Merge branch 'develop' into update-from-template-merged

Author: xdev-gh-bot

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -15,9 +15,9 @@ body:
     attributes:
       label: "Checklist"
       options:
-        - label: "I am able to reproduce the bug with the [latest version](https://github.com/xdev-software/template-placeholder/releases/latest)"
+        - label: "I am able to reproduce the bug with the [latest version](https://github.com/xdev-software/spring-security-advanced-authentication-ui/releases/latest)"
           required: true
-        - label: "I made sure that there are *no existing issues* - [open](https://github.com/xdev-software/template-placeholder/issues) or [closed](https://github.com/xdev-software/template-placeholder/issues?q=is%3Aissue+is%3Aclosed) - which I could contribute my information to."
+        - label: "I made sure that there are *no existing issues* - [open](https://github.com/xdev-software/spring-security-advanced-authentication-ui/issues) or [closed](https://github.com/xdev-software/spring-security-advanced-authentication-ui/issues?q=is%3Aissue+is%3Aclosed) - which I could contribute my information to."
           required: true
         - label: "I have taken the time to fill in all the required details. I understand that the bug report will be dismissed otherwise."
           required: true

.github/ISSUE_TEMPLATE/enhancement.yml

@@ -13,7 +13,7 @@ body:
     attributes:
       label: "Checklist"
       options:
-        - label: "I made sure that there are *no existing issues* - [open](https://github.com/xdev-software/template-placeholder/issues) or [closed](https://github.com/xdev-software/template-placeholder/issues?q=is%3Aissue+is%3Aclosed) - which I could contribute my information to."
+        - label: "I made sure that there are *no existing issues* - [open](https://github.com/xdev-software/spring-security-advanced-authentication-ui/issues) or [closed](https://github.com/xdev-software/spring-security-advanced-authentication-ui/issues?q=is%3Aissue+is%3Aclosed) - which I could contribute my information to."
           required: true
         - label: "I have taken the time to fill in all the required details. I understand that the feature request will be dismissed otherwise."
           required: true

.github/ISSUE_TEMPLATE/question.yml

@@ -12,7 +12,7 @@ body:
     attributes:
       label: "Checklist"
       options:
-        - label: "I made sure that there are *no existing issues* - [open](https://github.com/xdev-software/template-placeholder/issues) or [closed](https://github.com/xdev-software/template-placeholder/issues?q=is%3Aissue+is%3Aclosed) - which I could contribute my information to."
+        - label: "I made sure that there are *no existing issues* - [open](https://github.com/xdev-software/spring-security-advanced-authentication-ui/issues) or [closed](https://github.com/xdev-software/spring-security-advanced-authentication-ui/issues?q=is%3Aissue+is%3Aclosed) - which I could contribute my information to."
           required: true
         - label: "I have taken the time to fill in all the required details. I understand that the question will be dismissed otherwise."
           required: true

.run/Run Demo.run.xml

@@ -1,7 +1,7 @@
 <component name="ProjectRunConfigurationManager">
   <configuration default="false" name="Run Demo" type="Application" factoryName="Application">
     <option name="MAIN_CLASS_NAME" value="software.xdev.Application" />
-    <module name="template-placeholder-demo" />
+    <module name="spring-security-advanced-authentication-ui-demo" />
     <option name="WORKING_DIRECTORY" value="$MODULE_DIR$" />
     <extension name="coverage">
       <pattern>
@@ -13,4 +13,4 @@
       <option name="Make" enabled="true" />
     </method>
   </configuration>
-</component>
+</component>

