Bump version to 2.17.3 (#1428)

* bump reactor version to 3.4.35

Signed-off-by: liga-oz <liga.ozolina@sap.com>

* bump version to 2.17.3

Signed-off-by: liga-oz <liga.ozolina@sap.com>

* bump spring-core version to 5.3.31

Signed-off-by: liga-oz <liga.ozolina@sap.com>

* bump spring-security version to 5.8.9

Signed-off-by: liga-oz <liga.ozolina@sap.com>

* bump commons io version to 2.15.1

Signed-off-by: liga-oz <liga.ozolina@sap.com>

* bump maven surefire plugin version to 3.2.5

Signed-off-by: liga-oz <liga.ozolina@sap.com>

* bump spotbugs version to 4.8.3

Signed-off-by: liga-oz <liga.ozolina@sap.com>

* remove deprecated samples

Signed-off-by: liga-oz <liga.ozolina@sap.com>

* revert version upgrade for deprecated samples

Signed-off-by: liga-oz <liga.ozolina@sap.com>

* Update CHANGELOG.md

Signed-off-by: Manuel Fink <123368068+finkmanAtSap@users.noreply.github.com>

---------

Signed-off-by: liga-oz <liga.ozolina@sap.com>
Signed-off-by: Manuel Fink <123368068+finkmanAtSap@users.noreply.github.com>
Co-authored-by: Manuel Fink <123368068+finkmanAtSap@users.noreply.github.com>

.github/workflows/maven-build-2.x.yml

@@ -38,12 +38,6 @@ jobs:
         run: mvn -B install --file pom.xml
       - name: Run integration tests
         run: cd java-security-it; mvn -B package --file pom.xml
-      - name: Build spring-security-basic-auth
-        run: cd samples/spring-security-basic-auth; mvn -B package --file pom.xml
-      - name: Build spring-security-xsuaa-usage
-        run: cd samples/spring-security-xsuaa-usage; mvn -B package --file pom.xml
-      - name: Build spring-webflux-security-xsuaa-usage
-        run: cd samples/spring-webflux-security-xsuaa-usage; mvn -B package --file pom.xml
       - name: Build java-security-usage
         run: cd samples/java-security-usage; mvn -B package --file pom.xml
       - name: Build sap-java-buildpack-api-usage
@@ -52,5 +46,3 @@ jobs:
         run: cd samples/java-tokenclient-usage; mvn -B package --file pom.xml
       - name: Build java-security-usage-ias
         run: cd samples/java-security-usage-ias; mvn -B package --file pom.xml
-      - name: Build spring-security-hybrid-usage
-        run: cd samples/spring-security-hybrid-usage; mvn -B package --file pom.xml

CHANGELOG.md

@@ -1,6 +1,24 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
+## 2.17.3
+- [java-security]
+  - add name property of service binding as property to OAuth2ServiceConfiguration
+- [java-api]
+  - add ServiceConstant#NAME which can be used to access that property
+- [env]
+  -  service plan property is no longer uppercased when building OAuth2ServiceConfiguration from service bindings of the environment
+- [spring-security]
+  - fixes a bug in which a second XSUAA configuration of plan "broker" was ignored in spring-security auto-configuration for versions >= 2.16.0 and < 2.17.3
+  - add setName getName, setPlan, getPlan to OAuth2ServiceConfigurationProperties, which means, the list of XsuaaServiceConfigurations can now be filtered based on these properties.
+- [token-client] 
+  - remove httpclient caching from DefaultHttpClientFactory (#1416)
+
+#### Dependency upgrades
+- bump spring-core version to 5.3.31
+- bump spring-security version to 5.8.9
+- bump commons  io version to 2.15.1
+
 ## 2.17.2
 ✅ Resolves a Breaking Change introduced in version 2.17.0. Consumers should be able to update to 2.17.2 from a version <= 2.16.0 without having to adjust test credentials used in their unit tests when using `java-security-test` or `spring-xsuaa-mock`.
 

