apache · codeconsole · Sep 23, 2024 · Sep 13, 2024
diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml
@@ -21,7 +21,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: gradle/wrapper-validation-action@v2
       - uses: actions/setup-java@v4
-        with: { java-version: 11, distribution: temurin }
+        with: { java-version: 17, distribution: temurin }
       - name: Run Tests
         uses: gradle/actions/setup-gradle@v3
         env:
@@ -36,11 +36,11 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        test-config: [ 'static', 'annotation', 'requestmap', 'basic', 'misc', 'putWithParams', 'bcrypt', 'issue503' ]
+        test-config: [ 'static', 'annotation', 'requestmap', 'basic', 'basicCacheUsers', 'misc', 'putWithParams', 'bcrypt', 'issue503' ]
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-java@v4
-        with: { java-version: 11, distribution: temurin }
+        with: { java-version: 17, distribution: temurin }
       - name: Run Tests
         uses: gradle/actions/setup-gradle@v3
         env:
@@ -58,7 +58,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: gradle/wrapper-validation-action@v2
       - uses: actions/setup-java@v4
-        with: { java-version: 11, distribution: temurin }
+        with: { java-version: 17, distribution: temurin }
       - name: Run Build
         id: build
         uses: gradle/actions/setup-gradle@v3

diff --git a/README.md b/README.md
@@ -7,6 +7,7 @@ See [documentation](https://grails-plugins.github.io/grails-spring-security-core
 
 ### Branch structure 
 
+- `7.0.x` compatible with Grails 7
 - `6.0.x` compatible with Grails 6
 - `5.0.x` compatible with Grails 5
 - `4.0.x` compatible with Grails 4

diff --git a/buildSrc/build.gradle b/buildSrc/build.gradle
@@ -9,7 +9,7 @@ dependencies {
     implementation buildsrcLibs.grails.gradle.plugin, {
         // Grails Gradle plugin leaks groovy-xml onto compile classpath
         // which is causes a version conflict for Gradle
-        exclude group: 'org.codehaus.groovy', module: 'groovy-xml'
+        exclude group: 'org.apache.groovy', module: 'groovy-xml'
     }
     implementation buildsrcLibs.webdriver.binaries.gradle.plugin
 

diff --git a/examples/functional-test-app/build.gradle b/examples/functional-test-app/build.gradle
@@ -8,6 +8,12 @@ plugins {
 
 group = 'examples.test'
 
+configurations {
+    all {
+        exclude group: 'io.micronaut', module:'micronaut-inject-groovy'
+    }
+}
+
 dependencies {
 
     implementation project(':spring-security-core')
@@ -23,6 +29,7 @@ dependencies {
     implementation libs.spring.security.core
     implementation libs.spring.web
 
+    runtimeOnly libs.micronaut.jackson.databind
     runtimeOnly libs.gorm.hibernate5
     runtimeOnly libs.grails.asset.pipeline
     runtimeOnly libs.grails.i18n
@@ -35,9 +42,8 @@ dependencies {
     runtimeOnly libs.h2database
     runtimeOnly libs.tomcat.jdbc
 
-    compileOnly libs.micronaut.inject.groovy
-    compileOnly libs.javax.annotation.api
-    compileOnly libs.javax.servlet.api
+    compileOnly libs.jakarta.annotation.api
+    compileOnly libs.jakarta.servlet.api
     compileOnly libs.slf4j.nop // Prevent warnings about missing SLF4j implementation during GSP compilation
 }
 

diff --git a/examples/functional-test-app/grails-app/conf/application.groovy b/examples/functional-test-app/grails-app/conf/application.groovy
@@ -49,6 +49,18 @@ switch (testconfig) {
 		]
 		break
 
