Currently, the List-receiving constructors of AndRequestMatcher,
OrRequestMatcher, AndServerWebExchangeMatcher, and OrServerWebExchangeMatcher
don't support covariance, which adds obstacles to users of these
APIs. For example, one cannot pass a List<PathPatternRequestMatcher>
to OrRequestMatcher(List<RequestMatcher>).
This commit resolves the aforementioned problem. It should not
break existing code.
Signed-off-by: Ziqin Wang <ziqin@wangziqin.net>
- fix compiler warnings in ServerOneTimeTokenAuthenticationConverter
- Replace deprecated API calls to create a OneTimeTokenAuthenticationToken.unauthenticated with OneTimeTokenAuthenticationToken(String token) call
- Update HttpMessageConverterAuthenticationSuccessHandler to replace deprecated MappingJackson2HttpMessageConverter with JacksonJsonHttpMessageConverter
- Replace updated OneTimeTokenAuthenticationConverter to use non-deprecated OneTimeTokenAuthenticationToken constructor
- update tests to remove use of deprecated methods
- refactor JdbcTokenRepositoryImpl to remove extension of deprecated JdbcDaoSupport class
- enable compile-warnings-error plugin
Closes gh-18441
Signed-off-by: Joe Kuhel <4983938+jkuhel@users.noreply.github.com>
- URL parsing changed in framework 6.2, and fails when path contains a % sign.
- The HttpSessionRequestCache only needs to inspect the query string, not the full URL.
Fixes gh-16656
Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
In this commit, we added `@Nullable` to equals methods of classes that
support `jspecify` for consistency with other Spring projects and to
avoid bugs that caused other Spring projects to do this natively.
Closes: gh-18929, gh-18927
Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
In this commit, we add support for the charset from RFC-7617, which
definitely solves the problem when the client does not know what charset
we are parsing with.
Closes: gh-18755
Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
Previously the parameters were not restored.
This commit ensures the parameters are restored.
Closes gh-18204
Signed-off-by: Vishnutheep B <vishnutheep@gmail.com>
Spring Security's `OnCommitedResponseWrapper` does not override the `setHeader`, `setIntHeader`, `addIntHeader`
methods. This means that if the `Content-Length` response header is specified using any of those methods then
the response body length is not tracked and can be committed before the response headers are written.
Spring Security should override the missing methods and track `Content-Length` as is already done for `addHeader`.
This issue is the underlying problem for spring-projects/spring-framework#36381
Closes gh-18797
