Skip to content

Commit ec70b58

Browse files
ksroda-saclaude
andcommitted
chore(samples/java): bump to Spring Boot 4.0.6 + spring-dotenv 5.1.0 + keytool 2.0.2
Brings all 3 Java samples to the latest GA versions of every dep: - spring-boot-starter-parent 3.4.1 → 4.0.6 (latest GA — 4.1.x is RC) - keytool-maven-plugin 1.7 → 2.0.2 (latest) - me.paulschwarz:spring-dotenv 4.0.0 → springboot4-dotenv 5.1.0 (v5 split the artifact by Boot version; we now use the Boot 4 module) Required code changes for the Spring Boot 4 / Spring Security 7 jump: - AutoConfigureMockMvc moved from spring-boot-test-autoconfigure to a new spring-boot-webmvc-test module (added as test-scope dep) and changed package: org.springframework.boot.test.autoconfigure.web.servlet → org.springframework.boot.webmvc.test.autoconfigure. - Spring Security 7 dropped OpenSAML 4: OpenSaml4AuthenticationProvider → OpenSaml5AuthenticationProvider (same API surface, just renamed). - Spring Security 7 removed AntPathRequestMatcher from o.s.s.web.util.matcher: replaced with PathPatternRequestMatcher.withDefaults().matcher(path) at o.s.s.web.servlet.util.matcher (matches any HTTP method when no method is provided, matching the existing "GET on /logout" behavior). snippets.json regenerated because line numbers in saml-sp-login's Application.java shifted due to the matcher comment update. 11/11 tests pass across all 3 samples on the new stack: login-auth-code: 3/3, token-refresh: 5/5, saml-sp-login: 3/3. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
1 parent 5b1c34a commit ec70b58

8 files changed

Lines changed: 50 additions & 27 deletions

File tree

samples/java/login-auth-code/pom.xml

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
<parent>
88
<groupId>org.springframework.boot</groupId>
99
<artifactId>spring-boot-starter-parent</artifactId>
10-
<version>3.4.1</version>
10+
<version>4.0.6</version>
1111
<relativePath/>
1212
</parent>
1313

@@ -35,15 +35,22 @@
3535
</dependency>
3636
<dependency>
3737
<groupId>me.paulschwarz</groupId>
38-
<artifactId>spring-dotenv</artifactId>
39-
<version>4.0.0</version>
38+
<artifactId>springboot4-dotenv</artifactId>
39+
<version>5.1.0</version>
4040
</dependency>
4141

4242
<dependency>
4343
<groupId>org.springframework.boot</groupId>
4444
<artifactId>spring-boot-starter-test</artifactId>
4545
<scope>test</scope>
4646
</dependency>
47+
<!-- Spring Boot 4.0 split AutoConfigureMockMvc into a separate module
48+
(spring-boot-webmvc-test) that's not pulled by spring-boot-starter-test. -->
49+
<dependency>
50+
<groupId>org.springframework.boot</groupId>
51+
<artifactId>spring-boot-webmvc-test</artifactId>
52+
<scope>test</scope>
53+
</dependency>
4754
<dependency>
4855
<groupId>org.springframework.security</groupId>
4956
<artifactId>spring-security-test</artifactId>
@@ -60,7 +67,7 @@
6067
<plugin>
6168
<groupId>org.codehaus.mojo</groupId>
6269
<artifactId>keytool-maven-plugin</artifactId>
63-
<version>1.7</version>
70+
<version>2.0.2</version>
6471
<executions>
6572
<execution>
6673
<id>generate-dev-keystore</id>

samples/java/login-auth-code/src/test/java/com/secureauth/quickstart/ApplicationTests.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66

77
import org.junit.jupiter.api.Test;
88
import org.springframework.beans.factory.annotation.Autowired;
9-
import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
9+
import org.springframework.boot.webmvc.test.autoconfigure.AutoConfigureMockMvc;
1010
import org.springframework.boot.test.context.SpringBootTest;
1111
import org.springframework.context.annotation.Import;
1212
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;

samples/java/saml-sp-login/pom.xml

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
<parent>
88
<groupId>org.springframework.boot</groupId>
99
<artifactId>spring-boot-starter-parent</artifactId>
10-
<version>3.4.1</version>
10+
<version>4.0.6</version>
1111
<relativePath/>
1212
</parent>
1313

@@ -44,15 +44,22 @@
4444
</dependency>
4545
<dependency>
4646
<groupId>me.paulschwarz</groupId>
47-
<artifactId>spring-dotenv</artifactId>
48-
<version>4.0.0</version>
47+
<artifactId>springboot4-dotenv</artifactId>
48+
<version>5.1.0</version>
4949
</dependency>
5050

5151
<dependency>
5252
<groupId>org.springframework.boot</groupId>
5353
<artifactId>spring-boot-starter-test</artifactId>
5454
<scope>test</scope>
5555
</dependency>
56+
<!-- Spring Boot 4.0 split AutoConfigureMockMvc into a separate module
57+
(spring-boot-webmvc-test) that's not pulled by spring-boot-starter-test. -->
58+
<dependency>
59+
<groupId>org.springframework.boot</groupId>
60+
<artifactId>spring-boot-webmvc-test</artifactId>
61+
<scope>test</scope>
62+
</dependency>
5663
<dependency>
5764
<groupId>org.springframework.security</groupId>
5865
<artifactId>spring-security-test</artifactId>
@@ -69,7 +76,7 @@
6976
<plugin>
7077
<groupId>org.codehaus.mojo</groupId>
7178
<artifactId>keytool-maven-plugin</artifactId>
72-
<version>1.7</version>
79+
<version>2.0.2</version>
7380
<executions>
7481
<execution>
7582
<id>generate-dev-keystore</id>

samples/java/saml-sp-login/src/main/java/com/secureauth/quickstart/Application.java

