This is an automated email from the ASF dual-hosted git repository.
lprimak pushed a commit to branch 3.x
in repository https://gitbox.apache.org/repos/asf/shiro.git
The following commit(s) were added to refs/heads/3.x by this push:
new e73cfc6e1 - updated dependencies - compilation and test cleanup
e73cfc6e1 is described below
commit e73cfc6e184d3c440ddd4e7ed67994b282507537
Author: lprimak <[email protected]>
AuthorDate: Mon Jan 19 15:47:43 2026 -0600
- updated dependencies
- compilation and test cleanup
---
integration-tests/guice3/pom.xml | 4 +-
integration-tests/guice4/pom.xml | 2 +-
integration-tests/jakarta-ee/pom.xml | 16 +--
integration-tests/jaxrs/app/pom.xml | 12 +-
integration-tests/jaxrs/tests/pom.xml | 8 +-
integration-tests/meecrowave-support/pom.xml | 8 +-
integration-tests/pom.xml | 2 +-
integration-tests/support/pom.xml | 12 +-
lang/pom.xml | 2 +-
pom.xml | 44 ++++---
samples/guice/pom.xml | 2 +-
samples/servlet-plugin/pom.xml | 2 +-
samples/spring-boot-3-web/pom.xml | 10 +-
samples/spring-boot-web/pom.xml | 6 +-
samples/spring-hibernate/pom.xml | 6 +-
samples/spring-mvc/pom.xml | 4 +-
samples/spring/pom.xml | 2 +-
samples/web-jakarta/pom.xml | 20 +--
samples/web/pom.xml | 2 +-
support/cdi/pom.xml | 9 +-
support/features/pom.xml | 2 +-
support/guice/pom.xml | 13 +-
support/jakarta-ee/pom.xml | 2 +-
.../org/apache/shiro/ee/cdi/ShiroScopeContext.java | 4 +-
.../shiro/ee/filters/FormResubmitSupport.java | 4 +-
support/jaxrs/pom.xml | 4 +-
support/spring-boot/pom.xml | 2 +-
support/spring-boot/spring-boot-starter/pom.xml | 6 +-
.../spring-boot/spring-boot-web-starter/pom.xml | 6 +-
support/spring/pom.xml | 2 +-
.../remoting/SecureRemoteInvocationExecutor.java | 124 ------------------
.../remoting/SecureRemoteInvocationFactory.java | 144 ---------------------
.../SecureRemoteInvocationFactoryTest.java | 119 -----------------
web/pom.xml | 4 +-
.../java/org/apache/shiro/web/util/CorsUtils.java | 2 +-
.../org/apache/shiro/web/util/CorsUtilsTest.java | 2 +-
36 files changed, 117 insertions(+), 496 deletions(-)
diff --git a/integration-tests/guice3/pom.xml b/integration-tests/guice3/pom.xml
index 24002730b..075e1d59a 100644
--- a/integration-tests/guice3/pom.xml
+++ b/integration-tests/guice3/pom.xml
@@ -32,7 +32,7 @@
<packaging>war</packaging>
<properties>
- <guice.version>3.0</guice.version>
+ <guice.version>4.2.3</guice.version>
</properties>
<build>
@@ -59,7 +59,7 @@
<groupId>jakarta.servlet</groupId>
<artifactId>jakarta.servlet-api</artifactId>
<scope>provided</scope>
- <version>5.0.0</version>
+ <version>6.1.0</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
diff --git a/integration-tests/guice4/pom.xml b/integration-tests/guice4/pom.xml
index b853ae6b0..8eacc33de 100644
--- a/integration-tests/guice4/pom.xml
+++ b/integration-tests/guice4/pom.xml
@@ -68,7 +68,7 @@
<groupId>jakarta.servlet</groupId>
<artifactId>jakarta.servlet-api</artifactId>
<scope>provided</scope>
- <version>5.0.0</version>
+ <version>6.1.0</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
diff --git a/integration-tests/jakarta-ee/pom.xml
b/integration-tests/jakarta-ee/pom.xml
index d036c911a..7c4da47f3 100644
--- a/integration-tests/jakarta-ee/pom.xml
+++ b/integration-tests/jakarta-ee/pom.xml
@@ -38,8 +38,8 @@
<maven.compiler.source>${maven.compiler.release}</maven.compiler.source>
<maven.compiler.target>${maven.compiler.release}</maven.compiler.target>
<arquillian.core.version>1.10.0.Final</arquillian.core.version>
- <arquillian.payara5.version>2.5</arquillian.payara5.version>
-
<arquillian.graphene.version>3.0.0-alpha.4</arquillian.graphene.version>
+ <arquillian.payara5.version>3.1</arquillian.payara5.version>
+
<arquillian.graphene.version>3.0.0-20250814</arquillian.graphene.version>
<shrinkwrap.resolver.version>3.3.4</shrinkwrap.resolver.version>
<drone.browser>firefox</drone.browser>
@@ -77,19 +77,19 @@
<dependency>
<groupId>jakarta.platform</groupId>
<artifactId>jakarta.jakartaee-api</artifactId>
- <version>10.0.0</version>
+ <version>11.0.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>jakarta.activation</groupId>
<artifactId>jakarta.activation-api</artifactId>
- <version>2.1.3</version>
+ <version>2.1.4</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>jakarta.xml.bind</groupId>
<artifactId>jakarta.xml.bind-api</artifactId>
- <version>4.0.2</version>
+ <version>4.0.4</version>
<scope>provided</scope>
</dependency>
@@ -146,12 +146,12 @@
<dependency>
<groupId>com.flowlogix</groupId>
<artifactId>flowlogix-jee</artifactId>
- <version>5.5.6</version>
+ <version>11.1</version>
</dependency>
<dependency>
<groupId>jakarta.ws.rs</groupId>
<artifactId>jakarta.ws.rs-api</artifactId>
- <version>3.1.0</version>
+ <version>4.0.0</version>
</dependency>
<!-- Arquillian test dependencies -->
@@ -222,7 +222,7 @@
<dependency>
<groupId>com.google.inject</groupId>
<artifactId>guice</artifactId>
- <version>6.0.0</version>
+ <version>7.0.0</version>
<scope>test</scope>
</dependency>
<dependency>
