Merge pull request #102 from xdev-software/develop

Release

Author: AB-xdev

Diff for: .config/pmd/ruleset.xml

@@ -151,5 +151,12 @@
 		<exclude name="UseStringBufferForStringAppends"/>
 	</rule>
 
+	<rule ref="category/java/performance.xml/TooFewBranchesForSwitch">
+		<properties>
+			<!-- If you have one case only please use a if -->
+			<property name="minimumNumberCaseForASwitch" value="2"/>
+		</properties>
+	</rule>
+
 	<rule ref="category/java/security.xml"/>
 </ruleset>

Diff for: .github/ISSUE_TEMPLATE/bug_report.yml

@@ -1,6 +1,7 @@
 name: 🐞 Bug
 description: Create a bug report for something that is broken
 labels: [bug]
+type: bug
 body:
   - type: markdown
     attributes:

Diff for: .github/ISSUE_TEMPLATE/enhancement.yml

@@ -1,6 +1,7 @@
 name: ✨ Feature/Enhancement
 description: Suggest a new feature or enhancement
 labels: [enhancement]
+type: feature
 body:
   - type: markdown
     attributes:

Diff for: .github/workflows/broken-links.yml

@@ -11,14 +11,17 @@ permissions:
 jobs:
   link-checker:
     runs-on: ubuntu-latest
+    timeout-minutes: 15
     steps:
       - uses: actions/checkout@v4
 
       - run: mv .github/.lycheeignore .lycheeignore
 
       - name: Link Checker
         id: lychee
-        uses: lycheeverse/lychee-action@v1
+        uses: lycheeverse/lychee-action@v2
+        with:
+          fail: false # Don't fail on broken links, create an issue instead
 
       - name: Find already existing issue
         id: find-issue

Diff for: .github/workflows/check-build.yml

@@ -26,6 +26,7 @@ env:
 jobs:
   build:
     runs-on: ubuntu-latest
+    timeout-minutes: 30
 
     strategy:
       matrix:
@@ -73,6 +74,7 @@ jobs:
   checkstyle:
     runs-on: ubuntu-latest
     if: ${{ github.event_name != 'pull_request' || !startsWith(github.head_ref, 'renovate/') }}
+    timeout-minutes: 15
 
     strategy:
       matrix:
@@ -95,6 +97,7 @@ jobs:
   pmd:
     runs-on: ubuntu-latest
     if: ${{ github.event_name != 'pull_request' || !startsWith(github.head_ref, 'renovate/') }}
+    timeout-minutes: 15
 
     strategy:
       matrix:

Diff for: .github/workflows/release.yml

@@ -14,6 +14,7 @@ permissions:
 jobs:
   check-code:
     runs-on: ubuntu-latest
+    timeout-minutes: 30
     steps:
     - uses: actions/checkout@v4
 
@@ -48,6 +49,7 @@ jobs:
   prepare-release:
     runs-on: ubuntu-latest
     needs: [check-code]
+    timeout-minutes: 10
     outputs:
       upload_url: ${{ steps.create_release.outputs.upload_url }}
     steps:
@@ -109,6 +111,7 @@ jobs:
   publish-maven:
     runs-on: ubuntu-latest
     needs: [prepare-release]
+    timeout-minutes: 60
     steps:
     - uses: actions/checkout@v4
 
@@ -140,6 +143,7 @@ jobs:
   publish-pages:
     runs-on: ubuntu-latest
     needs: [prepare-release]
+    timeout-minutes: 15
     steps:
     - uses: actions/checkout@v4
 
@@ -165,10 +169,12 @@ jobs:
       with:
         github_token: ${{ secrets.GITHUB_TOKEN }}
         publish_dir: ./${{ env.PRIMARY_MAVEN_MODULE }}/target/site
+        force_orphan: true
 
   after-release:
     runs-on: ubuntu-latest
     needs: [publish-maven]
+    timeout-minutes: 10
     steps:
     - uses: actions/checkout@v4
 

Diff for: .github/workflows/sonar.yml

@@ -27,6 +27,7 @@ jobs:
   token-check:
     runs-on: ubuntu-latest
     if: ${{ !(github.event_name == 'pull_request' && startsWith(github.head_ref, 'renovate/')) }}
+    timeout-minutes: 5
     outputs:
       hasToken: ${{ steps.check-token.outputs.has }}
     steps:
@@ -40,6 +41,7 @@ jobs:
     runs-on: ubuntu-latest
     needs: token-check
     if: ${{ needs.token-check.outputs.hasToken }}
+    timeout-minutes: 30
     steps:
       - uses: actions/checkout@v4
         with:

