.github/dco.yml

@@ -1,2 +0,0 @@
-require:
-  members: false

.github/dependabot.template.yml

@@ -0,0 +1,41 @@
+version: 2
+
+registries:
+  spring-milestones:
+    type: maven-repository
+    url: https://repo.spring.io/milestone
+
+updates:
+
+  - package-ecosystem: "gradle"
+    target-branch: "main"
+    directory: "/"
+    schedule:
+      interval: "daily"
+      time: "03:00"
+      timezone: "Etc/UTC"
+    labels: [ "type: dependency-upgrade" ]
+    registries:
+      - "spring-milestones"
+    ignore:
+      - dependency-name: "com.nimbusds:nimbus-jose-jwt" # nimbus-jose-jwt gets updated when oauth2-oidc-sdk is updated to ensure consistency
+      - dependency-name: "org.python:jython" # jython updates break integration tests
+      - dependency-name: "org.apache.directory.server:*" # ApacheDS version > 1.5.5 contains break changes
+      - dependency-name: "org.junit:junit-bom"
+        update-types: [ "version-update:semver-major" ]
+      - dependency-name: "org.mockito:mockito-bom"
+        update-types: [ "version-update:semver-major" ]
+      - dependency-name: "*"
+        update-types: [ "version-update:semver-major", "version-update:semver-minor" ]
+
+  #    GitHub Actions
+
+  - package-ecosystem: github-actions
+    target-branch: "main"
+    directory: "/"
+    schedule:
+      interval: weekly
+    ignore:
+      - dependency-name: "sjohnr/*"
+      - dependency-name: "spring-io/*"
+      - dependency-name: "spring-security-release-tools/*"

.github/dependabot.yml

@@ -5,7 +5,7 @@ registries:
     url: https://repo.spring.io/milestone
 updates:
   - package-ecosystem: gradle
-    target-branch: 6.5.x
+    target-branch: 5.8.x
     directory: /
     schedule:
       interval: daily
@@ -19,7 +19,6 @@ updates:
       - dependency-name: com.nimbusds:nimbus-jose-jwt
       - dependency-name: org.python:jython
       - dependency-name: org.apache.directory.server:*
-      - dependency-name: org.apache.directory.shared:*
       - dependency-name: org.junit:junit-bom
         update-types:
           - version-update:semver-major
@@ -31,7 +30,7 @@ updates:
           - version-update:semver-major
           - version-update:semver-minor
   - package-ecosystem: gradle
-    target-branch: 6.4.x
+    target-branch: 6.2.x
     directory: /
     schedule:
       interval: daily
@@ -45,7 +44,6 @@ updates:
       - dependency-name: com.nimbusds:nimbus-jose-jwt
       - dependency-name: org.python:jython
       - dependency-name: org.apache.directory.server:*
-      - dependency-name: org.apache.directory.shared:*
       - dependency-name: org.junit:junit-bom
         update-types:
           - version-update:semver-major
@@ -71,7 +69,6 @@ updates:
       - dependency-name: com.nimbusds:nimbus-jose-jwt
       - dependency-name: org.python:jython
       - dependency-name: org.apache.directory.server:*
-      - dependency-name: org.apache.directory.shared:*
       - dependency-name: org.junit:junit-bom
         update-types:
           - version-update:semver-major
@@ -97,7 +94,6 @@ updates:
       - dependency-name: com.nimbusds:nimbus-jose-jwt
       - dependency-name: org.python:jython
       - dependency-name: org.apache.directory.server:*
-      - dependency-name: org.apache.directory.shared:*
       - dependency-name: org.junit:junit-bom
         update-types:
           - version-update:semver-major
@@ -111,8 +107,27 @@ updates:
       - dependency-name: '*'
         update-types:
           - version-update:semver-major
-          - version-update:semver-minor
 
+  - package-ecosystem: github-actions
+    target-branch: 5.8.x
+    directory: /
+    schedule:
+      interval: weekly
+    labels:
+      - 'type: task'
+      - 'in: build'
+    ignore:
+      - dependency-name: sjohnr/*
+  - package-ecosystem: github-actions
+    target-branch: 6.2.x
+    directory: /
+    schedule:
+      interval: weekly
+    labels:
+      - 'type: task'
+      - 'in: build'
+    ignore:
+      - dependency-name: sjohnr/*
   - package-ecosystem: github-actions
     target-branch: 6.3.x
     directory: /
@@ -123,6 +138,16 @@ updates:
       - 'in: build'
     ignore:
       - dependency-name: sjohnr/*
+  - package-ecosystem: github-actions
+    target-branch: main
+    directory: /
+    schedule:
+      interval: weekly
+    labels:
+      - 'type: task'
+      - 'in: build'
+    ignore:
+      - dependency-name: sjohnr/*
   - package-ecosystem: github-actions
     target-branch: docs-build
     directory: /
@@ -131,6 +156,8 @@ updates:
     labels:
       - 'type: task'
       - 'in: build'
+    ignore:
+      - dependency-name: sjohnr/*
 
   - package-ecosystem: npm
     target-branch: docs-build
@@ -157,3 +184,19 @@ updates:
     labels:
       - 'type: task'
       - 'in: build'
+  - package-ecosystem: npm
+    target-branch: 6.2.x
+    directory: /docs
+    schedule:
+      interval: weekly
+    labels:
+      - 'type: task'
+      - 'in: build'
+  - package-ecosystem: npm
+    target-branch: 5.8.x
+    directory: /docs
+    schedule:
+      interval: weekly
+    labels:
+      - 'type: task'
+      - 'in: build'

