diff --git a/bom/spring-security-bom.gradle b/bom/spring-security-bom.gradle index 69b6d399a2..9b0ce272fa 100644 --- a/bom/spring-security-bom.gradle +++ b/bom/spring-security-bom.gradle @@ -1,6 +1,7 @@ import io.spring.gradle.convention.SpringModulePlugin apply plugin: 'io.spring.convention.bom' +apply plugin: 'compile-warnings-error' dependencies { constraints { diff --git a/dependencies/spring-security-dependencies.gradle b/dependencies/spring-security-dependencies.gradle index 513ec88747..9a3dcf9f9e 100644 --- a/dependencies/spring-security-dependencies.gradle +++ b/dependencies/spring-security-dependencies.gradle @@ -1,5 +1,6 @@ plugins { id 'java-platform' + id 'compile-warnings-error' } javaPlatform { diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index a57cb27106..d27b51a2cb 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -16,7 +16,7 @@ org-springframework = "7.0.3" com-password4j = "1.8.4" [libraries] -ch-qos-logback-logback-classic = "ch.qos.logback:logback-classic:1.5.25" +ch-qos-logback-logback-classic = "ch.qos.logback:logback-classic:1.5.26" com-fasterxml-jackson-jackson-bom = "com.fasterxml.jackson:jackson-bom:2.20.2" com-google-inject-guice = "com.google.inject:guice:3.0" com-netflix-nebula-nebula-project-plugin = "com.netflix.nebula:nebula-project-plugin:8.2.0" @@ -29,7 +29,7 @@ com-jayway-jsonpath-json-path = "com.jayway.jsonpath:json-path:2.9.0" commons-collections = "commons-collections:commons-collections:3.2.2" io-micrometer-context-propagation = "io.micrometer:context-propagation:1.1.3" io-micrometer-micrometer-observation = "io.micrometer:micrometer-observation:1.14.14" -io-mockk = "io.mockk:mockk:1.14.7" +io-mockk = "io.mockk:mockk:1.14.9" io-projectreactor-reactor-bom = "io.projectreactor:reactor-bom:2025.0.2" io-rsocket-rsocket-bom = { module = "io.rsocket:rsocket-bom", version.ref = "io-rsocket" } io-spring-javaformat-spring-javaformat-checkstyle = { module = "io.spring.javaformat:spring-javaformat-checkstyle", version.ref = "io-spring-javaformat" } @@ -59,7 +59,7 @@ org-apereo-cas-client-cas-client-core = "org.apereo.cas.client:cas-client-core:4 io-freefair-gradle-aspectj-plugin = "io.freefair.gradle:aspectj-plugin:8.13.1" org-aspectj-aspectjrt = { module = "org.aspectj:aspectjrt", version.ref = "org-aspectj" } org-aspectj-aspectjweaver = { module = "org.aspectj:aspectjweaver", version.ref = "org-aspectj" } -org-assertj-assertj-core = "org.assertj:assertj-core:3.27.6" +org-assertj-assertj-core = "org.assertj:assertj-core:3.27.7" org-bouncycastle-bcpkix-jdk15on = { module = "org.bouncycastle:bcpkix-jdk18on", version.ref = "org-bouncycastle" } org-bouncycastle-bcprov-jdk15on = { module = "org.bouncycastle:bcprov-jdk18on", version.ref = "org-bouncycastle" } org-eclipse-jetty-jetty-server = { module = "org.eclipse.jetty:jetty-server", version.ref = "org-eclipse-jetty" } diff --git a/javascript/spring-security-javascript.gradle b/javascript/spring-security-javascript.gradle index d6c1f9d979..29acc8dda0 100644 --- a/javascript/spring-security-javascript.gradle +++ b/javascript/spring-security-javascript.gradle @@ -18,6 +18,7 @@ plugins { id 'base' id 'com.github.node-gradle.node' version '7.1.0' + id 'compile-warnings-error' } node { diff --git a/kerberos/kerberos-client/spring-security-kerberos-client.gradle b/kerberos/kerberos-client/spring-security-kerberos-client.gradle index 5b2cc4501c..cd914fd1be 100644 --- a/kerberos/kerberos-client/spring-security-kerberos-client.gradle +++ b/kerberos/kerberos-client/spring-security-kerberos-client.gradle @@ -2,6 +2,7 @@ plugins { id 'security-nullability' id 'io.spring.convention.spring-module' id 'javadoc-warnings-error' + id 'compile-warnings-error' } description = 'Spring Security Kerberos Client' diff --git a/kerberos/kerberos-core/spring-security-kerberos-core.gradle b/kerberos/kerberos-core/spring-security-kerberos-core.gradle index 1aa30ee3d6..29534cd493 100644 --- a/kerberos/kerberos-core/spring-security-kerberos-core.gradle +++ b/kerberos/kerberos-core/spring-security-kerberos-core.gradle @@ -2,6 +2,7 @@ plugins { id 'security-nullability' id 'io.spring.convention.spring-module' id 'javadoc-warnings-error' + id 'compile-warnings-error' } description = 'Spring Security Kerberos Core' diff --git a/kerberos/kerberos-test/spring-security-kerberos-test.gradle b/kerberos/kerberos-test/spring-security-kerberos-test.gradle index 9d220c6c9b..6cc3c9a456 100644 --- a/kerberos/kerberos-test/spring-security-kerberos-test.gradle +++ b/kerberos/kerberos-test/spring-security-kerberos-test.gradle @@ -1,6 +1,7 @@ plugins { id 'io.spring.convention.spring-module' id 'javadoc-warnings-error' + id 'compile-warnings-error' id 'security-nullability' } diff --git a/kerberos/kerberos-web/spring-security-kerberos-web.gradle b/kerberos/kerberos-web/spring-security-kerberos-web.gradle index 2bd605253b..59aee10312 100644 --- a/kerberos/kerberos-web/spring-security-kerberos-web.gradle +++ b/kerberos/kerberos-web/spring-security-kerberos-web.gradle @@ -2,6 +2,7 @@ plugins { id 'security-nullability' id 'io.spring.convention.spring-module' id 'javadoc-warnings-error' + id 'compile-warnings-error' } description = 'Spring Security Kerberos Web' diff --git a/ldap/spring-security-ldap.gradle b/ldap/spring-security-ldap.gradle index 287e5c1ae4..eb682ed69a 100644 --- a/ldap/spring-security-ldap.gradle +++ b/ldap/spring-security-ldap.gradle @@ -1,5 +1,6 @@ apply plugin: 'io.spring.convention.spring-module' apply plugin: 'javadoc-warnings-error' +apply plugin: 'compile-warnings-error' dependencies { management platform(project(":spring-security-dependencies")) diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java index 59e0a0ea29..44448189a1 100644 --- a/ldap/src/integration-test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java +++ b/ldap/src/integration-test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java @@ -68,6 +68,7 @@ public class DefaultSpringSecurityContextSourceTests { } @Test + @SuppressWarnings({ "unchecked", "rawtypes" }) public void poolingFlagIsSetWhenAuthenticationDnMatchesManagerUserDn() { EnvExposingDefaultSpringSecurityContextSource ctxSrc = new EnvExposingDefaultSpringSecurityContextSource( "ldap://blah:789/dc=springframework,dc=org"); @@ -79,6 +80,7 @@ public class DefaultSpringSecurityContextSourceTests { } @Test + @SuppressWarnings({ "unchecked", "rawtypes" }) public void poolingFlagIsNotSetWhenAuthenticationDnIsNotManagerUserDn() { EnvExposingDefaultSpringSecurityContextSource ctxSrc = new EnvExposingDefaultSpringSecurityContextSource( "ldap://blah:789/dc=springframework,dc=org"); @@ -170,13 +172,13 @@ public class DefaultSpringSecurityContextSourceTests { .isThrownBy(() -> new DefaultSpringSecurityContextSource(serverUrls, "dc=springframework,dc=org")); } + @SuppressWarnings({ "unchecked", "rawtypes" }) static class EnvExposingDefaultSpringSecurityContextSource extends DefaultSpringSecurityContextSource { EnvExposingDefaultSpringSecurityContextSource(String providerUrl) { super(providerUrl); } - @SuppressWarnings("unchecked") Hashtable getAuthenticatedEnvForTest(String userDn, String password) { return getAuthenticatedEnv(userDn, password); } diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateITests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateITests.java index 25d65e1215..6b7aed63d2 100644 --- a/ldap/src/integration-test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateITests.java +++ b/ldap/src/integration-test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateITests.java @@ -89,6 +89,7 @@ public class SpringSecurityLdapTemplateITests { // } @Test + @SuppressWarnings("unchecked") public void namingExceptionIsTranslatedCorrectly() { assertThatExceptionOfType(UncategorizedLdapException.class) .isThrownBy(() -> this.template.executeReadOnly((ContextExecutor) (dirContext) -> { diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorTests.java index a7598b3c4e..6336e1fd16 100644 --- a/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorTests.java +++ b/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorTests.java @@ -47,6 +47,7 @@ import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException */ @ExtendWith(SpringExtension.class) @ContextConfiguration(classes = UnboundIdContainerConfig.class) +@SuppressWarnings("deprecation") public class PasswordComparisonAuthenticatorTests { @Autowired diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulatorGetGrantedAuthoritiesTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulatorGetGrantedAuthoritiesTests.java index 928b111ab4..33a5539594 100644 --- a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulatorGetGrantedAuthoritiesTests.java +++ b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulatorGetGrantedAuthoritiesTests.java @@ -57,6 +57,7 @@ public class DefaultLdapAuthoritiesPopulatorGetGrantedAuthoritiesTests { } @Test + @SuppressWarnings("deprecation") public void