diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index f056de02..dbed626f 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -23,7 +23,7 @@ jobs:
cache: 'maven'
- name: Build with Maven
- run: ./mvnw -B clean package
+ run: ./mvnw -B clean package -T2C
- name: Check for uncommited changes
run: |
diff --git a/README.md b/README.md
index 801e17b8..6bb4faec 100644
--- a/README.md
+++ b/README.md
@@ -27,4 +27,4 @@ If you need support as soon as possible and you can't wait for any pull request,
See the [contributing guide](./CONTRIBUTING.md) for detailed instructions on how to get started with our project.
## Dependencies and Licenses
-View the [license of the current project](LICENSE) or the [summary including all dependencies](https://xdev-software.github.io/spring-security-extras/dependencies)
+View the [license of the current project](LICENSE) or the [summary including all dependencies](https://xdev-software.github.io/spring-security-extras)
diff --git a/codec-sha256/pom.xml b/codec-sha256/pom.xml
index a7fc8f73..81c3220f 100644
--- a/codec-sha256/pom.xml
+++ b/codec-sha256/pom.xml
@@ -88,7 +88,7 @@
org.junit.jupiter
junit-jupiter
- 5.12.0
+ 5.12.1
test
diff --git a/crypto-symmetric/pom.xml b/crypto-symmetric/pom.xml
index 50154172..b2371bed 100644
--- a/crypto-symmetric/pom.xml
+++ b/crypto-symmetric/pom.xml
@@ -88,7 +88,7 @@
org.junit.jupiter
junit-jupiter
- 5.12.0
+ 5.12.1
test
diff --git a/oauth2-oidc-remember-me/pom.xml b/oauth2-oidc-remember-me/pom.xml
index c1c36d67..019e33c2 100644
--- a/oauth2-oidc-remember-me/pom.xml
+++ b/oauth2-oidc-remember-me/pom.xml
@@ -122,7 +122,7 @@
org.junit.jupiter
junit-jupiter
- 5.12.0
+ 5.12.1
test
diff --git a/oauth2-oidc-remember-me/src/main/java/software/xdev/sse/oauth2/rememberme/OAuth2CookieRememberMeServices.java b/oauth2-oidc-remember-me/src/main/java/software/xdev/sse/oauth2/rememberme/OAuth2CookieRememberMeServices.java
index 1b58c59f..312244fd 100644
--- a/oauth2-oidc-remember-me/src/main/java/software/xdev/sse/oauth2/rememberme/OAuth2CookieRememberMeServices.java
+++ b/oauth2-oidc-remember-me/src/main/java/software/xdev/sse/oauth2/rememberme/OAuth2CookieRememberMeServices.java
@@ -179,7 +179,7 @@ public class OAuth2CookieRememberMeServices implements RememberMeServices, OAuth
protected final boolean enabled;
- @SuppressWarnings("java:S2629")
+ @SuppressWarnings({"java:S2629", "java:S107"})
public OAuth2CookieRememberMeServices(
final OAuth2CookieRememberMeServicesConfig config,
final AutoLoginMetrics autoLoginMetrics,
diff --git a/oauth2-oidc-remember-me/src/main/java/software/xdev/sse/oauth2/rememberme/auto/OAuth2CookieRememberMeServicesAutoConfig.java b/oauth2-oidc-remember-me/src/main/java/software/xdev/sse/oauth2/rememberme/auto/OAuth2CookieRememberMeServicesAutoConfig.java
index 01d11379..d66998aa 100644
--- a/oauth2-oidc-remember-me/src/main/java/software/xdev/sse/oauth2/rememberme/auto/OAuth2CookieRememberMeServicesAutoConfig.java
+++ b/oauth2-oidc-remember-me/src/main/java/software/xdev/sse/oauth2/rememberme/auto/OAuth2CookieRememberMeServicesAutoConfig.java
@@ -37,6 +37,7 @@
import software.xdev.sse.oauth2.rememberme.crypt.RememberMeSymCryptManager;
import software.xdev.sse.oauth2.rememberme.metrics.AutoLoginMetrics;
import software.xdev.sse.oauth2.rememberme.metrics.DefaultAutoLoginMetrics;
+import software.xdev.sse.oauth2.rememberme.metrics.DummyAutoLoginMetrics;
