xdev-software · AB-xdev · Mar 17, 2025 · Mar 14, 2025 · Mar 14, 2025 · Mar 14, 2025
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -23,7 +23,7 @@ jobs:
         cache: 'maven'
 
     - name: Build with Maven
-      run: ./mvnw -B clean package
+      run: ./mvnw -B clean package -T2C
 
     - name: Check for uncommited changes
       run: |

diff --git a/README.md b/README.md
@@ -27,4 +27,4 @@ If you need support as soon as possible and you can't wait for any pull request,
 See the [contributing guide](./CONTRIBUTING.md) for detailed instructions on how to get started with our project.
 
 ## Dependencies and Licenses
-View the [license of the current project](LICENSE) or the [summary including all dependencies](https://xdev-software.github.io/spring-security-extras/dependencies)
+View the [license of the current project](LICENSE) or the [summary including all dependencies](https://xdev-software.github.io/spring-security-extras)
diff --git a/codec-sha256/pom.xml b/codec-sha256/pom.xml
@@ -88,7 +88,7 @@
 		<dependency>
 			<groupId>org.junit.jupiter</groupId>
 			<artifactId>junit-jupiter</artifactId>
-			<version>5.12.0</version>
+			<version>5.12.1</version>
 			<scope>test</scope>
 		</dependency>
 	</dependencies>

diff --git a/crypto-symmetric/pom.xml b/crypto-symmetric/pom.xml
@@ -88,7 +88,7 @@
 		<dependency>
 			<groupId>org.junit.jupiter</groupId>
 			<artifactId>junit-jupiter</artifactId>
-			<version>5.12.0</version>
+			<version>5.12.1</version>
 			<scope>test</scope>
 		</dependency>
 	</dependencies>

diff --git a/oauth2-oidc-remember-me/pom.xml b/oauth2-oidc-remember-me/pom.xml
@@ -122,7 +122,7 @@
 		<dependency>
 			<groupId>org.junit.jupiter</groupId>
 			<artifactId>junit-jupiter</artifactId>
-			<version>5.12.0</version>
+			<version>5.12.1</version>
 			<scope>test</scope>
 		</dependency>
 	</dependencies>

diff --git a/...-me/src/main/java/software/xdev/sse/oauth2/rememberme/OAuth2CookieRememberMeServices.java b/...-me/src/main/java/software/xdev/sse/oauth2/rememberme/OAuth2CookieRememberMeServices.java
@@ -179,7 +179,7 @@ public class OAuth2CookieRememberMeServices implements RememberMeServices, OAuth
 
 	protected final boolean enabled;
 
-	@SuppressWarnings("java:S2629")
+	@SuppressWarnings({"java:S2629", "java:S107"})
 	public OAuth2CookieRememberMeServices(
 		final OAuth2CookieRememberMeServicesConfig config,
 		final AutoLoginMetrics autoLoginMetrics,

diff --git a/...va/software/xdev/sse/oauth2/rememberme/auto/OAuth2CookieRememberMeServicesAutoConfig.java b/...va/software/xdev/sse/oauth2/rememberme/auto/OAuth2CookieRememberMeServicesAutoConfig.java
@@ -37,6 +37,7 @@
 import software.xdev.sse.oauth2.rememberme.crypt.RememberMeSymCryptManager;
 import software.xdev.sse.oauth2.rememberme.metrics.AutoLoginMetrics;
 import software.xdev.sse.oauth2.rememberme.metrics.DefaultAutoLoginMetrics;
+import software.xdev.sse.oauth2.rememberme.metrics.DummyAutoLoginMetrics;
 import software.xdev.sse.oauth2.rememberme.secrets.AuthRememberMeSecretService;
 import software.xdev.sse.oauth2.rememberme.serializer.DefaultOAuth2CookieRememberMeAuthSerializer;
 import software.xdev.sse.oauth2.rememberme.serializer.OAuth2CookieRememberMeAuthSerializer;
@@ -55,7 +56,7 @@ public class OAuth2CookieRememberMeServicesAutoConfig
 	@Bean
 	public OAuth2CookieRememberMeServices oAuth2CookieRememberMeServices(
 		final OAuth2CookieRememberMeServicesConfig config,
-		final AutoLoginMetrics autoLoginMetrics,
+		@Autowired(required = false) final AutoLoginMetrics autoLoginMetrics,
 		@Autowired(required = false) final RememberMeSymCryptManager cryptManager,
 		final RememberMeClientStorageProcessorProvider clientStorageProcessorProvider,
 		final AuthRememberMeSecretService authRememberMeSecretService,
@@ -69,7 +70,7 @@ public OAuth2CookieRememberMeServices oAuth2CookieRememberMeServices(
 	{
 		final OAuth2CookieRememberMeServices rememberMeServices = new OAuth2CookieRememberMeServices(
 			config,
-			autoLoginMetrics,
+			autoLoginMetrics != null ? autoLoginMetrics : new DummyAutoLoginMetrics(),
 			cryptManager,
 			clientStorageProcessorProvider,
 			authRememberMeSecretService,
@@ -119,6 +120,7 @@ public OAuth2CookieRememberMeAuthSerializer oAuth2CookieRememberMeAuthSerializer
 		return new DefaultOAuth2CookieRememberMeAuthSerializer();
 	}
 
