[#1585] Migrate to Jakarta EE 10 (3.x) (#2018)

* Update to 3.0.0

Includes version bumps:
- Java: 11 -> 17
- Ehcache: 2.6 -> 3.10
- Guice: 6 -> 7
- Jetty: 9.4.56.v2024.. -> 12.0
  - `org.eclipse.jetty` -> `org.eclipse.jetty.ee10`
- Jakarta EE: 8 -> 10
  - Activation: 1.2 -> 2.1
  - Annotation: 1.3 -> 2.1
  - Enterprise CDI API: 2.0 -> 4.0
  - JSON API: 1.1 -> 2.1
  - JSON Bind: 1.0 -> 3.0
  - Servlet: 4.0 -> 6.0
  - Servlet JSP API: 2.2 -> 3.1
  - Validation API: 2.0 -> 3.0
  - WS RS API: 2.1 -> 3.1
  - XML Bind: 2.3 -> 4.0
- Omnifaces: 4.6.1
- CXF RT Client: 3.6 -> 4.0
- Glassfish JAXB RT: 2.3 -> 4.0
- Spring: 5.3 -> 6.2
- Spring Boot: 2.7 -> 3.4
- Hibernate: 5.6 -> 6.6 (sample project)

Concerns:
- Ehcache migration most certainly needs revision
- CI untested (specially Jenkins CD)
- `flowlogix`, `omnifaces`, and a few other libs I have no knowledge of,
  certainly need attention
- Spring remoting seems to have been dropped from Spring Context, not
  sure if replaceable

Known issues:
- No immediate suitable replacement for `org.eclipse.jetty:apache-jstl`
- Ehcache 3.10 is pulling earlier version of jaxb runtime -> conflicting
  - Added exclusion to circumvent woes
- Some web integration tests aren't up to speed
  - Embedded jetty-based ITs fail, server reports 503
  - Arquillian IT fails
  - Meecrowave support missing (solved in unreleased 2.0.0?)

* Remove lingering guice3 IT pom.xml

* Suppress unchecked cast warning

* Revert ill merge in test case

* Properly disable meecrowave-based IT

* Remove Shiro Spring remoting test

* Remove lingering jetty injection argument from IT test case

* Restore dependency details lost in translation

* Remove stray type for runtime type inference / reification attempt

Shouldn't have included this 🤦 This was a miserable attempt to obtain
the concrete `Class<?>` instance for the request key and value types for
caches.  Please excuse my desperation.

* fix(lang): Fix resource retrieval as URL instead of stream

* fix: Fix typos in schema locations

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* fix(javadoc): Fix jakarta servlet javadoc reference

* jakarta-related cleanup

* fixed ehcache.xml

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: lprimak <lenny@flowlogix.com>

Author: 3 people

.github/workflows/maven.yml

@@ -38,7 +38,7 @@ jobs:
       - name: Set up JDK
         uses: actions/setup-java@f2beeb24e141e01a676f977032f5a29d81c9e27e # v5.1.0
         with:
-          java-version: 11
+          java-version: 17
           distribution: temurin
 
       - name: License Check

config/core/src/main/java/org/apache/shiro/config/Ini.java

@@ -446,8 +446,7 @@ protected static String getSectionName(String line) {
     }
 
     public boolean equals(Object obj) {
-        if (obj instanceof Ini) {
-            Ini ini = (Ini) obj;
+        if (obj instanceof Ini ini) {
             return this.sections.equals(ini.sections);
         }
         return false;
@@ -710,8 +709,7 @@ public String toString() {
 
         @Override
         public boolean equals(Object obj) {
-            if (obj instanceof Section) {
-                Section other = (Section) obj;
+            if (obj instanceof Section other) {
                 return getName().equals(other.getName()) && this.props.equals(other.props);
             }
             return false;

config/ogdl/src/main/java/org/apache/shiro/config/ogdl/ReflectionBuilder.java

@@ -232,23 +232,23 @@ protected EventBus findEventBus(Map<String, ?> objects) {
 
         //prefer a named object first:
         Object value = objects.get(EVENT_BUS_NAME);
-        if (value instanceof EventBus) {
-            return (EventBus) value;
+        if (value instanceof EventBus bus) {
+            return bus;
         }
 
         //couldn't find a named 'eventBus' EventBus object.  Try to find the first typed value we can:
         for (Object v : objects.values()) {
-            if (v instanceof EventBus) {
-                return (EventBus) v;
+            if (v instanceof EventBus bus) {
+                return bus;
             }
         }
 
