Update Deprecated Spring Jdbc Usage

Author: jzheaux

acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java

@@ -100,8 +100,8 @@ public JdbcAclService(JdbcOperations jdbcOperations, LookupStrategy lookupStrate
 	@Override
 	public List<ObjectIdentity> findChildren(ObjectIdentity parentIdentity) {
 		Object[] args = { parentIdentity.getIdentifier().toString(), parentIdentity.getType() };
-		List<ObjectIdentity> objects = this.jdbcOperations.query(this.findChildrenSql, args,
-				(rs, rowNum) -> mapObjectIdentityRow(rs));
+		List<ObjectIdentity> objects = this.jdbcOperations.query(this.findChildrenSql,
+				(rs, rowNum) -> mapObjectIdentityRow(rs), args);
 		return (!objects.isEmpty()) ? objects : null;
 	}
 

acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java

@@ -190,8 +190,7 @@ protected void createObjectIdentity(ObjectIdentity object, Sid owner) {
 	 * @return the primary key or null if not found
 	 */
 	protected Long createOrRetrieveClassPrimaryKey(String type, boolean allowCreate, Class idType) {
-		List<Long> classIds = this.jdbcOperations.queryForList(this.selectClassPrimaryKey, new Object[] { type },
-				Long.class);
+		List<Long> classIds = this.jdbcOperations.queryForList(this.selectClassPrimaryKey, Long.class, type);
 
 		if (!classIds.isEmpty()) {
 			return classIds.get(0);
@@ -242,8 +241,8 @@ protected Long createOrRetrieveSidPrimaryKey(Sid sid, boolean allowCreate) {
 	 * @return the primary key or null if not found
 	 */
 	protected Long createOrRetrieveSidPrimaryKey(String sidName, boolean sidIsPrincipal, boolean allowCreate) {
-		List<Long> sidIds = this.jdbcOperations.queryForList(this.selectSidPrimaryKey,
-				new Object[] { sidIsPrincipal, sidName }, Long.class);
+		List<Long> sidIds = this.jdbcOperations.queryForList(this.selectSidPrimaryKey, Long.class, sidIsPrincipal,
+				sidName);
 		if (!sidIds.isEmpty()) {
 			return sidIds.get(0);
 		}

acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java

@@ -109,7 +109,7 @@ public void findOneChildren() {
 		List<ObjectIdentity> result = new ArrayList<>();
 		result.add(new ObjectIdentityImpl(Object.class, "5577"));
 		Object[] args = { "1", "org.springframework.security.acls.jdbc.JdbcAclServiceTests$MockLongIdDomainObject" };
-		given(this.jdbcOperations.query(anyString(), eq(args), any(RowMapper.class))).willReturn(result);
+		given(this.jdbcOperations.query(anyString(), any(RowMapper.class), eq(args))).willReturn(result);
 		ObjectIdentity objectIdentity = new ObjectIdentityImpl(MockLongIdDomainObject.class, 1L);
 		List<ObjectIdentity> objectIdentities = this.aclService.findChildren(objectIdentity);
 		assertThat(objectIdentities).hasSize(1);

core/src/main/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImpl.java

@@ -226,10 +226,10 @@ protected List<UserDetails> loadUsersByUsername(String username) {
 	 * @return a list of GrantedAuthority objects for the user
 	 */
 	protected List<GrantedAuthority> loadUserAuthorities(String username) {
-		return getJdbcTemplate().query(this.authoritiesByUsernameQuery, new String[] { username }, (rs, rowNum) -> {
+		return getJdbcTemplate().query(this.authoritiesByUsernameQuery, (rs, rowNum) -> {
 			String roleName = JdbcDaoImpl.this.rolePrefix + rs.getString(2);
 			return new SimpleGrantedAuthority(roleName);
-		});
+		}, username);
 	}
 
 	/**
@@ -238,11 +238,10 @@ protected List<GrantedAuthority> loadUserAuthorities(String username) {
 	 * @return a list of GrantedAuthority objects for the user
 	 */
 	protected List<GrantedAuthority> loadGroupAuthorities(String username) {
-		return getJdbcTemplate().query(this.groupAuthoritiesByUsernameQuery, new String[] { username },
-				(rs, rowNum) -> {
-					String roleName = getRolePrefix() + rs.getString(3);
-					return new SimpleGrantedAuthority(roleName);
-				});
+		return getJdbcTemplate().query(this.groupAuthoritiesByUsernameQuery, (rs, rowNum) -> {
+			String roleName = getRolePrefix() + rs.getString(3);
+			return new SimpleGrantedAuthority(roleName);
+		}, username);
 	}
 
 	/**

core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java

@@ -336,8 +336,7 @@ protected Authentication createNewAuthentication(Authentication currentAuth, Str
 
 	@Override
 	public boolean userExists(String username) {
-		List<String> users = getJdbcTemplate().queryForList(this.userExistsSql, new String[] { username },
-				String.class);
+		List<String> users = getJdbcTemplate().queryForList(this.userExistsSql, String.class, username);
 		if (users.size() > 1) {
 			throw new IncorrectResultSizeDataAccessException("More than one user found with name '" + username + "'",
 					1);
@@ -353,7 +352,7 @@ public List<String> findAllGroups() {
 	@Override
 	public List<String> findUsersInGroup(String groupName) {
 		Assert.hasText(groupName, "groupName should have text");
-		return getJdbcTemplate().queryForList(this.findUsersInGroupSql, new String[] { groupName }, String.class);
+		return getJdbcTemplate().queryForList(this.findUsersInGroupSql, String.class, groupName);
 	}
 
