Update Spring Security to 5.7

Closes gh-10509
2021-11-15 16:45:36 -07:00 · 2021-11-15 16:45:36 -07:00 · 7b15098570
parent 6b6f473a1b
commit 7b15098570
13 changed files with 4432 additions and 68 deletions
--- a/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java
+++ b/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java
@ -94,7 +94,7 @@ public final class SecurityNamespaceHandler implements NamespaceHandler {
 		if (!namespaceMatchesVersion(element)) {
 			pc.getReaderContext().fatal("You cannot use a spring-security-2.0.xsd or spring-security-3.0.xsd or "
 					+ "spring-security-3.1.xsd schema or spring-security-3.2.xsd schema or spring-security-4.0.xsd schema "
-					+ "with Spring Security 5.6. Please update your schema declarations to the 5.6 schema.", element);
+					+ "with Spring Security 5.7. Please update your schema declarations to the 5.7 schema.", element);
 		}
 		String name = pc.getDelegate().getLocalName(element);
 		BeanDefinitionParser parser = this.parsers.get(name);
@ -215,7 +215,7 @@ public final class SecurityNamespaceHandler implements NamespaceHandler {

 	private boolean matchesVersionInternal(Element element) {
 		String schemaLocation = element.getAttributeNS("http://www.w3.org/2001/XMLSchema-instance", "schemaLocation");
-		return schemaLocation.matches("(?m).*spring-security-5\\.6.*.xsd.*")
+		return schemaLocation.matches("(?m).*spring-security-5\\.7.*.xsd.*")
 				|| schemaLocation.matches("(?m).*spring-security.xsd.*")
 				|| !schemaLocation.matches("(?m).*spring-security.*");
 	}
--- a/config/src/main/resources/META-INF/spring.schemas
+++ b/config/src/main/resources/META-INF/spring.schemas
@ -1,4 +1,5 @@
-http\://www.springframework.org/schema/security/spring-security.xsd=org/springframework/security/config/spring-security-5.6.xsd
+http\://www.springframework.org/schema/security/spring-security.xsd=org/springframework/security/config/spring-security-5.7.xsd
+http\://www.springframework.org/schema/security/spring-security-5.7.xsd=org/springframework/security/config/spring-security-5.7.xsd
 http\://www.springframework.org/schema/security/spring-security-5.6.xsd=org/springframework/security/config/spring-security-5.6.xsd
 http\://www.springframework.org/schema/security/spring-security-5.5.xsd=org/springframework/security/config/spring-security-5.5.xsd
 http\://www.springframework.org/schema/security/spring-security-5.4.xsd=org/springframework/security/config/spring-security-5.4.xsd
@ -17,7 +18,8 @@ http\://www.springframework.org/schema/security/spring-security-2.0.xsd=org/spri
 http\://www.springframework.org/schema/security/spring-security-2.0.1.xsd=org/springframework/security/config/spring-security-2.0.1.xsd
 http\://www.springframework.org/schema/security/spring-security-2.0.2.xsd=org/springframework/security/config/spring-security-2.0.2.xsd
 http\://www.springframework.org/schema/security/spring-security-2.0.4.xsd=org/springframework/security/config/spring-security-2.0.4.xsd
-https\://www.springframework.org/schema/security/spring-security.xsd=org/springframework/security/config/spring-security-5.6.xsd
+https\://www.springframework.org/schema/security/spring-security.xsd=org/springframework/security/config/spring-security-5.7.xsd
+https\://www.springframework.org/schema/security/spring-security-5.7.xsd=org/springframework/security/config/spring-security-5.7.xsd
 https\://www.springframework.org/schema/security/spring-security-5.6.xsd=org/springframework/security/config/spring-security-5.6.xsd
 https\://www.springframework.org/schema/security/spring-security-5.5.xsd=org/springframework/security/config/spring-security-5.5.xsd
 https\://www.springframework.org/schema/security/spring-security-5.4.xsd=org/springframework/security/config/spring-security-5.4.xsd
--- a/config/src/main/resources/org/springframework/security/config/spring-security-5.7.rnc
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-5.7.rnc
--- a/config/src/main/resources/org/springframework/security/config/spring-security-5.7.xsd
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-5.7.xsd
--- a/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java
+++ b/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java
@ -65,7 +65,7 @@ public class XsdDocumentedTests {