diff --git a/integration-tests/jaxrs/app/pom.xml
b/integration-tests/jaxrs/app/pom.xml
index 7183d9622..62a882ef1 100644
--- a/integration-tests/jaxrs/app/pom.xml
+++ b/integration-tests/jaxrs/app/pom.xml
@@ -36,7 +36,7 @@
<properties>
<failOnMissingWebXml>false</failOnMissingWebXml>
- <jaxrs.api.version>3.1.0</jaxrs.api.version>
+ <jaxrs.api.version>4.0.0</jaxrs.api.version>
</properties>
@@ -74,19 +74,19 @@
<dependency>
<groupId>jakarta.servlet</groupId>
<artifactId>jakarta.servlet-api</artifactId>
- <version>6.0.0</version>
+ <version>6.1.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>jakarta.enterprise</groupId>
<artifactId>jakarta.enterprise.cdi-api</artifactId>
- <version>4.0.1</version>
+ <version>4.1.0</version>
<scope>provided</scope>
</dependency>
<dependency>
- <groupId>javax.json.bind</groupId>
- <artifactId>javax.json.bind-api</artifactId>
- <version>1.0</version>
+ <groupId>jakarta.json.bind</groupId>
+ <artifactId>jakarta.json.bind-api</artifactId>
+ <version>3.0.1</version>
<scope>provided</scope>
</dependency>
</dependencies>
diff --git a/integration-tests/jaxrs/tests/pom.xml
b/integration-tests/jaxrs/tests/pom.xml
index 8b62a7998..15fc90a70 100644
--- a/integration-tests/jaxrs/tests/pom.xml
+++ b/integration-tests/jaxrs/tests/pom.xml
@@ -34,7 +34,7 @@
<properties>
<module.name>its.jaxrs.tests</module.name>
- <jaxrs.api.version>3.0.0</jaxrs.api.version>
+ <jaxrs.api.version>4.0.0</jaxrs.api.version>
<johnzon.version>2.0.2</johnzon.version>
</properties>
@@ -67,19 +67,19 @@
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-rs-client</artifactId>
- <version>3.6.7</version>
+ <version>4.1.4</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>jakarta.xml.bind</groupId>
<artifactId>jakarta.xml.bind-api</artifactId>
- <version>4.0.2</version>
+ <version>4.0.4</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.glassfish.jaxb</groupId>
<artifactId>jaxb-runtime</artifactId>
- <version>3.0.2</version>
+ <version>4.0.6</version>
<scope>runtime</scope>
</dependency>
<dependency>
diff --git a/integration-tests/meecrowave-support/pom.xml
b/integration-tests/meecrowave-support/pom.xml
index 7c0392a6e..7ecd7b7a0 100644
--- a/integration-tests/meecrowave-support/pom.xml
+++ b/integration-tests/meecrowave-support/pom.xml
@@ -78,24 +78,24 @@
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-bom</artifactId>
- <version>3.6.7</version>
+ <version>4.1.4</version>
<scope>import</scope>
<type>pom</type>
</dependency>
<dependency>
<groupId>org.apache.johnzon</groupId>
<artifactId>johnzon-jsonb</artifactId>
- <version>1.2.21</version>
+ <version>2.0.2</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-jaspic-api</artifactId>
- <version>9.0.112</version>
+ <version>11.0.15</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-catalina</artifactId>
- <version>9.0.112</version>
+ <version>11.0.15</version>
</dependency>
</dependencies>
</dependencyManagement>
diff --git a/integration-tests/pom.xml b/integration-tests/pom.xml
index 7753db32a..7e11302ad 100644
--- a/integration-tests/pom.xml
+++ b/integration-tests/pom.xml
@@ -36,7 +36,7 @@
<properties>
<japicmp.skip>true</japicmp.skip>
- <dependency.meecrowave.version>1.2.15</dependency.meecrowave.version>
+ <dependency.meecrowave.version>2.0.0</dependency.meecrowave.version>
<maven.deploy.skip>true</maven.deploy.skip>
<nexus.deploy.skip>true</nexus.deploy.skip>
</properties>
diff --git a/integration-tests/support/pom.xml
b/integration-tests/support/pom.xml
index e6280dd46..b9c44edd3 100644
--- a/integration-tests/support/pom.xml
+++ b/integration-tests/support/pom.xml
@@ -48,7 +48,7 @@
<groupId>jakarta.servlet</groupId>
<artifactId>jakarta.servlet-api</artifactId>
<scope>provided</scope>
- <version>5.0.0</version>
+ <version>6.1.0</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
@@ -84,19 +84,19 @@
<version>${jetty.version}</version>
</dependency>
<dependency>
- <groupId>org.eclipse.jetty.ee9</groupId>
- <artifactId>jetty-ee9-webapp</artifactId>
+ <groupId>org.eclipse.jetty.ee11</groupId>
+ <artifactId>jetty-ee11-webapp</artifactId>
<version>${jetty.version}</version>
</dependency>
<dependency>
- <groupId>org.eclipse.jetty.ee9</groupId>
- <artifactId>jetty-ee9-apache-jsp</artifactId>
+ <groupId>org.eclipse.jetty.ee11</groupId>
+ <artifactId>jetty-ee11-apache-jsp</artifactId>
<version>${jetty.version}</version>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>apache-jstl</artifactId>
- <version>${jetty.version}</version>
+ <version>10.0.26</version>
<type>pom</type>
</dependency>
<dependency>
diff --git a/lang/pom.xml b/lang/pom.xml
index 0393fe2f2..55939b582 100644
--- a/lang/pom.xml
+++ b/lang/pom.xml
@@ -60,7 +60,7 @@
<groupId>jakarta.servlet.jsp</groupId>
<artifactId>jakarta.servlet.jsp-api</artifactId>
<optional>true</optional>
- <version>3.0.0</version>
+ <version>4.0.0</version>
</dependency>
</dependencies>
diff --git a/pom.xml b/pom.xml
index 3a6cc0e29..d30c75501 100644
--- a/pom.xml
+++ b/pom.xml
@@ -25,7 +25,7 @@
<parent>