Diff for: .github/workflows/sync-labels.yml

@@ -14,6 +14,7 @@ permissions:
 jobs:
   labels:
     runs-on: ubuntu-latest
+    timeout-minutes: 10
     steps:
       - uses: actions/checkout@v4
         with:

Diff for: .github/workflows/test-deploy.yml

@@ -9,6 +9,7 @@ env:
 jobs:
   publish-maven:
     runs-on: ubuntu-latest
+    timeout-minutes: 60
     steps:
     - uses: actions/checkout@v4
 

Diff for: .github/workflows/update-from-template.yml

@@ -31,6 +31,7 @@ permissions:
 jobs:
   update:
     runs-on: ubuntu-latest
+    timeout-minutes: 60
     outputs:
       update_branch_merged_commit: ${{ steps.manage-branches.outputs.update_branch_merged_commit }}
       create_update_branch_merged_pr: ${{ steps.manage-branches.outputs.create_update_branch_merged_pr }}
@@ -180,6 +181,7 @@ jobs:
     needs: [update]
     if: needs.update.outputs.create_update_branch_merged_pr == 1
     runs-on: ubuntu-latest
+    timeout-minutes: 60
     steps:
       - uses: actions/checkout@v4
         with:

Diff for: .idea/checkstyle-idea.xml

@@ -1,3 +1,29 @@
+# 2.0.0
+* Added support for Spring Security 6.4+ / Spring Boot 3.4+ #100
+  * Spring now
+    * uses a Regex-based templating system
+    * no longer uses bootstrap
+    * provides One-Time token/OTT and Passkey logins
+* Changes to ``Extendable``-subsystem
+  * Now uses the new Regex-based templating system
+  * Correct a bunch of problems in Spring Security including
+    * One-Time token/OTT and Passkeys are ignored when computing if the whole filter is enabled
+    * [Passkeys] Removed invalid XML comment in scripts block
+    * [Passkeys] Fixed incorrectly closed HTML-form/div-tag
+    * [HtmlTemplating] Compile ``UNUSED_PLACEHOLDER_PATTERN`` regex once and not for each request
+    * [HtmlTemplating] Render: Optimization: Use entrySet instead of keySet + getValue
+    * Add correct setter for ``generateOneTimeTokenUrl``
+    * Improved naming of methods
+* Changes to ``Advanced``-subsystem
+  * Keeps using Bootstrap
+    * By default bootstrap is still loaded from ``cdn.jsdelivr.net`` but you can (and should) provide your own version
+  * Keeps using the old templating system (without Regex)
+    * Not all values are escaped by default as is with Spring's Regex based system
+      * Usually they don't need to be escaped in the first place as they are set on the server side and can't be modified by a user
+    * This is A LOT FASTER (in tests around 50x) than Spring's new Regex based system
+  * Adopted changes; Added new configuration options
+  * [Passkeys] Fixed a problem where more than one header results in invalid generated JavaScript code
+
 # 1.0.3
 * Updated dependencies
 * Abstracted code

Diff for: .idea/saveactions_settings.xml

@@ -32,6 +32,17 @@ public SecurityFilterChain configure(final HttpSecurity http) throws Exception
 
 A more detailed scenario is available in the [demo](./spring-security-advanced-authentication-ui-demo/).
 
+> [!NOTE]
+> By default [Bootstrap](https://github.com/twbs/bootstrap) is loaded from ``cdn.jsdelivr.net``.<br/>
+> Due to privacy and stability reasons you should ship your own version!<br/>
+> An example how this can be done is shown in the demo.
+
+> [!NOTE]
+> The ``Advanced``-subsystem uses the pre-``Spring Security 6.4`` / ``Spring Boot 3.4`` templating system (without Regex).<br/>
+> * In contrast to Spring's new Regex based system not all values are escaped by default
+>   * Usually they don't need to be escaped in the first place as they are set on the server side and can't be modified by a user
+> * This is A LOT FASTER (in tests around 50x) than Spring's new Regex based system
+
 ## Installation
 [Installation guide for the latest release](https://github.com/xdev-software/spring-security-advanced-authentication-ui/releases/latest#Installation)
 

Diff for: CHANGELOG.md

@@ -1,7 +1,7 @@
 ## Development Infrastructure
 
 The infrastructure contains the following:
-* [Open ID Connect Mock Server](https://github.com/Soluto/oidc-server-mock) - for login in
+* [Open ID Connect Mock Server](https://github.com/xdev-software/oidc-server-mock) - for login in
   * Available at http://localhost:4011
 
