Merge branch 'develop' into update-from-template-merged

Author: xdev-gh-bot

Diff for: .github/ISSUE_TEMPLATE/bug_report.yml

@@ -15,9 +15,9 @@ body:
     attributes:
       label: "Checklist"
       options:
-        - label: "I am able to reproduce the bug with the [latest version](https://github.com/xdev-software/template-placeholder/releases/latest)"
+        - label: "I am able to reproduce the bug with the [latest version](https://github.com/xdev-software/spring-security-advanced-authentication-ui/releases/latest)"
           required: true
-        - label: "I made sure that there are *no existing issues* - [open](https://github.com/xdev-software/template-placeholder/issues) or [closed](https://github.com/xdev-software/template-placeholder/issues?q=is%3Aissue+is%3Aclosed) - which I could contribute my information to."
+        - label: "I made sure that there are *no existing issues* - [open](https://github.com/xdev-software/spring-security-advanced-authentication-ui/issues) or [closed](https://github.com/xdev-software/spring-security-advanced-authentication-ui/issues?q=is%3Aissue+is%3Aclosed) - which I could contribute my information to."
           required: true
         - label: "I have taken the time to fill in all the required details. I understand that the bug report will be dismissed otherwise."
           required: true

Diff for: .github/ISSUE_TEMPLATE/enhancement.yml

@@ -13,7 +13,7 @@ body:
     attributes:
       label: "Checklist"
       options:
-        - label: "I made sure that there are *no existing issues* - [open](https://github.com/xdev-software/template-placeholder/issues) or [closed](https://github.com/xdev-software/template-placeholder/issues?q=is%3Aissue+is%3Aclosed) - which I could contribute my information to."
+        - label: "I made sure that there are *no existing issues* - [open](https://github.com/xdev-software/spring-security-advanced-authentication-ui/issues) or [closed](https://github.com/xdev-software/spring-security-advanced-authentication-ui/issues?q=is%3Aissue+is%3Aclosed) - which I could contribute my information to."
           required: true
         - label: "I have taken the time to fill in all the required details. I understand that the feature request will be dismissed otherwise."
           required: true

Diff for: .github/ISSUE_TEMPLATE/question.yml

@@ -12,7 +12,7 @@ body:
     attributes:
       label: "Checklist"
       options:
-        - label: "I made sure that there are *no existing issues* - [open](https://github.com/xdev-software/template-placeholder/issues) or [closed](https://github.com/xdev-software/template-placeholder/issues?q=is%3Aissue+is%3Aclosed) - which I could contribute my information to."
+        - label: "I made sure that there are *no existing issues* - [open](https://github.com/xdev-software/spring-security-advanced-authentication-ui/issues) or [closed](https://github.com/xdev-software/spring-security-advanced-authentication-ui/issues?q=is%3Aissue+is%3Aclosed) - which I could contribute my information to."
           required: true
         - label: "I have taken the time to fill in all the required details. I understand that the question will be dismissed otherwise."
           required: true

Diff for: .run/Run Demo.run.xml

@@ -1,7 +1,7 @@
 <component name="ProjectRunConfigurationManager">
   <configuration default="false" name="Run Demo" type="Application" factoryName="Application">
     <option name="MAIN_CLASS_NAME" value="software.xdev.Application" />
-    <module name="template-placeholder-demo" />
+    <module name="spring-security-advanced-authentication-ui-demo" />
     <option name="WORKING_DIRECTORY" value="$MODULE_DIR$" />
     <extension name="coverage">
       <pattern>
@@ -13,4 +13,4 @@
       <option name="Make" enabled="true" />
     </method>
   </configuration>
-</component>
+</component>

