Merge branch 'spring-projects:main' into refactor-for-issue#14768

Author: gzhao9

.github/workflows/continuous-integration-workflow.yml

@@ -39,31 +39,31 @@ jobs:
             toolchain: 17
     with:
       java-version: ${{ matrix.java-version }}
-      test-args: --refresh-dependencies -PforceMavenRepositories=snapshot -PisOverrideVersionCatalog -PtestToolchain=${{ matrix.toolchain }} -PspringFrameworkVersion=6.1.+ -PreactorVersion=2023.0.+ -PspringDataVersion=2023.1.+ --stacktrace
+      test-args: --refresh-dependencies -PforceMavenRepositories=snapshot -PisOverrideVersionCatalog -PtestToolchain=${{ matrix.toolchain }} -PspringFrameworkVersion=6.2.+ -PreactorVersion=2023.0.+ -PspringDataVersion=2024.0.+ --stacktrace
     secrets: inherit
-  check-samples:
-    name: Check Samples
-    runs-on: ubuntu-latest
-    if: ${{ github.repository_owner == 'spring-projects' }}
-    steps:
-      - uses: actions/checkout@v4
-      - name: Set up gradle
-        uses: spring-io/spring-gradle-build-action@v2
-        with:
-          java-version: 17
-          distribution: temurin
-      - name: Check samples project
-        env:
-          LOCAL_REPOSITORY_PATH: ${{ github.workspace }}/build/publications/repos
-          SAMPLES_DIR: ../spring-security-samples
-        run: |
-          # Extract version from gradle.properties
-          version=$(cat gradle.properties | grep "version=" | awk -F'=' '{print $2}')
-          # Extract samplesBranch from gradle.properties
-          samples_branch=$(cat gradle.properties | grep "samplesBranch=" | awk -F'=' '{print $2}')
-          ./gradlew publishMavenJavaPublicationToLocalRepository
-          ./gradlew cloneRepository -PrepositoryName="spring-projects/spring-security-samples" -Pref="$samples_branch" -PcloneOutputDirectory="$SAMPLES_DIR"
-          ./gradlew --project-dir "$SAMPLES_DIR" --init-script spring-security-ci.gradle -PlocalRepositoryPath="$LOCAL_REPOSITORY_PATH" -PspringSecurityVersion="$version" :runAllTests
+#  check-samples:
+#    name: Check Samples
+#    runs-on: ubuntu-latest
+#    if: ${{ github.repository_owner == 'spring-projects' }}
+#    steps:
+#      - uses: actions/checkout@v4
+#      - name: Set up gradle
+#        uses: spring-io/spring-gradle-build-action@v2
+#        with:
+#          java-version: 17
+#          distribution: temurin
+#      - name: Check samples project
+#        env:
+#          LOCAL_REPOSITORY_PATH: ${{ github.workspace }}/build/publications/repos
+#          SAMPLES_DIR: ../spring-security-samples
+#        run: |
+#          # Extract version from gradle.properties
+#          version=$(cat gradle.properties | grep "version=" | awk -F'=' '{print $2}')
+#          # Extract samplesBranch from gradle.properties
+#          samples_branch=$(cat gradle.properties | grep "samplesBranch=" | awk -F'=' '{print $2}')
+#          ./gradlew publishMavenJavaPublicationToLocalRepository
+#          ./gradlew cloneRepository -PrepositoryName="spring-projects/spring-security-samples" -Pref="$samples_branch" -PcloneOutputDirectory="$SAMPLES_DIR"
+#          ./gradlew --project-dir "$SAMPLES_DIR" --init-script spring-security-ci.gradle -PlocalRepositoryPath="$LOCAL_REPOSITORY_PATH" -PspringSecurityVersion="$version" :runAllTests
   check-tangles:
     name: Check for Package Tangles
     runs-on: ubuntu-latest
@@ -82,21 +82,21 @@ jobs:
           ./gradlew check s101 -Ps101.licenseId="$STRUCTURE101_LICENSEID" --stacktrace
   deploy-artifacts:
     name: Deploy Artifacts
-    needs: [ build, test, check-samples, check-tangles ]
+    needs: [ build, test, check-tangles ]
     uses: spring-io/spring-security-release-tools/.github/workflows/deploy-artifacts.yml@v1
     with:
       should-deploy-artifacts: ${{ needs.build.outputs.should-deploy-artifacts }}
     secrets: inherit
   deploy-docs:
     name: Deploy Docs
-    needs: [ build, test, check-samples, check-tangles ]
+    needs: [ build, test, check-tangles ]
     uses: spring-io/spring-security-release-tools/.github/workflows/deploy-docs.yml@v1
     with:
       should-deploy-docs: ${{ needs.build.outputs.should-deploy-artifacts }}
     secrets: inherit
   deploy-schema:
     name: Deploy Schema
-    needs: [ build, test, check-samples, check-tangles ]
+    needs: [ build, test, check-tangles ]
     uses: spring-io/spring-security-release-tools/.github/workflows/deploy-schema.yml@v1
     with:
       should-deploy-schema: ${{ needs.build.outputs.should-deploy-artifacts }}

