Merge branch 'release/4.4.2'

CHANGELOG.md

@@ -1,39 +1,46 @@
 # Changelog
 
-### 4.4.1 (unreleased)
-* (none) so far
+### [unreleased]
+* no changes yet
 
-### 4.4.0 (2020-07-15)
+### [4.4.2] (2021-05-06)
+* (all) Dependencies upgraded to latest
+* (all) Fixes "Found WebSecurityConfigurerAdapter as well as SecurityFilterChain"-error (#32)
+
+### [4.4.1] (2020-11-08)
+* (all) Dependencies upgraded to latest
+
+### [4.4.0] (2020-07-15)
 * (all) Migrate tests from Junit4 to Junit5
 * (base) Some minor internal changes and optimizations
 * (base) Remove springfox and integrate springdoc (OpenApi 3)
 
-### 4.3.0 (2020-05-28)
+### [4.3.0] (2020-05-28)
 * (all) Update dependencies
 * (all) Refactoring of gradle build scripts
 * (all) Remove module-info again (wasn't working correctly anyway)
 * (memcache) Fix bug when running against memcached >= 1.5 which made this plugin effectively useless
 
-### 4.2.0 (2020-02-08)
+### [4.2.0] (2020-02-08)
 * (all) Update dependencies
 
-### 4.1.1 (2019-09-21)
+### [4.1.1] (2019-09-21)
 * (all) Update dependencies
 
-### 4.1.0 (2019-03-29)
+### [4.1.0] (2019-03-29)
 * (all) Cleanup gradle build scripts
 * (all) Fix compile / build with Java 11 
 * (all) Separate modules for usage (java 9+)
 * (hibernate): Use IDENTITY as strategy for entity 
 
-### 4.0.0 (2018-09-28)
+### [4.0.0] (2018-09-28)
 * (redis) Add support for redis as backend
 * (files) Add support for filesystem as backend
 * (base) TimeWithPeriod is now serializable with Jackson
 * (base) Split the all-mighty rest controller into separate ones and extract logic into services (which you may override now)
 * (base) Refactoring of base to ease overriding specific behaviour
 
-### 3.0.0 (2018-04-17)
+### [3.0.0] (2018-04-17)
 * (all) Add support for spring boot 2
 * (all) Set minimum required boot version to 2.x
 * (base) Update nimbus library to at least 5.7
@@ -43,11 +50,11 @@
 * (base) TimeWithPeriod and expiresIn in Auth-Responses now use long instead of int
 * (base) Lombok is no longer a runtime dependency
 
-### 2.0.1 (2017-12-09)
+### [2.0.1] (2017-12-09)
 * (all) Replaced beans constructor-based autowiring with setters
 * (all) Project is now compatible with DCEVM and Hotswap agent
 
-### 2.0.0 (2017-11-30)
+### [2.0.0] (2017-11-30)
 * (base) Another great refactoring:
   * Remove deviceId from everywhere
     * Clients do no longer need any deviceId for refresh tokens
@@ -62,14 +69,14 @@
 * (base) Add support for tokens sent as cookies (both access and refresh)
 * (base) Make JwtTokenService.getToken() deprecated
 
-### 1.1.0 (2017-11-30)
+### [1.1.0] (2017-11-30)
 * (base) Make JwtUser extendable (#20)
 * (base) Make rest endpoints configurable (#19)
 * (base) Mark JwtTokenService.getExpiration as deprecated
 * (base) Mark RefreshTokenStore.getRefreshExpiration as deprecated
 * (doc) Create a plantuml sequence diagram for README
 
