Add native-image support for Core classes

Closes gh-2104

Author: marcusdacoregio

Diff for: gradle/dependency-management.gradle

@@ -32,6 +32,7 @@ dependencyManagement {
 		dependencySet(group: 'org.mockito', version: '4.2.0') {
         	entry 'mockito-core'
 			entry 'mockito-junit-jupiter'
+			entry 'mockito-inline'
 		}
 
 		dependencySet(group: 'org.mongodb', version: '4.6.0') {

Diff for: spring-session-core/spring-session-core.gradle

@@ -19,6 +19,7 @@ dependencies {
 
 	testImplementation "io.projectreactor:reactor-test"
 	testImplementation "org.mockito:mockito-core"
+	testImplementation "org.mockito:mockito-inline"
 	testImplementation "edu.umd.cs.mtc:multithreadedtc"
 	testImplementation "org.springframework:spring-test"
 	testImplementation "org.assertj:assertj-core"

Diff for: spring-session-core/src/main/java/org/springframework/session/aot/hint/CommonSessionSecurityHints.java

@@ -0,0 +1,102 @@
+/*
+ * Copyright 2014-2022 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.aot.hint;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.TreeSet;
+
+import org.springframework.aot.hint.RuntimeHints;
+import org.springframework.aot.hint.RuntimeHintsRegistrar;
+import org.springframework.aot.hint.TypeReference;
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.authentication.AccountExpiredException;
+import org.springframework.security.authentication.AuthenticationServiceException;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.CredentialsExpiredException;
+import org.springframework.security.authentication.DisabledException;
+import org.springframework.security.authentication.InsufficientAuthenticationException;
+import org.springframework.security.authentication.LockedException;
+import org.springframework.security.authentication.ProviderNotFoundException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.context.SecurityContextImpl;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+
+/**
+ * A {@link RuntimeHintsRegistrar} for common session security hints.
+ *
+ * @author Marcus Da Coregio
+ */
+public class CommonSessionSecurityHints implements RuntimeHintsRegistrar {
+
+	@Override
+	public void registerHints(RuntimeHints hints, ClassLoader classLoader) {
+		Arrays.asList(TypeReference.of(String.class), TypeReference.of(ArrayList.class),
+				TypeReference.of(TreeSet.class), TypeReference.of(SecurityContextImpl.class),
+				TypeReference.of(SimpleGrantedAuthority.class), TypeReference.of(User.class),
+				TypeReference.of(Number.class), TypeReference.of(Long.class), TypeReference.of(Integer.class),
+				TypeReference.of(AbstractAuthenticationToken.class),
+				TypeReference.of(UsernamePasswordAuthenticationToken.class), TypeReference.of(StackTraceElement.class),
+				TypeReference.of(Throwable.class), TypeReference.of(Exception.class),
+				TypeReference.of(RuntimeException.class), TypeReference.of(AuthenticationException.class),
+				TypeReference.of(BadCredentialsException.class), TypeReference.of(UsernameNotFoundException.class),
+				TypeReference.of(AccountExpiredException.class), TypeReference.of(ProviderNotFoundException.class),
+				TypeReference.of(DisabledException.class), TypeReference.of(LockedException.class),
+				TypeReference.of(AuthenticationServiceException.class),
+				TypeReference.of(CredentialsExpiredException.class),
+				TypeReference.of(InsufficientAuthenticationException.class),
+				TypeReference
+						.of("org.springframework.security.web.authentication.session.SessionAuthenticationException"),
+				TypeReference.of(
+						"org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException"),
+				TypeReference.of("java.util.Collections$UnmodifiableCollection"),
+				TypeReference.of("java.util.Collections$UnmodifiableList"),
+				TypeReference.of("java.util.Collections$EmptyList"),
+				TypeReference.of("java.util.Collections$UnmodifiableRandomAccessList"),
+				TypeReference.of("java.util.Collections$UnmodifiableSet"),
+				TypeReference.of("org.springframework.security.core.userdetails.User$AuthorityComparator"))
+				.forEach(hints.serialization()::registerType);
+		registerOAuth2ClientHintsIfNeeded(hints);
+		registerOAuth2ResourceServerHintsIfNeeded(hints);
+	}
+
+	private void registerOAuth2ResourceServerHintsIfNeeded(RuntimeHints hints) {
+		Arrays.asList(
+				TypeReference.of("org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken"),
+				TypeReference.of(
+						"org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken"),
+				TypeReference.of("org.springframework.security.oauth2.core.OAuth2AuthenticationException"))
+				.forEach((type) -> hints.serialization().registerType(type, (hint) -> hint.onReachableType(TypeReference
+						.of("org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken"))));
+	}
+
+	private void registerOAuth2ClientHintsIfNeeded(RuntimeHints hints) {
+		Arrays.asList(
+				TypeReference.of("org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken"),
+				TypeReference
+						.of("org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken"),
+				TypeReference.of(
+						"org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken"),
+				TypeReference.of("org.springframework.security.oauth2.core.OAuth2AuthenticationException"))
+				.forEach((type) -> hints.serialization().registerType(type, (hint) -> hint.onReachableType(TypeReference
+						.of("org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken"))));
+	}
+
+}

