Upgrade to JDK 17

Closes gh-10343

README.adoc

@@ -6,8 +6,8 @@ image:https://img.shields.io/badge/Revved%20up%20by-Gradle%20Enterprise-06A0CE?l
 
 = Spring Security
 
-Spring Security provides security services for the https://docs.spring.io[Spring IO Platform]. Spring Security 5.0 requires Spring 5.0 as
-a minimum and also requires Java 8.
+Spring Security provides security services for the https://docs.spring.io[Spring IO Platform]. Spring Security 6.0 requires Spring 6.0 as
+a minimum and also requires Java 17.
 
 For a detailed list of features and access to the latest release, please visit https://spring.io/projects[Spring projects].
 
@@ -30,9 +30,9 @@ In the instructions below, https://vimeo.com/34436402[`./gradlew`] is invoked fr
 a cross-platform, self-contained bootstrap mechanism for the build.
 
 === Prerequisites
-https://help.github.com/set-up-git-redirect[Git] and the https://www.oracle.com/technetwork/java/javase/downloads[JDK11 build].
+https://help.github.com/set-up-git-redirect[Git] and the https://www.oracle.com/technetwork/java/javase/downloads[JDK17 build].
 
-Be sure that your `JAVA_HOME` environment variable points to the `jdk-11` folder extracted from the JDK download.
+Be sure that your `JAVA_HOME` environment variable points to the `jdk-17` folder extracted from the JDK download.
 
 === Check out sources
 [indent=0]

build.gradle

@@ -100,7 +100,7 @@ updateDependenciesSettings {
 
 subprojects {
 	plugins.withType(JavaPlugin) {
-		project.sourceCompatibility='1.8'
+		project.sourceCompatibility=JavaVersion.VERSION_17
 	}
 	tasks.withType(JavaCompile) {
 		options.encoding = "UTF-8"

buildSrc/build.gradle

@@ -5,8 +5,7 @@ plugins {
 	id 'com.apollographql.apollo' version '2.4.5'
 }
 
-
-sourceCompatibility = 1.8
+sourceCompatibility = JavaVersion.VERSION_11
 
 repositories {
 	jcenter()

buildSrc/src/main/groovy/io/spring/gradle/convention/JacocoPlugin.groovy

@@ -34,7 +34,7 @@ class JacocoPlugin implements Plugin<Project> {
 			project.tasks.check.dependsOn project.tasks.jacocoTestReport
 
 			project.jacoco {
-				toolVersion = '0.8.2'
+				toolVersion = '0.8.7'
 			}
 		}
 	}

buildSrc/src/test/java/io/spring/gradle/convention/JavadocApiPluginITest.java

@@ -5,6 +5,7 @@ import org.apache.commons.io.FileUtils;
 import org.gradle.testkit.runner.BuildResult;
 import org.gradle.testkit.runner.TaskOutcome;
 import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Disabled;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.io.TempDir;
 
@@ -28,7 +29,7 @@ public class JavadocApiPluginITest {
 				.build();
 		assertThat(result.task(":api").getOutcome()).isEqualTo(TaskOutcome.SUCCESS);
         File allClasses = new File(testKit.getRootDir(), "build/api/allclasses-noframe.html");
-		File index = new File(testKit.getRootDir(), "build/api/allclasses.html");
+		File index = new File(testKit.getRootDir(), "build/api/allclasses-index.html");
 		File listing = allClasses.exists() ? allClasses : index;
 		String listingText = FileUtils.readFileToString(listing);
 		assertThat(listingText).contains("sample/Api.html");

config/spring-security-config.gradle

@@ -117,7 +117,7 @@ tasks.withType(KotlinCompile).configureEach {
 		languageVersion = "1.3"
 		apiVersion = "1.3"
 		freeCompilerArgs = ["-Xjsr305=strict", "-Xsuppress-version-warnings"]
-		jvmTarget = "1.8"
+		jvmTarget = "11"
 	}
 }
 

config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java

@@ -21,11 +21,13 @@ import java.security.cert.Certificate;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 
+import javax.security.auth.x500.X500Principal;
 import javax.servlet.http.HttpServletRequest;
 
