micronaut-projects · sdelamo · Sep 14, 2022 · Sep 13, 2022 · Sep 13, 2022 · Sep 13, 2022
diff --git a/build.gradle b/build.gradle
@@ -3,3 +3,8 @@ plugins {
     id "io.micronaut.build.internal.dependency-updates"
     id "io.micronaut.build.internal.quality-reporting"
 }
+
+repositories {
+    mavenCentral()
+    maven { url "https://s01.oss.sonatype.org/content/repositories/snapshots/" }
+}
diff --git a/buildSrc/build.gradle b/buildSrc/build.gradle
@@ -0,0 +1,3 @@
+plugins {
+    id 'groovy-gradle-plugin'
+}
diff --git a/buildSrc/src/main/groovy/io.micronaut.build.internal.security-base.gradle b/buildSrc/src/main/groovy/io.micronaut.build.internal.security-base.gradle
@@ -0,0 +1,4 @@
+repositories {
+    mavenCentral()
+    maven { url "https://s01.oss.sonatype.org/content/repositories/snapshots/" }
+}
diff --git a/buildSrc/src/main/groovy/io.micronaut.build.internal.security-module.gradle b/buildSrc/src/main/groovy/io.micronaut.build.internal.security-module.gradle
@@ -0,0 +1,4 @@
+plugins {
+    id "io.micronaut.build.internal.security-base"
+    id "io.micronaut.build.internal.module"
+}
diff --git a/buildSrc/src/main/groovy/io.micronaut.build.internal.security-tests.gradle b/buildSrc/src/main/groovy/io.micronaut.build.internal.security-tests.gradle
@@ -0,0 +1,3 @@
+plugins {
+    id "io.micronaut.build.internal.security-base"
+}
diff --git a/config/accepted-api-changes.json b/config/accepted-api-changes.json
@@ -0,0 +1,32 @@
+[
+  {
+    "type": "io.micronaut.security.authentication.jackson.SecurityJacksonModule",
+    "member": "Constructor io.micronaut.security.authentication.jackson.SecurityJacksonModule()",
+    "reason": "Removed deprecated constructor for Micronaut 4"
+  },
+  {
+    "type": "io.micronaut.security.endpoints.introspection.IntrospectionController",
+    "member": "Constructor io.micronaut.security.endpoints.introspection.IntrospectionController(io.micronaut.security.endpoints.introspection.IntrospectionProcessor)",
+    "reason": "Removed deprecated constructor for Micronaut 4"
+  },
+  {
+  "type": "io.micronaut.security.token.jwt.endpoints.KeysController",
+  "member": "Constructor io.micronaut.security.token.jwt.endpoints.KeysController(java.util.Collection,com.fasterxml.jackson.databind.ObjectMapper)",
+  "reason": "Removed deprecated constructor for Micronaut 4"
+  },
+  {
+    "type": "io.micronaut.security.token.jwt.signature.jwks.JwksSignature",
+    "member": "Field DEFAULT_REFRESH_JWKS_ATTEMPTS",
+    "reason": "Removed deprecated constant for Micronaut 4"
+  },
+  {
+    "type": "io.micronaut.security.token.jwt.signature.jwks.JwksSignature",
+    "member": "Constructor io.micronaut.security.token.jwt.signature.jwks.JwksSignature(java.lang.String,com.nimbusds.jose.jwk.KeyType,io.micronaut.security.token.jwt.signature.jwks.JwkValidator)",
+    "reason": "Removed deprecated constructor for Micronaut 4"
+  },
+  {
+    "type": "io.micronaut.security.token.jwt.validator.JwtClaimsValidator",
+    "member": "Field PREFIX",
+    "reason": "Removed deprecated constant for Micronaut 4"
+  }
+]
diff --git a/gradle.properties b/gradle.properties
@@ -1,20 +1,17 @@
-projectVersion=3.8.0-SNAPSHOT
+projectVersion=4.0.0-SNAPSHOT
 projectGroup=io.micronaut.security
 
 micronautDocsVersion=2.0.0
-micronautVersion=3.6.2
+micronautVersion=4.0.0-SNAPSHOT
 micronautTestVersion=3.5.0
 
-groovyVersion=3.0.10
-spockVersion=2.1-groovy-3.0
-
 title=Micronaut Security
 projectDesc=Official Security Solution for Micronaut
 projectUrl=https://micronaut.io
 githubSlug=micronaut-projects/micronaut-security
 developers=James Kleeh,Sergio del Amo
 