api/README.md

@@ -5,6 +5,6 @@
 <dependency>
     <groupId>com.sap.cloud.security.xsuaa</groupId>
     <artifactId>api</artifactId>
-    <version>2.17.2</version>
+    <version>2.17.3</version>
 </dependency>
 ```

api/pom.xml

@@ -11,7 +11,7 @@
 	<parent>
 		<groupId>com.sap.cloud.security.xsuaa</groupId>
 		<artifactId>parent</artifactId>
-		<version>2.17.2</version>
+		<version>2.17.3</version>
 	</parent>
 
 	<packaging>jar</packaging>

bom/pom.xml

@@ -8,7 +8,7 @@
 
     <groupId>com.sap.cloud.security</groupId>
     <artifactId>java-bom</artifactId>
-    <version>2.17.2</version>
+    <version>2.17.3</version>
     <packaging>pom</packaging>
     <name>java-bom</name>
 

env/pom.xml

@@ -9,7 +9,7 @@
     <parent>
         <groupId>com.sap.cloud.security.xsuaa</groupId>
         <artifactId>parent</artifactId>
-        <version>2.17.2</version>
+        <version>2.17.3</version>
     </parent>
 
     <groupId>com.sap.cloud.security</groupId>

java-api/README.md

@@ -5,6 +5,6 @@
 <dependency>
     <groupId>com.sap.cloud.security</groupId>
     <artifactId>java-api</artifactId>
-    <version>2.17.2</version>
+    <version>2.17.3</version>
 </dependency>
 ```

java-api/pom.xml

@@ -9,7 +9,7 @@
 	<parent>
 		<groupId>com.sap.cloud.security.xsuaa</groupId>
 		<artifactId>parent</artifactId>
-		<version>2.17.2</version>
+		<version>2.17.3</version>
 	</parent>
 
 	<groupId>com.sap.cloud.security</groupId>

java-security-it/pom.xml

@@ -9,7 +9,7 @@
     <parent>
         <artifactId>parent</artifactId>
         <groupId>com.sap.cloud.security.xsuaa</groupId>
-        <version>2.17.2</version>
+        <version>2.17.3</version>
     </parent>
 
     <artifactId>java-security-it</artifactId>

java-security-test/README.md

@@ -22,7 +22,7 @@ It includes for example a `JwtGenerator` that generates JSON Web Tokens (JWT) th
 <dependency>
     <groupId>com.sap.cloud.security</groupId>
     <artifactId>java-security-test</artifactId>
-    <version>2.17.2</version>
+    <version>2.17.3</version>
     <scope>test</scope>
 </dependency>
 ```

java-security-test/pom.xml

@@ -9,7 +9,7 @@
 	<parent>
 		<groupId>com.sap.cloud.security.xsuaa</groupId>
 		<artifactId>parent</artifactId>
-		<version>2.17.2</version>
+		<version>2.17.3</version>
 	</parent>
 
 	<groupId>com.sap.cloud.security</groupId>

java-security/Migration_SpringSecurityProjects.md

@@ -37,19 +37,19 @@ First make sure you have the following dependencies defined in your pom.xml:
 <dependency>
   <groupId>com.sap.cloud.security.xsuaa</groupId>
   <artifactId>api</artifactId>
-  <version>2.17.2</version>
+  <version>2.17.3</version>
 </dependency>
 <dependency>
   <groupId>com.sap.cloud.security</groupId>
   <artifactId>java-security</artifactId>
-  <version>2.17.2</version>
+  <version>2.17.3</version>
 </dependency>
 
 <!-- new java-security dependencies for unit tests -->
 <dependency>
   <groupId>com.sap.cloud.security</groupId>
   <artifactId>java-security-test</artifactId>
-  <version>2.17.2</version>
+  <version>2.17.3</version>
   <scope>test</scope>
 </dependency>
 ```