Diff for: CHANGELOG.md

@@ -0,0 +1,44 @@
+# 2.0.0
+* Added support for Spring Security 6.4+ / Spring Boot 3.4+ #100
+  * Spring now
+    * uses a Regex-based templating system
+    * no longer uses bootstrap
+    * provides One-Time token/OTT and Passkey logins
+* Changes to ``Extendable``-subsystem
+  * Now uses the new Regex-based templating system
+  * Correct a bunch of problems in Spring Security including
+    * One-Time token/OTT and Passkeys are ignored when computing if the whole filter is enabled
+    * [Passkeys] Removed invalid XML comment in scripts block
+    * [Passkeys] Fixed incorrectly closed HTML-form/div-tag
+    * [HtmlTemplating] Compile ``UNUSED_PLACEHOLDER_PATTERN`` regex once and not for each request
+    * [HtmlTemplating] Render: Optimization: Use entrySet instead of keySet + getValue
+    * Add correct setter for ``generateOneTimeTokenUrl``
+    * Improved naming of methods
+* Changes to ``Advanced``-subsystem
+  * Keeps using Bootstrap
+    * By default bootstrap is still loaded from ``cdn.jsdelivr.net`` but you can (and should) provide your own version
+  * Keeps using the old templating system (without Regex)
+    * Not all values are escaped by default as is with Spring's Regex based system
+      * Usually they don't need to be escaped in the first place as they are set on the server side and can't be modified by a user
+    * This is A LOT FASTER (in tests around 50x) than Spring's new Regex based system
+  * Adopted changes; Added new configuration options
+  * [Passkeys] Fixed a problem where more than one header results in invalid generated JavaScript code
+
+# 1.0.3
+* Updated dependencies
+* Abstracted code
+
+# 1.0.2
+* Fix incorrect styling of ``main`` element on login screen
+
+# 1.0.1
+* Fix NPE when ``additionalStylingData`` is not set
+
+# 1.0.0
+<i>Initial release</i>
+* All methods and functionality are designed to be overwritable (at least protected)
+* The library consists of 2 main parts:
+  * ``extendable`` → Includes the bare minimum to make the Spring components extendable
+  * ``advanced`` → Contains components made on top of ``extendable`` with many customization options; Additionally:
+    * Updated Bootstrap to version 5.3+
+    * Improved SSO (OAuth2 / SAML2) UI

Diff for: CONTRIBUTING.md

@@ -34,10 +34,10 @@ You should have the following things installed:
   * Ensure that the JDK/Java-Version is correct
 
 
-## Releasing [![Build](https://img.shields.io/github/actions/workflow/status/xdev-software/template-placeholder/release.yml?branch=master)](https://github.com/xdev-software/template-placeholder/actions/workflows/release.yml)
+## Releasing [![Build](https://img.shields.io/github/actions/workflow/status/xdev-software/spring-security-advanced-authentication-ui/release.yml?branch=master)](https://github.com/xdev-software/spring-security-advanced-authentication-ui/actions/workflows/release.yml)
 
 Before releasing:
-* Consider doing a [test-deployment](https://github.com/xdev-software/template-placeholder/actions/workflows/test-deploy.yml?query=branch%3Adevelop) before actually releasing.
+* Consider doing a [test-deployment](https://github.com/xdev-software/spring-security-advanced-authentication-ui/actions/workflows/test-deploy.yml?query=branch%3Adevelop) before actually releasing.
 * Check the [changelog](CHANGELOG.md)
 
 If the ``develop`` is ready for release, create a pull request to the ``master``-Branch and merge the changes

Diff for: README.md

@@ -1,12 +1,53 @@
-[![Latest version](https://img.shields.io/maven-central/v/software.xdev/template-placeholder?logo=apache%20maven)](https://mvnrepository.com/artifact/software.xdev/template-placeholder)
-[![Build](https://img.shields.io/github/actions/workflow/status/xdev-software/template-placeholder/check-build.yml?branch=develop)](https://github.com/xdev-software/template-placeholder/actions/workflows/check-build.yml?query=branch%3Adevelop)
-[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=xdev-software_template-placeholder&metric=alert_status)](https://sonarcloud.io/dashboard?id=xdev-software_template-placeholder)
+[![Latest version](https://img.shields.io/maven-central/v/software.xdev/spring-security-advanced-authentication-ui?logo=apache%20maven)](https://mvnrepository.com/artifact/software.xdev/spring-security-advanced-authentication-ui)
+[![Build](https://img.shields.io/github/actions/workflow/status/xdev-software/spring-security-advanced-authentication-ui/check-build.yml?branch=develop)](https://github.com/xdev-software/spring-security-advanced-authentication-ui/actions/workflows/check-build.yml?query=branch%3Adevelop)
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=xdev-software_spring-security-advanced-authentication-ui&metric=alert_status)](https://sonarcloud.io/dashboard?id=xdev-software_spring-security-advanced-authentication-ui)
 