.github/workflows/update-antora-ui-spring.yml

@@ -0,0 +1,35 @@
+name: Update Antora UI Spring
+
+on:
+  schedule:
+    - cron: '0 10 * * *' # Once per day at 10am UTC
+  workflow_dispatch:
+
+permissions:
+  pull-requests: write
+  issues: write
+  contents: write
+
+jobs:
+  update-antora-ui-spring:
+    runs-on: ubuntu-latest
+    name: Update on Supported Branches
+    strategy:
+      matrix:
+        branch: [ '5.8.x', '6.2.x', '6.3.x', 'main' ]
+    steps:
+      - uses: spring-io/spring-doc-actions/update-antora-spring-ui@852920ba3fb1f28b35a2f13201133bc00ef33677
+        name: Update
+        with:
+          docs-branch: ${{ matrix.branch }}
+          token: ${{ secrets.GITHUB_TOKEN }}
+          antora-file-path: 'docs/antora-playbook.yml'
+  update-antora-ui-spring-docs-build:
+    runs-on: ubuntu-latest
+    name: Update on docs-build
+    steps:
+      - uses: spring-io/spring-doc-actions/update-antora-spring-ui@852920ba3fb1f28b35a2f13201133bc00ef33677
+        name: Update
+        with:
+          docs-branch: 'docs-build'
+          token: ${{ secrets.GITHUB_TOKEN }}

config/spring-security-config.gradle

@@ -65,7 +65,7 @@ dependencies {
 	testImplementation 'jakarta.websocket:jakarta.websocket-api'
 	testImplementation 'jakarta.websocket:jakarta.websocket-client-api'
 	testImplementation 'ldapsdk:ldapsdk:4.1'
-	testImplementation('net.sourceforge.htmlunit:htmlunit') {
+	testImplementation('org.htmlunit:htmlunit') {
 		exclude group: 'commons-logging', module: 'commons-logging'
 		exclude group: 'xml-apis', module: 'xml-apis'
 	}
@@ -80,7 +80,7 @@ dependencies {
 	testImplementation "org.hibernate.orm:hibernate-core"
 	testImplementation 'org.hsqldb:hsqldb'
 	testImplementation 'org.mockito:mockito-core'
-	testImplementation('org.seleniumhq.selenium:htmlunit-driver') {
+	testImplementation('org.seleniumhq.selenium:htmlunit3-driver') {
 		exclude group: 'commons-logging', module: 'commons-logging'
 		exclude group: 'xml-apis', module: 'xml-apis'
 	}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFirewallTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,6 +17,7 @@
 package org.springframework.security.config.annotation.web.configurers;
 
 import jakarta.servlet.http.HttpServletRequest;
+import org.junit.jupiter.api.Disabled;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 
@@ -52,6 +53,7 @@ public class NamespaceHttpFirewallTests {
 	MockMvc mvc;
 
 	@Test
+	@Disabled("MockMvc uses UriComponentsBuilder::fromUriString which was changed in https://github.com/spring-projects/spring-framework/issues/32513")
 	public void requestWhenPathContainsDoubleDotsThenBehaviorMatchesNamespace() throws Exception {
 		this.rule.register(HttpFirewallConfig.class).autowire();
 		this.mvc.perform(get("/public/../private/")).andExpect(status().isBadRequest());

config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OidcLogoutConfigurerTests.java