.github/workflows/check-snapshots.yml

@@ -1,38 +0,0 @@
-name: CI
-
-on:
-  schedule:
-    - cron: '0 10 * * *' # Once per day at 10am UTC
-  workflow_dispatch: # Manual trigger
-
-env:
-  DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
-
-permissions:
-  contents: read
-
-jobs:
-  snapshot-test:
-    name: Test Against Snapshots
-    uses: spring-io/spring-security-release-tools/.github/workflows/test.yml@v1
-    strategy:
-      matrix:
-        include:
-          - java-version: 21-ea
-            toolchain: 21
-          - java-version: 17
-            toolchain: 17
-    with:
-      java-version: ${{ matrix.java-version }}
-      test-args: --refresh-dependencies -PforceMavenRepositories=snapshot,https://oss.sonatype.org/content/repositories/snapshots -PisOverrideVersionCatalog -PtestToolchain=${{ matrix.toolchain }} -PspringFrameworkVersion=7.+ -PreactorVersion=2025.+ -PspringDataVersion=2025.+ --stacktrace
-    secrets: inherit
-  send-notification:
-    name: Send Notification
-    needs: [ snapshot-test ]
-    if: ${{ !success() }}
-    runs-on: ubuntu-latest
-    steps:
-      - name: Send Notification
-        uses: spring-io/spring-security-release-tools/.github/actions/send-notification@v1
-        with:
-          webhook-url: ${{ secrets.SPRING_SECURITY_CI_GCHAT_WEBHOOK_URL }}

.github/workflows/codeql.yml

@@ -1,17 +0,0 @@
-name: "CodeQL Advanced"
-
-on:
-  push:
-  pull_request:
-  workflow_dispatch:
-  schedule:
-    # https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#schedule
-    - cron: '0 5 * * *'
-permissions: read-all
-jobs:
-  codeql-analysis-call:
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-    uses: spring-io/github-actions/.github/workflows/codeql-analysis.yml@1

.github/workflows/continuous-integration-workflow.yml

@@ -9,7 +9,7 @@ on:
   workflow_dispatch: # Manual trigger
 
 env:
-  DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
+  DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }}
 
 permissions:
   contents: read
@@ -27,24 +27,76 @@ jobs:
       java-version: ${{ matrix.jdk }}
       distribution: temurin
     secrets: inherit
+  test:
+    name: Test Against Snapshots
+    uses: spring-io/spring-security-release-tools/.github/workflows/test.yml@v1
+    strategy:
+      matrix:
+        include:
+          - java-version: 21-ea
+            toolchain: 21
+          - java-version: 17
+            toolchain: 17
+    with:
+      java-version: ${{ matrix.java-version }}
+      test-args: --refresh-dependencies -PforceMavenRepositories=snapshot -PisOverrideVersionCatalog -PtestToolchain=${{ matrix.toolchain }} -PspringFrameworkVersion=6.2.+ -PreactorVersion=2023.0.+ -PspringDataVersion=2024.0.+ --stacktrace
+    secrets: inherit
+  check-samples:
+    name: Check Samples
+    runs-on: ubuntu-latest
+    if: ${{ github.repository_owner == 'spring-projects' }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up gradle
+        uses: spring-io/spring-gradle-build-action@v2
+        with:
+          java-version: 17
+          distribution: temurin
+      - name: Check samples project
+        env:
+          LOCAL_REPOSITORY_PATH: ${{ github.workspace }}/build/publications/repos
+          SAMPLES_DIR: ../spring-security-samples
+        run: |
+          # Extract version from gradle.properties
+          version=$(cat gradle.properties | grep "version=" | awk -F'=' '{print $2}')
+          # Extract samplesBranch from gradle.properties
+          samples_branch=$(cat gradle.properties | grep "samplesBranch=" | awk -F'=' '{print $2}')
+          ./gradlew publishMavenJavaPublicationToLocalRepository
+          ./gradlew cloneRepository -PrepositoryName="spring-projects/spring-security-samples" -Pref="$samples_branch" -PcloneOutputDirectory="$SAMPLES_DIR"
+          ./gradlew --refresh-dependencies --project-dir "$SAMPLES_DIR" --init-script spring-security-ci.gradle -PlocalRepositoryPath="$LOCAL_REPOSITORY_PATH" -PspringSecurityVersion="$version" test integrationTest
+  check-tangles:
+    name: Check for Package Tangles
+    runs-on: ubuntu-latest
+    if: ${{ github.repository_owner == 'spring-projects' }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up gradle
+        uses: spring-io/spring-gradle-build-action@v2
+        with:
+          java-version: 17
+          distribution: temurin
+      - name: Check for package tangles
+        env:
+          STRUCTURE101_LICENSEID: ${{ secrets.STRUCTURE101_LICENSEID }}
+        run: |
+          ./gradlew check s101 -Ps101.licenseId="$STRUCTURE101_LICENSEID" --stacktrace
   deploy-artifacts:
     name: Deploy Artifacts
-    needs: [ build]
+    needs: [ build, test, check-samples, check-tangles ]
     uses: spring-io/spring-security-release-tools/.github/workflows/deploy-artifacts.yml@v1
     with:
       should-deploy-artifacts: ${{ needs.build.outputs.should-deploy-artifacts }}
-      default-publish-milestones-central: true
     secrets: inherit
   deploy-docs:
     name: Deploy Docs
-    needs: [ build ]
+    needs: [ build, test, check-samples, check-tangles ]
     uses: spring-io/spring-security-release-tools/.github/workflows/deploy-docs.yml@v1
     with:
       should-deploy-docs: ${{ needs.build.outputs.should-deploy-artifacts }}
     secrets: inherit
   deploy-schema:
     name: Deploy Schema
-    needs: [ build ]
+    needs: [ build, test, check-samples, check-tangles ]
     uses: spring-io/spring-security-release-tools/.github/workflows/deploy-schema.yml@v1
     with:
       should-deploy-schema: ${{ needs.build.outputs.should-deploy-artifacts }}
@@ -56,7 +108,7 @@ jobs:
     with:
       should-perform-release: ${{ needs.deploy-artifacts.outputs.artifacts-deployed }}
       project-version: ${{ needs.deploy-artifacts.outputs.project-version }}
-      milestone-repo-url: https://repo1.maven.org/maven2
+      milestone-repo-url: https://repo.spring.io/artifactory/milestone
       release-repo-url: https://repo1.maven.org/maven2
       artifact-path: org/springframework/security/spring-security-core
       slack-announcing-id: spring-security-announcing
@@ -64,7 +116,7 @@ jobs:
   send-notification:
     name: Send Notification
     needs: [ perform-release ]
-    if: ${{ !success() }}
+    if: ${{ failure() || cancelled() }}
     runs-on: ubuntu-latest
     steps:
       - name: Send Notification

