg)
 	{
 		if(!this.formLoginEnabled)
 		{
@@ -485,21 +484,9 @@ protected static String renderSaml2Row(final String contextPath, final String ur
 
 	protected String getLoginErrorMessage(final HttpServletRequest request)
 	{
-		final HttpSession session = request.getSession(false);
-		if(session == null)
-		{
-			return "Invalid credentials";
-		}
-		if(!(session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION)
-			instanceof final AuthenticationException exception))
-		{
-			return "Invalid credentials";
-		}
-		if(!StringUtils.hasText(exception.getMessage()))
-		{
-			return "Invalid credentials";
-		}
-		return exception.getMessage();
+		// Was changed in Spring Boot 3.5 to always return the same message
+		// https://github.com/spring-projects/spring-security/commit/c4b223266c7c4713823634326705b586b47a58c4
+		return "Invalid credentials";
 	}
 
 	protected String renderHiddenInput(final String name, final String value)

spring-security-advanced-authentication-ui/src/main/java/software/xdev/spring/security/web/authentication/ui/extendable/filters/ExtendableDefaultLogoutPageGeneratingFilter.java

@@ -27,8 +27,9 @@
 import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.core.log.LogMessage;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter;
-import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
 
@@ -41,7 +42,7 @@ public class ExtendableDefaultLogoutPageGeneratingFilter
 	extends DefaultLogoutPageGeneratingFilter
 	implements GeneratingFilterFillDataFrom<DefaultLogoutPageGeneratingFilter>, ExtendableDefaultPageGeneratingFilter
 {
-	protected RequestMatcher matcher = new AntPathRequestMatcher("/logout", "GET");
+	protected RequestMatcher matcher = PathPatternRequestMatcher.withDefaults().matcher(HttpMethod.GET, "/logout");
 
 	protected Function<HttpServletRequest, Map<String, String>> resolveHiddenInputs =
 		request -> Collections.emptyMap();