Diff for: spring-session-core/src/main/java/org/springframework/session/aot/hint/server/WebSessionSecurityHints.java

@@ -0,0 +1,40 @@
+/*
+ * Copyright 2014-2022 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.aot.hint.server;
+
+import org.springframework.aot.hint.RuntimeHints;
+import org.springframework.aot.hint.RuntimeHintsRegistrar;
+import org.springframework.security.web.server.csrf.DefaultCsrfToken;
+import org.springframework.util.ClassUtils;
+
+/**
+ * {@link RuntimeHintsRegistrar} for Reactive Session hints.
+ *
+ * @author Marcus Da Coregio
+ */
+public class WebSessionSecurityHints implements RuntimeHintsRegistrar {
+
+	@Override
+	public void registerHints(RuntimeHints hints, ClassLoader classLoader) {
+		if (!ClassUtils.isPresent("org.springframework.web.server.WebSession", classLoader) || !ClassUtils
+				.isPresent("org.springframework.security.web.server.csrf.DefaultCsrfToken", classLoader)) {
+			return;
+		}
+		hints.serialization().registerType(DefaultCsrfToken.class);
+	}
+
+}

Diff for: spring-session-core/src/main/java/org/springframework/session/aot/hint/servlet/HttpSessionSecurityHints.java

@@ -0,0 +1,52 @@
+/*
+ * Copyright 2014-2022 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.aot.hint.servlet;
+
+import java.util.Arrays;
+import java.util.Locale;
+import java.util.TreeMap;
+
+import org.springframework.aot.hint.RuntimeHints;
+import org.springframework.aot.hint.RuntimeHintsRegistrar;
+import org.springframework.aot.hint.TypeReference;
+import org.springframework.security.web.authentication.WebAuthenticationDetails;
+import org.springframework.security.web.csrf.DefaultCsrfToken;
+import org.springframework.security.web.savedrequest.DefaultSavedRequest;
+import org.springframework.security.web.savedrequest.SavedCookie;
+import org.springframework.util.ClassUtils;
+
+/**
+ * {@link RuntimeHintsRegistrar} for Servlet Session hints.
+ *
+ * @author Marcus Da Coregio
+ */
+public class HttpSessionSecurityHints implements RuntimeHintsRegistrar {
+
+	@Override
+	public void registerHints(RuntimeHints hints, ClassLoader classLoader) {
+		if (!ClassUtils.isPresent("jakarta.servlet.http.HttpSession", classLoader)
+				|| !ClassUtils.isPresent("org.springframework.security.web.csrf.DefaultCsrfToken", classLoader)) {
+			return;
+		}
+		Arrays.asList(TypeReference.of(TreeMap.class), TypeReference.of(Locale.class),
+				TypeReference.of(DefaultSavedRequest.class), TypeReference.of(DefaultCsrfToken.class),
+				TypeReference.of(WebAuthenticationDetails.class), TypeReference.of(SavedCookie.class),
+				TypeReference.of("java.lang.String$CaseInsensitiveComparator"))
+				.forEach(hints.serialization()::registerType);
+	}
+
+}

Diff for: spring-session-core/src/main/resources/META-INF/spring/aot.factories

@@ -0,0 +1,4 @@
+org.springframework.aot.hint.RuntimeHintsRegistrar=\
+org.springframework.session.aot.hint.CommonSessionSecurityHints,\
+org.springframework.session.aot.hint.servlet.HttpSessionSecurityHints,\
+org.springframework.session.aot.hint.server.WebSessionSecurityHints

Diff for: spring-session-core/src/test/java/org/springframework/session/aot/hint/CommonSessionSecurityHintsTests.java