.github/workflows/dependabot-auto-merge-forward.yml

@@ -0,0 +1,57 @@
+name: Auto Merge Forward Dependabot Commits
+
+on:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+concurrency:
+  group: dependabot-auto-merge-forward
+
+jobs:
+  get-supported-branches:
+    uses: spring-io/spring-security-release-tools/.github/workflows/retrieve-spring-supported-versions.yml@actions-v1
+    with:
+      project: spring-security
+      type: oss
+      repository_name: spring-projects/spring-security
+
+  auto-merge-forward-dependabot:
+    name: Auto Merge Forward Dependabot Commits
+    runs-on: ubuntu-latest
+    needs: [get-supported-branches]
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout
+        id: checkout
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}
+      - name: Setup GitHub User
+        id: setup-gh-user
+        run: |
+          git config user.name 'github-actions[bot]'
+          git config user.email 'github-actions[bot]@users.noreply.github.com'
+      - name: Run Auto Merge Forward
+        id: run-auto-merge-forward
+        uses: spring-io/spring-security-release-tools/.github/actions/auto-merge-forward@actions-v1
+        with:
+          branches: 5.8.x,${{ needs.get-supported-branches.outputs.supported_versions }},main
+          from-author: dependabot[bot]
+  notify_result:
+    name: Check for failures
+    needs: [ auto-merge-forward-dependabot ]
+    if: failure()
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+    steps:
+      - name: Send Slack message
+        uses: Gamesight/slack-workflow-status@v1.3.0
+        with:
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          slack_webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }}
+          channel: '#spring-security-ci'
+          name: 'CI Notifier'

.github/workflows/gradle-wrapper-upgrade-execution.yml

@@ -4,8 +4,7 @@ on:
   schedule:
     - cron:  '0 2 * * *' # 2am UTC
   workflow_dispatch:
-permissions:
+
-  pull-requests: write
 jobs:
   upgrade_wrapper:
     name: Execution

.github/workflows/mark-duplicate-dependabot-prs.yml

@@ -0,0 +1,45 @@
+name: Mark Duplicate Dependabot PRs
+
+on:
+  pull_request:
+    types: [closed]
+
+jobs:
+  check_duplicate_prs:
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.merged == true && github.event.pull_request.user.login == 'dependabot[bot]'
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Extract Dependency Name from PR Title
+        id: extract
+        run: |
+          PR_TITLE="${{ github.event.pull_request.title }}"
+          DEPENDENCY_NAME=$(echo "$PR_TITLE" | awk -F ' from ' '{print $1}')
+          echo "dependency_name=$DEPENDENCY_NAME" >> $GITHUB_OUTPUT
+
+      - name: Find PRs
+        id: find_duplicates
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          PRS=$(gh pr list --search 'milestone:${{ github.event.pull_request.milestone.title }} is:merged in:title "${{ steps.extract.outputs.dependency_name }}"' --json number --jq 'map(.number) | join(",")')
+          echo "prs=$PRS" >> $GITHUB_OUTPUT
+
+      - name: Label Duplicate PRs
+        if: steps.find_duplicates.outputs.prs != ''
+        env:
+          PRS: ${{ steps.find_duplicates.outputs.prs }}
+          CURRENT_PR_NUMBER: ${{ github.event.pull_request.number }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        shell: bash
+        run: |
+          for i in ${PRS//,/ }
+          do
+            if [ ! $i -eq "$CURRENT_PR_NUMBER" ]; then
+              echo "Marking PR $i as duplicate"
+              gh pr edit "$i" --add-label "status: duplicate"
+              gh pr comment "$i" --body "Duplicate of #$CURRENT_PR_NUMBER"
+            fi
+          done

.github/workflows/merge-dependabot-pr.yml

@@ -0,0 +1,63 @@
+name: Merge Dependabot PR
+
+on: pull_request_target
+
+run-name: Merge Dependabot PR ${{ github.ref_name }}
+
+permissions: write-all
+
+jobs:
+  merge-dependabot-pr:
+    name: Merge Dependabot PR
+    runs-on: ubuntu-latest
+    if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'spring-projects/spring-security' }}
+    steps:
+
+      - uses: actions/checkout@v4
+        with:
+          show-progress: false
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: 17
+
+      - name: Set Milestone to Dependabot Pull Request
+        id: set-milestone
+        run: |
+          if test -f pom.xml
+          then
+            CURRENT_VERSION=$(mvn help:evaluate -Dexpression="project.version" -q -DforceStdout)
+          else
+            CURRENT_VERSION=$(cat gradle.properties | sed -n '/^version=/ { s/^version=//;p }')
+          fi
+          export CANDIDATE_VERSION=${CURRENT_VERSION/-SNAPSHOT}
+          MILESTONE=$(gh api repos/$GITHUB_REPOSITORY/milestones --jq 'map(select(.due_on != null and (.title | startswith(env.CANDIDATE_VERSION)))) | .[0] | .title')
+          
+          if [ -z $MILESTONE ]
+          then
+            gh run cancel ${{ github.run_id }}
+            echo "::warning title=Cannot merge::No scheduled milestone for $CURRENT_VERSION version"
+          else
+            gh pr edit ${{ github.event.pull_request.number }} --milestone $MILESTONE
+            echo mergeEnabled=true >> $GITHUB_OUTPUT
+          fi
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Merge Dependabot pull request
+        if: steps.set-milestone.outputs.mergeEnabled
+        run: gh pr merge ${{ github.event.pull_request.number }} --auto --rebase
+        env:
+          GH_TOKEN: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}
+  send-notification:
+    name: Send Notification
+    needs: [ merge-dependabot-pr ]
+    if: ${{ failure() || cancelled() }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Send Notification
+        uses: spring-io/spring-security-release-tools/.github/actions/send-notification@v1
+        with:
+          webhook-url: ${{ secrets.SPRING_SECURITY_CI_GCHAT_WEBHOOK_URL }}