 ### Setup

Diff for: README.md

@@ -1,10 +1,8 @@
-version: "3"
-
 services:
   # Docs: https://docs.duendesoftware.com
   oidc-server-mock:
     container_name: oidc-server-mock
-    image: ghcr.io/soluto/oidc-server-mock:9.0.1
+    image: xdevsoftware/oidc-server-mock:1
     environment:
       ASPNETCORE_ENVIRONMENT: Development
       SERVER_OPTIONS_INLINE: |

Diff for: assets/demo.png

@@ -6,7 +6,7 @@
 
 	<groupId>software.xdev</groupId>
 	<artifactId>spring-security-advanced-authentication-ui-root</artifactId>
-	<version>1.0.4-SNAPSHOT</version>
+	<version>2.0.0-SNAPSHOT</version>
 	<packaging>pom</packaging>
 
 	<organization>
@@ -40,12 +40,12 @@
 					<plugin>
 						<groupId>org.apache.maven.plugins</groupId>
 						<artifactId>maven-checkstyle-plugin</artifactId>
-						<version>3.5.0</version>
+						<version>3.6.0</version>
 						<dependencies>
 							<dependency>
 								<groupId>com.puppycrawl.tools</groupId>
 								<artifactId>checkstyle</artifactId>
-								<version>10.18.1</version>
+								<version>10.21.2</version>
 							</dependency>
 						</dependencies>
 						<configuration>
@@ -70,7 +70,7 @@
 					<plugin>
 						<groupId>org.apache.maven.plugins</groupId>
 						<artifactId>maven-pmd-plugin</artifactId>
-						<version>3.25.0</version>
+						<version>3.26.0</version>
 						<configuration>
 							<includeTests>true</includeTests>
 							<printFailingErrors>true</printFailingErrors>
@@ -82,12 +82,12 @@
 							<dependency>
 								<groupId>net.sourceforge.pmd</groupId>
 								<artifactId>pmd-core</artifactId>
-								<version>7.5.0</version>
+								<version>7.10.0</version>
 							</dependency>
 							<dependency>
 								<groupId>net.sourceforge.pmd</groupId>
 								<artifactId>pmd-java</artifactId>
-								<version>7.5.0</version>
+								<version>7.10.0</version>
 							</dependency>
 						</dependencies>
 					</plugin>
@@ -99,7 +99,7 @@
 					<plugin>
 						<groupId>org.apache.maven.plugins</groupId>
 						<artifactId>maven-jxr-plugin</artifactId>
-						<version>3.5.0</version>
+						<version>3.6.0</version>
 					</plugin>
 				</plugins>
 			</reporting>

Diff for: dev_infra/README.md

@@ -3,3 +3,17 @@
 * Start the [development infrastructure](../dev_infra/)
 * Run the application
 * Open ``http://localhost:8080``
+
+## Special Login information
+
+### Username + Password
+
+Example user:
+* Username: ``test``
+* Password: ``test``
+
+### Passkeys
+
+The browser needs to support passkeys and you also need an appropriate store (usually the OS handles this).
+
+NOTE: Passkeys are lost when rebooting the server

Diff for: dev_infra/docker-compose.yml

@@ -7,11 +7,11 @@
 	<parent>
 		<groupId>software.xdev</groupId>
 		<artifactId>spring-security-advanced-authentication-ui-root</artifactId>
-		<version>1.0.4-SNAPSHOT</version>
+		<version>2.0.0-SNAPSHOT</version>
 	</parent>
 
 	<artifactId>spring-security-advanced-authentication-ui-demo</artifactId>
-	<version>1.0.4-SNAPSHOT</version>
+	<version>2.0.0-SNAPSHOT</version>
 	<packaging>jar</packaging>
 
 	<organization>
@@ -28,7 +28,7 @@
 
 		<mainClass>software.xdev.Application</mainClass>
 
-		<org.springframework.boot.version>3.3.4</org.springframework.boot.version>
+		<org.springframework.boot.version>3.4.2</org.springframework.boot.version>
 	</properties>
 
 	<dependencyManagement>
@@ -63,6 +63,19 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-oauth2-client</artifactId>
 		</dependency>
+
+		<!-- Required to showcase passkeys -->
+		<dependency>
+			<groupId>com.webauthn4j</groupId>
+			<artifactId>webauthn4j-core</artifactId>
+			<version>0.28.5.RELEASE</version>
+		</dependency>
+
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-devtools</artifactId>
+			<optional>true</optional>
+		</dependency>
 	</dependencies>
 
 	<build>