java-security/README.md

@@ -47,7 +47,7 @@ In case of XSUAA does the JWT provide a valid `jku` token header parameter that
 <dependency>
     <groupId>com.sap.cloud.security</groupId>
     <artifactId>java-security</artifactId>
-    <version>2.17.2</version>
+    <version>2.17.3</version>
 </dependency>
 <dependency>
     <groupId>org.apache.httpcomponents</groupId>

java-security/pom.xml

@@ -9,7 +9,7 @@
 	<parent>
 		<groupId>com.sap.cloud.security.xsuaa</groupId>
 		<artifactId>parent</artifactId>
-		<version>2.17.2</version>
+		<version>2.17.3</version>
 	</parent>
 
 	<groupId>com.sap.cloud.security</groupId>

pom.xml

@@ -7,7 +7,7 @@
 
 	<groupId>com.sap.cloud.security.xsuaa</groupId>
 	<artifactId>parent</artifactId>
-	<version>2.17.2</version>
+	<version>2.17.3</version>
 	<packaging>pom</packaging>
 
 	<name>parent</name>
@@ -58,30 +58,30 @@
 		<maven.source.plugin.version>3.2.1</maven.source.plugin.version>
 		<!-- make sure that spring core and spring boot versions are compatible-->
 		<spring.boot.version>2.7.18</spring.boot.version>
-		<spring.core.version>5.3.30</spring.core.version>
-		<spring.security.version>5.8.8</spring.security.version>
+		<spring.core.version>5.3.31</spring.core.version>
+		<spring.security.version>5.8.9</spring.security.version>
 		<spring.security.oauth2.version>2.5.2.RELEASE</spring.security.oauth2.version>
 		<spring.security.jwt.version>1.1.1.RELEASE</spring.security.jwt.version>
-		<reactor.version>3.4.33</reactor.version>
+		<reactor.version>3.4.35</reactor.version>
 		<log4j2.version>2.21.1</log4j2.version>
 		<slf4j.api.version>1.7.36</slf4j.api.version> <!--see also here http://www.slf4j.org/faq.html#changesInVersion18 -->
 		<org.json.version>20231013</org.json.version>
 		<sap.cloud.env.servicebinding.version>0.10.1</sap.cloud.env.servicebinding.version>
 		<apache.httpclient.version>4.5.14</apache.httpclient.version>
 		<caffeine.version>2.9.3</caffeine.version>
-		<commons.io.version>2.15.0</commons.io.version>
+		<commons.io.version>2.15.1</commons.io.version>
 		<javax.servlet.api.version>4.0.1</javax.servlet.api.version>
 		<junit.version>4.13.2</junit.version>
 		<junit-jupiter.version>5.10.1</junit-jupiter.version>
-		<maven-surefire-plugin>3.2.2</maven-surefire-plugin>
+		<maven-surefire-plugin>3.2.5</maven-surefire-plugin>
 		<hamcrest.version>1.3</hamcrest.version>
 		<mockito.version>4.11.0</mockito.version>
 		<assertj.version>3.24.2</assertj.version>
 		<reactor.test.version>3.5.0</reactor.test.version>
 		<wiremock.version>2.35.0</wiremock.version>
 		<javax.annotation.version>1.3.2</javax.annotation.version>
-		<spotbugs.annotations.version>4.8.1</spotbugs.annotations.version>
-		<spotbugs.version>4.8.1.0</spotbugs.version>
+		<spotbugs.annotations.version>4.8.3</spotbugs.annotations.version>
+		<spotbugs.version>4.8.2.0</spotbugs.version>
 		<skipTests>false</skipTests>
 		<jacoco.skip>${skipTests}</jacoco.skip>
 	</properties>

samples/java-security-usage-ias/pom.xml

@@ -6,7 +6,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.sap.cloud.security.xssec.samples</groupId>
     <artifactId>java-security-usage-ias</artifactId>
-    <version>2.17.2</version>
+    <version>2.17.3</version>
     <packaging>war</packaging>
 