.github/workflows/pr-build-workflow.yml

@@ -2,6 +2,9 @@ name: PR Build
 
 on: pull_request
 
+env:
+  DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }}
+
 permissions:
   contents: read
 
@@ -18,7 +21,7 @@ jobs:
           java-version: '17'
           distribution: 'temurin'
       - name: Build with Gradle
-        run: ./gradlew clean build -PskipCheckExpectedBranchVersion --continue --scan
+        run: ./gradlew clean build -PskipCheckExpectedBranchVersion --continue
   generate-docs:
     name: Generate Docs
     runs-on: ubuntu-latest

.github/workflows/release-scheduler.yml

@@ -11,7 +11,7 @@ jobs:
     strategy:
       matrix:
         # List of active maintenance branches.
-        branch: [ main, 6.5.x, 6.4.x, 6.3.x ]
+        branch: [ main, 6.3.x, 6.2.x, 5.8.x ]
     runs-on: ubuntu-latest
     steps:
     - name: Checkout

.github/workflows/trigger-dependabot-auto-merge-forward.yml

@@ -0,0 +1,22 @@
+name: Trigger Dependabot Auto Merge Forward
+
+on:
+  push:
+    branches:
+      - '*.x'
+
+permissions: read-all
+
+jobs:
+  trigger-worflow:
+    name: Trigger Workflow
+    runs-on: ubuntu-latest
+    if: ${{ github.event.commits[0].author.username == 'dependabot[bot]' && github.repository == 'spring-projects/spring-security' }}
+    steps:
+      - name: Checkout
+        id: checkout
+        uses: actions/checkout@v4
+      - id: trigger
+        env:
+          GH_TOKEN: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}
+        run: gh workflow run dependabot-auto-merge-forward.yml -r main

.github/workflows/update-antora-ui-spring.yml

@@ -18,7 +18,7 @@ jobs:
       matrix:
         branch: [ '5.8.x', '6.2.x', '6.3.x', 'main' ]
     steps:
-      - uses: spring-io/spring-doc-actions/update-antora-spring-ui@e28269199d1d27975cf7f65e16d6095c555b3cd0
+      - uses: spring-io/spring-doc-actions/update-antora-spring-ui@852920ba3fb1f28b35a2f13201133bc00ef33677
         name: Update
         with:
           docs-branch: ${{ matrix.branch }}
@@ -28,7 +28,7 @@ jobs:
     runs-on: ubuntu-latest
     name: Update on docs-build
     steps:
-      - uses: spring-io/spring-doc-actions/update-antora-spring-ui@e28269199d1d27975cf7f65e16d6095c555b3cd0
+      - uses: spring-io/spring-doc-actions/update-antora-spring-ui@852920ba3fb1f28b35a2f13201133bc00ef33677
         name: Update
         with:
           docs-branch: 'docs-build'

.github/workflows/update-dependabot.yml

@@ -0,0 +1,36 @@
+name: Update dependabot.yml
+
+on:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+
+  get-supported-branches:
+    uses: spring-io/spring-security-release-tools/.github/workflows/retrieve-spring-supported-versions.yml@actions-v1
+    with:
+      project: spring-security
+      type: oss
+      repository_name: spring-projects/spring-security
+
+  main:
+    runs-on: ubuntu-latest
+    needs: [get-supported-branches]
+    if: ${{ (github.repository == 'spring-projects/spring-security') && (github.ref == 'refs/heads/main') }}
+    permissions:
+      contents: write
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+      - uses: spring-io/spring-security-release-tools/.github/actions/generate-dependabot-yml@actions-v1
+        name: Update dependabot.yml
+        with:
+          gradle-branches: ${{ needs.get-supported-branches.outputs.supported_versions }},main
+          github-actions-branches: ${{ needs.get-supported-branches.outputs.supported_versions }},main,docs-build
+          gh-token: ${{ secrets.GITHUB_TOKEN }}
+      - uses: stefanzweifel/git-auto-commit-action@v5
+        with:
+          commit_message: Update dependabot.yml

CONTRIBUTING.adoc

@@ -79,10 +79,7 @@ See https://github.com/spring-projects/spring-security/tree/main#building-from-s
 
 The wiki pages https://github.com/spring-projects/spring-framework/wiki/Code-Style[Code Style] and https://github.com/spring-projects/spring-framework/wiki/IntelliJ-IDEA-Editor-Settings[IntelliJ IDEA Editor Settings] define the source file coding standards we use along with some IDEA editor settings we customize.
 
-Additionally, since Streams are https://github.com/spring-projects/spring-security/issues/7154[much slower] than `for` loops, please use them judiciously.
+To format the code as well as check the style, run `./gradlew format check`.
-The team may ask you to change to a `for` loop if the given code is along a hot path.
-
-To format the code as well as check the style, run `./gradlew format && ./gradlew check`.
 
 [[submit-a-pull-request]]
 === Submit a Pull Request
@@ -92,30 +89,41 @@ We are excited for your pull request! :heart:
 Please do your best to follow these steps.
 Don't worry if you don't get them all correct the first time, we will help you.
 