 	String schema31xDocumentLocation = "org/springframework/security/config/spring-security-3.1.xsd";

-	String schemaDocumentLocation = "org/springframework/security/config/spring-security-5.6.xsd";
+	String schemaDocumentLocation = "org/springframework/security/config/spring-security-5.7.xsd";

 	XmlSupport xml = new XmlSupport();

@ -150,8 +150,8 @@ public class XsdDocumentedTests {
 				.getParentFile()
 				.list((dir, name) -> name.endsWith(".xsd"));
 		// @formatter:on
-		assertThat(schemas.length).isEqualTo(18)
-				.withFailMessage("the count is equal to 18, if not then schemaDocument needs updating");
+		assertThat(schemas.length).isEqualTo(19)
+				.withFailMessage("the count is equal to 19, if not then schemaDocument needs updating");
 	}

 	/**
--- a/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java
+++ b/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java
@ -43,7 +43,7 @@ public final class SpringSecurityCoreVersion {
 	 * N.B. Classes are not intended to be serializable between different versions. See
 	 * SEC-1709 for why we still need a serial version.
 	 */
-	public static final long SERIAL_VERSION_UID = 560L;
+	public static final long SERIAL_VERSION_UID = 570L;

 	static final String MIN_SPRING_VERSION = getSpringVersion();

--- a/docs/antora-playbook.yml
+++ b/docs/antora-playbook.yml
@ -9,7 +9,7 @@ content:
    - url: https://github.com/spring-io/spring-generated-docs
      branches: [spring-projects/spring-security/*]
    - url: https://github.com/spring-projects/spring-security
-      branches: [main,5.6.x]
+      branches: [main,5.6.x,5.7.x]
      start_path: docs
 urls:
  latest_version_segment_strategy: redirect:to
--- a/docs/antora.yml
+++ b/docs/antora.yml
@ -1,3 +1,3 @@
 name: ROOT
-version: '5.6.1'
+version: '5.7.0'
 prerelease: '-SNAPSHOT'
--- a/docs/local-antora-playbook.yml
+++ b/docs/local-antora-playbook.yml
@ -9,7 +9,7 @@ content:
    - url: ../../spring-io/spring-generated-docs
      branches: [spring-projects/spring-security/*]
    - url: ../../spring-projects/spring-security
-      branches: [main,5.6.x]
+      branches: [main,5.6.x,5.7.x]
      start_path: docs
 urls:
  latest_version_segment_strategy: redirect:to
--- a/docs/modules/ROOT/pages/servlet/appendix/namespace/index.adoc
+++ b/docs/modules/ROOT/pages/servlet/appendix/namespace/index.adoc
@ -6,4 +6,4 @@ This appendix provides a reference to the elements available in the security nam
 If you haven't used the namespace before, please read the xref:servlet/configuration/xml-namespace.adoc#ns-config[introductory chapter] on namespace configuration, as this is intended as a supplement to the information there.
 Using a good quality XML editor while editing a configuration based on the schema is recommended as this will provide contextual information on which elements and attributes are available as well as comments explaining their purpose.
 The namespace is written in https://relaxng.org/[RELAX NG] Compact format and later converted into an XSD schema.
-If you are familiar with this format, you may wish to examine the https://raw.githubusercontent.com/spring-projects/spring-security/main/config/src/main/resources/org/springframework/security/config/spring-security-5.6.rnc[schema file] directly.
+If you are familiar with this format, you may wish to examine the https://raw.githubusercontent.com/spring-projects/spring-security/main/config/src/main/resources/org/springframework/security/config/spring-security-5.7.rnc[schema file] directly.
--- a/docs/modules/ROOT/pages/whats-new.adoc
+++ b/docs/modules/ROOT/pages/whats-new.adoc
@ -1,57 +1,5 @@
 [[new]]
-= What's New in Spring Security 5.6
+= What's New in Spring Security 5.7