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@
2323
import org.springframework.security.saml2.core.Saml2ErrorCodes;
2424
import org.springframework.security.saml2.core.Saml2ResponseValidatorResult;
2525
import org.springframework.security.saml2.core.Saml2X509Credential;
26-
import org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider;
26+
import org.springframework.security.saml2.provider.service.authentication.OpenSaml5AuthenticationProvider;
2727
import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal;
2828
import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository;
2929
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
@@ -101,9 +101,9 @@ static class SecurityConfig {
101101

102102
@Bean
103103
SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
104-
OpenSaml4AuthenticationProvider provider = new OpenSaml4AuthenticationProvider();
105-
Converter<OpenSaml4AuthenticationProvider.ResponseToken, Saml2ResponseValidatorResult> defaultValidator =
106-
OpenSaml4AuthenticationProvider.createDefaultResponseValidator();
104+
OpenSaml5AuthenticationProvider provider = new OpenSaml5AuthenticationProvider();
105+
Converter<OpenSaml5AuthenticationProvider.ResponseToken, Saml2ResponseValidatorResult> defaultValidator =
106+
OpenSaml5AuthenticationProvider.createDefaultResponseValidator();
107107
provider.setResponseValidator(token -> {
108108
Saml2ResponseValidatorResult result = defaultValidator.convert(token);
109109
List<Saml2Error> filtered = result.getErrors().stream()
@@ -138,7 +138,7 @@ SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
138138
}
139139
}
140140
final String expectedInResponseTo = assertionInResponseTo;
141-
return OpenSaml4AuthenticationProvider.createDefaultAssertionValidatorWithParameters(
141+
return OpenSaml5AuthenticationProvider.createDefaultAssertionValidatorWithParameters(
142142
params -> {
143143
params.put(
144144
org.opensaml.saml.saml2.assertion.SAML2AssertionValidationParameters.SC_CHECK_ADDRESS,
@@ -162,7 +162,9 @@ SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
162162
// requires POST + CSRF; for a quickstart we let a simple <a href="/logout">
163163
// link work directly).
164164
.logout(l -> l
165-
.logoutRequestMatcher(new org.springframework.security.web.util.matcher.AntPathRequestMatcher("/logout"))
165+
// Spring Security 7 dropped AntPathRequestMatcher; PathPatternRequestMatcher
166+
// is the replacement. `.matcher(path)` (no HTTP method) matches any method.
167+
.logoutRequestMatcher(org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.withDefaults().matcher("/logout"))
166168
.logoutSuccessUrl("/"))
167169
// Disable CSRF for the demo. SAML2 ACS endpoint is already exempt by the
168170
// framework; this just removes the requirement on /logout. Production apps

samples/java/saml-sp-login/src/test/java/com/secureauth/quickstart/ApplicationTests.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
import org.hamcrest.Matchers;
1111
import org.junit.jupiter.api.Test;
1212
import org.springframework.beans.factory.annotation.Autowired;
13-
import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
13+
import org.springframework.boot.webmvc.test.autoconfigure.AutoConfigureMockMvc;
1414
import org.springframework.boot.test.context.SpringBootTest;
1515
import org.springframework.context.annotation.Import;
1616
import org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal;

samples/java/token-refresh/pom.xml

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
<parent>
88
<groupId>org.springframework.boot</groupId>
99
<artifactId>spring-boot-starter-parent</artifactId>
10-
<version>3.4.1</version>
10+
<version>4.0.6</version>
1111
<relativePath/>
1212
</parent>
1313

@@ -35,15 +35,22 @@
3535
</dependency>
3636
<dependency>
3737
<groupId>me.paulschwarz</groupId>
38-
<artifactId>spring-dotenv</artifactId>
39-
<version>4.0.0</version>
38+
<artifactId>springboot4-dotenv</artifactId>
39+
<version>5.1.0</version>
4040
</dependency>
4141

4242
<dependency>
4343
<groupId>org.springframework.boot</groupId>
4444
<artifactId>spring-boot-starter-test</artifactId>
4545
<scope>test</scope>
4646
</dependency>
47+
<!-- Spring Boot 4.0 split AutoConfigureMockMvc into a separate module
48+
(spring-boot-webmvc-test) that's not pulled by spring-boot-starter-test. -->
49+
<dependency>
50+
<groupId>org.springframework.boot</groupId>
51+
<artifactId>spring-boot-webmvc-test</artifactId>
52+
<scope>test</scope>
53+
</dependency>
4754
<dependency>
4855
<groupId>org.springframework.security</groupId>
4956
<artifactId>spring-security-test</artifactId>
@@ -60,7 +67,7 @@
6067
<plugin>
6168
<groupId>org.codehaus.mojo</groupId>
6269
<artifactId>keytool-maven-plugin</artifactId>
63-
<version>1.7</version>
70+
<version>2.0.2</version>
6471
<executions>
6572
<execution>
6673
<id>generate-dev-keystore</id>

samples/java/token-refresh/src/test/java/com/secureauth/quickstart/ApplicationTests.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
import org.mockito.ArgumentMatchers;
1111
import org.mockito.Mockito;
1212
import org.springframework.beans.factory.annotation.Autowired;
13-
import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
13+
import org.springframework.boot.webmvc.test.autoconfigure.AutoConfigureMockMvc;
1414
import org.springframework.boot.test.context.SpringBootTest;
1515
import org.springframework.context.annotation.Import;
1616
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;

0 commit comments

Comments
 (0)