Skip to content
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
plugins {
id 'compile-warnings-error'
}

apply plugin: 'io.spring.convention.spring-module'

dependencies {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -505,6 +505,7 @@ Map<String, Object> readValue(String data) {
* 3.
*/
@Deprecated(forRemoval = true, since = "7.0")
@SuppressWarnings("removal")
public static class OAuth2AuthorizationRowMapper extends AbstractOAuth2AuthorizationRowMapper {

private ObjectMapper objectMapper = Jackson2.createObjectMapper();
Expand Down Expand Up @@ -747,6 +748,7 @@ String writeValueAsString(Map<String, Object> data) throws Exception {
* Jackson 3.
*/
@Deprecated(forRemoval = true, since = "7.0")
@SuppressWarnings("removal")
public static class OAuth2AuthorizationParametersMapper extends AbstractOAuth2AuthorizationParametersMapper {

private ObjectMapper objectMapper = Jackson2.createObjectMapper();
Expand Down Expand Up @@ -895,6 +897,7 @@ private String writeMap(Map<String, Object> data) {
@Deprecated(forRemoval = true, since = "7.0")
private static final class Jackson2 {

@SuppressWarnings("removal")
private static ObjectMapper createObjectMapper() {
ObjectMapper objectMapper = new ObjectMapper();
ClassLoader classLoader = Jackson2.class.getClassLoader();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,6 @@
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.jackson.CoreJacksonModule;
import org.springframework.security.jackson2.CoreJackson2Module;
import org.springframework.security.oauth2.core.AbstractOAuth2Token;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
Expand All @@ -50,11 +49,9 @@
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenExchangeCompositeAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.jackson.OAuth2AuthorizationServerJacksonModule;
import org.springframework.security.oauth2.server.authorization.jackson2.OAuth2AuthorizationServerJackson2Module;
import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.security.web.jackson.WebServletJacksonModule;
import org.springframework.security.web.jackson2.WebServletJackson2Module;
import org.springframework.security.web.savedrequest.DefaultSavedRequest;
import org.springframework.util.ClassUtils;

Expand Down Expand Up @@ -116,12 +113,14 @@ public void applyTo(GenerationContext generationContext, BeanRegistrationCode be
private void registerHints(RuntimeHints hints) {
// Collections -> UnmodifiableSet, UnmodifiableList, UnmodifiableMap,
// UnmodifiableRandomAccessList, etc.
hints.reflection().registerType(Collections.class, MemberCategory.DECLARED_CLASSES);
hints.reflection()
.registerType(Collections.class, MemberCategory.INVOKE_DECLARED_CONSTRUCTORS,
MemberCategory.INVOKE_DECLARED_METHODS);

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This and the similar changes don't seem to be a one to one change from deprecation to replacement. For example, I'd expect this change to be as shown in this suggestion since the deprecation for DECLARED_CLASSES states it is deprecated with no replacement since registerType registers the class.

Suggested change
hints.reflection()
.registerType(Collections.class, MemberCategory.INVOKE_DECLARED_CONSTRUCTORS,
MemberCategory.INVOKE_DECLARED_METHODS);
hints.reflection().registerType(Collections.class);

Can you help me understand why these changes do not appear to be a one to one replacement for the deprecations?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the clarification.

You're right — my change removed MemberCategory.DECLARED_CLASSES but didn’t make it explicit that the type itself is still being registered.
Since DECLARED_CLASSES is deprecated with no replacement (because registerType already registers the class), I’ll add an explicit
hints.reflection().registerType(T.class) alongside the existing INVOKE_* categories. This preserves the original “type registration”
intent while keeping the reflective invocation hints where needed.


// HashSet
hints.reflection()
.registerType(HashSet.class, MemberCategory.DECLARED_FIELDS,
MemberCategory.INVOKE_DECLARED_CONSTRUCTORS, MemberCategory.INVOKE_DECLARED_METHODS);
.registerType(HashSet.class, MemberCategory.INVOKE_DECLARED_CONSTRUCTORS,

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you help me understand why MemberCategory.DECLARED_FIELDS wasn't migrated to MemberCategory.INVOKE_DECLARED_FIELDS as documented within the Javadoc?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for pointing this out.

