Skip to content

Fix compile warnings for spring-security-config#18596

Merged
rwinch merged 1 commit intospring-projects:mainfrom
023-dev:gh-18419
Feb 28, 2026
Merged

Fix compile warnings for spring-security-config#18596
rwinch merged 1 commit intospring-projects:mainfrom
023-dev:gh-18419

Conversation

@023-dev
Copy link
Contributor

@023-dev 023-dev commented Jan 26, 2026

This PR removes all compiler warnings from the spring-security-config module and applies the compile-warnings-error plugin to prevent future warnings.

Changes

Java Changes

  • OAuth2ResourceServerConfigurer.java: Replaced deprecated SpringOpaqueTokenIntrospector constructor with the new Builder pattern introduced in Spring Security 6.5
    • Changed from: new SpringOpaqueTokenIntrospector(introspectionUri, clientId, clientSecret)
    • Changed to: SpringOpaqueTokenIntrospector.withIntrospectionUri(...).clientId(...).clientSecret(...).build()

Kotlin Changes

  • AuthorizeHttpRequestsDsl.kt:

    • Replaced Object::class.java with Any::class.java (Kotlin best practice)
    • Changed resolveRolePrefix() and resolveRoleHierarchy() return types to nullable to fix "condition always true" warnings

  • HeadersDsl.kt: Added @Suppress("DEPRECATION") for deprecated HpkpConfig usage (class itself is deprecated)

  • HttpSecurityDsl.kt: Added @Suppress("DEPRECATION") for deprecated requiresChannel() method

  • RequiresChannelDsl.kt: Added @file:Suppress("DEPRECATION") for deprecated channel security classes

  • X509Dsl.kt: Added @Suppress("DEPRECATION") for deprecated subjectPrincipalRegex property

  • HttpPublicKeyPinningDsl.kt: Added @file:Suppress("DEPRECATION") for deprecated HPKP classes

  • SessionFixationDsl.kt: Removed unnecessary null case in when expression

Build Configuration

  • spring-security-config.gradle: Applied compile-warnings-error plugin to fail build on warnings

Testing

  • All existing tests continue to pass
  • The functionality remains unchanged; only deprecated API usage was updated
  • Build now fails on new warnings, ensuring code quality

Related Issues

Closes gh-18419

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Jan 26, 2026
@rwinch rwinch added this to the 7.1.0-M2 milestone Jan 26, 2026
@rwinch rwinch added in: build An issue in the build type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels Jan 26, 2026
@rwinch rwinch self-assigned this Jan 26, 2026
@rwinch
Copy link
Member

rwinch commented Jan 26, 2026

Thank you. Unfortunately, the build fails with the changes. Can you please update the pull request to resolve the errors?

@rwinch rwinch added status: waiting-for-feedback We need additional information before we can continue in: config An issue in spring-security-config labels Jan 26, 2026
@rwinch rwinch changed the title Remove compiler warnings for spring-security-config Fix compiler warnings for spring-security-config Jan 26, 2026
@rwinch rwinch changed the title Fix compiler warnings for spring-security-config Fix compile warnings for spring-security-config Jan 26, 2026
@023-dev
Copy link
Contributor Author

023-dev commented Jan 27, 2026

@rwinch
Thanks for the heads-up! I’ll fix the build issues and update the pull request.

@spring-projects-issues spring-projects-issues added status: feedback-provided Feedback has been provided and removed status: waiting-for-feedback We need additional information before we can continue labels Jan 27, 2026
@023-dev 023-dev force-pushed the gh-18419 branch 2 times, most recently from 9034986 to 05becb5 Compare January 27, 2026 07:59
@023-dev
Copy link
Contributor Author

023-dev commented Jan 27, 2026
edited
Loading

@rwinch
I’ve fixed the build issues and pushed the updates.
The workflow should be ready once approved by a maintainer. Thanks!

@rwinch rwinch removed the status: feedback-provided Feedback has been provided label Feb 2, 2026
@rwinch rwinch enabled auto-merge (rebase) February 2, 2026 17:34
@rwinch
Copy link
Member

rwinch commented Feb 2, 2026

@023-dev It appears that that the build is still failing. Would you mind taking a look at it? You can check the build using the same steps in the linked CI.