@@ -25,7 +25,6 @@
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 
-import com.gargoylesoftware.htmlunit.util.UrlUtils;
 import com.nimbusds.jose.jwk.JWKSet;
 import com.nimbusds.jose.jwk.RSAKey;
 import com.nimbusds.jose.jwk.source.ImmutableJWKSet;
@@ -41,6 +40,7 @@
 import okhttp3.mockwebserver.MockResponse;
 import okhttp3.mockwebserver.MockWebServer;
 import okhttp3.mockwebserver.RecordedRequest;
+import org.htmlunit.util.UrlUtils;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 

config/src/test/java/org/springframework/security/config/http/AccessDeniedConfigTests.java

@@ -18,13 +18,13 @@
 
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
-import org.eclipse.jetty.http.HttpStatus;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 
 import org.springframework.beans.factory.BeanCreationException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.parsing.BeanDefinitionParsingException;
+import org.springframework.http.HttpStatus;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.config.test.SpringTestContext;
 import org.springframework.security.config.test.SpringTestContextExtension;
@@ -71,7 +71,7 @@ public void configureWhenAccessDeniedHandlerIsMissingLeadingSlashThenException()
 	@WithMockUser
 	public void configureWhenAccessDeniedHandlerRefThenAutowire() throws Exception {
 		this.spring.configLocations(this.xml("AccessDeniedHandler")).autowire();
-		this.mvc.perform(get("/")).andExpect(status().is(HttpStatus.GONE_410));
+		this.mvc.perform(get("/")).andExpect(status().is(HttpStatus.GONE.value()));
 	}
 
 	@Test
@@ -90,7 +90,7 @@ public static class GoneAccessDeniedHandler implements AccessDeniedHandler {
 		@Override
 		public void handle(HttpServletRequest request, HttpServletResponse response,
 				AccessDeniedException accessDeniedException) {
-			response.setStatus(HttpStatus.GONE_410);
+			response.setStatus(HttpStatus.GONE.value());
 		}
 
 	}

config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java

@@ -22,12 +22,12 @@
 import jakarta.servlet.Filter;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
-import org.eclipse.jetty.http.HttpStatus;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpSession;
 import org.springframework.security.access.AccessDeniedException;
@@ -566,7 +566,7 @@ private static class TeapotAccessDeniedHandler implements AccessDeniedHandler {
 		@Override
 		public void handle(HttpServletRequest request, HttpServletResponse response,
 				AccessDeniedException accessDeniedException) {
-			response.setStatus(HttpStatus.IM_A_TEAPOT_418);
+			response.setStatus(HttpStatus.I_AM_A_TEAPOT.value());
 		}
 
 	}

config/src/test/java/org/springframework/security/config/web/server/OidcLogoutSpecTests.java

@@ -26,7 +26,6 @@
 import java.util.List;
 import java.util.Map;
 
-import com.gargoylesoftware.htmlunit.util.UrlUtils;
 import com.nimbusds.jose.jwk.JWKSet;
 import com.nimbusds.jose.jwk.RSAKey;
 import com.nimbusds.jose.jwk.source.ImmutableJWKSet;
@@ -40,6 +39,7 @@
 import okhttp3.mockwebserver.MockResponse;
 import okhttp3.mockwebserver.MockWebServer;
 import okhttp3.mockwebserver.RecordedRequest;
+import org.htmlunit.util.UrlUtils;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import reactor.core.publisher.Mono;

config/src/test/java/org/springframework/security/htmlunit/server/HtmlUnitWebTestClient.java

@@ -24,10 +24,11 @@
 import java.util.Set;
 import java.util.StringTokenizer;
 