     <!--profiles>
@@ -27,7 +27,7 @@
     <properties>
         <maven.compiler.source>1.8</maven.compiler.source>
         <maven.compiler.target>1.8</maven.compiler.target>
-        <sap.cloud.security.version>2.17.2</sap.cloud.security.version>
+        <sap.cloud.security.version>2.17.3</sap.cloud.security.version>
         <slf4j.api.version>2.0.5</slf4j.api.version>
         <apache.httpclient.version>4.5.14</apache.httpclient.version>
         <javax.servlet.api.version>4.0.1</javax.servlet.api.version>

samples/java-security-usage/pom.xml

@@ -6,7 +6,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.sap.cloud.security.xssec.samples</groupId>
     <artifactId>java-security-usage</artifactId>
-    <version>2.17.2</version>
+    <version>2.17.3</version>
     <packaging>war</packaging>
 
     <!--profiles>
@@ -27,7 +27,7 @@
     <properties>
         <maven.compiler.source>1.8</maven.compiler.source>
         <maven.compiler.target>1.8</maven.compiler.target>
-        <sap.cloud.security.version>2.17.2</sap.cloud.security.version>
+        <sap.cloud.security.version>2.17.3</sap.cloud.security.version>
         <slf4j.api.version>2.0.5</slf4j.api.version>
         <apache.httpclient.version>4.5.14</apache.httpclient.version>
         <javax.servlet.api.version>4.0.1</javax.servlet.api.version>

samples/java-tokenclient-usage/pom.xml

@@ -6,13 +6,13 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.sap.cloud.security.xssec.samples</groupId>
     <artifactId>java-tokenclient-usage</artifactId>
-    <version>2.17.2</version>
+    <version>2.17.3</version>
     <packaging>war</packaging>
 
     <properties>
         <maven.compiler.source>1.8</maven.compiler.source>
         <maven.compiler.target>1.8</maven.compiler.target>
-        <sap.cloud.security.version>2.17.2</sap.cloud.security.version>
+        <sap.cloud.security.version>2.17.3</sap.cloud.security.version>
         <apache.httpclient.version>4.5.14</apache.httpclient.version>
         <javax.servlet.api.version>4.0.1</javax.servlet.api.version>
         <slf4j.api.version>2.0.5</slf4j.api.version>

samples/sap-java-buildpack-api-usage/pom.xml

@@ -6,7 +6,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>com.sap.cloud.security.xssec.samples</groupId>
 	<artifactId>sap-java-buildpack-api-usage</artifactId>
-	<version>2.17.2</version>
+	<version>2.17.3</version>
 	<packaging>war</packaging>
 
 	<properties>

samples/spring-security-hybrid-usage/pom.xml

@@ -50,7 +50,7 @@
 		<dependency>
 			<groupId>com.sap.cloud.security.xsuaa</groupId>
 			<artifactId>spring-security-compatibility</artifactId>
-			<version>2.17.2</version>
+			<version>2.17.3</version>
 		</dependency>
 		<dependency>
 			<groupId>org.apache.httpcomponents</groupId>

spring-security-compatibility/pom.xml

@@ -9,7 +9,7 @@
     <parent>
         <groupId>com.sap.cloud.security.xsuaa</groupId>
         <artifactId>parent</artifactId>
-        <version>2.17.2</version>
+        <version>2.17.3</version>
     </parent>
 
     <groupId>com.sap.cloud.security.xsuaa</groupId>

spring-security-starter/pom.xml

@@ -16,7 +16,7 @@
 	<parent>
 		<groupId>com.sap.cloud.security.xsuaa</groupId>
 		<artifactId>parent</artifactId>
-		<version>2.17.2</version>
+		<version>2.17.3</version>
 	</parent>
 