-1. [[sign-cla]] All commits must include a __Signed-off-by__ trailer at the end of each commit message to indicate that the contributor agrees to the Developer Certificate of Origin.
+[[sign-cla]]
-For additional details, please refer to the blog post https://spring.io/blog/2025/01/06/hello-dco-goodbye-cla-simplifying-contributions-to-spring[Hello DCO, Goodbye CLA: Simplifying Contributions to Spring].
+1. If you have not previously done so, please sign the https://cla.spring.io/sign/spring[Contributor License Agreement].
-2. [[create-an-issue-list]] Must you https://github.com/spring-projects/spring-security/issues/new/choose[create an issue] first? No, but it is recommended for features and larger bug fixes. It's easier discuss with the team first to determine the right fix or enhancement.
+You will be reminded automatically when you submit the PR.
+[[create-an-issue]]
+1. Must you https://github.com/spring-projects/spring-security/issues/new/choose[create an issue] first? No, but it is recommended for features and larger bug fixes. It's easier discuss with the team first to determine the right fix or enhancement.
 For typos and straightforward bug fixes, starting with a pull request is encouraged.
 Please include a description for context and motivation.
 Note that the team may close your pull request if it's not a fit for the project.
-3. [[choose-a-branch]] Always check out the branch indicated in the milestone and submit pull requests against it (for example, for milestone `5.8.3` use the `5.8.x` branch).
+[[choose-a-branch]]
+1. Always check out the branch indicated in the milestone and submit pull requests against it (for example, for milestone `5.8.3` use the `5.8.x` branch).
 If there is no milestone, choose `main`.
 Once merged, the fix will be forwarded-ported to applicable branches including `main`.
-4. [[create-a-local-branch]] Create a local branch
+[[create-a-local-branch]]
+1. Create a local branch
 If this is for an issue, consider a branch name with the issue number, like `gh-22276`.
-5. [[write-tests]] Add documentation and JUnit Tests for your changes.
+[[write-tests]]
-6. [[update-copyright]] In all files you edited, if the copyright header is of the form 2002-20xx, update the final copyright year to the current year.
+1. Add documentation and JUnit Tests for your changes.
-7. [[add-since]] If on `main`, add `@since` JavaDoc attributes to new public APIs that your PR adds
+[[update-copyright]]
-8. [[change-rnc]] If you are updating the XSD, please instead update the RNC file and then run `./gradlew :spring-security-config:rncToXsd`.
+1. In all files you edited, if the copyright header is of the form 2002-20xx, update the final copyright year to the current year.
-9. [[format-code]] For each commit, build the code using `./gradlew format && ./gradlew check`.
+[[add-since]]
+1. If on `main`, add `@since` JavaDoc attributes to new public APIs that your PR adds
+[[change-rnc]]
+1. If you are updating the XSD, please instead update the RNC file and then run `./gradlew :spring-security-config:rncToXsd`.
+[[format-code]]
+1. For each commit, build the code using `./gradlew format check`.
 This command ensures the code meets most of <<code-style,the style guide>>; a notable exception is import order.
-10. [[commit-atomically]] Choose the granularity of your commits consciously and squash commits that represent
+[[commit-atomically]]
+1. Choose the granularity of your commits consciously and squash commits that represent
 multiple edits or corrections of the same logical change.
 See https://git-scm.com/book/en/Git-Tools-Rewriting-History[Rewriting History section of Pro Git] for an overview of streamlining the commit history.
-11. [[format-commit-messages]] Format commit messages using 55 characters for the subject line, 72 characters per line
+[[format-commit-messages]]
+1. Format commit messages using 55 characters for the subject line, 72 characters per line
 for the description, followed by the issue fixed, for example, `Closes gh-22276`.
 See the https://git-scm.com/book/en/Distributed-Git-Contributing-to-a-Project#Commit-Guidelines[Commit Guidelines section of Pro Git] for best practices around commit messages, and use `git log` to see some examples.
-Favor imperative tense over present tense (use "Fix" instead of "Fixes"); avoid past tense (use "Fix" instead of "Fixed").
+Present tense is preferred.
 +
 [indent=0]
 ----

README.adoc

@@ -21,8 +21,6 @@ See https://docs.spring.io/spring-security/reference/getting-spring-security.htm
 Be sure to read the https://docs.spring.io/spring-security/reference/[Spring Security Reference].
 Extensive JavaDoc for the Spring Security code is also available in the https://docs.spring.io/spring-security/site/docs/current/api/[Spring Security API Documentation].
 
-You may also want to check out https://docs.spring.io/spring-security/reference/whats-new.html[what's new in the latest release].
-
 == Quick Start
 See https://docs.spring.io/spring-security/reference/servlet/getting-started.html[Hello Spring Security] to get started with a "Hello, World" application.
 

acl/spring-security-acl.gradle

@@ -20,5 +20,4 @@ dependencies {
 	testImplementation "org.springframework:spring-test"
 
 	testRuntimeOnly 'org.hsqldb:hsqldb'
-	testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
 }

acl/src/main/java/org/springframework/security/acls/AclEntryVoter.java

@@ -96,11 +96,7 @@ import org.springframework.util.StringUtils;
  * All comparisons and prefixes are case sensitive.
  *
  * @author Ben Alex
- * @deprecated please use {@link AclPermissionEvaluator} instead. Spring Method Security
- * annotations may also prove useful, for example
- * {@code @PreAuthorize("hasPermission(#id, ObjectsReturnType.class, read)")}
  */
-@Deprecated
 public class AclEntryVoter extends AbstractAclVoter {
 
 	private static final Log logger = LogFactory.getLog(AclEntryVoter.class);

acl/src/main/java/org/springframework/security/acls/AclPermissionCacheOptimizer.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/main/java/org/springframework/security/acls/afterinvocation/AbstractAclProvider.java