+	case 'basicCacheUsers':
+		grails.plugin.springsecurity.securityConfigType = 'Annotation'
+		grails.plugin.springsecurity.useBasicAuth = true
+		grails.plugin.springsecurity.basic.realmName = 'Grails Spring Security Basic Test Realm'
+		grails.plugin.springsecurity.filterChain.chainMap = [
+			[pattern: '/secureclassannotated/**', filters: 'JOINED_FILTERS,-exceptionTranslationFilter'],
+			[pattern: '/**',                      filters: 'JOINED_FILTERS,-basicAuthenticationFilter,-basicExceptionTranslationFilter']
+		]
+		grails.plugin.springsecurity.cacheUsers = true
+		grails.plugin.springsecurity.providerManager.eraseCredentialsAfterAuthentication = false
+		break
+
 	case 'bcrypt':
 		grails.plugin.springsecurity.securityConfigType = 'Annotation'
 		grails.plugin.springsecurity.password.algorithm = 'bcrypt'

diff --git a/examples/functional-test-app/grails-app/views/error.gsp b/examples/functional-test-app/grails-app/views/error.gsp
@@ -6,8 +6,8 @@
 		<g:if test="${Throwable.isInstance(exception)}">
 			<g:renderException exception="${exception}" />
 		</g:if>
-		<g:elseif test="${request.getAttribute('javax.servlet.error.exception')}">
-			<g:renderException exception="${request.getAttribute('javax.servlet.error.exception')}" />
+		<g:elseif test="${request.getAttribute('jakarta.servlet.error.exception')}">
+			<g:renderException exception="${request.getAttribute('jakarta.servlet.error.exception')}" />
 		</g:elseif>
 		<g:else>
 			<ul class="errors">

diff --git a/...ctional-test-app/src/integration-test/groovy/specs/BasicAuthCacheUsersSecuritySpec.groovy b/...ctional-test-app/src/integration-test/groovy/specs/BasicAuthCacheUsersSecuritySpec.groovy
@@ -0,0 +1,151 @@
+package specs
+
+import org.springframework.security.core.userdetails.UserCache
+import pages.LoginPage
+import pages.role.CreateRolePage
+import pages.role.ListRolePage
+import pages.role.ShowRolePage
+import pages.user.CreateUserPage
+import pages.user.ListUserPage
+import pages.user.ShowUserPage
+import spock.lang.IgnoreIf
+
+@IgnoreIf({ System.getProperty('TESTCONFIG') != 'basicCacheUsers' })
+class BasicAuthCacheUsersSecuritySpec extends AbstractSecuritySpec {
+
+	private HttpURLConnection connection
+	UserCache userCache
+
+	void 'create roles'() {
+		when:
+		to ListRolePage
+
+		then:
+		roleRows.size() == 0
+
+		when:
+		newRoleButton.click()
+
+		then:
+		at CreateRolePage
+
+		when:
+		authority = 'ROLE_ADMIN'
+		createButton.click()
+
+		then:
+		at ShowRolePage
+
+		when:
+		to ListRolePage
+
+		then:
+		roleRows.size() == 1
+
+		when:
+		newRoleButton.click()
+
+		then:
+		at CreateRolePage
+
+		when:
+		authority = 'ROLE_ADMIN2'
+		createButton.click()
+
+		then:
+		at ShowRolePage
+
+		when:
+		to ListRolePage
+
+		then:
+		roleRows.size() == 2
+	}
+
+	void 'create users'() {
+		when:
+		to ListUserPage
+
+		then:
+		userRows.size() == 0
+
+		when:
+		newUserButton.click()
+
+		then:
+		at CreateUserPage
+
+		when:
+		username = 'admin1'
+		password = 'password1'
+		$('#enabled').click()
+		$('#ROLE_ADMIN').click()
+		createButton.click()
+
+		then:
+		at ShowUserPage
+
+		when:
+		to ListUserPage
+
+		then:
+		userRows.size() == 1
+
+		when:
+		newUserButton.click()
+
+		then:
+		at CreateUserPage
+
+		when:
+		username = 'admin2'
+		password = 'password2'
+		$('#enabled').click()
+		$('#ROLE_ADMIN').click()
+		$('#ROLE_ADMIN2').click()
+		createButton.click()
+
+		then:
+		at ShowUserPage
+
+		when:
+		to ListUserPage
+
+		then:
+		userRows.size() == 2
+	}
+
+	@IgnoreIf({ !System.getProperty('geb.env') })
+	void 'check userDetails caching'() {
+
+		when:
+		go 'secureAnnotated'
+
+		then:
+		at LoginPage
+
+		when:
+		login 'admin1', 'password1'
+
+		then:
+		assertContentContains 'you have ROLE_ADMIN'
+
+		and:
+		userCache.getUserFromCache('admin1')
+
+		cleanup:
+		logout()
+	}
+
+	protected void logout() {
+		super.logout()
+		// cheesy, but the 'Authentication' header from basic auth
+		// isn't cleared, so this forces an invalid header
+		getWithAuth '', 'not_a_valid_username', ''
+	}
+
+	private void getWithAuth(String path, String username, String password) {
+		String uri = new URI(baseUrlRequired).resolve(new URI(path))
+		go uri.replace('http://', 'http://' + username + ':' + password + '@')
+	}
+}
diff --git a/examples/functional-test-app/src/integration-test/groovy/specs/RoleSpec.groovy b/examples/functional-test-app/src/integration-test/groovy/specs/RoleSpec.groovy
@@ -9,6 +9,7 @@ import spock.lang.IgnoreIf
 @IgnoreIf({ !(
 		System.getProperty('TESTCONFIG') == 'annotation' ||
         System.getProperty('TESTCONFIG') == 'basic' ||
+        System.getProperty('TESTCONFIG') == 'basicCacheUsers' ||
         System.getProperty('TESTCONFIG') == 'requestmap' ||
         System.getProperty('TESTCONFIG') == 'static')
 })