+	@ConditionalOnBean(MeterRegistry.class)
 	@ConditionalOnMissingBean
 	@Bean
 	public AutoLoginMetrics autoLoginMetrics(final MeterRegistry meterRegistry)

diff --git a/...r-me/src/main/java/software/xdev/sse/oauth2/rememberme/metrics/DummyAutoLoginMetrics.java b/...r-me/src/main/java/software/xdev/sse/oauth2/rememberme/metrics/DummyAutoLoginMetrics.java
@@ -0,0 +1,82 @@
+/*
+ * Copyright © 2025 XDEV Software (https://xdev.software)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package software.xdev.sse.oauth2.rememberme.metrics;
+
+import software.xdev.sse.oauth2.checkauth.OAuth2AuthChecker;
+
+
+public class DummyAutoLoginMetrics implements AutoLoginMetrics
+{
+	@Override
+	public void ignored()
+	{
+	}
+
+	@Override
+	public void incompleteCookies()
+	{
+	}
+
+	@Override
+	public void idCookieDecodeFailed()
+	{
+	}
+
+	@Override
+	public void persistedSecretNotFound()
+	{
+	}
+
+	@Override
+	public void decryptionAlgorithmNotFound()
+	{
+	}
+
+	@Override
+	public void payloadDeserializeFailed()
+	{
+	}
+
+	@Override
+	public void payloadClientRegIdMismatch()
+	{
+	}
+
+	@Override
+	public void payloadEmailMismatch()
+	{
+	}
+
+	@Override
+	public void payloadAccessTokenInvalid()
+	{
+	}
+
+	@Override
+	public void payloadRefreshTokenInvalid()
+	{
+	}
+
+	@Override
+	public void authCheckMetricsIncrement(final OAuth2AuthChecker.AuthCheckOutcome outcome)
+	{
+	}
+
+	@Override
+	public void unexpectedError()
+	{
+	}
+}
diff --git a/oauth2-oidc/pom.xml b/oauth2-oidc/pom.xml
@@ -141,7 +141,7 @@
 		<dependency>
 			<groupId>org.junit.jupiter</groupId>
 			<artifactId>junit-jupiter</artifactId>
-			<version>5.12.0</version>
+			<version>5.12.1</version>
 			<scope>test</scope>
 		</dependency>
 	</dependencies>

diff --git a/...dc/src/main/java/software/xdev/sse/oauth2/checkauth/auto/OAuth2AuthCheckerAutoConfig.java b/...dc/src/main/java/software/xdev/sse/oauth2/checkauth/auto/OAuth2AuthCheckerAutoConfig.java
@@ -18,6 +18,7 @@
 import java.util.List;
 
 import org.springframework.boot.autoconfigure.AutoConfiguration;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.context.properties.ConfigurationProperties;
@@ -58,6 +59,7 @@ public OAuth2ProviderOfflineManager oAuth2ProviderOfflineManager(
 		return new OAuth2ProviderOfflineManager(config, metricsHandlers);
 	}
 
+	@ConditionalOnBean(MeterRegistry.class)
 	@ConditionalOnMissingBean
 	@Bean
 	public OAuth2ProviderOfflineManagerMetricsHandler defaultoAuth2ProviderOfflineManagerMetricsHandler(

diff --git a/...idc/src/main/java/software/xdev/sse/oauth2/filter/auto/OAuth2RefreshFilterAutoConfig.java b/...idc/src/main/java/software/xdev/sse/oauth2/filter/auto/OAuth2RefreshFilterAutoConfig.java
@@ -20,6 +20,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.AutoConfiguration;
 import org.springframework.boot.autoconfigure.AutoConfigureAfter;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.ApplicationContext;
@@ -33,6 +34,7 @@
 import software.xdev.sse.oauth2.filter.OAuth2RefreshFilter;
 import software.xdev.sse.oauth2.filter.handler.OAuth2RefreshHandler;
 import software.xdev.sse.oauth2.filter.metrics.DefaultOAuth2RefreshFilterAuthCheckMetrics;
+import software.xdev.sse.oauth2.filter.metrics.DummyOAuth2RefreshFilterAuthCheckMetrics;
 import software.xdev.sse.oauth2.filter.metrics.OAuth2RefreshFilterAuthCheckMetrics;
 import software.xdev.sse.oauth2.filter.reloadcom.OAuth2RefreshReloadCommunicator;
 import software.xdev.sse.oauth2.sidecar.compat.OtherWebSecurityPathsCompat;
@@ -49,7 +51,7 @@ public class OAuth2RefreshFilterAutoConfig
 	@ConditionalOnMissingBean
 	@Bean
 	public OAuth2RefreshFilter oAuth2RefreshFilter(
-		final OAuth2RefreshFilterAuthCheckMetrics metrics,
+		@Autowired(required = false) final OAuth2RefreshFilterAuthCheckMetrics metrics,
 		// Some injections need to be lazy for connectionless start
 		@Lazy final OAuth2AuthorizedClientService clientService,
 		@Lazy final OAuth2AuthChecker oAuth2AuthChecker,
@@ -58,7 +60,7 @@ public OAuth2RefreshFilter oAuth2RefreshFilter(
 	)
 	{
 		final OAuth2RefreshFilter filter = new OAuth2RefreshFilter(
-			metrics,
+			metrics != null ? metrics : new DummyOAuth2RefreshFilterAuthCheckMetrics(),
 			clientService,
 			oAuth2AuthChecker,
 			new DynamicLazyBeanProvider<>(context, OAuth2RefreshHandler.class),
@@ -82,6 +84,7 @@ public OAuth2RefreshFilter oAuth2RefreshFilter(
 		return filter;
 	}
 