-### 1.0.0 (2017-09-05)
+### [1.0.0] (2017-09-05)
 * (all) Add spring configuration properties support for IDE auto-completion
 * (all) Renamed / moved some properties
   * ```fraho.jwt.refresh.cache.impl``` to ```fraho.jwt.refresh.cache-impl```
@@ -83,7 +90,7 @@
 * (base) Rename ```WebSecurityConfig``` to ```JwtSecurityConfig```
 * (base) Delete ```JwtAuthenticationEntryPoint```
 
-### 0.8.1 (2017-08-17)
+### [0.8.1] (2017-08-17)
 * (all) Some minor cleanup (code smells)
 * (all) Add Jetbrains Annotations for Nullable and NotNull constraints
 * (all) Prefer constructor based autowiring over field injection
@@ -94,22 +101,43 @@
 * (hibernate) Ensure that "created" is a timestamp column
 * (hibernate) Do not register DateTime-Converter globally
 
-### 0.8.0 (2017-06-06)
+### [0.8.0] (2017-06-06)
 * (base) Fix JwtTokenService.isRefreshTokenSupported() not working as expected (always returning true)
 * (doc) Add a changelog file (#13)
 * (base) Support multiple roles for JwtUser (#2)
 * (memcache, internal) Delimiter for map keys are now configurable (#14)
 
-### 0.7.0 (2017-06-02)
+### [0.7.0] (2017-06-02)
 * (hibernate) Add hibernate module (Support storage of refresh tokens in a jdbc database)
 * (base) Add jackson java8 module to compile path (#1)
 * (base) Add Insomnia project as an example on how to interact with login / refresh
 * (test) Huge refactoring of testcode, removed a lot of redundancy
 * (test)First publication of abstract testclases for other modules
 
-### 0.6.0 (2017-05-19)
+### [0.6.0] (2017-05-19)
 * Somehow messed up my git repository, so this release will be the base for all further releases
 * Many untracked changes (sorry)
 
-### 0.5.2 (2017-05-17)
+### [0.5.2] (2017-05-17)
 * Initial release to github and maven central
+
+
+[unreleased]: https://github.com/bratkartoffel/security-jwt/compare/4.4.2...develop
+[4.4.2]: https://github.com/bratkartoffel/security-jwt/compare/4.4.1...4.4.2
+[4.4.1]: https://github.com/bratkartoffel/security-jwt/compare/4.4.0...4.4.1
+[4.4.0]: https://github.com/bratkartoffel/security-jwt/compare/4.3.0...4.4.0
+[4.3.0]: https://github.com/bratkartoffel/security-jwt/compare/4.2.0...4.3.0
+[4.2.0]: https://github.com/bratkartoffel/security-jwt/compare/4.1.1...4.2.0
+[4.1.1]: https://github.com/bratkartoffel/security-jwt/compare/4.1.0...4.1.1
+[4.1.0]: https://github.com/bratkartoffel/security-jwt/compare/4.0.0...4.1.0
+[4.0.0]: https://github.com/bratkartoffel/security-jwt/compare/3.0.0...4.0.0
+[3.0.0]: https://github.com/bratkartoffel/security-jwt/compare/2.0.1...3.0.0
+[2.0.1]: https://github.com/bratkartoffel/security-jwt/compare/2.0.0...2.0.1
+[2.0.0]: https://github.com/bratkartoffel/security-jwt/compare/1.1.0...2.0.0
+[1.1.0]: https://github.com/bratkartoffel/security-jwt/compare/1.0.0...1.1.0
+[1.0.0]: https://github.com/bratkartoffel/security-jwt/compare/0.8.1...1.0.0
+[0.8.1]: https://github.com/bratkartoffel/security-jwt/compare/0.8.0...0.8.1
+[0.8.0]: https://github.com/bratkartoffel/security-jwt/compare/0.7.0...0.8.0
+[0.7.0]: https://github.com/bratkartoffel/security-jwt/compare/0.6.0...0.7.0
+[0.6.0]: https://github.com/bratkartoffel/security-jwt/compare/0.5.2...0.6.0
+[0.5.2]: https://github.com/bratkartoffel/security-jwt/tree/0.5.2

README.md

@@ -43,13 +43,13 @@ The default configuration should be sufficient for the most use cases.
     <dependency>
         <groupId>eu.fraho.spring</groupId>
         <artifactId>security-jwt-base</artifactId>
-        <version>4.4.0</version>
+        <version>4.4.2</version>
     </dependency>
     <!-- or -->
     <dependency>
         <groupId>eu.fraho.spring</groupId>
         <artifactId>security-jwt-base-spring-boot-starter</artifactId>
-        <version>4.4.0</version>
+        <version>4.4.2</version>
     </dependency>
 </dependencies>
 ```
@@ -60,27 +60,27 @@ When you want to add refresh token support, then choose one of the following dep
     <dependency>
         <groupId>eu.fraho.spring</groupId>
         <artifactId>security-jwt-internal</artifactId>
-        <version>4.4.0</version>
+        <version>4.4.2</version>
     </dependency>
     <dependency>
         <groupId>eu.fraho.spring</groupId>
         <artifactId>security-jwt-memcache</artifactId>
-        <version>4.4.0</version>
+        <version>4.4.2</version>
     </dependency>
     <dependency>
         <groupId>eu.fraho.spring</groupId>
         <artifactId>security-jwt-hibernate</artifactId>
-        <version>4.4.0</version>
+        <version>4.4.2</version>
     </dependency>
     <dependency>
         <groupId>eu.fraho.spring</groupId>
         <artifactId>security-jwt-redis</artifactId>
-        <version>4.4.0</version>
+        <version>4.4.2</version>
     </dependency>
     <dependency>
         <groupId>eu.fraho.spring</groupId>
         <artifactId>security-jwt-files</artifactId>
-        <version>4.4.0</version>
+        <version>4.4.2</version>
     </dependency>
 </dependencies>
 ```
@@ -97,6 +97,7 @@ To see this library "in action", please take a look at [the examples](https://gi
 # Spring boot and library versions
 * The 2.x versions are compatible with spring boot 1.5.x
 * The 3.x versions are compatible with spring boot 2.x
+* Starting with 4.4.1, the minumum required spring boot version is 2.2.0
 
 ## Spring Boot Autoconfig (recommended):
 * Use any *-spring-boot-starter dependency you like

base-spring-boot-starter/src/main/java/eu/fraho/spring/securityJwt/base/starter/SecurityJwtBaseAutoConfiguration.java

@@ -7,15 +7,28 @@
 package eu.fraho.spring.securityJwt.base.starter;
 
 import eu.fraho.spring.securityJwt.base.JwtAuthenticationEntryPoint;
-import eu.fraho.spring.securityJwt.base.config.*;
+import eu.fraho.spring.securityJwt.base.config.JwtSecurityConfig;
+import eu.fraho.spring.securityJwt.base.config.RefreshCookieProperties;
+import eu.fraho.spring.securityJwt.base.config.RefreshProperties;
+import eu.fraho.spring.securityJwt.base.config.TokenCookieProperties;
+import eu.fraho.spring.securityJwt.base.config.TokenHeaderProperties;
+import eu.fraho.spring.securityJwt.base.config.TokenProperties;