-import com.gargoylesoftware.htmlunit.FormEncodingType;
-import com.gargoylesoftware.htmlunit.WebClient;
-import com.gargoylesoftware.htmlunit.WebRequest;
-import com.gargoylesoftware.htmlunit.util.NameValuePair;
+import org.htmlunit.FormEncodingType;
+import org.htmlunit.WebClient;
+import org.htmlunit.WebRequest;
+import org.htmlunit.util.Cookie;
+import org.htmlunit.util.NameValuePair;
 import reactor.core.publisher.Mono;
 
 import org.springframework.http.HttpMethod;
@@ -117,8 +118,8 @@ private void cookies(WebTestClient.RequestBodySpec request, WebRequest webReques
 				request.cookie(cookieName, cookieValue);
 			}
 		}
-		Set<com.gargoylesoftware.htmlunit.util.Cookie> managedCookies = this.webClient.getCookies(webRequest.getUrl());
-		for (com.gargoylesoftware.htmlunit.util.Cookie cookie : managedCookies) {
+		Set<Cookie> managedCookies = this.webClient.getCookies(webRequest.getUrl());
+		for (Cookie cookie : managedCookies) {
 			request.cookie(cookie.getName(), cookie.getValue());
 		}
 	}

config/src/test/java/org/springframework/security/htmlunit/server/MockWebResponseBuilder.java

@@ -20,10 +20,10 @@
 import java.util.ArrayList;
 import java.util.List;
 
-import com.gargoylesoftware.htmlunit.WebRequest;
-import com.gargoylesoftware.htmlunit.WebResponse;
-import com.gargoylesoftware.htmlunit.WebResponseData;
-import com.gargoylesoftware.htmlunit.util.NameValuePair;
+import org.htmlunit.WebRequest;
+import org.htmlunit.WebResponse;
+import org.htmlunit.WebResponseData;
+import org.htmlunit.util.NameValuePair;
 
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;

config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientHtmlUnitDriverBuilder.java

@@ -16,8 +16,8 @@
 
 package org.springframework.security.htmlunit.server;
 
-import com.gargoylesoftware.htmlunit.WebClient;
-import com.gargoylesoftware.htmlunit.WebConnection;
+import org.htmlunit.WebClient;
+import org.htmlunit.WebConnection;
 import org.openqa.selenium.WebDriver;
 
 import org.springframework.test.web.reactive.server.WebTestClient;

config/src/test/java/org/springframework/security/htmlunit/server/WebTestClientWebConnection.java

@@ -18,10 +18,10 @@
 
 import java.io.IOException;
 
-import com.gargoylesoftware.htmlunit.WebClient;
-import com.gargoylesoftware.htmlunit.WebConnection;
-import com.gargoylesoftware.htmlunit.WebRequest;
-import com.gargoylesoftware.htmlunit.WebResponse;
+import org.htmlunit.WebClient;
+import org.htmlunit.WebConnection;
+import org.htmlunit.WebRequest;
+import org.htmlunit.WebResponse;
 
 import org.springframework.lang.Nullable;
 import org.springframework.test.web.reactive.server.FluxExchangeResult;

dependencies/spring-security-dependencies.gradle

@@ -47,6 +47,7 @@ dependencies {
 		api libs.jakarta.websocket.jakarta.websocket.client.api
 		api libs.ldapsdk
 		api libs.net.sourceforge.htmlunit
+		api libs.org.htmlunit.htmlunit
 		api libs.org.apache.directory.server.apacheds.entry
 		api libs.org.apache.directory.server.apacheds.core
 		api libs.org.apache.directory.server.apacheds.protocol.ldap

docs/antora-playbook.yml

@@ -30,7 +30,7 @@ urls:
   redirect_facility: httpd
 ui:
   bundle:
-    url: https://github.com/spring-io/antora-ui-spring/releases/download/v0.4.15/ui-bundle.zip
+    url: https://github.com/spring-io/antora-ui-spring/releases/download/v0.4.16/ui-bundle.zip
     snapshot: true
 runtime:
   log:

docs/modules/ROOT/pages/servlet/authorization/method-security.adoc

@@ -117,7 +117,7 @@ A given invocation to `MyCustomerService#readCustomer` may look something like t
 
 image::{figures}/methodsecurity.png[]
 