-# template-placeholder
+# Advanced authentication UI for Spring Security
 
+Modernizes the default Spring Web Authentication/Login UI and makes it easier customizable.
+
+<details><summary>Show demo</summary>
+
+<p align="center">
+<img src="./assets/demo.png" alt="Demo" />
+</p>
+
+</details>
+
+## Usage
+
+The library provides an adapter that can be used like this:
+```java
+public SecurityFilterChain configure(final HttpSecurity http) throws Exception
+{
+    // Changing the text "Login with" to "Sign in with"
+    http.with(new AdvancedLoginPageAdapter<>(http), c -> c
+            .customizeLoginPage(p -> p.ssoLoginHeaderText("Sign in with")))
+        .oauth2Login(c -> 
+            // ...
+        )
+    // ...
+}
+```
+
+A more detailed scenario is available in the [demo](./spring-security-advanced-authentication-ui-demo/).
+
+> [!NOTE]
+> By default [Bootstrap](https://github.com/twbs/bootstrap) is loaded from ``cdn.jsdelivr.net``.<br/>
+> Due to privacy and stability reasons you should ship your own version!<br/>
+> An example how this can be done is shown in the [demo](https://github.com/xdev-software/spring-security-advanced-authentication-ui/blob/4117d471e036de4dc2a58b2b484f2631afe7af50/spring-security-advanced-authentication-ui-demo/src/main/java/software/xdev/security/MainWebSecurity.java#L44-L51).
+
+> [!NOTE]
+> The ``Advanced``-subsystem uses the pre-``Spring Security 6.4`` / ``Spring Boot 3.4`` templating system (without Regex).<br/>
+> * In contrast to Spring's new Regex based system not all values are escaped by default
+>   * Usually they don't need to be escaped in the first place as they are set on the server side and can't be modified by a user
+> * This is A LOT FASTER (in tests around 50x) than Spring's new Regex based system
 
 ## Installation
-[Installation guide for the latest release](https://github.com/xdev-software/template-placeholder/releases/latest#Installation)
+[Installation guide for the latest release](https://github.com/xdev-software/spring-security-advanced-authentication-ui/releases/latest#Installation)
+
+> [!NOTE]  
+> To minimize the risk of dependency conflicts all Spring (Boot) dependencies are declared as provided and are not shipped by default.
 
 ## Support
 If you need support as soon as possible and you can't wait for any pull request, feel free to use [our support](https://xdev.software/en/services/support).
@@ -15,4 +56,4 @@ If you need support as soon as possible and you can't wait for any pull request,
 See the [contributing guide](./CONTRIBUTING.md) for detailed instructions on how to get started with our project.
 
 ## Dependencies and Licenses
-View the [license of the current project](LICENSE) or the [summary including all dependencies](https://xdev-software.github.io/template-placeholder/dependencies)
+View the [license of the current project](LICENSE) or the [summary including all dependencies](https://xdev-software.github.io/spring-security-advanced-authentication-ui/dependencies)

Diff for: SECURITY.md

@@ -2,4 +2,4 @@
 
 ## Reporting a Vulnerability
 
-Please report a security vulnerability [on GitHub Security Advisories](https://github.com/xdev-software/template-placeholder/security/advisories/new).
+Please report a security vulnerability [on GitHub Security Advisories](https://github.com/xdev-software/spring-security-advanced-authentication-ui/security/advisories/new).

Diff for: assets/demo.png

@@ -0,0 +1 @@
+oidc-user-config.json

Diff for: dev_infra/.gitignore

@@ -0,0 +1,33 @@
+## Development Infrastructure
+
+The infrastructure contains the following:
+* [Open ID Connect Mock Server](https://github.com/xdev-software/oidc-server-mock) - for login in
+  * Available at http://localhost:4011
+
+### Setup
+* Requires Docker
+
+#### OIDC
+* Create ``oidc-user-config.json`` from [``oidc-user-config.json.template``](./oidc-user-config.json.template)
+  * File should not be tracked in Git
+  * Fill in your login details like mail, name, password
+
+
+### Usage
+Note: Commands are all executed inside a shell/CMD in the current folder. ([Tip for windows users](https://stackoverflow.com/a/40146208))
+
+| Use case | What to do? |
+| --- | --- |
+| Starting the infrastructure | ``docker compose up`` |
+| Stopping (and removing) the infrastructure | ``docker compose down`` |
+| (Re)Building the infrastructure<br/>e.g. after changes to the Dockerfiles | ``docker compose build --pull`` |
+
+See also ``docker compose --help``
+
+### Additional notes
+⚠ The containers don't automatically restart after a PC restart!
+
+⚠ After a PC restart the infrastructure is still present but it's stopped.<br/>
+In this case you have 2 options:
+* start the existing infrastructure again (``docker compose up``) or
+* do a clean start by first removing (``docker compose down``) and then starting the infrastructure