diff --git a/examples/functional-test-app/src/integration-test/groovy/specs/UserSpec.groovy b/examples/functional-test-app/src/integration-test/groovy/specs/UserSpec.groovy
@@ -9,6 +9,7 @@ import spock.lang.IgnoreIf
 @IgnoreIf({ !(
 		System.getProperty('TESTCONFIG') == 'annotation' ||
 				System.getProperty('TESTCONFIG') == 'basic' ||
+				System.getProperty('TESTCONFIG') == 'basicCacheUsers' ||
 				System.getProperty('TESTCONFIG') == 'requestmap' ||
 				System.getProperty('TESTCONFIG') == 'static')
 })

diff --git a/examples/functional-test-app/src/main/groovy/com/testapp/MaintenanceModeFilter.groovy b/examples/functional-test-app/src/main/groovy/com/testapp/MaintenanceModeFilter.groovy
@@ -3,12 +3,12 @@ package com.testapp
 import groovy.util.logging.Slf4j
 import org.springframework.web.filter.GenericFilterBean
 
-import javax.servlet.FilterChain
-import javax.servlet.ServletException
-import javax.servlet.ServletRequest
-import javax.servlet.ServletResponse
-import javax.servlet.http.HttpServletRequest
-import javax.servlet.http.HttpServletResponse
+import jakarta.servlet.FilterChain
+import jakarta.servlet.ServletException
+import jakarta.servlet.ServletRequest
+import jakarta.servlet.ServletResponse
+import jakarta.servlet.http.HttpServletRequest
+import jakarta.servlet.http.HttpServletResponse
 
 /**
  * If registered, this filter results in an HttpStatus of 500 being returned to the client

diff --git a/...es/functional-test-app/src/main/groovy/com/testapp/TestUserPasswordEncoderListener.groovy b/...es/functional-test-app/src/main/groovy/com/testapp/TestUserPasswordEncoderListener.groovy
@@ -7,7 +7,7 @@ import org.grails.datastore.mapping.engine.event.PreUpdateEvent
 import org.springframework.beans.factory.annotation.Autowired
 import grails.events.annotation.gorm.Listener
 import groovy.transform.CompileStatic
-import javax.annotation.PostConstruct
+import jakarta.annotation.PostConstruct
 