+	@ConditionalOnBean(MeterRegistry.class)
 	@ConditionalOnMissingBean
 	@Bean
 	public OAuth2RefreshFilterAuthCheckMetrics oAuth2RefreshFilterAuthCheckMetrics(final MeterRegistry meterRegistry)

diff --git a/...ava/software/xdev/sse/oauth2/filter/metrics/DummyOAuth2RefreshFilterAuthCheckMetrics.java b/...ava/software/xdev/sse/oauth2/filter/metrics/DummyOAuth2RefreshFilterAuthCheckMetrics.java
@@ -0,0 +1,37 @@
+/*
+ * Copyright © 2025 XDEV Software (https://xdev.software)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package software.xdev.sse.oauth2.filter.metrics;
+
+import software.xdev.sse.oauth2.checkauth.OAuth2AuthChecker;
+
+
+public class DummyOAuth2RefreshFilterAuthCheckMetrics implements OAuth2RefreshFilterAuthCheckMetrics
+{
+	@Override
+	public void ignored()
+	{
+	}
+
+	@Override
+	public void noAuth()
+	{
+	}
+
+	@Override
+	public void authCheckMetricsIncrement(final OAuth2AuthChecker.AuthCheckOutcome outcome)
+	{
+	}
+}
diff --git a/renovate.json5 b/renovate.json5
@@ -4,7 +4,7 @@
   "packageRules": [
     {
       "description": "Ignore project internal dependencies",
-      "packagePattern": "^software.xdev.spring-security-extras",
+      "packagePattern": "^software.xdev.sse",
       "datasources": [
         "maven"
       ],

diff --git a/vaadin/src/main/java/software/xdev/sse/vaadin/SecureVaadinRequestCache.java b/vaadin/src/main/java/software/xdev/sse/vaadin/SecureVaadinRequestCache.java
@@ -44,6 +44,7 @@
  * Same as {@link VaadinDefaultRequestCache}, however only existing Vaadin routes are cached, which results in no
  * invalid redirects (to e.g. PWA offline resources) and unused/useless (redirect-)sessions
  */
+@SuppressWarnings("java:S6813")
 @Component
 public class SecureVaadinRequestCache extends VaadinDefaultRequestCache
 {

diff --git a/vaadin/src/main/java/software/xdev/sse/vaadin/TotalVaadinFlowWebSecurity.java b/vaadin/src/main/java/software/xdev/sse/vaadin/TotalVaadinFlowWebSecurity.java
@@ -37,6 +37,7 @@
  * Override of {@link VaadinWebSecurity} that doesn't allow any VaadinSession to be created without previous
  * authentication.
  */
+@SuppressWarnings("java:S6813")
 public abstract class TotalVaadinFlowWebSecurity extends VaadinWebSecurity
 {
 	@Autowired

diff --git a/web-sidecar-actuator/pom.xml b/web-sidecar-actuator/pom.xml
@@ -125,7 +125,7 @@
 		<dependency>
 			<groupId>org.junit.jupiter</groupId>
 			<artifactId>junit-jupiter</artifactId>
-			<version>5.12.0</version>
+			<version>5.12.1</version>
 			<scope>test</scope>
 		</dependency>
 	</dependencies>

diff --git a/.../main/java/software/xdev/sse/web/sidecar/actuator/auto/ActuatorWebSecurityAutoConfig.java b/.../main/java/software/xdev/sse/web/sidecar/actuator/auto/ActuatorWebSecurityAutoConfig.java
@@ -18,6 +18,7 @@
 import org.springframework.boot.actuate.autoconfigure.endpoint.web.WebEndpointProperties;
 import org.springframework.boot.autoconfigure.AutoConfiguration;
 import org.springframework.boot.autoconfigure.AutoConfigureBefore;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.context.properties.ConfigurationProperties;
@@ -44,6 +45,7 @@ public ActuatorSecurityConfig actuatorConfig()
 		return new ActuatorSecurityConfig();
 	}
 
+	@ConditionalOnBean(MeterRegistry.class)
 	@ConditionalOnMissingBean
 	@Bean
 	public ActuatorSecurityMetricsHandler actuatorSecurityMetricsHandler(