-githubCoreBranch=3.7.x
+githubCoreBranch=4.0.x
 
 bomProperty=micronautSecurityVersion
 

diff --git a/security-annotations/build.gradle b/security-annotations/build.gradle
@@ -1,3 +1,3 @@
 plugins {
-    id "io.micronaut.build.internal.module"
+    id "io.micronaut.build.internal.security-module"
 }
diff --git a/security-jwt/build.gradle b/security-jwt/build.gradle
@@ -1,5 +1,5 @@
 plugins {
-    id "io.micronaut.build.internal.module"
+    id "io.micronaut.build.internal.security-module"
 }
 
 dependencies {

diff --git a/...rc/main/java/io/micronaut/security/token/jwt/cookie/JwtCookieConfigurationProperties.java b/...rc/main/java/io/micronaut/security/token/jwt/cookie/JwtCookieConfigurationProperties.java
@@ -20,7 +20,6 @@
 import io.micronaut.core.annotation.NonNull;
 import io.micronaut.core.annotation.Nullable;
 import io.micronaut.core.util.StringUtils;
-import io.micronaut.http.cookie.SameSite;
 import io.micronaut.security.authentication.CookieBasedAuthenticationModeCondition;
 import io.micronaut.security.token.jwt.config.JwtConfigurationProperties;
 
@@ -44,14 +43,6 @@ public class JwtCookieConfigurationProperties extends AbstractAccessTokenCookieC
     @SuppressWarnings("WeakerAccess")
     public static final boolean DEFAULT_ENABLED = true;
 
-    /**
-     * The default http only value.
-     *
-     * @deprecated use {@link AbstractAccessTokenCookieConfigurationProperties#DEFAULT_HTTPONLY}
-     */
-    @Deprecated
-    public static final boolean DEFAULT_HTTPONLY = AbstractAccessTokenCookieConfigurationProperties.DEFAULT_HTTPONLY;
-
     /**
      * The default cookie name.
      */
@@ -64,14 +55,6 @@ public class JwtCookieConfigurationProperties extends AbstractAccessTokenCookieC
     @SuppressWarnings("WeakerAccess")
     public static final String DEFAULT_COOKIEPATH = "/";
 
-    /**
-     * The default same-site setting for the JWT cookie.
-     *
-     * @deprecated use {@link AbstractAccessTokenCookieConfigurationProperties#DEFAULT_COOKIESAMESITE}
-     */
-    @Deprecated
-    public static final SameSite DEFAULT_COOKIESAMESITE = AbstractAccessTokenCookieConfigurationProperties.DEFAULT_COOKIESAMESITE;
-
     private String cookiePath = DEFAULT_COOKIEPATH;
     private boolean enabled = DEFAULT_ENABLED;
     private String cookieName = DEFAULT_COOKIENAME;

diff --git a/...ava/io/micronaut/security/token/jwt/cookie/RefreshTokenCookieConfigurationProperties.java b/...ava/io/micronaut/security/token/jwt/cookie/RefreshTokenCookieConfigurationProperties.java
@@ -21,7 +21,6 @@
 import io.micronaut.core.annotation.NonNull;
 import io.micronaut.core.annotation.Nullable;
 import io.micronaut.core.util.StringUtils;
-import io.micronaut.http.cookie.SameSite;
 import io.micronaut.security.authentication.CookieBasedAuthenticationModeCondition;
 import io.micronaut.security.token.config.TokenConfigurationProperties;
 import io.micronaut.security.token.jwt.endpoints.OauthControllerConfigurationProperties;
@@ -46,14 +45,6 @@ public class RefreshTokenCookieConfigurationProperties extends AbstractAccessTok
     @SuppressWarnings("WeakerAccess")
     public static final boolean DEFAULT_ENABLED = true;
 
-    /**
-     * The default http only value.
-     *
-     * @deprecated use {@link AbstractAccessTokenCookieConfigurationProperties#DEFAULT_HTTPONLY}
-     */
-    @Deprecated
-    public static final boolean DEFAULT_HTTPONLY = AbstractAccessTokenCookieConfigurationProperties.DEFAULT_HTTPONLY;
-
     /**
      * The default cookie name.
      */
@@ -66,14 +57,6 @@ public class RefreshTokenCookieConfigurationProperties extends AbstractAccessTok
     @SuppressWarnings("WeakerAccess")
     public static final String DEFAULT_COOKIEPATH = OauthControllerConfigurationProperties.DEFAULT_PATH;
 