@rwinch rwinch added the status: waiting-for-feedback We need additional information before we can continue label Feb 3, 2026
auto-merge was automatically disabled February 3, 2026 12:30

Head branch was pushed to by a user without write access

@023-dev
Copy link
Contributor Author

023-dev commented Feb 4, 2026

@rwinch

Thank you for the feedback, and I apologize for missing the previous build failure.
I have fixed the issue and pushed the updates.
The tests, including the full build for spring-security-config, are passing locally now.

@spring-projects-issues spring-projects-issues added status: feedback-provided Feedback has been provided and removed status: waiting-for-feedback We need additional information before we can continue labels Feb 4, 2026
@jgrandja jgrandja modified the milestones: 7.1.0-M2, 7.1.0-M3 Feb 13, 2026
rwinch
rwinch requested changes Feb 19, 2026
View reviewed changes
Copy link
Member

@rwinch rwinch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. I've provided feedback inline

buildSrc/src/main/groovy/compile-warnings-error.gradle
}

tasks.withType(KotlinCompile) {
kotlinOptions.allWarningsAsErrors = true
Copy link
Member

@rwinch rwinch Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why was this removed? I think that we still need to fail if there are kotlin warnings.

Copy link
Contributor Author

@023-dev 023-dev Feb 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the feedback! I've restored kotlinOptions.allWarningsAsErrors = true in the Gradle configuration.

config/src/main/kotlin/org/springframework/security/config/annotation/web/HeadersDsl.kt Outdated
* @property defaultsDisabled whether all of the default headers should be included in the response
*/
@SecurityMarker
@Suppress("DEPRECATION")
Copy link
Member

@rwinch rwinch Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We cannot add suppress deprecation here because the HeadersDsl is not also deprecated. Instead add it to the specific parts that are using deprecations and ensure that the method that uses them is also deprecated.

Copy link
Contributor Author

@023-dev 023-dev Feb 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done. I've removed the class-level @Suppress("DEPRECATION") from HeadersDsl
and moved it specifically to the deprecated fields (hpkp, featurePolicyDirectives) and their respective setter methods.

config/src/test/java/org/springframework/security/SerializationSamples.java
Authentication authentication = TestAuthentication.authenticated(user);
SecurityContext securityContext = new SecurityContextImpl(authentication);

instancioByClassName.put(OneTimeTokenAuthenticationToken.class, () -> {
Copy link
Member

@rwinch rwinch Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that since this is a test, we should leave this alone and suppress the warning

Copy link
Contributor Author

@023-dev 023-dev Feb 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point. I've reverted the changes to the test setup and instead added @SuppressWarnings("removal") directly to the Instancio.of(OneTimeTokenAuthenticationToken.class) initialization to suppress the deprecation warning.

@rwinch rwinch removed the status: feedback-provided Feedback has been provided label Feb 19, 2026
@rwinch rwinch added the status: waiting-for-feedback We need additional information before we can continue label Feb 19, 2026
@023-dev @rwinch
Remove compiler warnings for spring-security-config
cade0c9 
Signed-off-by: 023-dev <0_2_3@naver.com>
@rwinch rwinch merged commit b9f974b into spring-projects:main Feb 28, 2026
7 checks passed
@rwinch
Copy link
Member

rwinch commented Feb 28, 2026

Thanks for the Pull Request! This is now merged into main 😄

@023-dev
Copy link
Contributor Author

023-dev commented Feb 28, 2026

Thank you for the review and merge!
Really appreciate it 🙌

@rwinch rwinch removed the status: waiting-for-feedback We need additional information before we can continue label Feb 28, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rwinch rwinch rwinch requested changes

Assignees

@rwinch rwinch

Labels

in: build An issue in the build in: config An issue in spring-security-config type: enhancement A general enhancement

Projects

None yet

Milestone

7.1.0-M3

Development

Successfully merging this pull request may close these issues.

Remove compiler warnings for spring-security-config

4 participants

@023-dev @rwinch @jgrandja @spring-projects-issues