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x500.style.BCStyle;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
-import sun.security.x509.X500Name;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
@@ -240,12 +242,8 @@ public class NamespaceHttpX509Tests {
 		}
 
 		private String extractCommonName(X509Certificate certificate) {
-			try {
-				return ((X500Name) certificate.getSubjectDN()).getCommonName();
-			}
-			catch (Exception ex) {
-				throw new IllegalArgumentException(ex);
-			}
+			X500Principal principal = certificate.getSubjectX500Principal();
+			return new X500Name(principal.getName()).getRDNs(BCStyle.CN)[0].getFirst().getValue().toString();
 		}
 
 	}

config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java

@@ -70,7 +70,6 @@ import org.springframework.security.web.server.SecurityWebFilterChain;
 import org.springframework.security.web.server.authentication.HttpStatusServerEntryPoint;
 import org.springframework.security.web.server.authentication.ServerAuthenticationConverter;
 import org.springframework.security.web.server.authorization.HttpStatusServerAccessDeniedHandler;
-import org.springframework.test.context.junit.jupiter.SpringExtension;
 import org.springframework.test.web.reactive.server.WebTestClient;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -93,7 +92,7 @@ import static org.mockito.Mockito.verify;
  * Tests for
  * {@link org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec}
  */
-@ExtendWith({ SpringExtension.class, SpringTestContextExtension.class })
+@ExtendWith({ SpringTestContextExtension.class })
 public class OAuth2ResourceServerSpecTests {
 
 	private String expired = "eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE1MzUwMzc4OTd9.jqZDDjfc2eysX44lHXEIr9XFd2S8vjIZHCccZU-dRWMRJNsQ1QN5VNnJGklqJBXJR4qgla6cmVqPOLkUHDb0sL0nxM5XuzQaG5ZzKP81RV88shFyAiT0fD-6nl1k-Fai-Fu-VkzSpNXgeONoTxDaYhdB-yxmgrgsApgmbOTE_9AcMk-FQDXQ-pL9kynccFGV0lZx4CA7cyknKN7KBxUilfIycvXODwgKCjj_1WddLTCNGYogJJSg__7NoxzqbyWd3udbHVjqYq7GsMMrGB4_2kBD4CkghOSNcRHbT_DIXowxfAVT7PAg7Q0E5ruZsr2zPZacEUDhJ6-wbvlA0FAOUg";

core/src/test/java/org/springframework/security/core/JavaVersionTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -29,7 +29,7 @@ import static org.assertj.core.api.Assertions.assertThat;
  */
 public class JavaVersionTests {
 
-	private static final int JDK8_CLASS_VERSION = 52;
+	private static final int JDK17_CLASS_VERSION = 61;
 
 	@Test
 	public void authenticationCorrectJdkCompatibility() throws Exception {
@@ -44,7 +44,7 @@ public class JavaVersionTests {
 			data.readInt();
 			data.readShort(); // minor
 			int major = data.readShort();
-			assertThat(major).isEqualTo(JDK8_CLASS_VERSION);
+			assertThat(major).isEqualTo(JDK17_CLASS_VERSION);
 		}
 	}
 

gradle.properties

@@ -6,7 +6,7 @@ openSamlVersion=3.4.6
 version=6.0.0-SNAPSHOT
 kotlinVersion=1.5.31
 samplesBranch=main
-org.gradle.jvmargs=-Xmx3g -XX:MaxPermSize=2048m -XX:+HeapDumpOnOutOfMemoryError
+org.gradle.jvmargs=-Xmx3g -XX:+HeapDumpOnOutOfMemoryError
 org.gradle.parallel=true
 org.gradle.caching=true
 kotlin.stdlib.default.dependency=false

oauth2/oauth2-client/spring-security-oauth2-client.gradle

@@ -21,7 +21,6 @@ dependencies {
 	testImplementation 'com.squareup.okhttp3:mockwebserver'
 	testImplementation 'io.projectreactor.netty:reactor-netty'
 	testImplementation 'io.projectreactor:reactor-test'
-	testImplementation 'io.projectreactor.tools:blockhound'
 	testImplementation 'org.skyscreamer:jsonassert'
 	testImplementation 'io.r2dbc:r2dbc-h2:0.8.4.RELEASE'
 	testImplementation 'io.r2dbc:r2dbc-spi-test:0.8.6.RELEASE'

saml2/saml2-service-provider/spring-security-saml2-service-provider.gradle

@@ -36,8 +36,8 @@ configurations {
 }
 
 compileOpensaml4MainJava {
-	sourceCompatibility = '11'
-	targetCompatibility = '11'
+	sourceCompatibility = JavaVersion.VERSION_17
+	targetCompatibility = JavaVersion.VERSION_17
 }
 
 dependencies {