-    /**
-     * The default same-site setting for the JWT cookie.
-     *
-     * @deprecated use {@link AbstractAccessTokenCookieConfigurationProperties#DEFAULT_COOKIESAMESITE}
-     */
-    @Deprecated
-    public static final SameSite DEFAULT_COOKIESAMESITE = AbstractAccessTokenCookieConfigurationProperties.DEFAULT_COOKIESAMESITE;
-
     private String cookiePath = DEFAULT_COOKIEPATH;
     private boolean enabled = DEFAULT_ENABLED;
     private String cookieName = DEFAULT_COOKIENAME;

diff --git a/security-jwt/src/main/java/io/micronaut/security/token/jwt/endpoints/KeysController.java b/security-jwt/src/main/java/io/micronaut/security/token/jwt/endpoints/KeysController.java
@@ -15,27 +15,25 @@
  */
 package io.micronaut.security.token.jwt.endpoints;
 
-import com.fasterxml.jackson.databind.ObjectMapper;
 import com.nimbusds.jose.jwk.JWKSet;
 import io.micronaut.context.annotation.Requires;
 import io.micronaut.core.async.annotation.SingleResult;
 import io.micronaut.core.util.StringUtils;
 import io.micronaut.http.annotation.Controller;
 import io.micronaut.http.annotation.Get;
-import io.micronaut.jackson.databind.JacksonDatabindMapper;
 import io.micronaut.json.JsonMapper;
 import io.micronaut.security.annotation.Secured;
 import io.micronaut.security.rules.SecurityRule;
-import jakarta.inject.Inject;
-import java.io.IOException;
-import java.util.Collection;
-import java.util.Collections;
 import org.reactivestreams.Publisher;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import reactor.core.publisher.Flux;
 import reactor.core.publisher.Mono;
 
+import java.io.IOException;
+import java.util.Collection;
+import java.util.Collections;
+
 /**
  * Endpoint which exposes a JSON Web Key Set built with the JWK provided by {@link io.micronaut.security.token.jwt.endpoints.JwkProvider} beans.
  *
@@ -53,25 +51,12 @@ public class KeysController {
     private final Collection<JwkProvider> jwkProviders;
     private final JsonMapper jsonMapper;
 
-    /**
-     * Instantiates a {@link io.micronaut.security.token.jwt.endpoints.KeysController}.
-     * @param jwkProviders a collection of JSON Web Key providers.
-     * @param objectMapper Jackson ObjectMapper used to do serialization.
-     * @deprecated Use {@link #KeysController(Collection, JsonMapper)} instead
-     */
-    @Deprecated
-    public KeysController(Collection<JwkProvider> jwkProviders, ObjectMapper objectMapper) {
-        this.jwkProviders = jwkProviders;
-        this.jsonMapper = new JacksonDatabindMapper(objectMapper);
-    }
-
     /**
      * Instantiates a {@link io.micronaut.security.token.jwt.endpoints.KeysController}.
      * @param jwkProviders a collection of JSON Web Key providers.
      * @param jsonMapper Jackson ObjectMapper used to do serialization.
      * @since 3.3
      */
-    @Inject
     public KeysController(Collection<JwkProvider> jwkProviders, JsonMapper jsonMapper) {
         this.jwkProviders = jwkProviders;
         this.jsonMapper = jsonMapper;

diff --git a/security-jwt/src/main/java/io/micronaut/security/token/jwt/signature/jwks/JwksSignature.java b/security-jwt/src/main/java/io/micronaut/security/token/jwt/signature/jwks/JwksSignature.java
@@ -22,13 +22,14 @@
 import com.nimbusds.jose.jwk.JWKMatcher;
 import com.nimbusds.jose.jwk.JWKSelector;
 import com.nimbusds.jose.jwk.JWKSet;
-import com.nimbusds.jose.jwk.KeyType;
 import com.nimbusds.jwt.SignedJWT;
 import io.micronaut.context.annotation.EachBean;
 import io.micronaut.core.annotation.NonNull;
 import io.micronaut.core.annotation.Nullable;
 import io.micronaut.security.token.jwt.signature.SignatureConfiguration;
-import jakarta.inject.Inject;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import java.io.IOException;
 import java.net.URL;
 import java.text.ParseException;
@@ -38,8 +39,6 @@
 import java.util.List;
 import java.util.Optional;
 import java.util.stream.Collectors;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 /**
  * Signature configuration which enables verification of remote JSON Web Key Set.
@@ -52,9 +51,6 @@
 @EachBean(JwksSignatureConfiguration.class)
 public class JwksSignature implements JwksCache, SignatureConfiguration {
 