-1. Spring AOP invokes its proxy method for `readCustomer`. Among the proxy's other advisors, it invokes an {security-api-url}org/springframework/security/authorization/method/AuthorizationManagerBeforeMethodInterceptor/html[`AuthorizationManagerBeforeMethodInterceptor`] that matches <<annotation-method-pointcuts,the `@PreAuthorize` pointcut>>
+1. Spring AOP invokes its proxy method for `readCustomer`. Among the proxy's other advisors, it invokes an {security-api-url}org/springframework/security/authorization/method/AuthorizationManagerBeforeMethodInterceptor.html[`AuthorizationManagerBeforeMethodInterceptor`] that matches <<annotation-method-pointcuts,the `@PreAuthorize` pointcut>>
 2. The interceptor invokes {security-api-url}org/springframework/security/authorization/method/PreAuthorizeAuthorizationManager.html[`PreAuthorizeAuthorizationManager#check`]
 3. The authorization manager uses a `MethodSecurityExpressionHandler` to parse the annotation's <<authorization-expressions,SpEL expression>> and constructs a corresponding `EvaluationContext` from a `MethodSecurityExpressionRoot` containing xref:servlet/authentication/architecture.adoc#servlet-authentication-authentication[a `Supplier<Authentication>`] and `MethodInvocation`.
 4. The interceptor uses this context to evaluate the expression; specifically, it reads xref:servlet/authentication/architecture.adoc#servlet-authentication-authentication[the `Authentication`] from the `Supplier` and checks whether it has `permission:read` in its collection of xref:servlet/authorization/architecture.adoc#authz-authorities[authorities]

gradle/libs.versions.toml

@@ -13,7 +13,7 @@ org-jetbrains-kotlin = "1.9.24"
 org-jetbrains-kotlinx = "1.8.1"
 org-mockito = "5.11.0"
 org-opensaml = "4.3.2"
-org-springframework = "6.1.9"
+org-springframework = "6.2.0-M4"
 
 [libraries]
 ch-qos-logback-logback-classic = "ch.qos.logback:logback-classic:1.5.6"
@@ -46,6 +46,7 @@ jakarta-websocket-jakarta-websocket-client-api = { module = "jakarta.websocket:j
 jakarta-xml-bind-jakarta-xml-bind-api = "jakarta.xml.bind:jakarta.xml.bind-api:4.0.2"
 ldapsdk = "ldapsdk:ldapsdk:4.1"
 net-sourceforge-htmlunit = "net.sourceforge.htmlunit:htmlunit:2.70.0"
+org-htmlunit-htmlunit = "org.htmlunit:htmlunit:4.1.0"
 org-apache-directory-server-apacheds-core = { module = "org.apache.directory.server:apacheds-core", version.ref = "org-apache-directory-server" }
 org-apache-directory-server-apacheds-entry = { module = "org.apache.directory.server:apacheds-core-entry", version.ref = "org-apache-directory-server" }
 org-apache-directory-server-apacheds-protocol-ldap = { module = "org.apache.directory.server:apacheds-protocol-ldap", version.ref = "org-apache-directory-server" }
@@ -78,8 +79,8 @@ org-opensaml-opensaml-core = { module = "org.opensaml:opensaml-core", version.re
 org-opensaml-opensaml-saml-api = { module = "org.opensaml:opensaml-saml-api", version.ref = "org-opensaml" }
 org-opensaml-opensaml-saml-impl = { module = "org.opensaml:opensaml-saml-impl", version.ref = "org-opensaml" }
 org-python-jython = { module = "org.python:jython", version = "2.5.3" }
-org-seleniumhq-selenium-htmlunit-driver = "org.seleniumhq.selenium:htmlunit-driver:2.70.0"
-org-seleniumhq-selenium-selenium-java = "org.seleniumhq.selenium:selenium-java:3.141.59"
+org-seleniumhq-selenium-htmlunit-driver = "org.seleniumhq.selenium:htmlunit3-driver:4.20.0"
+org-seleniumhq-selenium-selenium-java = "org.seleniumhq.selenium:selenium-java:4.20.0"
 org-seleniumhq-selenium-selenium-support = "org.seleniumhq.selenium:selenium-support:3.141.59"
 org-skyscreamer-jsonassert = "org.skyscreamer:jsonassert:1.5.1"
 org-slf4j-log4j-over-slf4j = "org.slf4j:log4j-over-slf4j:1.7.36"