groupSearchDoesNotAllowNullRoles() { this.populator.setRolePrefix("ROLE_"); this.populator.setGroupRoleAttribute("ou"); diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulatorTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulatorTests.java index 3139673b43..9d3023e595 100644 --- a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulatorTests.java +++ b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulatorTests.java @@ -116,6 +116,7 @@ public class NestedLdapAuthoritiesPopulatorTests { } @Test + @SuppressWarnings("unchecked") public void testClosureDudeJDevelopersWithMembershipAsAttributeValues() { this.populator.setAttributeNames(new HashSet(Arrays.asList("member"))); diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticationProvider.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticationProvider.java index ac78d44b5a..9ee853b110 100644 --- a/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticationProvider.java +++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticationProvider.java @@ -21,11 +21,11 @@ import java.util.LinkedHashSet; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.jspecify.annotations.NonNull; import org.springframework.context.MessageSource; import org.springframework.context.MessageSourceAware; import org.springframework.context.support.MessageSourceAccessor; -import org.springframework.lang.NonNull; import org.springframework.ldap.core.DirContextOperations; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.BadCredentialsException; diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticator.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticator.java index 4b33cb3b9f..0017c39bc9 100644 --- a/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticator.java +++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticator.java @@ -21,11 +21,12 @@ import java.util.ArrayList; import java.util.Collections; import java.util.List; +import org.jspecify.annotations.NonNull; + import org.springframework.beans.factory.InitializingBean; import org.springframework.context.MessageSource; import org.springframework.context.MessageSourceAware; import org.springframework.context.support.MessageSourceAccessor; -import org.springframework.lang.NonNull; import org.springframework.ldap.core.ContextSource; import org.springframework.security.core.SpringSecurityMessageSource; import org.springframework.security.ldap.search.LdapUserSearch; diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticator.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticator.java index e158e87235..dd07d2349c 100644 --- a/ldap/src/main/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticator.java +++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticator.java @@ -52,14 +52,27 @@ public final class PasswordComparisonAuthenticator extends AbstractLdapAuthentic private static final Log logger = LogFactory.getLog(PasswordComparisonAuthenticator.class); - private PasswordEncoder passwordEncoder = new LdapShaPasswordEncoder(KeyGenerators.shared(0)); + private PasswordEncoder passwordEncoder; private String passwordAttributeName = "userPassword"; private boolean usePasswordAttrCompare = false; + /** + * @deprecated Use + * {@link #PasswordComparisonAuthenticator(BaseLdapPathContextSource, PasswordEncoder)} + * instead + */ + @Deprecated(since = "7.1") + @SuppressWarnings("deprecation") public PasswordComparisonAuthenticator(BaseLdapPathContextSource contextSource) { + this(contextSource, new LdapShaPasswordEncoder(KeyGenerators.shared(0))); + } + + public PasswordComparisonAuthenticator(BaseLdapPathContextSource contextSource, PasswordEncoder passwordEncoder) { super(contextSource); + Assert.notNull(passwordEncoder, "passwordEncoder must not be null"); + this.passwordEncoder = passwordEncoder; } @Override diff --git a/ldap/src/main/java/org/springframework/security/ldap/server/UnboundIdContainer.java b/ldap/src/main/java/org/springframework/security/ldap/server/UnboundIdContainer.java index ec0efba60b..75fcdaaaa8 100644 --- a/ldap/src/main/java/org/springframework/security/ldap/server/UnboundIdContainer.java +++ b/ldap/src/main/java/org/springframework/security/ldap/server/UnboundIdContainer.java @@ -25,6 +25,7 @@ import com.unboundid.ldap.sdk.DN; import com.unboundid.ldap.sdk.Entry; import com.unboundid.ldap.sdk.LDAPException; import com.unboundid.ldif.LDIFReader; +import org.jspecify.annotations.NonNull; import org.springframework.beans.BeansException; import