         return null;
     }
 
     private boolean applyEventBusIfNecessary(Object value) {
-        if (value instanceof EventBusAware) {
-            ((EventBusAware) value).setEventBus(this.eventBus);
+        if (value instanceof EventBusAware aware) {
+            aware.setEventBus(this.eventBus);
             return true;
         }
         return false;
@@ -357,8 +357,8 @@ protected void createNewInstance(Map<String, Object> objects, String name, Strin
         Object instance;
         try {
             instance = ClassUtils.newInstance(value);
-            if (instance instanceof Nameable) {
-                ((Nameable) instance).setName(name);
+            if (instance instanceof Nameable nameable) {
+                nameable.setName(name);
             }
         } catch (Exception e) {
             instance = alternateObjectSupplier.apply(value);
@@ -455,8 +455,8 @@ protected Object resolveReference(String reference) {
         String id = getId(reference);
         LOGGER.debug("Encountered object reference '{}'.  Looking up object with id '{}'", reference, id);
         final Object referencedObject = getReferencedObject(id);
-        if (referencedObject instanceof Factory) {
-            return ((Factory) referencedObject).getInstance();
+        if (referencedObject instanceof Factory factory) {
+            return factory.getInstance();
         }
         return referencedObject;
     }
@@ -492,8 +492,8 @@ protected Set<?> toSet(String sValue) {
         //SHIRO-423: check to see if the value is a referenced Set already, and if so, return it immediately:
         if (tokens.length == 1 && isReference(tokens[0])) {
             Object reference = resolveReference(tokens[0]);
-            if (reference instanceof Set) {
-                return (Set) reference;
+            if (reference instanceof Set set) {
+                return set;
             }
         }
 
@@ -518,8 +518,8 @@ protected Set<?> toSet(String sValue) {
         //SHIRO-423: check to see if the value is a referenced Map already, and if so, return it immediately:
         if (tokens.length == 1 && isReference(tokens[0])) {
             Object reference = resolveReference(tokens[0]);
-            if (reference instanceof Map) {
-                return (Map) reference;
+            if (reference instanceof Map map) {
+                return map;
             }
         }
 
@@ -556,8 +556,8 @@ protected Collection<?> toCollection(String sValue) {
         //SHIRO-423: check to see if the value is a referenced Collection already, and if so, return it immediately:
         if (tokens.length == 1 && isReference(tokens[0])) {
             Object reference = resolveReference(tokens[0]);
-            if (reference instanceof Collection) {
-                return (Collection) reference;
+            if (reference instanceof Collection collection) {
+                return collection;
             }
         }
 
@@ -579,8 +579,8 @@ protected List<?> toList(String sValue) {
         //SHIRO-423: check to see if the value is a referenced List already, and if so, return it immediately:
         if (tokens.length == 1 && isReference(tokens[0])) {
             Object reference = resolveReference(tokens[0]);
-            if (reference instanceof List) {
-                return (List) reference;
+            if (reference instanceof List list) {
+                return list;
             }
         }
 
@@ -806,8 +806,7 @@ public void add(Statement statement) {
             //we execute bean configuration statements in the order they are declared.
             statements.add(statement);
 
-            if (statement instanceof InstantiationStatement) {
-                InstantiationStatement is = (InstantiationStatement) statement;
+            if (statement instanceof InstantiationStatement is) {
                 beanConfigurations.add(new BeanConfiguration(is));
             } else {
                 AssignmentStatement as = (AssignmentStatement) statement;

core/src/main/java/org/apache/shiro/authc/AbstractAuthenticator.java

@@ -203,8 +203,8 @@ public final AuthenticationInfo authenticate(AuthenticationToken token) throws A
             }
         } catch (Throwable t) {
             AuthenticationException ae = null;
-            if (t instanceof AuthenticationException) {
-                ae = (AuthenticationException) t;
+            if (t instanceof AuthenticationException exception) {
+                ae = exception;
             }
             if (ae == null) {
                 //Exception thrown was not an expected AuthenticationException.  Therefore it is probably a little more

core/src/main/java/org/apache/shiro/authc/SimpleAccount.java

@@ -99,7 +99,7 @@ public SimpleAccount(Object principal, Object credentials, String realmName) {
      * @since 1.1
      */
     public SimpleAccount(Object principal, Object hashedCredentials, ByteSource credentialsSalt, String realmName) {
-        this(principal instanceof PrincipalCollection ? (PrincipalCollection) principal
+        this(principal instanceof PrincipalCollection pc ? pc
                         : ImmutablePrincipalCollection.ofSinglePrincipal(principal, realmName),
                 hashedCredentials, credentialsSalt);
     }
@@ -448,8 +448,7 @@ public void merge(AuthenticationInfo info) {
         authcInfo.merge(info);
 
         // Merge SimpleAccount specific info
-        if (info instanceof SimpleAccount) {
-            SimpleAccount otherAccount = (SimpleAccount) info;
+        if (info instanceof SimpleAccount otherAccount) {
             if (otherAccount.isLocked()) {
                 setLocked(true);
             }
@@ -482,8 +481,7 @@ public boolean equals(Object o) {
         if (o == this) {
             return true;
         }
-        if (o instanceof SimpleAccount) {
-            SimpleAccount sa = (SimpleAccount) o;
+        if (o instanceof SimpleAccount sa) {
             //principal should be unique across the application, so only check this for equality:
             return (getPrincipals() != null ? getPrincipals().equals(sa.getPrincipals()) : sa.getPrincipals() == null);
         }

core/src/main/java/org/apache/shiro/authc/SimpleAuthenticationInfo.java

@@ -23,6 +23,7 @@
 import org.apache.shiro.subject.ImmutablePrincipalCollection;
 import org.apache.shiro.subject.PrincipalCollection;
 