 	<groupId>com.sap.cloud.security</groupId>

spring-security/Migration_SpringXsuaaProjects.md

@@ -157,7 +157,7 @@ It is provided in an extra module. This maven dependency needs to be provided ad
 <dependency>
     <groupId>com.sap.cloud.security.xsuaa</groupId>
     <artifactId>spring-security-compatibility</artifactId>
-    <version>2.17.2</version>
+    <version>2.17.3</version>
 </dependency>
 ```
 

spring-security/README.md

@@ -51,7 +51,7 @@ These (spring) dependencies needs to be provided:
 <dependency>
     <groupId>com.sap.cloud.security</groupId>
     <artifactId>resourceserver-security-spring-boot-starter</artifactId>
-    <version>2.17.2</version>
+    <version>2.17.3</version>
 </dependency>
 <dependency>
     <groupId>org.apache.httpcomponents</groupId>

spring-security/pom.xml

@@ -9,13 +9,13 @@
 	<parent>
 		<groupId>com.sap.cloud.security.xsuaa</groupId>
 		<artifactId>parent</artifactId>
-		<version>2.17.2</version>
+		<version>2.17.3</version>
 	</parent>
 
 	<groupId>com.sap.cloud.security</groupId>
 	<artifactId>spring-security</artifactId>
 	<packaging>jar</packaging>
-	<version>2.17.2</version>
+	<version>2.17.3</version>
 
 	<dependencies>
 		<dependency>

spring-xsuaa-it/pom.xml

@@ -8,7 +8,7 @@
 	<parent>
 		<groupId>com.sap.cloud.security.xsuaa</groupId>
 		<artifactId>parent</artifactId>
-		<version>2.17.2</version>
+		<version>2.17.3</version>
 	</parent>
 
 	<artifactId>spring-xsuaa-it</artifactId>

spring-xsuaa-mock/README.md

@@ -21,7 +21,7 @@ The default implementation offers already valid *token_keys* for JWT tokens, tha
 <dependency>
     <groupId>com.sap.cloud.security.xsuaa</groupId>
     <artifactId>spring-xsuaa-mock</artifactId>
-    <version>2.17.2</version>
+    <version>2.17.3</version>
 </dependency>
 <dependency> <!-- new with version 1.5.0 - provided with org.springframework.boot:spring-boot-starter:jar -->
     <groupId>org.springframework.boot</groupId>

spring-xsuaa-mock/pom.xml

@@ -9,7 +9,7 @@
 	<parent>
 		<groupId>com.sap.cloud.security.xsuaa</groupId>
 		<artifactId>parent</artifactId>
-		<version>2.17.2</version>
+		<version>2.17.3</version>
 	</parent>
 
 	<artifactId>spring-xsuaa-mock</artifactId>

spring-xsuaa-starter/pom.xml

@@ -16,7 +16,7 @@
 	<parent>
 		<groupId>com.sap.cloud.security.xsuaa</groupId>
 		<artifactId>parent</artifactId>
-		<version>2.17.2</version>
+		<version>2.17.3</version>
 	</parent>
 
 	<artifactId>xsuaa-spring-boot-starter</artifactId>

spring-xsuaa-test/README.md

@@ -31,7 +31,7 @@ This includes for example a `JwtGenerator` that generates JSON Web Tokens (JWT)
 <dependency>
     <groupId>com.sap.cloud.security.xsuaa</groupId>
     <artifactId>spring-xsuaa-test</artifactId>
-    <version>2.17.2</version>
+    <version>2.17.3</version>
     <scope>test</scope>
 </dependency>
 

spring-xsuaa-test/pom.xml

@@ -9,7 +9,7 @@
 	<parent>
 		<groupId>com.sap.cloud.security.xsuaa</groupId>
 		<artifactId>parent</artifactId>
-		<version>2.17.2</version>
+		<version>2.17.3</version>
 	</parent>
 
 	<artifactId>spring-xsuaa-test</artifactId>