<groupId>org.apache</groupId>
<artifactId>apache</artifactId>
- <version>35</version>
+ <version>37</version>
</parent>
<groupId>org.apache.shiro</groupId>
@@ -88,11 +88,11 @@
<!-- Compile 3rd party dependencies: -->
<!-- Don't change this version without also changing the shiro-aspect
and shiro-features
modules' OSGi metadata: -->
- <aspectj.version>1.9.20.1</aspectj.version>
+ <aspectj.version>1.9.25.1</aspectj.version>
<commons.beanutils.version>1.11.0</commons.beanutils.version>
- <commons.cli.version>1.9.0</commons.cli.version>
+ <commons.cli.version>1.11.0</commons.cli.version>
<commons.collection.version>3.2.2</commons.collection.version>
- <commons.configuration2.version>2.12.0</commons.configuration2.version>
+ <commons.configuration2.version>2.13.0</commons.configuration2.version>
<commons.lang3.version>3.20.0</commons.lang3.version>
<commons.logging.version>1.3.5</commons.logging.version>
<commons.text.version>1.8</commons.text.version>
@@ -100,12 +100,12 @@
modules' OSGi metadata: -->
<ehcache.version>2.6.11</ehcache.version>
<!-- Don't change this version without also changing the
shiro-hazelcast and shiro-features OSGi metadata: -->
- <hazelcast.version>5.3.8</hazelcast.version>
+ <hazelcast.version>5.6.0</hazelcast.version>
<hsqldb.version>2.7.4</hsqldb.version>
<jakarta.annotation.api.version>3.0.0</jakarta.annotation.api.version>
<jcache.api.version>1.1.1</jcache.api.version>
- <jdk.version>11</jdk.version>
- <jetty.version>9.4.58.v20250814</jetty.version>
+ <jdk.version>17</jdk.version>
+ <jetty.version>12.1.5</jetty.version>
<owasp.java.encoder.version>1.4.0</owasp.java.encoder.version>
<!-- Don't change this version without also changing the shiro-quartz
and shiro-features
modules' OSGi metadata: -->
@@ -113,24 +113,23 @@
<quartz.docs.version>2.3.0</quartz.docs.version>
<slf4j.version>2.0.17</slf4j.version>
<log4j.version>2.25.3</log4j.version>
- <spring.version>5.3.39</spring.version>
- <spring-boot.version>2.7.18</spring-boot.version>
- <guice.version>4.2.3</guice.version>
- <jaxrs.api.version>3.1.0</jaxrs.api.version>
+ <spring.version>7.0.3</spring.version>
+ <spring-boot.version>4.0.1</spring-boot.version>
+ <guice.version>7.0.0</guice.version>
+ <jaxrs.api.version>4.0.0</jaxrs.api.version>
<htmlunit.version>4.17.0</htmlunit.version>
- <jaxrs.api.version>2.1.6</jaxrs.api.version>
<htmlunit.version>4.21.0</htmlunit.version>
- <bouncycastle.version>1.82</bouncycastle.version>
+ <bouncycastle.version>1.83</bouncycastle.version>
<!-- Test 3rd-party dependencies: -->
<easymock.version>5.6.0</easymock.version>
<mockito.version>5.21.0</mockito.version>
- <bytebuddy.version>1.18.3</bytebuddy.version>
+ <bytebuddy.version>1.18.4</bytebuddy.version>
<gmaven.version>4.2.1</gmaven.version>
- <groovy.version>4.0.27</groovy.version>
- <junit.version>5.13.4</junit.version>
+ <groovy.version>5.0.3</groovy.version>
+ <junit.version>6.0.2</junit.version>
<junit.server.jetty.version>3.4.0</junit.server.jetty.version>
- <hibernate.version>5.6.15.Final</hibernate.version>
+ <hibernate.version>7.2.1.Final</hibernate.version>
<taglibs.standard.version>1.2.5</taglibs.standard.version>
<jakarta.annotations.version>2.1.1</jakarta.annotations.version>
<lombok.version>1.18.42</lombok.version>
@@ -375,6 +374,9 @@
<groupId>org.codehaus.gmavenplus</groupId>
<artifactId>gmavenplus-plugin</artifactId>
<version>${gmaven.version}</version>
+ <configuration>
+ <targetBytecode>${jdk.version}</targetBytecode>
+ </configuration>
<dependencies>
<dependency>
<groupId>org.apache.groovy</groupId>
@@ -1138,12 +1140,12 @@
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-core</artifactId>
- <version>1.5.24</version>
+ <version>1.5.25</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
- <version>1.5.24</version>
+ <version>1.5.25</version>
</dependency>
<dependency>
@@ -1200,7 +1202,7 @@
<dependency>
<groupId>jakarta.servlet.jsp</groupId>
<artifactId>jakarta.servlet.jsp-api</artifactId>
- <version>3.0.0</version>
+ <version>4.0.0</version>
<scope>provided</scope>
</dependency>
<dependency>
@@ -1218,7 +1220,7 @@
<dependency>
<groupId>jakarta.servlet</groupId>
<artifactId>jakarta.servlet-api</artifactId>
- <version>5.0.0</version>
+ <version>6.1.0</version>
<scope>provided</scope>
</dependency>
<dependency>
diff --git a/samples/guice/pom.xml b/samples/guice/pom.xml
index 361a79b3b..c912671df 100644
--- a/samples/guice/pom.xml
+++ b/samples/guice/pom.xml
@@ -54,7 +54,7 @@
<groupId>jakarta.servlet</groupId>
<artifactId>jakarta.servlet-api</artifactId>
<scope>provided</scope>
- <version>5.0.0</version>
+ <version>6.1.0</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
diff --git a/samples/servlet-plugin/pom.xml b/samples/servlet-plugin/pom.xml
index 1c63f6fb4..0f6028b94 100644
--- a/samples/servlet-plugin/pom.xml
+++ b/samples/servlet-plugin/pom.xml
@@ -99,7 +99,7 @@
<groupId>jakarta.servlet</groupId>
<artifactId>jakarta.servlet-api</artifactId>
<scope>provided</scope>
- <version>5.0.0</version>
+ <version>6.1.0</version>