org.springframework.beans.factory.DisposableBean; @@ -34,7 +35,6 @@ import org.springframework.context.ApplicationContextAware; import org.springframework.context.ConfigurableApplicationContext; import org.springframework.context.Lifecycle; import org.springframework.core.io.Resource; -import org.springframework.lang.NonNull; import org.springframework.util.StringUtils; /** diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java index 422b239a0f..08f57fd484 100644 --- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java +++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java @@ -369,6 +369,7 @@ public class LdapUserDetailsManager implements UserDetailsManager { this.groupSearchFilter = "(" + groupMemberAttributeName + "={0})"; } + @SuppressWarnings("unchecked") public void setRoleMapper(AttributesMapper roleMapper) { this.roleMapper = roleMapper; } diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorMockTests.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorMockTests.java index f5c2d8b4ae..5162fda236 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorMockTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorMockTests.java @@ -35,9 +35,11 @@ import static org.mockito.Mockito.mock; /** * @author Luke Taylor */ +@SuppressWarnings("deprecation") public class PasswordComparisonAuthenticatorMockTests { @Test + @SuppressWarnings("unchecked") public void ldapCompareOperationIsUsedWhenPasswordIsNotRetrieved() throws Exception { final DirContext dirCtx = mock(DirContext.class); final BaseLdapPathContextSource source = mock(BaseLdapPathContextSource.class); diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/UserDetailsServiceLdapAuthoritiesPopulatorTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/UserDetailsServiceLdapAuthoritiesPopulatorTests.java index 192e51829f..8910e53f60 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/UserDetailsServiceLdapAuthoritiesPopulatorTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/UserDetailsServiceLdapAuthoritiesPopulatorTests.java @@ -38,6 +38,7 @@ import static org.mockito.Mockito.mock; public class UserDetailsServiceLdapAuthoritiesPopulatorTests { @Test + @SuppressWarnings("unchecked") public void delegationToUserDetailsServiceReturnsCorrectRoles() { UserDetailsService uds = mock(UserDetailsService.class); UserDetails user = mock(UserDetails.class); diff --git a/messaging/spring-security-messaging.gradle b/messaging/spring-security-messaging.gradle index 2767b07209..64f27682e0 100644 --- a/messaging/spring-security-messaging.gradle +++ b/messaging/spring-security-messaging.gradle @@ -1,6 +1,7 @@ plugins { id 'security-nullability' id 'javadoc-warnings-error' + id 'compile-warnings-error' } apply plugin: 'io.spring.convention.spring-module' diff --git a/rsocket/spring-security-rsocket.gradle b/rsocket/spring-security-rsocket.gradle index f0994bf593..c876c15d47 100644 --- a/rsocket/spring-security-rsocket.gradle +++ b/rsocket/spring-security-rsocket.gradle @@ -1,4 +1,5 @@ plugins { + id 'compile-warnings-error' id 'security-nullability' } @@ -8,6 +9,7 @@ dependencies { management platform(project(":spring-security-dependencies")) api project(':spring-security-core') api 'io.rsocket:rsocket-core' + compileOnly 'com.google.code.findbugs:jsr305:3.0.2' optional project(':spring-security-oauth2-resource-server') optional 'org.springframework:spring-messaging' testImplementation 'io.projectreactor:reactor-test' diff --git a/saml2/saml2-service-provider/spring-security-saml2-service-provider.gradle b/saml2/saml2-service-provider/spring-security-saml2-service-provider.gradle index 140f8a91e7..76164ca23a 100644 --- a/saml2/saml2-service-provider/spring-security-saml2-service-provider.gradle +++ b/saml2/saml2-service-provider/spring-security-saml2-service-provider.gradle @@ -1,3 +1,7 @@ +plugins { + id 'compile-warnings-error' +} + apply plugin: 'io.spring.convention.spring-module' configurations { @@ -109,6 +113,7 @@ dependencies { testRuntimeOnly 'org.junit.platform:junit-platform-launcher' testRuntimeOnly 'org.hsqldb:hsqldb' + opensamlFiveMain "org.apiguardian:apiguardian-api:1.1.2" } jar { diff --git a/taglibs/spring-security-taglibs.gradle b/taglibs/spring-security-taglibs.gradle index 875bf8220a..44971937aa 100644 --- a/taglibs/spring-security-taglibs.gradle +++ b/taglibs/spring-security-taglibs.gradle @@ -1,5 +1,6 @@ plugins { id 'security-nullability' + id 'compile-warnings-error' } apply plugin: 'io.spring.convention.spring-module'