CHANGELOG.md

@@ -0,0 +1,44 @@
+# 2.0.0
+* Added support for Spring Security 6.4+ / Spring Boot 3.4+ #100
+  * Spring now
+    * uses a Regex-based templating system
+    * no longer uses bootstrap
+    * provides One-Time token/OTT and Passkey logins
+* Changes to ``Extendable``-subsystem
+  * Now uses the new Regex-based templating system
+  * Correct a bunch of problems in Spring Security including
+    * One-Time token/OTT and Passkeys are ignored when computing if the whole filter is enabled
+    * [Passkeys] Removed invalid XML comment in scripts block
+    * [Passkeys] Fixed incorrectly closed HTML-form/div-tag
+    * [HtmlTemplating] Compile ``UNUSED_PLACEHOLDER_PATTERN`` regex once and not for each request
+    * [HtmlTemplating] Render: Optimization: Use entrySet instead of keySet + getValue
+    * Add correct setter for ``generateOneTimeTokenUrl``
+    * Improved naming of methods
+* Changes to ``Advanced``-subsystem
+  * Keeps using Bootstrap
+    * By default bootstrap is still loaded from ``cdn.jsdelivr.net`` but you can (and should) provide your own version
+  * Keeps using the old templating system (without Regex)
+    * Not all values are escaped by default as is with Spring's Regex based system
+      * Usually they don't need to be escaped in the first place as they are set on the server side and can't be modified by a user
+    * This is A LOT FASTER (in tests around 50x) than Spring's new Regex based system
+  * Adopted changes; Added new configuration options
+  * [Passkeys] Fixed a problem where more than one header results in invalid generated JavaScript code
+
+# 1.0.3
+* Updated dependencies
+* Abstracted code
+
+# 1.0.2
+* Fix incorrect styling of ``main`` element on login screen
+
+# 1.0.1
+* Fix NPE when ``additionalStylingData`` is not set
+
+# 1.0.0
+<i>Initial release</i>
+* All methods and functionality are designed to be overwritable (at least protected)
+* The library consists of 2 main parts:
+  * ``extendable`` → Includes the bare minimum to make the Spring components extendable
+  * ``advanced`` → Contains components made on top of ``extendable`` with many customization options; Additionally:
+    * Updated Bootstrap to version 5.3+
+    * Improved SSO (OAuth2 / SAML2) UI

CONTRIBUTING.md

@@ -34,10 +34,10 @@ You should have the following things installed:
   * Ensure that the JDK/Java-Version is correct
 
 
-## Releasing [![Build](https://img.shields.io/github/actions/workflow/status/xdev-software/template-placeholder/release.yml?branch=master)](https://github.com/xdev-software/template-placeholder/actions/workflows/release.yml)
+## Releasing [![Build](https://img.shields.io/github/actions/workflow/status/xdev-software/spring-security-advanced-authentication-ui/release.yml?branch=master)](https://github.com/xdev-software/spring-security-advanced-authentication-ui/actions/workflows/release.yml)
 
 Before releasing:
-* Consider doing a [test-deployment](https://github.com/xdev-software/template-placeholder/actions/workflows/test-deploy.yml?query=branch%3Adevelop) before actually releasing.
+* Consider doing a [test-deployment](https://github.com/xdev-software/spring-security-advanced-authentication-ui/actions/workflows/test-deploy.yml?query=branch%3Adevelop) before actually releasing.
 * Check the [changelog](CHANGELOG.md)
 
 If the ``develop`` is ready for release, create a pull request to the ``master``-Branch and merge the changes

README.md

@@ -1,12 +1,53 @@
-[![Latest version](https://img.shields.io/maven-central/v/software.xdev/template-placeholder?logo=apache%20maven)](https://mvnrepository.com/artifact/software.xdev/template-placeholder)
-[![Build](https://img.shields.io/github/actions/workflow/status/xdev-software/template-placeholder/check-build.yml?branch=develop)](https://github.com/xdev-software/template-placeholder/actions/workflows/check-build.yml?query=branch%3Adevelop)
-[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=xdev-software_template-placeholder&metric=alert_status)](https://sonarcloud.io/dashboard?id=xdev-software_template-placeholder)
+[![Latest version](https://img.shields.io/maven-central/v/software.xdev/spring-security-advanced-authentication-ui?logo=apache%20maven)](https://mvnrepository.com/artifact/software.xdev/spring-security-advanced-authentication-ui)
+[![Build](https://img.shields.io/github/actions/workflow/status/xdev-software/spring-security-advanced-authentication-ui/check-build.yml?branch=develop)](https://github.com/xdev-software/spring-security-advanced-authentication-ui/actions/workflows/check-build.yml?query=branch%3Adevelop)
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=xdev-software_spring-security-advanced-authentication-ui&metric=alert_status)](https://sonarcloud.io/dashboard?id=xdev-software_spring-security-advanced-authentication-ui)
 
