Address Spring Security 6 migration changes

- JavaEE -> JakartaEE
- logback upgrade

Author: ynojima

build.gradle

@@ -27,7 +27,7 @@ buildscript {
 
         //Libraries
         webauthn4jVersion = '0.21.0.RELEASE'
-        springSecurityVersion = '5.8.2'
+        springSecurityVersion = '6.0.2'
         hibernateValidatorVersion = '6.2.5.Final'
         thymeleafVersion = '3.0.4.RELEASE'
         modelMapperVersion = '3.1.1'
@@ -45,12 +45,6 @@ buildscript {
         // When stable version is released, and Spring Boot BOM includes it, this need to be removed.
         seleniumVersion = '4.8.1'
 
-        // To make the test pass without errors NoClassDefFoundError in samples/fido-server-conformance-test-app
-        // There is a compatibility issue between the versions of SLF4J/Logback used by webauthn4j and the versions used by Spring Boot 2.7.x
-        // There are breaking change in th SLF4J 2.x branche ("SLF4J API version 2.0.0 relies on the ServiceLoader mechanism to find its logging backend"
-        // and no any more on the StaticLoggerBinder see https://www.slf4j.org/manual.html).
-        // When upgrading to Spring Boot 3.x branche, this constant will have to be removed.
-        logbackSpringBoot27xCompatibilityVersion = '1.2.11'
     }
 
     repositories {
@@ -235,7 +229,7 @@ configure(sampleAppProjects) {
 configure(allJavaProjects) {
     apply plugin: 'org.owasp.dependencycheck'
 
-    sourceCompatibility = 1.8
+    sourceCompatibility = 17
 
     tasks.withType(JavaCompile) {
         options.compilerArgs << "-Xlint:unchecked"

samples/fido-server-conformance-test-app/build.gradle

@@ -40,10 +40,6 @@ dependencies {
     implementation("org.slf4j:jcl-over-slf4j")
     implementation("org.modelmapper:modelmapper")
     implementation('org.flywaydb:flyway-core')
-    //We have to force the use of this dependency
-    runtimeOnly("ch.qos.logback:logback-classic:$logbackSpringBoot27xCompatibilityVersion"){
-        force = true
-    }
     runtimeOnly('com.h2database:h2')
     runtimeOnly('com.mysql:mysql-connector-j')
     runtimeOnly("org.lazyluke:log4jdbc-remix")

samples/fido-server-conformance-test-app/src/main/java/com/webauthn4j/springframework/security/fido/server/endpoint/FidoServerAssertionOptionsEndpointFilter.java

@@ -29,7 +29,7 @@
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.util.Assert;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.UncheckedIOException;

samples/fido-server-conformance-test-app/src/main/java/com/webauthn4j/springframework/security/fido/server/endpoint/FidoServerAssertionResultEndpointFailureHandler.java

@@ -20,8 +20,8 @@
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
 
 public class FidoServerAssertionResultEndpointFailureHandler implements AuthenticationFailureHandler {

samples/fido-server-conformance-test-app/src/main/java/com/webauthn4j/springframework/security/fido/server/endpoint/FidoServerAssertionResultEndpointFilter.java

@@ -37,8 +37,8 @@
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.UncheckedIOException;

samples/fido-server-conformance-test-app/src/main/java/com/webauthn4j/springframework/security/fido/server/endpoint/FidoServerAssertionResultEndpointSuccessHandler.java

@@ -20,8 +20,8 @@
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
 
 public class FidoServerAssertionResultEndpointSuccessHandler implements AuthenticationSuccessHandler {

samples/fido-server-conformance-test-app/src/main/java/com/webauthn4j/springframework/security/fido/server/endpoint/FidoServerAttestationOptionsEndpointFilter.java

@@ -29,7 +29,7 @@
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.util.Assert;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.UncheckedIOException;

samples/fido-server-conformance-test-app/src/main/java/com/webauthn4j/springframework/security/fido/server/endpoint/FidoServerAttestationResultEndpointFilter.java

@@ -32,7 +32,7 @@
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.util.Assert;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.UncheckedIOException;

samples/fido-server-conformance-test-app/src/main/java/com/webauthn4j/springframework/security/fido/server/endpoint/ServerEndpointFilterBase.java

@@ -27,12 +27,12 @@
 import org.springframework.util.Assert;
 import org.springframework.web.filter.GenericFilterBean;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
 
 public abstract class ServerEndpointFilterBase extends GenericFilterBean {

samples/fido-server-conformance-test-app/src/main/java/com/webauthn4j/springframework/security/fido/server/endpoint/ServerEndpointFilterUtil.java

@@ -27,7 +27,7 @@
 import org.springframework.security.authentication.InsufficientAuthenticationException;
 import org.springframework.security.core.AuthenticationException;
 
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
 
 class ServerEndpointFilterUtil {