-    @Deprecated
-    public static final int DEFAULT_REFRESH_JWKS_ATTEMPTS = 1;
-
     private static final Logger LOG = LoggerFactory.getLogger(JwksSignature.class);
     private final JwkValidator jwkValidator;
     private final JwksSignatureConfiguration jwksSignatureConfiguration;
@@ -66,47 +62,12 @@ public class JwksSignature implements JwksCache, SignatureConfiguration {
      * @param jwksSignatureConfiguration JSON Web Key Set configuration.
      * @param jwkValidator JWK Validator to be used.
      */
-    @Inject
     public JwksSignature(JwksSignatureConfiguration jwksSignatureConfiguration,
                          JwkValidator jwkValidator) {
         this.jwksSignatureConfiguration = jwksSignatureConfiguration;
         this.jwkValidator = jwkValidator;
     }
 
-    /**
-     * @param url The JWK url
-     * @param keyType The JWK key type
-     * @param jwkValidator JWK Validator to be used.
-     * @deprecated Use {@link #JwksSignature(JwksSignatureConfiguration, JwkValidator)} instead.
-     */
-    @Deprecated
-    public JwksSignature(String url,
-                         @Nullable KeyType keyType,
-                         JwkValidator jwkValidator) {
-        if (LOG.isDebugEnabled()) {
-            LOG.debug("JWT validation URL: {}", url);
-        }
-        this.jwksSignatureConfiguration = new JwksSignatureConfiguration() {
-            @Override
-            @NonNull
-            public String getUrl() {
-                return url;
-            }
-
-            @Override
-            public KeyType getKeyType() {
-                return keyType;
-            }
-
-            @Override
-            @NonNull
-            public Integer getCacheExpiration() {
-                return JwksSignatureConfigurationProperties.DEFAULT_CACHE_EXPIRATION;
-            }
-        };
-        this.jwkValidator = jwkValidator;
-    }
-
     private Optional<JWKSet> computeJWKSet() {
         JWKSet jwkSetVariable = this.jwkSet;
         if (jwkSetVariable == null) {
@@ -222,21 +183,6 @@ protected JWKSet loadJwkSet(String url) {
         return null;
     }
 
-    /**
-     * Calculates a list of JWK matches for a JWT.
-     *
-     *
-     * @param jwt A Signed JWT
-     * @param jwkSet A JSON Web Key Set
-     * @param refreshKeysAttempts Number of times to attempt refreshing the JWK Set
-     * @deprecated Use {@link JwksSignature#matches(SignedJWT, JWKSet)} instead
-     * @return a List of JSON Web Keys
-     */
-    @Deprecated
-    protected List<JWK> matches(SignedJWT jwt, @Nullable JWKSet jwkSet, int refreshKeysAttempts) {
-        return matches(jwt, jwkSet);
-    }
-
     /**
      * Calculates a list of JWK matches for a JWT.
      *
@@ -280,49 +226,4 @@ protected List<JWK> matches(SignedJWT jwt, @Nullable JWKSet jwkSet) {
     protected boolean verify(List<JWK> matches, SignedJWT jwt) {
         return matches.stream().anyMatch(jwk -> jwkValidator.validate(jwt, jwk));
     }
-
-    /**
-     * Returns the number of attempts to refresh the cached JWKS.
-     * @return Number of attempts to refresh the cached JWKS.
-     */
-    @Deprecated
-    public int getRefreshJwksAttempts() {
-        return DEFAULT_REFRESH_JWKS_ATTEMPTS;
-    }
-
-    /**
-     *
-     * @return A JSON Web Key Validator.
-     */
-    @Deprecated
-    public JwkValidator getJwkValidator() {
-        return jwkValidator;
-    }
-
-    /**
-     *
-     * @return a JSON Web Key Set.
-     */
-    @Deprecated
-    public JWKSet getJwkSet() {
-        return jwkSet;
-    }
-
-    /**
-     *
-     * @return the Key Type.
-     */
-    @Deprecated
-    public KeyType getKeyType() {
-        return jwksSignatureConfiguration.getKeyType();
-    }
-
-    /**
-     *
-     * @return The JSON Web Key Set (JWKS) URL.
-     */
-    @Deprecated
-    public String getUrl() {
-        return jwksSignatureConfiguration.getUrl();
-    }
 }
diff --git a/security-jwt/src/main/java/io/micronaut/security/token/jwt/validator/JwtClaimsValidator.java b/security-jwt/src/main/java/io/micronaut/security/token/jwt/validator/JwtClaimsValidator.java
@@ -28,12 +28,6 @@
  */
 public interface JwtClaimsValidator {
 
-    /**
-     * @deprecated use {@link JwtClaimsValidatorConfigurationProperties#PREFIX} instead.
-     */
-    @Deprecated
-    String PREFIX = JwtClaimsValidatorConfigurationProperties.PREFIX;
-
     /**
      * @param claims JWT Claims
      * @param request HTTP request