</dependency>
<dependency>
<!-- Required for any libraries that expect to call the commons
logging APIs -->
diff --git a/samples/spring-boot-3-web/pom.xml
b/samples/spring-boot-3-web/pom.xml
index dcc11ea85..69d640939 100644
--- a/samples/spring-boot-3-web/pom.xml
+++ b/samples/spring-boot-3-web/pom.xml
@@ -35,9 +35,9 @@
<properties>
<module.name>samples.spring.boot3.web</module.name>
- <spring-boot3.version>3.5.0</spring-boot3.version>
+ <spring-boot3.version>4.0.1</spring-boot3.version>
<!-- below versions are not necessary in "real" applications -->
- <spring.version>6.2.8</spring.version>
+ <spring.version>7.0.3</spring.version>
</properties>
<dependencies>
@@ -130,17 +130,17 @@
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
- <version>10.1.49</version>
+ <version>11.0.15</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-el</artifactId>
- <version>10.1.49</version>
+ <version>11.0.15</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-websocket</artifactId>
- <version>10.1.49</version>
+ <version>11.0.15</version>
</dependency>
</dependencies>
</dependencyManagement>
diff --git a/samples/spring-boot-web/pom.xml b/samples/spring-boot-web/pom.xml
index 7ec970aeb..7bb377100 100644
--- a/samples/spring-boot-web/pom.xml
+++ b/samples/spring-boot-web/pom.xml
@@ -100,17 +100,17 @@
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
- <version>9.0.112</version>
+ <version>11.0.15</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-el</artifactId>
- <version>9.0.112</version>
+ <version>11.0.15</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-websocket</artifactId>
- <version>9.0.112</version>
+ <version>11.0.15</version>
</dependency>
</dependencies>
</dependencyManagement>
diff --git a/samples/spring-hibernate/pom.xml b/samples/spring-hibernate/pom.xml
index 162eb4a91..0af213a0e 100644
--- a/samples/spring-hibernate/pom.xml
+++ b/samples/spring-hibernate/pom.xml
@@ -64,7 +64,7 @@
<groupId>jakarta.servlet</groupId>
<artifactId>jakarta.servlet-api</artifactId>
<scope>provided</scope>
- <version>5.0.0</version>
+ <version>6.1.0</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
@@ -115,8 +115,8 @@
<scope>test</scope>
</dependency>
<dependency>
- <groupId>org.eclipse.jetty.ee9</groupId>
- <artifactId>jetty-ee9-apache-jsp</artifactId>
+ <groupId>org.eclipse.jetty.ee11</groupId>
+ <artifactId>jetty-ee11-apache-jsp</artifactId>
<version>${jetty.version}</version>
<scope>test</scope>
</dependency>
diff --git a/samples/spring-mvc/pom.xml b/samples/spring-mvc/pom.xml
index 3969d59ba..7f9af5f7b 100644
--- a/samples/spring-mvc/pom.xml
+++ b/samples/spring-mvc/pom.xml
@@ -67,7 +67,7 @@
<dependency>
<groupId>jakarta.annotation</groupId>
<artifactId>jakarta.annotation-api</artifactId>
- <version>2.1.1</version>
+ <version>3.0.0</version>
</dependency>
<dependency>
<groupId>net.sf.ehcache</groupId>
@@ -86,7 +86,7 @@
<groupId>jakarta.servlet</groupId>
<artifactId>jakarta.servlet-api</artifactId>
<scope>provided</scope>
- <version>6.0.0</version>
+ <version>6.1.0</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
diff --git a/samples/spring/pom.xml b/samples/spring/pom.xml
index bd7dab2fb..6e9c2a6a2 100644
--- a/samples/spring/pom.xml
+++ b/samples/spring/pom.xml
@@ -49,7 +49,7 @@
<dependency>
<groupId>jakarta.annotation</groupId>
<artifactId>jakarta.annotation-api</artifactId>
- <version>2.1.1</version>
+ <version>3.0.0</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
diff --git a/samples/web-jakarta/pom.xml b/samples/web-jakarta/pom.xml
index 9c9eae517..266ed9595 100644
--- a/samples/web-jakarta/pom.xml
+++ b/samples/web-jakarta/pom.xml
@@ -32,8 +32,8 @@
<packaging>war</packaging>
<properties>
- <meecrowave.version>1.2.15</meecrowave.version>
- <tomcat.version>10.1.49</tomcat.version>
+ <meecrowave.version>2.0.0</meecrowave.version>
+ <tomcat.version>11.0.15</tomcat.version>
<jacoco.skip>true</jacoco.skip>
</properties>
@@ -49,39 +49,39 @@
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-bom</artifactId>
- <version>3.6.7</version>
+ <version>4.1.4</version>
<scope>import</scope>
<type>pom</type>
</dependency>
<dependency>
<groupId>org.apache.johnzon</groupId>
<artifactId>johnzon-jsonb</artifactId>
- <version>1.2.21</version>
+ <version>2.0.2</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
- <version>9.0.112</version>
+ <version>11.0.15</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-el</artifactId>
- <version>9.0.112</version>
+ <version>11.0.15</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-jaspic-api</artifactId>
- <version>9.0.112</version>
+ <version>11.0.15</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-websocket</artifactId>
- <version>9.0.112</version>
+ <version>11.0.15</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-catalina</artifactId>
- <version>9.0.112</version>
+ <version>11.0.15</version>
</dependency>
</dependencies>
</dependencyManagement>
@@ -121,7 +121,7 @@
<dependency>
<groupId>jakarta.servlet.jsp</groupId>