You’re right — MemberCategory.DECLARED_FIELDS should be migrated to MemberCategory.ACCESS_DECLARED_FIELDS as documented in the Javadoc.

In my earlier change, I removed DECLARED_FIELDS without explicitly replacing it with ACCESS_DECLARED_FIELDS, which made the migration look incomplete and not 1:1.

I’ve updated the code so that:

  • All previous DECLARED_FIELDS usages are now migrated to
    ACCESS_DECLARED_FIELDS.
  • INVOKE_DECLARED_CONSTRUCTORS / INVOKE_DECLARED_METHODS are kept only where
    reflective invocation was already required.

This preserves the original intent of field access while aligning with the documented replacement in Spring Framework 7.

MemberCategory.INVOKE_DECLARED_METHODS);

hints.reflection()
.registerTypes(Arrays.asList(TypeReference.of(AbstractAuthenticationToken.class),
Expand All @@ -138,18 +137,17 @@ private void registerHints(RuntimeHints hints) {
TypeReference.of(AuthorizationGrantType.class),
TypeReference.of(OAuth2AuthorizationResponseType.class),
TypeReference.of(OAuth2TokenFormat.class)),
(builder) -> builder.withMembers(MemberCategory.DECLARED_FIELDS,
MemberCategory.INVOKE_DECLARED_CONSTRUCTORS, MemberCategory.INVOKE_DECLARED_METHODS));
(builder) -> builder.withMembers(MemberCategory.INVOKE_DECLARED_CONSTRUCTORS,
MemberCategory.INVOKE_DECLARED_METHODS));

// Jackson Modules
if (jackson2Present) {
hints.reflection()
.registerTypes(

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This needs to continue to register the jackson 2 modules for passivity. You can extract it into a separate method and add a suppression to it.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed. Jackson 2 module registration is still required for passivity when Jackson 2
is present on the classpath.

I will keep the Jackson 2 registrations, extract them into a dedicated helper method,
and scope @SuppressWarnings("removal") to that method only so the intent is explicit
while preserving the existing behavior.

Jackson 3 module registration will remain unchanged.
Thank you.

Arrays.asList(TypeReference.of(CoreJackson2Module.class),
TypeReference.of(WebServletJackson2Module.class),
TypeReference.of(OAuth2AuthorizationServerJackson2Module.class)),
(builder) -> builder.withMembers(MemberCategory.DECLARED_FIELDS,
MemberCategory.INVOKE_DECLARED_CONSTRUCTORS,
Arrays.asList(TypeReference.of(CoreJacksonModule.class),
TypeReference.of(WebServletJacksonModule.class),
TypeReference.of(OAuth2AuthorizationServerJacksonModule.class)),
(builder) -> builder.withMembers(MemberCategory.INVOKE_DECLARED_CONSTRUCTORS,
MemberCategory.INVOKE_DECLARED_METHODS));
}
if (jackson3Present) {
Expand All @@ -158,8 +156,7 @@ private void registerHints(RuntimeHints hints) {
Arrays.asList(TypeReference.of(CoreJacksonModule.class),
TypeReference.of(WebServletJacksonModule.class),
TypeReference.of(OAuth2AuthorizationServerJacksonModule.class)),
(builder) -> builder.withMembers(MemberCategory.DECLARED_FIELDS,
MemberCategory.INVOKE_DECLARED_CONSTRUCTORS,
(builder) -> builder.withMembers(MemberCategory.INVOKE_DECLARED_CONSTRUCTORS,
MemberCategory.INVOKE_DECLARED_METHODS));
}