Diff for: dev_infra/README.md

@@ -0,0 +1,67 @@
+services:
+  # Docs: https://docs.duendesoftware.com
+  oidc-server-mock:
+    container_name: oidc-server-mock
+    image: xdevsoftware/oidc-server-mock:1
+    environment:
+      ASPNETCORE_ENVIRONMENT: Development
+      SERVER_OPTIONS_INLINE: |
+        {
+          "AccessTokenJwtType": "JWT",
+          "Discovery": {
+            "ShowKeySet": true
+          },
+          "Authentication": {
+            "CookieSameSiteMode": "Lax",
+            "CheckSessionCookieSameSiteMode": "Lax"
+          }
+        }
+      LOGIN_OPTIONS_INLINE: |
+        {
+          "AllowRememberLogin": false
+        }
+      LOGOUT_OPTIONS_INLINE: |
+        {
+          "AutomaticRedirectAfterSignOut": true
+        }
+      USERS_CONFIGURATION_PATH: /tmp/config/oidc-user-config.json
+      CLIENTS_CONFIGURATION_INLINE: |
+        [
+          {
+              "ClientId": "client-id",
+              "ClientSecrets": [
+                  "client-secret"
+              ],
+              "Description": "TestClient",
+              "AllowedGrantTypes": [
+                  "authorization_code",
+                  "refresh_token"
+              ],
+              "RedirectUris": [
+                  "*"
+              ],
+              "AllowedScopes": [
+                  "openid",
+                  "profile",
+                  "email",
+                  "offline_access"
+              ],
+              "AlwaysIncludeUserClaimsInIdToken": true,
+              "AllowOfflineAccess": true,
+              "RequirePkce": false
+          }
+        ]
+      ASPNET_SERVICES_OPTIONS_INLINE: |
+        {
+          "ForwardedHeadersOptions": {
+            "ForwardedHeaders" : "All"
+          }
+        }
+    volumes:
+      - ./oidc-user-config.json:/tmp/config/oidc-user-config.json:ro
+    ports:
+      - '4011:8080'
+    deploy:
+      resources:
+        limits:
+          memory: 512m

Diff for: dev_infra/docker-compose.yml

@@ -0,0 +1,19 @@
+[
+  {
+    "SubjectId":"1",
+    "Username":"[email protected]",
+    "Password":"pwd",
+    "Claims": [
+      {
+        "Type": "name",
+        "Value": "Your name",
+        "ValueType": "string"
+      },
+      {
+        "Type": "email",
+        "Value": "[email protected]",
+        "ValueType": "string"
+      }
+    ]
+  }
+]

Diff for: dev_infra/oidc-user-config.json.template

@@ -5,8 +5,8 @@
 	<modelVersion>4.0.0</modelVersion>
 
 	<groupId>software.xdev</groupId>
-	<artifactId>template-placeholder-root</artifactId>
-	<version>1.0.0-SNAPSHOT</version>
+	<artifactId>spring-security-advanced-authentication-ui-root</artifactId>
+	<version>2.0.1-SNAPSHOT</version>
 	<packaging>pom</packaging>
 
 	<organization>
@@ -15,8 +15,8 @@
 	</organization>
 
 	<modules>
-		<module>template-placeholder</module>
-		<module>template-placeholder-demo</module>
+		<module>spring-security-advanced-authentication-ui</module>
+		<module>spring-security-advanced-authentication-ui-demo</module>
 	</modules>
 
 	<properties>

Diff for: pom.xml

@@ -4,7 +4,7 @@
   "packageRules": [
     {
       "description": "Ignore project internal dependencies",
-      "packagePattern": "^software.xdev:template-placeholder",
+      "packagePattern": "^software.xdev:spring-security-advanced-authentication-ui",
       "datasources": [
         "maven"
       ],
@@ -19,6 +19,16 @@
         "maven"
       ],
       "groupName": "net.sourceforge.pmd"
+    },
+    {
+      "description": "Group Spring Boot",
+      "matchPackagePatterns": [
+        "^org.springframework.boot"
+      ],
+      "datasources": [
+        "maven"
+      ],
+      "groupName": "org.springframework.boot"
     }
   ]
 }

Diff for: renovate.json5

@@ -0,0 +1,19 @@
+# Demo
+
+* Start the [development infrastructure](../dev_infra/)
+* Run the application
+* Open ``http://localhost:8080``
+
+## Special Login information
+
+### Username + Password
+
+Example user:
+* Username: ``test``
+* Password: ``test``
+
+### Passkeys
+
+The browser needs to support passkeys and you also need an appropriate store (usually the OS handles this).
+
+NOTE: Passkeys are lost when rebooting the server