+import java.io.Serial;
 import java.util.Collection;
 import java.util.HashSet;
 import java.util.Objects;
@@ -38,6 +39,7 @@
  */
 public class SimpleAuthenticationInfo implements MergableAuthenticationInfo, SaltedAuthenticationInfo {
 
+    @Serial
     private static final long serialVersionUID = 5390456512469696779L;
     /**
      * The principals identifying the account associated with this AuthenticationInfo instance.
@@ -220,8 +222,8 @@ public void merge(AuthenticationInfo info) {
         //is null, then it can't hurt to pull in a non-null value if one exists.
         //
         //since 1.1:
-        if (this.credentialsSalt == null && info instanceof SaltedAuthenticationInfo) {
-            this.credentialsSalt = ((SaltedAuthenticationInfo) info).getCredentialsSalt();
+        if (this.credentialsSalt == null && info instanceof SaltedAuthenticationInfo authenticationInfo) {
+            this.credentialsSalt = authenticationInfo.getCredentialsSalt();
         }
 
         Object thisCredentials = getCredentials();
@@ -245,10 +247,8 @@ public void merge(AuthenticationInfo info) {
         // At this point, the credentials should be a collection
         @SuppressWarnings("unchecked")
         Collection<Object> credentialCollection = (Collection<Object>) getCredentials();
-        if (otherCredentials instanceof Collection) {
-            @SuppressWarnings("unchecked")
-            Collection<Object> otherCredentialsCollection = (Collection<Object>) otherCredentials;
-            credentialCollection.addAll(otherCredentialsCollection);
+        if (otherCredentials instanceof Collection<?> collection) {
+            credentialCollection.addAll(collection);
         } else {
             credentialCollection.add(otherCredentials);
         }

core/src/main/java/org/apache/shiro/authc/credential/DefaultPasswordService.java

@@ -169,9 +169,7 @@ public boolean passwordsMatch(Object submittedPlaintext, String saved) {
         //configuration changes.
         HashFormat discoveredFormat = this.hashFormatFactory.getInstance(saved);
 
-        if (discoveredFormat instanceof ParsableHashFormat) {
-
-            ParsableHashFormat parsableHashFormat = (ParsableHashFormat) discoveredFormat;
+        if (discoveredFormat instanceof ParsableHashFormat parsableHashFormat) {
             Hash savedHash = parsableHashFormat.parse(saved);
 
             return passwordsMatch(submittedPlaintext, savedHash);

core/src/main/java/org/apache/shiro/authc/credential/HashedCredentialsMatcher.java

@@ -402,8 +402,8 @@ public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo
      */
     protected Object hashProvidedCredentials(AuthenticationToken token, AuthenticationInfo info) {
         final Object salt;
-        if (info instanceof SaltedAuthenticationInfo) {
-            salt = ((SaltedAuthenticationInfo) info).getCredentialsSalt();
+        if (info instanceof SaltedAuthenticationInfo authenticationInfo) {
+            salt = authenticationInfo.getCredentialsSalt();
         } else if (isHashSalted()) {
             //retain 1.0 backwards compatibility:
             salt = getSalt(token);

core/src/main/java/org/apache/shiro/authc/credential/PasswordMatcher.java

@@ -49,8 +49,7 @@ public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo
         Object storedCredentials = getStoredPassword(info);
         assertStoredCredentialsType(storedCredentials);
 
-        if (storedCredentials instanceof Hash) {
-            Hash hashedPassword = (Hash) storedCredentials;
+        if (storedCredentials instanceof Hash hashedPassword) {
             return hashedPassword.matchesPassword(ByteSource.Util.bytes(submittedPassword));
         }
         //otherwise they are a String (asserted in the 'assertStoredCredentialsType' method call above):
@@ -89,8 +88,8 @@ private void assertStoredCredentialsType(Object credentials) {
     protected Object getStoredPassword(AuthenticationInfo storedAccountInfo) {
         Object stored = storedAccountInfo != null ? storedAccountInfo.getCredentials() : null;
         //fix for https://issues.apache.org/jira/browse/SHIRO-363
-        if (stored instanceof char[]) {
-            stored = new String((char[]) stored);
+        if (stored instanceof char[] chars) {
+            stored = new String(chars);
         }
         return stored;
     }

core/src/main/java/org/apache/shiro/authc/pam/AbstractAuthenticationStrategy.java

@@ -87,8 +87,8 @@ public AuthenticationInfo afterAttempt(Realm realm, AuthenticationToken token,
      * {@link org.apache.shiro.authc.MergableAuthenticationInfo MergableAuthenticationInfo} is not desired for some reason.
      */
     protected AuthenticationInfo merge(AuthenticationInfo info, AuthenticationInfo aggregate) {
-        if (aggregate instanceof MergableAuthenticationInfo) {
-            ((MergableAuthenticationInfo) aggregate).merge(info);
+        if (aggregate instanceof MergableAuthenticationInfo authenticationInfo) {
+            authenticationInfo.merge(info);
             return aggregate;
         } else {
             throw new IllegalArgumentException("Attempt to merge authentication info from multiple realms, but aggregate "