Expand Down Expand Up @@ -222,26 +219,23 @@ private void registerHints(RuntimeHints hints) {
hints.reflection()
.registerType(TypeReference
.of("org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken"),
(builder) -> builder.withMembers(MemberCategory.DECLARED_FIELDS,
MemberCategory.INVOKE_DECLARED_CONSTRUCTORS,
(builder) -> builder.withMembers(MemberCategory.INVOKE_DECLARED_CONSTRUCTORS,
MemberCategory.INVOKE_DECLARED_METHODS));

// Jackson Module
if (jackson2Present) {
hints.reflection()
.registerType(TypeReference
.of("org.springframework.security.oauth2.client.jackson2.OAuth2ClientJackson2Module"),
(builder) -> builder.withMembers(MemberCategory.DECLARED_FIELDS,
MemberCategory.INVOKE_DECLARED_CONSTRUCTORS,
(builder) -> builder.withMembers(MemberCategory.INVOKE_DECLARED_CONSTRUCTORS,
MemberCategory.INVOKE_DECLARED_METHODS));
}
if (jackson3Present) {
hints.reflection()
.registerType(
TypeReference
.of("org.springframework.security.oauth2.client.jackson.OAuth2ClientJacksonModule"),
(builder) -> builder.withMembers(MemberCategory.DECLARED_FIELDS,
MemberCategory.INVOKE_DECLARED_CONSTRUCTORS,
(builder) -> builder.withMembers(MemberCategory.INVOKE_DECLARED_CONSTRUCTORS,
MemberCategory.INVOKE_DECLARED_METHODS));
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,8 @@ public void registerHints(RuntimeHints hints, ClassLoader classLoader) {
.of("org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationEndpointFilter$OAuth2AuthorizationCodeRequestValidatingFilter"),
MemberCategory.INVOKE_DECLARED_CONSTRUCTORS);
hints.reflection()
.registerType(OAuth2AuthorizationCodeRequestAuthenticationToken.class, MemberCategory.DECLARED_FIELDS);
.registerType(OAuth2AuthorizationCodeRequestAuthenticationToken.class,
MemberCategory.INVOKE_DECLARED_CONSTRUCTORS, MemberCategory.INVOKE_DECLARED_METHODS);

}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,7 @@ Map<String, Object> readValue(String data) {
* @deprecated Use {@link JsonMapperRegisteredClientRowMapper} to switch to Jackson 3.
*/
@Deprecated(forRemoval = true, since = "7.0")
@SuppressWarnings("removal")
public static class RegisteredClientRowMapper extends AbstractRegisteredClientRowMapper {

private ObjectMapper objectMapper = Jackson2.createObjectMapper();
Expand Down Expand Up @@ -435,6 +436,7 @@ String writeValueAsString(Map<String, Object> data) throws Exception {
* Jackson 3.
*/
@Deprecated(forRemoval = true, since = "7.0")
@SuppressWarnings("removal")
public static class RegisteredClientParametersMapper extends AbstractRegisteredClientParametersMapper {

private ObjectMapper objectMapper = Jackson2.createObjectMapper();
Expand Down Expand Up @@ -527,6 +529,7 @@ private String writeMap(Map<String, Object> data) {
@Deprecated(forRemoval = true, since = "7.0")
private static final class Jackson2 {

@SuppressWarnings("removal")
private static ObjectMapper createObjectMapper() {
ObjectMapper objectMapper = new ObjectMapper();
ClassLoader classLoader = Jackson2.class.getClassLoader();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -657,6 +657,7 @@ private OAuth2Authorization findBy(String filter, Object... args) {
return !result.isEmpty() ? result.get(0) : null;
}

@SuppressWarnings("removal")
private static final class CustomOAuth2AuthorizationRowMapper
extends JdbcOAuth2AuthorizationService.OAuth2AuthorizationRowMapper {

Expand Down Expand Up @@ -794,6 +795,7 @@ private Map<String, Object> parseMap(String data) {

}

@SuppressWarnings("removal")
private static final class CustomOAuth2AuthorizationParametersMapper
extends JdbcOAuth2AuthorizationService.OAuth2AuthorizationParametersMapper {

Expand Down