@@ -20,7 +20,6 @@ import java.util.List;
 
 import org.springframework.security.access.AfterInvocationProvider;
 import org.springframework.security.access.ConfigAttribute;
-import org.springframework.security.acls.AclPermissionEvaluator;
 import org.springframework.security.acls.domain.ObjectIdentityRetrievalStrategyImpl;
 import org.springframework.security.acls.domain.SidRetrievalStrategyImpl;
 import org.springframework.security.acls.model.Acl;
@@ -40,11 +39,7 @@ import org.springframework.util.ObjectUtils;
  * services.
  *
  * @author Ben Alex
- * @deprecated please use {@link AclPermissionEvaluator} instead. Spring Method Security
- * annotations may also prove useful, for example
- * {@code @PostAuthorize("hasPermission(filterObject, read)")}
  */
-@Deprecated
 public abstract class AbstractAclProvider implements AfterInvocationProvider {
 
 	protected final AclService aclService;

acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java

@@ -26,7 +26,6 @@ import org.springframework.core.log.LogMessage;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.AuthorizationServiceException;
 import org.springframework.security.access.ConfigAttribute;
-import org.springframework.security.acls.AclPermissionEvaluator;
 import org.springframework.security.acls.model.AclService;
 import org.springframework.security.acls.model.Permission;
 import org.springframework.security.core.Authentication;
@@ -63,11 +62,7 @@ import org.springframework.security.core.Authentication;
  *
  * @author Ben Alex
  * @author Paulo Neves
- * @deprecated please use {@link AclPermissionEvaluator} instead. Spring Method Security
- * annotations may also prove useful, for example
- * {@code @PostFilter("hasPermission(filterObject, read)")}
  */
-@Deprecated
 public class AclEntryAfterInvocationCollectionFilteringProvider extends AbstractAclProvider {
 
 	protected static final Log logger = LogFactory.getLog(AclEntryAfterInvocationCollectionFilteringProvider.class);

acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java

@@ -27,7 +27,6 @@ import org.springframework.context.MessageSourceAware;
 import org.springframework.context.support.MessageSourceAccessor;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
-import org.springframework.security.acls.AclPermissionEvaluator;
 import org.springframework.security.acls.model.AclService;
 import org.springframework.security.acls.model.Permission;
 import org.springframework.security.core.Authentication;
@@ -60,12 +59,7 @@ import org.springframework.security.core.SpringSecurityMessageSource;
  * granted and <code>null</code> will be returned.
  * <p>
  * All comparisons and prefixes are case sensitive.
- *
- * @deprecated please use {@link AclPermissionEvaluator} instead. Spring Method Security
- * annotations may also prove useful, for example
- * {@code @PostAuthorize("hasPermission(filterObject, read)")}
  */
-@Deprecated
 public class AclEntryAfterInvocationProvider extends AbstractAclProvider implements MessageSourceAware {
 
 	protected static final Log logger = LogFactory.getLog(AclEntryAfterInvocationProvider.class);

acl/src/main/java/org/springframework/security/acls/afterinvocation/ArrayFilterer.java

@@ -32,9 +32,7 @@ import org.springframework.core.log.LogMessage;
  *
  * @author Ben Alex
  * @author Paulo Neves
- * @deprecated please see {@code PostFilter}
  */
-@Deprecated
 class ArrayFilterer<T> implements Filterer<T> {
 
 	protected static final Log logger = LogFactory.getLog(ArrayFilterer.class);

acl/src/main/java/org/springframework/security/acls/afterinvocation/CollectionFilterer.java

@@ -31,9 +31,7 @@ import org.springframework.core.log.LogMessage;
  *
  * @author Ben Alex
  * @author Paulo Neves
- * @deprecated please see {@code PostFilter}
  */
-@Deprecated
 class CollectionFilterer<T> implements Filterer<T> {
 
 	protected static final Log logger = LogFactory.getLog(CollectionFilterer.class);

acl/src/main/java/org/springframework/security/acls/afterinvocation/Filterer.java

@@ -23,9 +23,7 @@ import java.util.Iterator;
  *
  * @author Ben Alex
  * @author Paulo Neves
- * @deprecated please use {@code PreFilter} and {@code @PostFilter} instead
  */
-@Deprecated
 interface Filterer<T> extends Iterable<T> {
 
 	/**

acl/src/main/java/org/springframework/security/acls/afterinvocation/package-info.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/main/java/org/springframework/security/acls/domain/AbstractPermission.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/main/java/org/springframework/security/acls/domain/AccessControlEntryImpl.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/main/java/org/springframework/security/acls/domain/AclImpl.java

@@ -202,7 +202,7 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
 	public boolean isSidLoaded(List<Sid> sids) {
 		// If loadedSides is null, this indicates all SIDs were loaded
 		// Also return true if the caller didn't specify a SID to find
-		if ((this.loadedSids == null) || (sids == null) || sids.isEmpty()) {
+		if ((this.loadedSids == null) || (sids == null) || (sids.size() == 0)) {
 			return true;
 		}
 

acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionFactory.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -140,7 +140,7 @@ public class DefaultPermissionFactory implements PermissionFactory {
 
 	@Override
 	public List<Permission> buildFromNames(List<String> names) {
-		if ((names == null) || names.isEmpty()) {
+		if ((names == null) || (names.size() == 0)) {
 			return Collections.emptyList();
 		}
 		List<Permission> permissions = new ArrayList<>(names.size());

acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionGrantingStrategy.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/main/java/org/springframework/security/acls/domain/PermissionFactory.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/main/java/org/springframework/security/acls/domain/SpringCacheBasedAclCache.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2013 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/main/java/org/springframework/security/acls/domain/package-info.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/main/java/org/springframework/security/acls/jdbc/AclClassIdUtils.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java