import software.xdev.sse.oauth2.rememberme.secrets.AuthRememberMeSecretService;
import software.xdev.sse.oauth2.rememberme.serializer.DefaultOAuth2CookieRememberMeAuthSerializer;
import software.xdev.sse.oauth2.rememberme.serializer.OAuth2CookieRememberMeAuthSerializer;
@@ -55,7 +56,7 @@ public class OAuth2CookieRememberMeServicesAutoConfig
@Bean
public OAuth2CookieRememberMeServices oAuth2CookieRememberMeServices(
final OAuth2CookieRememberMeServicesConfig config,
- final AutoLoginMetrics autoLoginMetrics,
+ @Autowired(required = false) final AutoLoginMetrics autoLoginMetrics,
@Autowired(required = false) final RememberMeSymCryptManager cryptManager,
final RememberMeClientStorageProcessorProvider clientStorageProcessorProvider,
final AuthRememberMeSecretService authRememberMeSecretService,
@@ -69,7 +70,7 @@ public OAuth2CookieRememberMeServices oAuth2CookieRememberMeServices(
{
final OAuth2CookieRememberMeServices rememberMeServices = new OAuth2CookieRememberMeServices(
config,
- autoLoginMetrics,
+ autoLoginMetrics != null ? autoLoginMetrics : new DummyAutoLoginMetrics(),
cryptManager,
clientStorageProcessorProvider,
authRememberMeSecretService,
@@ -119,6 +120,7 @@ public OAuth2CookieRememberMeAuthSerializer oAuth2CookieRememberMeAuthSerializer
return new DefaultOAuth2CookieRememberMeAuthSerializer();
}
+ @ConditionalOnBean(MeterRegistry.class)
@ConditionalOnMissingBean
@Bean
public AutoLoginMetrics autoLoginMetrics(final MeterRegistry meterRegistry)
diff --git a/oauth2-oidc-remember-me/src/main/java/software/xdev/sse/oauth2/rememberme/metrics/DummyAutoLoginMetrics.java b/oauth2-oidc-remember-me/src/main/java/software/xdev/sse/oauth2/rememberme/metrics/DummyAutoLoginMetrics.java
new file mode 100644
index 00000000..c4fbf95c
--- /dev/null
+++ b/oauth2-oidc-remember-me/src/main/java/software/xdev/sse/oauth2/rememberme/metrics/DummyAutoLoginMetrics.java
@@ -0,0 +1,82 @@
+/*
+ * Copyright © 2025 XDEV Software (https://xdev.software)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package software.xdev.sse.oauth2.rememberme.metrics;
+
+import software.xdev.sse.oauth2.checkauth.OAuth2AuthChecker;
+
+
+public class DummyAutoLoginMetrics implements AutoLoginMetrics
+{
+ @Override
+ public void ignored()
+ {
+ }
+
+ @Override
+ public void incompleteCookies()
+ {
+ }
+
+ @Override
+ public void idCookieDecodeFailed()
+ {
+ }
+
+ @Override
+ public void persistedSecretNotFound()
+ {
+ }
+
+ @Override
+ public void decryptionAlgorithmNotFound()
+ {
+ }
+
+ @Override
+ public void payloadDeserializeFailed()
+ {
+ }
+
+ @Override
+ public void payloadClientRegIdMismatch()
+ {
+ }
+
+ @Override
+ public void payloadEmailMismatch()
+ {
+ }
+
+ @Override
+ public void payloadAccessTokenInvalid()
+ {
+ }
+
+ @Override
+ public void payloadRefreshTokenInvalid()
+ {
+ }
+
+ @Override
+ public void authCheckMetricsIncrement(final OAuth2AuthChecker.AuthCheckOutcome outcome)
+ {
+ }
+
+ @Override
+ public void unexpectedError()
+ {
+ }
+}
diff --git a/oauth2-oidc/pom.xml b/oauth2-oidc/pom.xml
index a3943ade..4e710e79 100644
--- a/oauth2-oidc/pom.xml
+++ b/oauth2-oidc/pom.xml
@@ -141,7 +141,7 @@
org.junit.jupiter
junit-jupiter
- 5.12.0
+ 5.12.1
test
diff --git a/oauth2-oidc/src/main/java/software/xdev/sse/oauth2/checkauth/auto/OAuth2AuthCheckerAutoConfig.java b/oauth2-oidc/src/main/java/software/xdev/sse/oauth2/checkauth/auto/OAuth2AuthCheckerAutoConfig.java
index 7f0729ce..dbb5ebd7 100644