+import eu.fraho.spring.securityJwt.base.config.TotpProperties;
 import eu.fraho.spring.securityJwt.base.controller.LoginRestController;
 import eu.fraho.spring.securityJwt.base.controller.LogoutRestController;
 import eu.fraho.spring.securityJwt.base.dto.JwtUser;
-import eu.fraho.spring.securityJwt.base.service.*;
+import eu.fraho.spring.securityJwt.base.service.JwtTokenService;
+import eu.fraho.spring.securityJwt.base.service.JwtTokenServiceImpl;
+import eu.fraho.spring.securityJwt.base.service.LoginService;
+import eu.fraho.spring.securityJwt.base.service.LoginServiceImpl;
+import eu.fraho.spring.securityJwt.base.service.RefreshService;
+import eu.fraho.spring.securityJwt.base.service.RefreshServiceImpl;
+import eu.fraho.spring.securityJwt.base.service.TotpService;
+import eu.fraho.spring.securityJwt.base.service.TotpServiceImpl;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.config.BeanDefinition;
-import org.springframework.boot.autoconfigure.AutoConfigureAfter;
+import org.springframework.boot.autoconfigure.AutoConfigureBefore;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
@@ -31,7 +44,7 @@
 import org.springframework.security.crypto.password.PasswordEncoder;
 
 @Configuration
-@AutoConfigureAfter(SecurityAutoConfiguration.class)
+@AutoConfigureBefore(SecurityAutoConfiguration.class)
 @EnableWebSecurity
 @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
 @Slf4j

base/src/test/java/eu/fraho/spring/securityJwt/tests/ut/JwtAuthenticationTokenFilterTest.java

@@ -21,6 +21,7 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
+import java.lang.reflect.Method;
 import java.util.Optional;
 
 public class JwtAuthenticationTokenFilterTest {
@@ -40,7 +41,7 @@ public void cleanSecurityContext() {
     }
 
     @Test
-    public void testRegularAuthentication() throws ServletException, IOException {
+    public void testRegularAuthentication() throws ServletException, IOException, ReflectiveOperationException {
         JwtTokenService service = getService();
         Mockito.when(service.getAccessToken(Mockito.any())).thenReturn(Optional.of("foobar"));
         Mockito.when(service.parseUser(Mockito.any())).thenReturn(Optional.of(new JwtUser()));
@@ -50,14 +51,16 @@ public void testRegularAuthentication() throws ServletException, IOException {
         HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
         JwtAuthenticationTokenFilter instance = getNewInstance(service);
 
-        instance.doFilter(request, response, chain);
+        Method method = JwtAuthenticationTokenFilter.class.getDeclaredMethod("doFilterInternal", HttpServletRequest.class, HttpServletResponse.class, FilterChain.class);
+        method.setAccessible(true);
+        method.invoke(instance, request, response, chain);
         Mockito.verify(chain).doFilter(request, response);
 
         Assertions.assertNotNull(SecurityContextHolder.getContext().getAuthentication(), "Authentication failed");
     }
 
     @Test
-    public void testNoTokenPresent() throws ServletException, IOException {
+    public void testNoTokenPresent() throws ServletException, IOException, ReflectiveOperationException {
         JwtTokenService service = getService();
         Mockito.when(service.getAccessToken(Mockito.any())).thenReturn(Optional.empty());
 
@@ -66,14 +69,16 @@ public void testNoTokenPresent() throws ServletException, IOException {
         HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
         JwtAuthenticationTokenFilter instance = getNewInstance(service);
 
-        instance.doFilter(request, response, chain);
+        Method method = JwtAuthenticationTokenFilter.class.getDeclaredMethod("doFilterInternal", HttpServletRequest.class, HttpServletResponse.class, FilterChain.class);
+        method.setAccessible(true);
+        method.invoke(instance, request, response, chain);
         Mockito.verify(chain).doFilter(request, response);
 
         Assertions.assertNull(SecurityContextHolder.getContext().getAuthentication(), "Authentication succeeded");
     }
 
     @Test
-    public void testParseFailed() throws ServletException, IOException {
+    public void testParseFailed() throws ServletException, IOException, ReflectiveOperationException {
         JwtTokenService service = getService();
         Mockito.when(service.getAccessToken(Mockito.any())).thenReturn(Optional.of("foobar"));
         Mockito.when(service.parseUser(Mockito.any())).thenReturn(Optional.empty());
@@ -83,7 +88,9 @@ public void testParseFailed() throws ServletException, IOException {
         HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
         JwtAuthenticationTokenFilter instance = getNewInstance(service);
 
-        instance.doFilter(request, response, chain);
+        Method method = JwtAuthenticationTokenFilter.class.getDeclaredMethod("doFilterInternal", HttpServletRequest.class, HttpServletResponse.class, FilterChain.class);
+        method.setAccessible(true);
+        method.invoke(instance, request, response, chain);
         Mockito.verify(chain).doFilter(request, response);
 
         Assertions.assertNull(SecurityContextHolder.getContext().getAuthentication(), "Authentication succeeded");

build.gradle

@@ -2,13 +2,15 @@ plugins {
     id 'io.freefair.lombok' version "$lombokPluginVersion" apply false
     id 'com.adarshr.test-logger' version "$testLoggerPluginVersion" apply false
     id 'com.github.ben-manes.versions' version "$versionsPluginVersion"
+    id 'org.springframework.boot' version "$springBootVersion" apply false
 }
 
 subprojects {
     apply plugin: 'java-library'
     apply plugin: 'java-test-fixtures'
     apply plugin: 'io.freefair.lombok'
     apply plugin: 'com.adarshr.test-logger'
+    apply plugin: 'io.spring.dependency-management'
 
     repositories {
         mavenLocal()

files/README.md

@@ -7,7 +7,7 @@ This module adds support for storing refresh tokens within an simple json docume
 <dependency>
     <groupId>eu.fraho.spring</groupId>
     <artifactId>security-jwt-files</artifactId>
-    <version>4.4.0</version>
+    <version>4.4.2</version>
 </dependency>
 ```
 