@@ -100,8 +100,8 @@ public class JdbcAclService implements AclService {
 	@Override
 	public List<ObjectIdentity> findChildren(ObjectIdentity parentIdentity) {
 		Object[] args = { parentIdentity.getIdentifier().toString(), parentIdentity.getType() };
-		List<ObjectIdentity> objects = this.jdbcOperations.query(this.findChildrenSql,
+		List<ObjectIdentity> objects = this.jdbcOperations.query(this.findChildrenSql, args,
-				(rs, rowNum) -> mapObjectIdentityRow(rs), args);
+				(rs, rowNum) -> mapObjectIdentityRow(rs));
 		return (!objects.isEmpty()) ? objects : null;
 	}
 

acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java

@@ -190,7 +190,8 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 	 * @return the primary key or null if not found
 	 */
 	protected Long createOrRetrieveClassPrimaryKey(String type, boolean allowCreate, Class idType) {
-		List<Long> classIds = this.jdbcOperations.queryForList(this.selectClassPrimaryKey, Long.class, type);
+		List<Long> classIds = this.jdbcOperations.queryForList(this.selectClassPrimaryKey, new Object[] { type },
+				Long.class);
 
 		if (!classIds.isEmpty()) {
 			return classIds.get(0);
@@ -241,8 +242,8 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 	 * @return the primary key or null if not found
 	 */
 	protected Long createOrRetrieveSidPrimaryKey(String sidName, boolean sidIsPrincipal, boolean allowCreate) {
-		List<Long> sidIds = this.jdbcOperations.queryForList(this.selectSidPrimaryKey, Long.class, sidIsPrincipal,
+		List<Long> sidIds = this.jdbcOperations.queryForList(this.selectSidPrimaryKey,
-				sidName);
+				new Object[] { sidIsPrincipal, sidName }, Long.class);
 		if (!sidIds.isEmpty()) {
 			return sidIds.get(0);
 		}

acl/src/main/java/org/springframework/security/acls/jdbc/package-info.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/main/java/org/springframework/security/acls/model/AclDataAccessException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/main/java/org/springframework/security/acls/model/ObjectIdentityGenerator.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/main/java/org/springframework/security/acls/model/PermissionGrantingStrategy.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/main/java/org/springframework/security/acls/model/package-info.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/main/java/org/springframework/security/acls/package-info.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/test/java/org/springframework/security/acls/AclFormattingUtilsTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/test/java/org/springframework/security/acls/AclPermissionCacheOptimizerTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/test/java/org/springframework/security/acls/AclPermissionEvaluatorTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/test/java/org/springframework/security/acls/TargetObject.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/test/java/org/springframework/security/acls/TargetObjectWithUUID.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProviderTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProviderTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/test/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImplTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/test/java/org/springframework/security/acls/domain/AclImplementationSecurityCheckTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImplTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/test/java/org/springframework/security/acls/jdbc/AclClassIdUtilsTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTestsDbHelper.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyWithAclClassTypeTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -109,7 +109,7 @@ public class JdbcAclServiceTests {
 		List<ObjectIdentity> result = new ArrayList<>();
 		result.add(new ObjectIdentityImpl(Object.class, "5577"));
 		Object[] args = { "1", "org.springframework.security.acls.jdbc.JdbcAclServiceTests$MockLongIdDomainObject" };
-		given(this.jdbcOperations.query(anyString(), any(RowMapper.class), eq(args))).willReturn(result);
+		given(this.jdbcOperations.query(anyString(), eq(args), any(RowMapper.class))).willReturn(result);
 		ObjectIdentity objectIdentity = new ObjectIdentityImpl(MockLongIdDomainObject.class, 1L);
 		List<ObjectIdentity> objectIdentities = this.aclService.findChildren(objectIdentity);
 		assertThat(objectIdentities).hasSize(1);

acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTestsWithAclClassId.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/test/java/org/springframework/security/acls/jdbc/SpringCacheBasedAclCacheTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/test/java/org/springframework/security/acls/sid/CustomSid.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

acl/src/test/java/org/springframework/security/acls/sid/SidTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

aspects/spring-security-aspects.gradle

@@ -27,8 +27,6 @@ dependencies {
 	testImplementation "org.mockito:mockito-junit-jupiter"
 	testImplementation "org.springframework:spring-test"
 	testAspect sourceSets.main.output
-
-	testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
 }
 
 compileAspectj.ajcOptions.outxmlfile = "META-INF/aop.xml"

aspects/src/main/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspect.aj

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

aspects/src/main/java/org/springframework/security/authorization/method/aspectj/AbstractMethodInterceptorAspect.aj

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

aspects/src/main/java/org/springframework/security/authorization/method/aspectj/JoinPointMethodInvocation.aj

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

aspects/src/main/java/org/springframework/security/authorization/method/aspectj/PostAuthorizeAspect.aj

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

aspects/src/main/java/org/springframework/security/authorization/method/aspectj/PostFilterAspect.aj

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

aspects/src/main/java/org/springframework/security/authorization/method/aspectj/PreAuthorizeAspect.aj

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

aspects/src/main/java/org/springframework/security/authorization/method/aspectj/PreFilterAspect.aj

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

aspects/src/main/java/org/springframework/security/authorization/method/aspectj/SecuredAspect.aj

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

aspects/src/test/java/org/springframework/security/authorization/method/aspectj/PostAuthorizeAspectTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

aspects/src/test/java/org/springframework/security/authorization/method/aspectj/PostFilterAspectTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

aspects/src/test/java/org/springframework/security/authorization/method/aspectj/PreAuthorizeAspectTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -144,7 +144,7 @@ public class PreAuthorizeAspectTests {
 		protected void protectedMethod() {
 		}
 
-		@PreAuthorize("hasRole('A')")
+		@PreAuthorize("hasRole('X')")
 		void publicCallsPrivate() {
 			privateMethod();
 		}

aspects/src/test/java/org/springframework/security/authorization/method/aspectj/PreFilterAspectTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

aspects/src/test/java/org/springframework/security/authorization/method/aspectj/SecuredAspectTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

build.gradle

@@ -20,6 +20,7 @@ plugins {
 
 apply plugin: 'io.spring.nohttp'
 apply plugin: 'locks'
+apply plugin: 's101'
 apply plugin: 'io.spring.convention.root'
 apply plugin: 'org.jetbrains.kotlin.jvm'
 apply plugin: 'org.springframework.security.versions.verify-dependencies-versions'
@@ -105,14 +106,10 @@ develocity {
 }
 
 nohttp {
-	source.exclude "buildSrc/build/**", "javascript/.gradle/**", "javascript/package-lock.json", "javascript/node_modules/**", "javascript/build/**", "javascript/dist/**"
+	source.exclude "buildSrc/build/**"
 	source.builtBy(project(':spring-security-config').tasks.withType(RncToXsd))
 }
 