-Spring Security 5.6 provides a number of new features.
+Spring Security 5.7 provides a number of new features.
 Below are the highlights of the release.
-
-* All new https://antora.org/[Antora] based https://docs.spring.io/spring-security/[documentation].
-
-[[whats-new-servlet]]
-== Servlet
-* Core
-
-** Introduced https://github.com/spring-projects/spring-security/issues/10226[`SecurityContextChangedListener`]
-** Improved https://github.com/spring-projects/spring-security/pull/10279[Method Security Logging]
-
-* Configuration
-
-** Introduced https://github.com/spring-projects/spring-security/pull/9630[`AuthorizationManager`] for method security
-
-* SAML 2.0 Service Provider
-
-** Added xref:servlet/saml2/logout.adoc[SAML 2.0 Single Logout Support]
-** Added xref:servlet/saml2/login/authentication-requests.adoc#servlet-saml2login-store-authn-request[Saml2AuthenticationRequestRepository]
-** Added xref:servlet/saml2/login/overview.adoc#servlet-saml2login-rpr-relyingpartyregistrationresolver[`RelyingPartyRegistrationResolver`]
-** Improved ``Saml2LoginConfigurer``'s handling of https://github.com/spring-projects/spring-security/issues/10268[`Saml2AuthenticationTokenConverter`]
-
-
-* OAuth 2.0 Login
-
-** Added https://github.com/spring-projects/spring-security/pull/10041[`Converter` for `Authentication` result]
-
-* OAuth 2.0 Client
-
-** Improved https://github.com/spring-projects/spring-security/pull/9791[Client Credentials encoding]
-** Improved https://github.com/spring-projects/spring-security/pull/9779[Access Token Response parsing]
-** Added https://github.com/spring-projects/spring-security/pull/10155[custom grant types support] for Authorization Requests
-** Introduced https://github.com/spring-projects/spring-security/pull/9208[JwtEncoder]
-
-* Testing
-
-** Added support to https://github.com/spring-projects/spring-security/pull/9737[propagate the TestSecurityContextHolder to SecurityContextHolder]
-
-[[whats-new-webflux]]
-== WebFlux
-
-* OAuth 2.0 Login
-
-** Improved xref:reactive/oauth2/login/index.adoc[Reactive OAuth 2.0 Login Documentation]
-
-* OAuth 2.0 Client
-
-** Improved https://github.com/spring-projects/spring-security/pull/9791[Client Credentials encoding]
-** Added https://github.com/spring-projects/spring-security/pull/10131[custom headers support] for Access Token Requests
-** Added https://github.com/spring-projects/spring-security/pull/10269[custom response parsing] for Access Token Requests
-** Added https://github.com/spring-projects/spring-security/pull/10327[jwt-bearer Grant Type support] for Access Token Requests
-** Added https://github.com/spring-projects/spring-security/pull/10336[JWT Client Authentication support] for Access Token Requests
-** Improved xref:reactive/oauth2/client/index.adoc[Reactive OAuth 2.0 Client Documentation]
--- a/gradle.properties
+++ b/gradle.properties
@ -3,7 +3,7 @@ springJavaformatVersion=0.0.29
 springBootVersion=2.4.2
 springFrameworkVersion=5.3.13
 openSamlVersion=3.4.6
-version=5.6.1-SNAPSHOT
+version=5.7.0-SNAPSHOT
 kotlinVersion=1.5.31
 samplesBranch=main
 org.gradle.jvmargs=-Xmx3g -XX:MaxPermSize=2048m -XX:+HeapDumpOnOutOfMemoryError
--- a/taglibs/src/main/resources/META-INF/security.tld
+++ b/taglibs/src/main/resources/META-INF/security.tld
@ -20,7 +20,7 @@
        version="2.0">
    <description>Spring Security Authorization Tag Library</description>

-    <tlib-version>5.6</tlib-version>
+    <tlib-version>5.7</tlib-version>
    <short-name>security</short-name>
    <uri>http://www.springframework.org/security/tags</uri>