diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml
index badb727..ad45539 100644
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -33,6 +33,15 @@ body:
validations:
required: true
+ - type: textarea
+ id: description
+ attributes:
+ label: Description of the problem
+ description: |
+ Describe as exactly as possible what is not working.
+ validations:
+ required: true
+
- type: textarea
id: steps-to-reproduce
attributes:
@@ -47,20 +56,6 @@ body:
validations:
required: true
- - type: textarea
- id: expected-behavior
- attributes:
- label: Expected behavior
- description: |
- Tell us what you expect to happen.
-
- - type: textarea
- id: actual-behavior
- attributes:
- label: Actual behavior
- description: |
- Tell us what happens with the steps given above.
-
- type: textarea
id: additional-information
attributes:
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 285a620..ddc5dd0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,7 @@
+# 2.1.0
+* Updated to Spring Security 6.5+ / Spring Boot 3.5+
+ * [``Extendable``] Backported some minor upstream changes
+
# 2.0.1
* Migrated deployment to _Sonatype Maven Central Portal_ [#155](https://github.com/xdev-software/standard-maven-template/issues/155)
* Updated dependencies
diff --git a/pom.xml b/pom.xml
index dfd1ad3..edfd0f1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
software.xdev
spring-security-advanced-authentication-ui-root
- 2.0.2-SNAPSHOT
+ 2.1.0-SNAPSHOT
pom
@@ -45,7 +45,7 @@
com.puppycrawl.tools
checkstyle
- 10.23.1
+ 10.24.0
diff --git a/spring-security-advanced-authentication-ui-demo/pom.xml b/spring-security-advanced-authentication-ui-demo/pom.xml
index f77ba60..598ed05 100644
--- a/spring-security-advanced-authentication-ui-demo/pom.xml
+++ b/spring-security-advanced-authentication-ui-demo/pom.xml
@@ -7,11 +7,11 @@
software.xdev
spring-security-advanced-authentication-ui-root
- 2.0.2-SNAPSHOT
+ 2.1.0-SNAPSHOT
spring-security-advanced-authentication-ui-demo
- 2.0.2-SNAPSHOT
+ 2.1.0-SNAPSHOT
jar
@@ -28,7 +28,7 @@
software.xdev.Application
- 3.4.5
+ 3.5.0
diff --git a/spring-security-advanced-authentication-ui/pom.xml b/spring-security-advanced-authentication-ui/pom.xml
index 44354b5..b5d76b7 100644
--- a/spring-security-advanced-authentication-ui/pom.xml
+++ b/spring-security-advanced-authentication-ui/pom.xml
@@ -6,7 +6,7 @@
software.xdev
spring-security-advanced-authentication-ui
- 2.0.2-SNAPSHOT
+ 2.1.0-SNAPSHOT
jar
spring-security-advanced-authentication-ui
@@ -53,13 +53,13 @@
org.springframework.boot
spring-boot-starter-web
- 3.4.5
+ 3.5.0
provided
org.springframework.boot
spring-boot-starter-security
- 3.4.5
+ 3.5.0
provided
@@ -237,7 +237,7 @@
com.puppycrawl.tools
checkstyle
- 10.23.1
+ 10.24.0
diff --git a/spring-security-advanced-authentication-ui/src/main/java/software/xdev/spring/security/web/authentication/ui/extendable/filters/ExtendableDefaultLoginPageGeneratingFilter.java b/spring-security-advanced-authentication-ui/src/main/java/software/xdev/spring/security/web/authentication/ui/extendable/filters/ExtendableDefaultLoginPageGeneratingFilter.java
index 6555ee2..dedfdfe 100644
--- a/spring-security-advanced-authentication-ui/src/main/java/software/xdev/spring/security/web/authentication/ui/extendable/filters/ExtendableDefaultLoginPageGeneratingFilter.java
+++ b/spring-security-advanced-authentication-ui/src/main/java/software/xdev/spring/security/web/authentication/ui/extendable/filters/ExtendableDefaultLoginPageGeneratingFilter.java
@@ -29,13 +29,9 @@
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
-import jakarta.servlet.http.HttpSession;
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.web.WebAttributes;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
import org.springframework.util.Assert;
-import org.springframework.util.StringUtils;
// CPD-OFF - Upstream copy
@@ -369,8 +365,11 @@ protected String renderHeaders(final HttpServletRequest request)
}
protected String renderFormLogin(
- final HttpServletRequest request, final boolean loginError, final boolean logoutSuccess,
- final String contextPath, final String errorMsg)
+ final HttpServletRequest request,
+ final boolean loginError,
+ final boolean logoutSuccess,
+ final String contextPath,
+ final String errorMsg)
{
if(!this.formLoginEnabled)
{
@@ -485,21 +484,9 @@ protected static String renderSaml2Row(final String contextPath, final String ur
protected String getLoginErrorMessage(final HttpServletRequest request)
{
- final HttpSession session = request.getSession(false);
- if(session == null)
- {
- return "Invalid credentials";
- }
- if(!(session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION)
- instanceof final AuthenticationException exception))
- {
- return "Invalid credentials";
- }
- if(!StringUtils.hasText(exception.getMessage()))
- {
- return "Invalid credentials";
- }
- return exception.getMessage();
+ // Was changed in Spring Boot 3.5 to always return the same message
+ // https://github.com/spring-projects/spring-security/commit/c4b223266c7c4713823634326705b586b47a58c4
+ return "Invalid credentials";
}
protected String renderHiddenInput(final String name, final String value)
diff --git a/spring-security-advanced-authentication-ui/src/main/java/software/xdev/spring/security/web/authentication/ui/extendable/filters/ExtendableDefaultLogoutPageGeneratingFilter.java b/spring-security-advanced-authentication-ui/src/main/java/software/xdev/spring/security/web/authentication/ui/extendable/filters/ExtendableDefaultLogoutPageGeneratingFilter.java
index c1bb91b..ea44d40 100644
--- a/spring-security-advanced-authentication-ui/src/main/java/software/xdev/spring/security/web/authentication/ui/extendable/filters/ExtendableDefaultLogoutPageGeneratingFilter.java
+++ b/spring-security-advanced-authentication-ui/src/main/java/software/xdev/spring/security/web/authentication/ui/extendable/filters/ExtendableDefaultLogoutPageGeneratingFilter.java
@@ -27,8 +27,9 @@
import jakarta.servlet.http.HttpServletResponse;
import org.springframework.core.log.LogMessage;
+import org.springframework.http.HttpMethod;
import org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter;
-import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
@@ -41,7 +42,7 @@ public class ExtendableDefaultLogoutPageGeneratingFilter
extends DefaultLogoutPageGeneratingFilter
implements GeneratingFilterFillDataFrom, ExtendableDefaultPageGeneratingFilter
{
- protected RequestMatcher matcher = new AntPathRequestMatcher("/logout", "GET");
+ protected RequestMatcher matcher = PathPatternRequestMatcher.withDefaults().matcher(HttpMethod.GET, "/logout");
protected Function> resolveHiddenInputs =
request -> Collections.emptyMap();