-tasks.named('checkstyleNohttp') {
-	maxHeapSize = '1g'
-}
-
 tasks.register('cloneRepository', IncludeRepoTask) {
 	repository = project.getProperties().get("repositoryName")
 	ref = project.getProperties().get("ref")
@@ -120,11 +117,16 @@ tasks.register('cloneRepository', IncludeRepoTask) {
 	outputDirectory = project.hasProperty("cloneOutputDirectory") ? project.file("$cloneOutputDirectory") : defaultDirectory
 }
 
+s101 {
+	repository = 'https://structure101.com/binaries/latest'
+	configurationDirectory = project.file("etc/s101")
+}
+
 wrapperUpgrade {
 	gradle {
 		'spring-security' {
 			repo = 'spring-projects/spring-security'
-			baseBranch = '6.3.x' // runs only on 6.3.x and the update is merged forward to main
+			baseBranch = '6.2.x' // runs only on 6.2.x and the update is merged forward to main
 		}
 	}
 }

buildSrc/build.gradle

@@ -1,6 +1,5 @@
 plugins {
 	id "java-gradle-plugin"
-	id "groovy-gradle-plugin"
 	id "java"
 	id "groovy"
 }
@@ -64,7 +63,6 @@ configurations {
 dependencies {
 	implementation platform(libs.io.projectreactor.reactor.bom)
 
-	implementation libs.spring.nullability
 	implementation libs.com.google.code.gson.gson
 	implementation libs.com.thaiopensource.trag
 	implementation libs.net.sourceforge.saxon.saxon
@@ -78,7 +76,6 @@ dependencies {
 	implementation libs.com.github.spullara.mustache.java.compiler
 	implementation libs.io.spring.javaformat.spring.javaformat.gradle.plugin
 	implementation libs.io.spring.nohttp.nohttp.gradle
-	implementation libs.org.jetbrains.kotlin.kotlin.gradle.plugin
 	implementation (libs.net.sourceforge.htmlunit) {
 		exclude group: 'org.eclipse.jetty.websocket', module: 'websocket-client'
 	}
@@ -98,8 +95,6 @@ dependencies {
 	testImplementation 'org.mockito:mockito-core'
 	testImplementation 'org.mockito:mockito-junit-jupiter'
 	testImplementation libs.com.squareup.okhttp3.mockwebserver
-
-	testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
 }
 
 

buildSrc/gradlew.bat

@@ -1,5 +1,5 @@
 @rem
-@rem Copyright 2004-present the original author or authors.
+@rem Copyright 2015 the original author or authors.
 @rem
 @rem Licensed under the Apache License, Version 2.0 (the "License");
 @rem you may not use this file except in compliance with the License.

buildSrc/src/main/groovy/io/spring/gradle/IncludeRepoTask.groovy

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not
  * use this file except in compliance with the License. You may obtain a copy of

buildSrc/src/main/groovy/io/spring/gradle/convention/AbstractSpringJavaPlugin.groovy

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not
  * use this file except in compliance with the License. You may obtain a copy of

buildSrc/src/main/groovy/io/spring/gradle/convention/ArtifactoryPlugin.groovy

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not
  * use this file except in compliance with the License. You may obtain a copy of

buildSrc/src/main/groovy/io/spring/gradle/convention/CheckstylePlugin.groovy

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2016-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not
  * use this file except in compliance with the License. You may obtain a copy of

buildSrc/src/main/groovy/io/spring/gradle/convention/DeployDocsPlugin.groovy

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not
  * use this file except in compliance with the License. You may obtain a copy of
@@ -79,4 +79,4 @@ public class DeployDocsPlugin implements Plugin<Project> {
 			}
 		}
 	}
-}
+}

buildSrc/src/main/groovy/io/spring/gradle/convention/EclipsePlugin.groovy

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2023 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not
  * use this file except in compliance with the License. You may obtain a copy of

buildSrc/src/main/groovy/io/spring/gradle/convention/IntegrationTestPlugin.groovy

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2016-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not
  * use this file except in compliance with the License. You may obtain a copy of

buildSrc/src/main/groovy/io/spring/gradle/convention/JacocoPlugin.groovy

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2016-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not
  * use this file except in compliance with the License. You may obtain a copy of

buildSrc/src/main/groovy/io/spring/gradle/convention/JavadocApiPlugin.groovy

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not
  * use this file except in compliance with the License. You may obtain a copy of

buildSrc/src/main/groovy/io/spring/gradle/convention/ManagementConfigurationPlugin.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2002-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -61,7 +61,7 @@ public class ManagementConfigurationPlugin implements Plugin<Project> {
 				PublishingExtension publishing = project.getExtensions().getByType(PublishingExtension.class);
 				publishing.getPublications().withType(MavenPublication.class, (mavenPublication -> {
 					mavenPublication.versionMapping((versions) ->
-							versions.allVariants((versionMapping) -> versionMapping.fromResolutionResult())
+							versions.allVariants(versionMapping -> versionMapping.fromResolutionResult())
 					);
 				}));
 			});
@@ -71,4 +71,4 @@ public class ManagementConfigurationPlugin implements Plugin<Project> {
 			}));
 		});
 	}
-}
+}

buildSrc/src/main/groovy/io/spring/gradle/convention/RepositoryConventionPlugin.groovy

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2016-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not
  * use this file except in compliance with the License. You may obtain a copy of
@@ -80,11 +80,6 @@ class RepositoryConventionPlugin implements Plugin<Project> {
 				}
 				url = 'https://repo.spring.io/release/'
 			}
-			forceMavenRepositories.findAll { it.startsWith('https://') || it.startsWith('file://') }.each { mavenUrl ->
-				maven {
-					url mavenUrl
-				}
-			}
 		}
 	}
 

buildSrc/src/main/groovy/io/spring/gradle/convention/RootProjectPlugin.groovy

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-present the original author or authors.
+ * Copyright 2016-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not
  * use this file except in compliance with the License. You may obtain a copy of