--- a/oauth2-oidc/src/main/java/software/xdev/sse/oauth2/checkauth/auto/OAuth2AuthCheckerAutoConfig.java
+++ b/oauth2-oidc/src/main/java/software/xdev/sse/oauth2/checkauth/auto/OAuth2AuthCheckerAutoConfig.java
@@ -18,6 +18,7 @@
import java.util.List;
import org.springframework.boot.autoconfigure.AutoConfiguration;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.ConfigurationProperties;
@@ -58,6 +59,7 @@ public OAuth2ProviderOfflineManager oAuth2ProviderOfflineManager(
return new OAuth2ProviderOfflineManager(config, metricsHandlers);
}
+ @ConditionalOnBean(MeterRegistry.class)
@ConditionalOnMissingBean
@Bean
public OAuth2ProviderOfflineManagerMetricsHandler defaultoAuth2ProviderOfflineManagerMetricsHandler(
diff --git a/oauth2-oidc/src/main/java/software/xdev/sse/oauth2/filter/auto/OAuth2RefreshFilterAutoConfig.java b/oauth2-oidc/src/main/java/software/xdev/sse/oauth2/filter/auto/OAuth2RefreshFilterAutoConfig.java
index 0fa4d8ec..0821777f 100644
--- a/oauth2-oidc/src/main/java/software/xdev/sse/oauth2/filter/auto/OAuth2RefreshFilterAutoConfig.java
+++ b/oauth2-oidc/src/main/java/software/xdev/sse/oauth2/filter/auto/OAuth2RefreshFilterAutoConfig.java
@@ -20,6 +20,7 @@
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.ApplicationContext;
@@ -33,6 +34,7 @@
import software.xdev.sse.oauth2.filter.OAuth2RefreshFilter;
import software.xdev.sse.oauth2.filter.handler.OAuth2RefreshHandler;
import software.xdev.sse.oauth2.filter.metrics.DefaultOAuth2RefreshFilterAuthCheckMetrics;
+import software.xdev.sse.oauth2.filter.metrics.DummyOAuth2RefreshFilterAuthCheckMetrics;
import software.xdev.sse.oauth2.filter.metrics.OAuth2RefreshFilterAuthCheckMetrics;
import software.xdev.sse.oauth2.filter.reloadcom.OAuth2RefreshReloadCommunicator;
import software.xdev.sse.oauth2.sidecar.compat.OtherWebSecurityPathsCompat;
@@ -49,7 +51,7 @@ public class OAuth2RefreshFilterAutoConfig
@ConditionalOnMissingBean
@Bean
public OAuth2RefreshFilter oAuth2RefreshFilter(
- final OAuth2RefreshFilterAuthCheckMetrics metrics,
+ @Autowired(required = false) final OAuth2RefreshFilterAuthCheckMetrics metrics,
// Some injections need to be lazy for connectionless start
@Lazy final OAuth2AuthorizedClientService clientService,
@Lazy final OAuth2AuthChecker oAuth2AuthChecker,
@@ -58,7 +60,7 @@ public OAuth2RefreshFilter oAuth2RefreshFilter(
)
{
final OAuth2RefreshFilter filter = new OAuth2RefreshFilter(
- metrics,
+ metrics != null ? metrics : new DummyOAuth2RefreshFilterAuthCheckMetrics(),
clientService,
oAuth2AuthChecker,
new DynamicLazyBeanProvider<>(context, OAuth2RefreshHandler.class),
@@ -82,6 +84,7 @@ public OAuth2RefreshFilter oAuth2RefreshFilter(
return filter;
}
+ @ConditionalOnBean(MeterRegistry.class)
@ConditionalOnMissingBean
@Bean
public OAuth2RefreshFilterAuthCheckMetrics oAuth2RefreshFilterAuthCheckMetrics(final MeterRegistry meterRegistry)
diff --git a/oauth2-oidc/src/main/java/software/xdev/sse/oauth2/filter/metrics/DummyOAuth2RefreshFilterAuthCheckMetrics.java b/oauth2-oidc/src/main/java/software/xdev/sse/oauth2/filter/metrics/DummyOAuth2RefreshFilterAuthCheckMetrics.java
new file mode 100644
index 00000000..881c655d
--- /dev/null
+++ b/oauth2-oidc/src/main/java/software/xdev/sse/oauth2/filter/metrics/DummyOAuth2RefreshFilterAuthCheckMetrics.java
@@ -0,0 +1,37 @@
+/*
+ * Copyright © 2025 XDEV Software (https://xdev.software)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package software.xdev.sse.oauth2.filter.metrics;