<artifactId>jakarta.servlet.jsp-api</artifactId>
- <version>3.1.1</version>
+ <version>4.0.0</version>
<scope>test</scope>
</dependency>
<dependency>
diff --git a/samples/web/pom.xml b/samples/web/pom.xml
index 2044e4ac8..14873ba96 100644
--- a/samples/web/pom.xml
+++ b/samples/web/pom.xml
@@ -76,7 +76,7 @@
<groupId>jakarta.servlet</groupId>
<artifactId>jakarta.servlet-api</artifactId>
<scope>provided</scope>
- <version>5.0.0</version>
+ <version>6.1.0</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
diff --git a/support/cdi/pom.xml b/support/cdi/pom.xml
index 40b8199df..c8ad13003 100644
--- a/support/cdi/pom.xml
+++ b/support/cdi/pom.xml
@@ -38,10 +38,15 @@
<dependency>
<groupId>jakarta.enterprise</groupId>
<artifactId>jakarta.enterprise.cdi-api</artifactId>
- <version>4.0.1</version>
+ <version>4.1.0</version>
<scope>provided</scope>
<optional>true</optional>
</dependency>
+ <dependency>
+ <groupId>jakarta.ejb</groupId>
+ <artifactId>jakarta.ejb-api</artifactId>
+ <version>4.0.1</version>
+ </dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
@@ -59,7 +64,7 @@
<dependency>
<groupId>jakarta.validation</groupId>
<artifactId>jakarta.validation-api</artifactId>
- <version>3.0.2</version>
+ <version>3.1.1</version>
<scope>test</scope>
</dependency>
<dependency>
diff --git a/support/features/pom.xml b/support/features/pom.xml
index 083f47b95..4d3dac8e0 100644
--- a/support/features/pom.xml
+++ b/support/features/pom.xml
@@ -40,7 +40,7 @@
<!-- Not a Shiro dependency - used for quartz bundle resolution only
(see features.xml): -->
<commons.collections.version>3.2.2</commons.collections.version>
<!-- karaf plugin version -->
- <karaf.version>4.4.7</karaf.version>
+ <karaf.version>4.4.9</karaf.version>
</properties>
<dependencies>
diff --git a/support/guice/pom.xml b/support/guice/pom.xml
index 4de4586bf..0217083de 100644
--- a/support/guice/pom.xml
+++ b/support/guice/pom.xml
@@ -50,15 +50,16 @@
<dependency>
<groupId>jakarta.annotation</groupId>
<artifactId>jakarta.annotation-api</artifactId>
- <version>2.1.1</version>
+ <version>3.0.0</version>
</dependency>
<dependency>
- <groupId>com.google.inject</groupId>
- <artifactId>guice</artifactId>
+ <groupId>jakarta.inject</groupId>
+ <artifactId>jakarta.inject-api</artifactId>
+ <version>2.0.1</version>
</dependency>
<dependency>
- <groupId>com.google.inject.extensions</groupId>
- <artifactId>guice-multibindings</artifactId>
+ <groupId>com.google.inject</groupId>
+ <artifactId>guice</artifactId>
</dependency>
<dependency>
<groupId>com.google.inject.extensions</groupId>
@@ -73,7 +74,7 @@
<groupId>jakarta.servlet</groupId>
<artifactId>jakarta.servlet-api</artifactId>
<scope>provided</scope>
- <version>6.0.0</version>
+ <version>6.1.0</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
diff --git a/support/jakarta-ee/pom.xml b/support/jakarta-ee/pom.xml
index 4ca71f294..ca9a7b154 100644
--- a/support/jakarta-ee/pom.xml
+++ b/support/jakarta-ee/pom.xml
@@ -40,7 +40,7 @@
<dependency>
<groupId>jakarta.platform</groupId>
<artifactId>jakarta.jakartaee-api</artifactId>
- <version>10.0.0</version>
+ <version>11.0.0</version>
<scope>provided</scope>
<optional>true</optional>
</dependency>
diff --git
a/support/jakarta-ee/src/main/java/org/apache/shiro/ee/cdi/ShiroScopeContext.java
b/support/jakarta-ee/src/main/java/org/apache/shiro/ee/cdi/ShiroScopeContext.java
index ef9236b25..540cf64fb 100644
---
a/support/jakarta-ee/src/main/java/org/apache/shiro/ee/cdi/ShiroScopeContext.java
+++
b/support/jakarta-ee/src/main/java/org/apache/shiro/ee/cdi/ShiroScopeContext.java
@@ -62,10 +62,10 @@ public class ShiroScopeContext implements Context,
Serializable {
} else {
synchronized (contextual) {
if (isViewScoped) {
- return
Beans.getReference(ViewScopeManager.class).createBean(contextual,
creationalContext);
+ return
Beans.getReference(ViewScopeManager.class).getBean(contextual,
creationalContext);
} else {
return
getBeanStorage(SecurityUtils.getSubject().getSession())
- .createBean(contextual, creationalContext);
+ .getBean(contextual, creationalContext);
}
}
}
diff --git
a/support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/FormResubmitSupport.java
b/support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/FormResubmitSupport.java
index 1ca95f1a5..c5ac9e1bc 100644
---
a/support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/FormResubmitSupport.java
+++
b/support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/FormResubmitSupport.java
@@ -13,6 +13,8 @@
*/
package org.apache.shiro.ee.filters;
+import static
jakarta.faces.application.StateManager.STATE_SAVING_METHOD_CLIENT;
+import static
jakarta.faces.application.StateManager.STATE_SAVING_METHOD_PARAM_NAME;
import static org.apache.shiro.SecurityUtils.getSecurityManager;
import static org.apache.shiro.SecurityUtils.isSecurityManagerTypeOf;
import static org.apache.shiro.SecurityUtils.unwrapSecurityManager;
@@ -52,8 +54,6 @@ import java.util.UUID;
import static java.util.function.Predicate.not;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