gradle.properties

@@ -1,20 +1,18 @@
 # plugins
 springBootVersion=2.2.0.RELEASE
-springDependencyManagementPluginVersion=1.0.10.RELEASE
-lombokPluginVersion=5.3.0
-testLoggerPluginVersion=2.1.1
-versionsPluginVersion=0.35.0
+lombokPluginVersion=5.3.3.3
+testLoggerPluginVersion=3.0.0
+versionsPluginVersion=0.38.0
 # dependencies
-bouncyCastleVersion=1.67
+bouncyCastleVersion=1.68
 commonsCodecVersion=1.15
 expiringMapVersion=0.5.9
 h2Version=1.4.200
 jacocoVersion=0.8.5
-jacksonVersion=2.11.3
-jedisVersion=3.3.0
-jupiterVersion=5.7.0
-lombokVersion=1.18.12
-nimbusJwtVersion=9.1.2
-openApiVersion=1.4.8
+jacksonVersion=2.12.3
+jedisVersion=3.6.0
+jupiterVersion=5.7.1
+nimbusJwtVersion=9.9.2
+openApiVersion=1.5.8
 powerMockVersion=2.0.9
 spyMemcachedVersion=2.12.3

gradle/wrapper/gradle-wrapper.properties

@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-6.7-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-6.8.3-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

gradlew

@@ -130,7 +130,7 @@ fi
 if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then
     APP_HOME=`cygpath --path --mixed "$APP_HOME"`
     CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
-    
+
     JAVACMD=`cygpath --unix "$JAVACMD"`
 
     # We build the pattern for arguments to be converted via cygpath