@@ -0,0 +1,112 @@
+/*
+ * Copyright 2014-2022 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.aot.hint;
+
+import java.util.ArrayList;
+import java.util.TreeSet;
+import java.util.stream.Stream;
+
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.MethodSource;
+
+import org.springframework.aot.hint.RuntimeHints;
+import org.springframework.aot.hint.RuntimeHintsRegistrar;
+import org.springframework.aot.hint.TypeReference;
+import org.springframework.core.io.support.SpringFactoriesLoader;
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.authentication.AccountExpiredException;
+import org.springframework.security.authentication.AuthenticationServiceException;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.CredentialsExpiredException;
+import org.springframework.security.authentication.DisabledException;
+import org.springframework.security.authentication.InsufficientAuthenticationException;
+import org.springframework.security.authentication.LockedException;
+import org.springframework.security.authentication.ProviderNotFoundException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.context.SecurityContextImpl;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * Tests for {@link CommonSessionSecurityHints}
+ *
+ * @author Marcus Da Coregio
+ */
+class CommonSessionSecurityHintsTests {
+
+	private final RuntimeHints hints = new RuntimeHints();
+
+	private final CommonSessionSecurityHints commonSessionSecurityHints = new CommonSessionSecurityHints();
+
+	@ParameterizedTest
+	@MethodSource("getSerializationHintTypes")
+	void coreTypesHasHints(TypeReference typeReference) {
+		this.commonSessionSecurityHints.registerHints(this.hints, getClass().getClassLoader());
+		assertThat(new SerializationHintsPredicates().onType(typeReference)).accepts(this.hints);
+	}
+
+	@Test
+	void aotFactoriesContainsRegistrar() {
+		boolean match = SpringFactoriesLoader.forResourceLocation("META-INF/spring/aot.factories")
+				.load(RuntimeHintsRegistrar.class).stream()
+				.anyMatch((registrar) -> registrar instanceof CommonSessionSecurityHints);
+		assertThat(match).isTrue();
+	}
+
+	private static Stream<TypeReference> getSerializationHintTypes() {
+		return Stream.of(TypeReference.of(String.class), TypeReference.of(ArrayList.class),
+				TypeReference.of(TreeSet.class), TypeReference.of(SecurityContextImpl.class),
+				TypeReference.of(SimpleGrantedAuthority.class), TypeReference.of(User.class),
+				TypeReference.of(Number.class), TypeReference.of(Long.class), TypeReference.of(Integer.class),
+				TypeReference.of(AbstractAuthenticationToken.class),
+				TypeReference.of(UsernamePasswordAuthenticationToken.class), TypeReference.of(StackTraceElement.class),
+				TypeReference.of(Throwable.class), TypeReference.of(Exception.class),
+				TypeReference.of(RuntimeException.class), TypeReference.of(AuthenticationException.class),
+				TypeReference.of(BadCredentialsException.class), TypeReference.of(UsernameNotFoundException.class),
+				TypeReference.of(AccountExpiredException.class), TypeReference.of(ProviderNotFoundException.class),
+				TypeReference.of(DisabledException.class), TypeReference.of(LockedException.class),
+				TypeReference.of(AuthenticationServiceException.class),
+				TypeReference.of(CredentialsExpiredException.class),
+				TypeReference.of(InsufficientAuthenticationException.class),
+				TypeReference
+						.of("org.springframework.security.web.authentication.session.SessionAuthenticationException"),
+				TypeReference.of(
+						"org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException"),
+				TypeReference.of("java.util.Collections$UnmodifiableCollection"),
+				TypeReference.of("java.util.Collections$UnmodifiableList"),
+				TypeReference.of("java.util.Collections$EmptyList"),
+				TypeReference.of("java.util.Collections$UnmodifiableRandomAccessList"),
+				TypeReference.of("java.util.Collections$UnmodifiableSet"),
+				TypeReference.of("org.springframework.security.core.userdetails.User$AuthorityComparator"),
+				TypeReference.of("org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken"),
+				TypeReference.of(
+						"org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken"),
+				TypeReference.of("org.springframework.security.oauth2.core.OAuth2AuthenticationException"),
+				TypeReference.of("org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken"),
+				TypeReference
+						.of("org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken"),
+				TypeReference.of(
+						"org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken"),
+				TypeReference.of("org.springframework.security.oauth2.core.OAuth2AuthenticationException"));
+	}
+
+}