-import static
jakarta.faces.view.StateManagementStrategy.STATE_SAVING_METHOD_CLIENT;
-import static
jakarta.faces.view.StateManagementStrategy.STATE_SAVING_METHOD_PARAM_NAME;
import jakarta.servlet.ServletContext;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.http.Cookie;
diff --git a/support/jaxrs/pom.xml b/support/jaxrs/pom.xml
index 24755a415..0acf9a49a 100644
--- a/support/jaxrs/pom.xml
+++ b/support/jaxrs/pom.xml
@@ -63,7 +63,7 @@
<dependency>
<groupId>jakarta.xml.bind</groupId>
<artifactId>jakarta.xml.bind-api</artifactId>
- <version>4.0.2</version>
+ <version>4.0.4</version>
<scope>test</scope>
</dependency>
<dependency>
@@ -74,7 +74,7 @@
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxrs</artifactId>
- <version>3.6.7</version>
+ <version>4.1.4</version>
<scope>test</scope>
<exclusions>
<exclusion>
diff --git a/support/spring-boot/pom.xml b/support/spring-boot/pom.xml
index 0a4619e0e..e7e8c8060 100644
--- a/support/spring-boot/pom.xml
+++ b/support/spring-boot/pom.xml
@@ -37,7 +37,7 @@
</modules>
<properties>
- <junit.engine.version>1.13.4</junit.engine.version>
+ <junit.engine.version>6.0.2</junit.engine.version>
</properties>
<dependencies>
diff --git a/support/spring-boot/spring-boot-starter/pom.xml
b/support/spring-boot/spring-boot-starter/pom.xml
index 35216cabf..118044fd9 100644
--- a/support/spring-boot/spring-boot-starter/pom.xml
+++ b/support/spring-boot/spring-boot-starter/pom.xml
@@ -109,17 +109,17 @@
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
- <version>9.0.112</version>
+ <version>11.0.15</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-el</artifactId>
- <version>9.0.112</version>
+ <version>11.0.15</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-websocket</artifactId>
- <version>9.0.112</version>
+ <version>11.0.15</version>
</dependency>
</dependencies>
</dependencyManagement>
diff --git a/support/spring-boot/spring-boot-web-starter/pom.xml
b/support/spring-boot/spring-boot-web-starter/pom.xml
index 2afa36924..232a44d52 100644
--- a/support/spring-boot/spring-boot-web-starter/pom.xml
+++ b/support/spring-boot/spring-boot-web-starter/pom.xml
@@ -86,17 +86,17 @@
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
- <version>9.0.112</version>
+ <version>11.0.15</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-el</artifactId>
- <version>9.0.112</version>
+ <version>11.0.15</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-websocket</artifactId>
- <version>9.0.112</version>
+ <version>11.0.15</version>
</dependency>
</dependencies>
</dependencyManagement>
diff --git a/support/spring/pom.xml b/support/spring/pom.xml
index cbe77f603..4d82151a1 100644
--- a/support/spring/pom.xml
+++ b/support/spring/pom.xml
@@ -48,7 +48,7 @@
<groupId>jakarta.servlet</groupId>
<artifactId>jakarta.servlet-api</artifactId>
<scope>provided</scope>
- <version>6.0.0</version>
+ <version>6.1.0</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
diff --git
a/support/spring/src/main/java/org/apache/shiro/spring/remoting/SecureRemoteInvocationExecutor.java
b/support/spring/src/main/java/org/apache/shiro/spring/remoting/SecureRemoteInvocationExecutor.java
deleted file mode 100644
index 9d77fb255..000000000
---
a/support/spring/src/main/java/org/apache/shiro/spring/remoting/SecureRemoteInvocationExecutor.java
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.shiro.spring.remoting;
-
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.mgt.SecurityManager;
-import org.apache.shiro.subject.ExecutionException;
-import org.apache.shiro.subject.Subject;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.remoting.support.DefaultRemoteInvocationExecutor;
-import org.springframework.remoting.support.RemoteInvocation;
-
-import java.io.Serializable;
-import java.lang.reflect.InvocationTargetException;
-import java.util.concurrent.Callable;
-
-
-/**
- * An implementation of the Spring {@link
org.springframework.remoting.support.RemoteInvocationExecutor}
- * that binds a {@code sessionId} to the incoming thread to make it available
to the {@code SecurityManager}
- * implementation during the thread execution. The {@code SecurityManager}
implementation can use this sessionId
- * to reconstitute the {@code Subject} instance based on persistent state in
the corresponding {@code Session}.
- *
- * @since 0.1
- */
-public class SecureRemoteInvocationExecutor extends
DefaultRemoteInvocationExecutor {
-
- //TODO - complete JavaDoc
-
- /*--------------------------------------------
- | C O N S T A N T S |
- ============================================*/
-
- /*--------------------------------------------
- | I N S T A N C E V A R I A B L E S |
- ============================================*/
- private static final Logger LOGGER =
LoggerFactory.getLogger(SecureRemoteInvocationExecutor.class);
-
- /**
- * The SecurityManager used to retrieve realms that should be associated
with the
- * created <tt>Subject</tt>s upon remote invocation.