-# template-placeholder
+# spring-security-advanced-authentication-ui
 
+Modernizes the default Spring Web Authentication/Login UI and makes it easier customizable.
+
+<details><summary>Show demo</summary>
+
+<p align="center">
+<img src="./assets/demo.png" alt="Demo" />
+</p>
+
+</details>
+
+## Usage
+
+The library provides an adapter that can be used like this:
+```java
+public SecurityFilterChain configure(final HttpSecurity http) throws Exception
+{
+    // Changing the text "Login with" to "Sign in with"
+    http.with(new AdvancedLoginPageAdapter<>(http), c -> c
+            .customizeLoginPage(p -> p.ssoLoginHeaderText("Sign in with")))
+        .oauth2Login(c -> 
+            // ...
+        )
+    // ...
+}
+```
+
+A more detailed scenario is available in the [demo](./spring-security-advanced-authentication-ui-demo/).
+
+> [!NOTE]
+> By default [Bootstrap](https://github.com/twbs/bootstrap) is loaded from ``cdn.jsdelivr.net``.<br/>
+> Due to privacy and stability reasons you should ship your own version!<br/>
+> An example how this can be done is shown in the [demo](https://github.com/xdev-software/spring-security-advanced-authentication-ui/blob/4117d471e036de4dc2a58b2b484f2631afe7af50/spring-security-advanced-authentication-ui-demo/src/main/java/software/xdev/security/MainWebSecurity.java#L44-L51).
+
+> [!NOTE]
+> The ``Advanced``-subsystem uses the pre-``Spring Security 6.4`` / ``Spring Boot 3.4`` templating system (without Regex).<br/>
+> * In contrast to Spring's new Regex based system not all values are escaped by default
+>   * Usually they don't need to be escaped in the first place as they are set on the server side and can't be modified by a user
+> * This is A LOT FASTER (in tests around 50x) than Spring's new Regex based system
 
 ## Installation
-[Installation guide for the latest release](https://github.com/xdev-software/template-placeholder/releases/latest#Installation)
+[Installation guide for the latest release](https://github.com/xdev-software/spring-security-advanced-authentication-ui/releases/latest#Installation)
+
+> [!NOTE]  
+> To minimize the risk of dependency conflicts all Spring (Boot) dependencies are declared as provided and are not shipped by default.
 
 ## Support
 If you need support as soon as possible and you can't wait for any pull request, feel free to use [our support](https://xdev.software/en/services/support).
@@ -15,4 +56,4 @@ If you need support as soon as possible and you can't wait for any pull request,
 See the [contributing guide](./CONTRIBUTING.md) for detailed instructions on how to get started with our project.
 
 ## Dependencies and Licenses
-View the [license of the current project](LICENSE) or the [summary including all dependencies](https://xdev-software.github.io/template-placeholder/dependencies)
+View the [license of the current project](LICENSE) or the [summary including all dependencies](https://xdev-software.github.io/spring-security-advanced-authentication-ui/dependencies)

SECURITY.md

@@ -2,4 +2,4 @@
 
 ## Reporting a Vulnerability
 
-Please report a security vulnerability [on GitHub Security Advisories](https://github.com/xdev-software/template-placeholder/security/advisories/new).
+Please report a security vulnerability [on GitHub Security Advisories](https://github.com/xdev-software/spring-security-advanced-authentication-ui/security/advisories/new).

assets/demo.png

@@ -0,0 +1 @@
+oidc-user-config.json