 @CompileStatic
 class TestUserPasswordEncoderListener {

diff --git a/examples/integration-test-app/build.gradle b/examples/integration-test-app/build.gradle
@@ -33,7 +33,7 @@ dependencies {
     runtimeOnly libs.tomcat.jdbc
 
     compileOnly libs.micronaut.inject.groovy
-    compileOnly libs.javax.servlet.api
+    compileOnly libs.jakarta.servlet.api
     compileOnly libs.slf4j.nop
 
     testImplementation libs.spock.core

diff --git a/...st-app/src/integration-test/groovy/grails/plugin/springsecurity/SecurityTagLibSpec.groovy b/...st-app/src/integration-test/groovy/grails/plugin/springsecurity/SecurityTagLibSpec.groovy
@@ -34,8 +34,8 @@ import org.springframework.web.context.request.RequestContextHolder
 import spock.lang.Ignore
 import spock.lang.Shared
 
-import javax.servlet.FilterChain
-import javax.servlet.ServletContext
+import jakarta.servlet.FilterChain
+import jakarta.servlet.ServletContext
 import java.security.Principal
 
 /**

diff --git a/...ration-test/groovy/grails/plugin/springsecurity/SpringSecurityUtilsIntegrationSpec.groovy b/...ration-test/groovy/grails/plugin/springsecurity/SpringSecurityUtilsIntegrationSpec.groovy
@@ -36,9 +36,9 @@ import test.TestRole
 import test.TestUser
 import test.TestUserRole
 
-import javax.servlet.FilterChain
-import javax.servlet.ServletRequest
-import javax.servlet.ServletResponse
+import jakarta.servlet.FilterChain
+import jakarta.servlet.ServletRequest
+import jakarta.servlet.ServletResponse
 
 /**
  * Integration tests for <code>SpringSecurityUtils</code>.

diff --git a/examples/integration-test-app/src/main/groovy/com/test/AdditionalLogoutHandler.groovy b/examples/integration-test-app/src/main/groovy/com/test/AdditionalLogoutHandler.groovy
@@ -1,7 +1,7 @@
 package com.test
 
-import javax.servlet.http.HttpServletRequest
-import javax.servlet.http.HttpServletResponse
+import jakarta.servlet.http.HttpServletRequest
+import jakarta.servlet.http.HttpServletResponse
 
 import org.springframework.security.core.Authentication
 import org.springframework.security.web.authentication.logout.LogoutHandler

diff --git a/gradle/buildsrc.libs.versions.toml b/gradle/buildsrc.libs.versions.toml
@@ -1,7 +1,7 @@
 [versions]
-asciidoctorj = '4.0.2'
-asset-pipeline-gradle = '4.4.0'
-grails-gradle-plugin = '6.1.2'
+asciidoctorj = '4.0.3'
+asset-pipeline-gradle = '5.0.1'
+grails-gradle-plugin = '7.0.0-SNAPSHOT'
 webdriver-binaries = '3.2'
 spock = '2.3-groovy-3.0'
 

diff --git a/gradle/groovy-config.gradle b/gradle/groovy-config.gradle
@@ -1,8 +1,9 @@
 configurations.configureEach {
     resolutionStrategy.eachDependency { DependencyResolveDetails details ->
-        if (details.requested.group == 'org.codehaus.groovy') {
+        if ((details.requested.group == 'org.codehaus.groovy' || details.requested.group == 'org.apache.groovy') && details.requested.name != 'groovy-bom') {
             String groovyVersion = findProperty('groovyVersion') ?: libs.versions.groovy.get()
-            details.useVersion(groovyVersion)
+            details.useTarget(group: 'org.apache.groovy', name: details.requested.name, version: groovyVersion)
+            details.because "The dependency coordinates are changed in Apache Groovy 4, plus ensure version"
         }
     }
 }
diff --git a/gradle/java-config.gradle b/gradle/java-config.gradle
@@ -1,5 +1,5 @@
 java {
-    sourceCompatibility = JavaVersion.VERSION_11
+    sourceCompatibility = JavaVersion.VERSION_17
     withJavadocJar()
     withSourcesJar()
 }