- */
- private SecurityManager securityManager;
-
- /*--------------------------------------------
- | C O N S T R U C T O R S |
- ============================================*/
-
- /*--------------------------------------------
- | A C C E S S O R S / M O D I F I E R S |
- ============================================*/
-
- public void setSecurityManager(org.apache.shiro.mgt.SecurityManager
securityManager) {
- this.securityManager = securityManager;
- }
-
- /*--------------------------------------------
- | M E T H O D S |
- ============================================*/
- @SuppressWarnings({"unchecked"})
- public Object invoke(final RemoteInvocation invocation, final Object
targetObject)
- throws NoSuchMethodException, IllegalAccessException,
InvocationTargetException {
-
- try {
- SecurityManager securityManager =
- this.securityManager != null ? this.securityManager :
SecurityUtils.getSecurityManager();
-
- Subject.Builder builder = new Subject.Builder(securityManager);
-
- String host = (String)
invocation.getAttribute(SecureRemoteInvocationFactory.HOST_KEY);
- if (host != null) {
- builder.host(host);
- }
-
- Serializable sessionId =
invocation.getAttribute(SecureRemoteInvocationFactory.SESSION_ID_KEY);
- if (sessionId != null) {
- builder.sessionId(sessionId);
- } else {
- if (LOGGER.isTraceEnabled()) {
- LOGGER.trace("RemoteInvocation did not contain a Shiro
Session id attribute under "
- + "key [" +
SecureRemoteInvocationFactory.SESSION_ID_KEY + "]. A Subject based "
- + "on an existing Session will not be available
during the method invocation.");
- }
- }
-
- Subject subject = builder.buildSubject();
- return subject.execute(new Callable() {
- public Object call() throws Exception {
- return
SecureRemoteInvocationExecutor.super.invoke(invocation, targetObject);
- }
- });
- } catch (ExecutionException e) {
- Throwable cause = e.getCause();
- if (cause instanceof NoSuchMethodException) {
- throw (NoSuchMethodException) cause;
- } else if (cause instanceof IllegalAccessException) {
- throw (IllegalAccessException) cause;
- } else if (cause instanceof InvocationTargetException) {
- throw (InvocationTargetException) cause;
- } else {
- throw new InvocationTargetException(cause);
- }
- } catch (Throwable t) {
- throw new InvocationTargetException(t);
- }
- }
-}
diff --git
a/support/spring/src/main/java/org/apache/shiro/spring/remoting/SecureRemoteInvocationFactory.java
b/support/spring/src/main/java/org/apache/shiro/spring/remoting/SecureRemoteInvocationFactory.java
deleted file mode 100644
index 01de9e9d9..000000000
---
a/support/spring/src/main/java/org/apache/shiro/spring/remoting/SecureRemoteInvocationFactory.java
+++ /dev/null
@@ -1,144 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.shiro.spring.remoting;
-
-import org.aopalliance.intercept.MethodInvocation;
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.session.Session;
-import org.apache.shiro.session.mgt.NativeSessionManager;
-import org.apache.shiro.session.mgt.SessionKey;
-import org.apache.shiro.session.mgt.SessionManager;
-import org.apache.shiro.subject.Subject;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.remoting.support.DefaultRemoteInvocationFactory;
-import org.springframework.remoting.support.RemoteInvocation;
-import org.springframework.remoting.support.RemoteInvocationFactory;
-
-import java.io.Serializable;
-
-/**
- * A {@link RemoteInvocationFactory} that passes the session ID to the server
via a
- * {@link RemoteInvocation} {@link RemoteInvocation#getAttribute(String)
attribute}.
- * This factory is the client-side part of
- * the Shiro Spring remoting invocation. A {@link
SecureRemoteInvocationExecutor} should
- * be used to export the server-side remote services to ensure that the
appropriate
- * Subject and Session are bound to the remote thread during execution.
- *
- * @since 0.1
- */
-public class SecureRemoteInvocationFactory extends
DefaultRemoteInvocationFactory {
-
- /**
- * session id key.
- */
- public static final String SESSION_ID_KEY =
SecureRemoteInvocationFactory.class.getName() + ".SESSION_ID_KEY";
-
- /**
- * host key.
- */
- public static final String HOST_KEY =
SecureRemoteInvocationFactory.class.getName() + ".HOST_KEY";
-
- private static final Logger LOGGER =
LoggerFactory.getLogger(SecureRemoteInvocationFactory.class);
- private static final String SESSION_ID_SYSTEM_PROPERTY_NAME =
"shiro.session.id";
-
- private String sessionId;
-
- public SecureRemoteInvocationFactory() {
- }
-
- public SecureRemoteInvocationFactory(String sessionId) {
- this();
- this.sessionId = sessionId;
- }
-
- /**
- * Creates a {@link RemoteInvocation} with the current session ID as an
- * {@link RemoteInvocation#getAttribute(String) attribute}.
- *
- * @param mi the method invocation that the remote invocation should be
based on.
- * @return a remote invocation object containing the current session ID as
an attribute.
- */
- @SuppressWarnings({"checkstyle:CyclomaticComplexity",
"checkstyle:NPathComplexity"})
- public RemoteInvocation createRemoteInvocation(MethodInvocation mi) {
-
- Serializable sessionId = null;
- String host = null;
- boolean sessionManagerMethodInvocation = false;
-
- //If the calling MI is for a remoting SessionManager delegate, we need
to acquire the session ID from the method
- //argument and NOT interact with SecurityUtils/subject.getSession to
avoid a stack overflow
- Class miDeclaringClass = mi.getMethod().getDeclaringClass();
- if (SessionManager.class.equals(miDeclaringClass) ||
NativeSessionManager.class.equals(miDeclaringClass)) {
- sessionManagerMethodInvocation = true;
- //for SessionManager calls, all method calls except the 'start'
methods require a SessionKey
- // as the first argument, so just get it from there:
- if (!mi.getMethod().getName().equals("start")) {
- SessionKey key = (SessionKey) mi.getArguments()[0];
- sessionId = key.getSessionId();
- }
- }
-
- //tried the delegate. Use the injected session id if given
- if (sessionId == null) {
- sessionId = this.sessionId;
- }
-
- // If sessionId is null, only then try the Subject:
- if (sessionId == null) {
- try {
- // HACK Check if can get the securityManager - this'll cause
an exception if it's not set
- SecurityUtils.getSecurityManager();
- if (!sessionManagerMethodInvocation) {
- Subject subject = SecurityUtils.getSubject();
- Session session = subject.getSession(false);
- if (session != null) {
- sessionId = session.getId();
- host = session.getHost();
- }
- }
- } catch (Exception e) {
- LOGGER.trace("No security manager set. Trying next to get
session id from system property");
- }
- }
- //No call to the sessionManager, and the Subject doesn't have a
session. Try a system property
- //as a last result:
- if (sessionId == null) {
- if (LOGGER.isTraceEnabled()) {
- LOGGER.trace("No Session found for the currently executing
subject via subject.getSession(false). "
- + "Attempting to revert back to the 'shiro.session.id'
system property...");
- }
- sessionId = System.getProperty(SESSION_ID_SYSTEM_PROPERTY_NAME);
- if (sessionId == null && LOGGER.isTraceEnabled()) {
- LOGGER.trace("No 'shiro.session.id' system property found.