+
+import software.xdev.sse.oauth2.checkauth.OAuth2AuthChecker;
+
+
+public class DummyOAuth2RefreshFilterAuthCheckMetrics implements OAuth2RefreshFilterAuthCheckMetrics
+{
+ @Override
+ public void ignored()
+ {
+ }
+
+ @Override
+ public void noAuth()
+ {
+ }
+
+ @Override
+ public void authCheckMetricsIncrement(final OAuth2AuthChecker.AuthCheckOutcome outcome)
+ {
+ }
+}
diff --git a/renovate.json5 b/renovate.json5
index fef15d3a..98c91ed5 100644
--- a/renovate.json5
+++ b/renovate.json5
@@ -4,7 +4,7 @@
"packageRules": [
{
"description": "Ignore project internal dependencies",
- "packagePattern": "^software.xdev.spring-security-extras",
+ "packagePattern": "^software.xdev.sse",
"datasources": [
"maven"
],
diff --git a/vaadin/src/main/java/software/xdev/sse/vaadin/SecureVaadinRequestCache.java b/vaadin/src/main/java/software/xdev/sse/vaadin/SecureVaadinRequestCache.java
index 69d12770..e30b2200 100644
--- a/vaadin/src/main/java/software/xdev/sse/vaadin/SecureVaadinRequestCache.java
+++ b/vaadin/src/main/java/software/xdev/sse/vaadin/SecureVaadinRequestCache.java
@@ -44,6 +44,7 @@
* Same as {@link VaadinDefaultRequestCache}, however only existing Vaadin routes are cached, which results in no
* invalid redirects (to e.g. PWA offline resources) and unused/useless (redirect-)sessions
*/
+@SuppressWarnings("java:S6813")
@Component
public class SecureVaadinRequestCache extends VaadinDefaultRequestCache
{
diff --git a/vaadin/src/main/java/software/xdev/sse/vaadin/TotalVaadinFlowWebSecurity.java b/vaadin/src/main/java/software/xdev/sse/vaadin/TotalVaadinFlowWebSecurity.java
index 829d3993..7275951a 100644
--- a/vaadin/src/main/java/software/xdev/sse/vaadin/TotalVaadinFlowWebSecurity.java
+++ b/vaadin/src/main/java/software/xdev/sse/vaadin/TotalVaadinFlowWebSecurity.java
@@ -37,6 +37,7 @@
* Override of {@link VaadinWebSecurity} that doesn't allow any VaadinSession to be created without previous
* authentication.
*/
+@SuppressWarnings("java:S6813")
public abstract class TotalVaadinFlowWebSecurity extends VaadinWebSecurity
{
@Autowired
diff --git a/web-sidecar-actuator/pom.xml b/web-sidecar-actuator/pom.xml
index 9ee5da0e..043b0f3b 100644
--- a/web-sidecar-actuator/pom.xml
+++ b/web-sidecar-actuator/pom.xml
@@ -125,7 +125,7 @@
org.junit.jupiter
junit-jupiter
- 5.12.0
+ 5.12.1
test
diff --git a/web-sidecar-actuator/src/main/java/software/xdev/sse/web/sidecar/actuator/auto/ActuatorWebSecurityAutoConfig.java b/web-sidecar-actuator/src/main/java/software/xdev/sse/web/sidecar/actuator/auto/ActuatorWebSecurityAutoConfig.java
index d484e3c3..2507ee69 100644
--- a/web-sidecar-actuator/src/main/java/software/xdev/sse/web/sidecar/actuator/auto/ActuatorWebSecurityAutoConfig.java
+++ b/web-sidecar-actuator/src/main/java/software/xdev/sse/web/sidecar/actuator/auto/ActuatorWebSecurityAutoConfig.java
@@ -18,6 +18,7 @@
import org.springframework.boot.actuate.autoconfigure.endpoint.web.WebEndpointProperties;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.AutoConfigureBefore;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.ConfigurationProperties;
@@ -44,6 +45,7 @@ public ActuatorSecurityConfig actuatorConfig()
return new ActuatorSecurityConfig();
}
+ @ConditionalOnBean(MeterRegistry.class)
@ConditionalOnMissingBean
@Bean
public ActuatorSecurityMetricsHandler actuatorSecurityMetricsHandler(