Heuristics have been exhausted; "
- + "RemoteInvocation will not contain a sessionId.");
- }
- }
-
- RemoteInvocation ri = new RemoteInvocation(mi);
- if (sessionId != null) {
- ri.addAttribute(SESSION_ID_KEY, sessionId);
- }
- if (host != null) {
- ri.addAttribute(HOST_KEY, host);
- }
-
- return ri;
- }
-}
diff --git
a/support/spring/src/test/java/org/apache/shiro/spring/remoting/SecureRemoteInvocationFactoryTest.java
b/support/spring/src/test/java/org/apache/shiro/spring/remoting/SecureRemoteInvocationFactoryTest.java
deleted file mode 100644
index e06d83ab4..000000000
---
a/support/spring/src/test/java/org/apache/shiro/spring/remoting/SecureRemoteInvocationFactoryTest.java
+++ /dev/null
@@ -1,119 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.shiro.spring.remoting;
-
-import org.aopalliance.intercept.MethodInvocation;
-import org.apache.shiro.session.mgt.DefaultSessionKey;
-import org.apache.shiro.session.mgt.SessionKey;
-import org.apache.shiro.session.mgt.SessionManager;
-import org.apache.shiro.util.ThreadContext;
-import org.junit.jupiter.api.AfterEach;
-import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.Test;
-import org.springframework.remoting.support.RemoteInvocation;
-
-import java.lang.reflect.Method;
-import java.util.UUID;
-
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.easymock.EasyMock.createMock;
-import static org.easymock.EasyMock.expect;
-import static org.easymock.EasyMock.replay;
-import static org.easymock.EasyMock.verify;
-
-/**
- * //TODO - Class JavaDoc!
- */
-public class SecureRemoteInvocationFactoryTest {
-
- @BeforeEach
- public void setup() {
- ThreadContext.remove();
- }
-
- @AfterEach
- public void tearDown() {
- ThreadContext.remove();
- }
-
- protected Method getMethod(String name, Class clazz) {
- Method[] methods = clazz.getMethods();
- for (Method method : methods) {
- if (method.getName().equals(name)) {
- return method;
- }
- }
- throw new IllegalStateException("'" + name + "' method should exist.");
- }
-
- @Test
- void testSessionManagerProxyStartRemoteInvocation() throws Exception {
-
- SecureRemoteInvocationFactory factory = new
SecureRemoteInvocationFactory();
-
- MethodInvocation mi = createMock(MethodInvocation.class);
- Method startMethod = getMethod("start", SessionManager.class);
- expect(mi.getMethod()).andReturn(startMethod).anyTimes();
-
- Object[] args = {"localhost"};
- expect(mi.getArguments()).andReturn(args).anyTimes();
-
- replay(mi);
-
- RemoteInvocation ri = factory.createRemoteInvocation(mi);
-
- verify(mi);
-
-
assertThat(ri.getAttribute(SecureRemoteInvocationFactory.SESSION_ID_KEY)).isNull();
- }
-
- @Test
- void testSessionManagerProxyNonStartRemoteInvocation() throws Exception {
-
- SecureRemoteInvocationFactory factory = new
SecureRemoteInvocationFactory();
-
- MethodInvocation mi = createMock(MethodInvocation.class);
- Method method = getMethod("getSession", SessionManager.class);
- expect(mi.getMethod()).andReturn(method).anyTimes();
-
- String dummySessionId = UUID.randomUUID().toString();
- SessionKey sessionKey = new DefaultSessionKey(dummySessionId);
- Object[] args = {sessionKey};
- expect(mi.getArguments()).andReturn(args).anyTimes();
-
- replay(mi);
-
- RemoteInvocation ri = factory.createRemoteInvocation(mi);
-
- verify(mi);
-
-
assertThat(ri.getAttribute(SecureRemoteInvocationFactory.SESSION_ID_KEY)).isEqualTo(dummySessionId);
- }
-
- /*@Test
- public void testNonSessionManagerCall() throws Exception {
-
- SecureRemoteInvocationFactory factory = new
SecureRemoteInvocationFactory();
-
- MethodInvocation mi = createMock(MethodInvocation.class);
- Method method = getMethod("login", SecurityManager.class);
- expect(mi.getMethod()).andReturn(method).anyTimes();
- }*/
-
-}
diff --git a/web/pom.xml b/web/pom.xml
index d6ef0f869..39b31b2df 100644
--- a/web/pom.xml
+++ b/web/pom.xml
@@ -43,7 +43,7 @@
<dependency>
<groupId>jakarta.servlet.jsp</groupId>
<artifactId>jakarta.servlet.jsp-api</artifactId>
- <version>3.0.0</version>
+ <version>4.0.0</version>
</dependency>
<dependency>
<groupId>org.apache.taglibs</groupId>
@@ -56,7 +56,7 @@
<dependency>
<groupId>jakarta.servlet</groupId>
<artifactId>jakarta.servlet-api</artifactId>
- <version>6.0.0</version>
+ <version>6.1.0</version>
</dependency>
<dependency>
<groupId>org.owasp.encoder</groupId>
diff --git a/web/src/main/java/org/apache/shiro/web/util/CorsUtils.java
b/web/src/main/java/org/apache/shiro/web/util/CorsUtils.java
index 94ad49dd9..d72fc8367 100644
--- a/web/src/main/java/org/apache/shiro/web/util/CorsUtils.java
+++ b/web/src/main/java/org/apache/shiro/web/util/CorsUtils.java
@@ -20,7 +20,7 @@ package org.apache.shiro.web.util;
import org.apache.shiro.lang.util.StringUtils;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
/**
* Utility class for CORS request handling based on the W3.
diff --git a/web/src/test/java/org/apache/shiro/web/util/CorsUtilsTest.java
b/web/src/test/java/org/apache/shiro/web/util/CorsUtilsTest.java
index fae30f01d..2508d2eb3 100644
--- a/web/src/test/java/org/apache/shiro/web/util/CorsUtilsTest.java
+++ b/web/src/test/java/org/apache/shiro/web/util/CorsUtilsTest.java
@@ -20,7 +20,7 @@ package org.apache.shiro.web.util;
import org.junit.jupiter.api.Test;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.mock;