 	@Override
@@ -422,8 +421,7 @@ public void removeUserFromGroup(final String username, final String groupName) {
 	public List<GrantedAuthority> findGroupAuthorities(String groupName) {
 		this.logger.debug("Loading authorities for group '" + groupName + "'");
 		Assert.hasText(groupName, "groupName should have text");
-		return getJdbcTemplate().query(this.groupAuthoritiesSql, new String[] { groupName },
-				this.grantedAuthorityMapper);
+		return getJdbcTemplate().query(this.groupAuthoritiesSql, this.grantedAuthorityMapper, groupName);
 	}
 
 	private GrantedAuthority mapToGrantedAuthority(ResultSet rs, int rowNum) throws SQLException {

web/src/main/java/org/springframework/security/web/webauthn/management/JdbcUserCredentialRepository.java

@@ -33,7 +33,6 @@
 import org.springframework.jdbc.core.PreparedStatementSetter;
 import org.springframework.jdbc.core.RowMapper;
 import org.springframework.jdbc.core.SqlParameterValue;
-import org.springframework.jdbc.support.lob.DefaultLobHandler;
 import org.springframework.jdbc.support.lob.LobCreator;
 import org.springframework.jdbc.support.lob.LobHandler;
 import org.springframework.security.web.webauthn.api.AuthenticatorTransport;
@@ -62,11 +61,11 @@
  */
 public final class JdbcUserCredentialRepository implements UserCredentialRepository {
 
-	private RowMapper<CredentialRecord> credentialRecordRowMapper = new CredentialRecordRowMapper();
+	private RowMapper<CredentialRecord> credentialRecordRowMapper = new CredentialRecordRowMapper(ResultSet::getBytes);
 
 	private Function<CredentialRecord, List<SqlParameterValue>> credentialRecordParametersMapper = new CredentialRecordParametersMapper();
 
-	private LobHandler lobHandler = new DefaultLobHandler();
+	private SetBytes setBytes = PreparedStatement::setBytes;
 
 	private final JdbcOperations jdbcOperations;
 
@@ -159,22 +158,16 @@ public void save(CredentialRecord record) {
 
 	private void insertCredentialRecord(CredentialRecord record) {
 		List<SqlParameterValue> parameters = this.credentialRecordParametersMapper.apply(record);
-		try (LobCreator lobCreator = this.lobHandler.getLobCreator()) {
-			PreparedStatementSetter pss = new LobCreatorArgumentPreparedStatementSetter(lobCreator,
-					parameters.toArray());
-			this.jdbcOperations.update(SAVE_CREDENTIAL_RECORD_SQL, pss);
-		}
+		PreparedStatementSetter pss = new BlobArgumentPreparedStatementSetter(this.setBytes, parameters.toArray());
+		this.jdbcOperations.update(SAVE_CREDENTIAL_RECORD_SQL, pss);
 	}
 
 	private int updateCredentialRecord(CredentialRecord record) {
 		List<SqlParameterValue> parameters = this.credentialRecordParametersMapper.apply(record);
 		SqlParameterValue credentialId = parameters.remove(0);
 		parameters.add(credentialId);
-		try (LobCreator lobCreator = this.lobHandler.getLobCreator()) {
-			PreparedStatementSetter pss = new LobCreatorArgumentPreparedStatementSetter(lobCreator,
-					parameters.toArray());
-			return this.jdbcOperations.update(UPDATE_CREDENTIAL_RECORD_SQL, pss);
-		}
+		PreparedStatementSetter pss = new BlobArgumentPreparedStatementSetter(this.setBytes, parameters.toArray());
+		return this.jdbcOperations.update(UPDATE_CREDENTIAL_RECORD_SQL, pss);
 	}
 
 	@Override
@@ -195,10 +188,18 @@ public List<CredentialRecord> findByUserId(Bytes userId) {
 	/**
 	 * Sets a {@link LobHandler} for large binary fields and large text field parameters.
 	 * @param lobHandler the lob handler
+	 * @deprecated {@link LobHandler} is deprecated without replacement, as such this
+	 * method will also be removed without replacement
 	 */
+	@Deprecated(since = "6.5", forRemoval = true)
 	public void setLobHandler(LobHandler lobHandler) {
 		Assert.notNull(lobHandler, "lobHandler cannot be null");
-		this.lobHandler = lobHandler;
+		this.setBytes = (ps, index, bytes) -> {
+			try (LobCreator creator = lobHandler.getLobCreator()) {
+				creator.setBlobAsBytes(ps, index, bytes);
+			}
+		};
+		this.credentialRecordRowMapper = new CredentialRecordRowMapper(lobHandler::getBlobAsBytes);
 	}
 
 	private static class CredentialRecordParametersMapper
@@ -246,13 +247,25 @@ private Timestamp fromInstant(Instant instant) {
 
 	}
 
-	private static final class LobCreatorArgumentPreparedStatementSetter extends ArgumentPreparedStatementSetter {
+	private interface SetBytes {
+
+		void setBytes(PreparedStatement ps, int index, byte[] bytes) throws SQLException;
+
+	}
+
+	private interface GetBytes {
 
-		private final LobCreator lobCreator;
+		byte[] getBytes(ResultSet rs, String columnName) throws SQLException;
 
-		private LobCreatorArgumentPreparedStatementSetter(LobCreator lobCreator, Object[] args) {
+	}
+
+	private static final class BlobArgumentPreparedStatementSetter extends ArgumentPreparedStatementSetter {
+
+		private final SetBytes setBytes;
+
+		private BlobArgumentPreparedStatementSetter(SetBytes setBytes, Object[] args) {
 			super(args);
-			this.lobCreator = lobCreator;
+			this.setBytes = setBytes;
 		}
 
 		@Override
@@ -264,7 +277,7 @@ protected void doSetValue(PreparedStatement ps, int parameterPosition, Object ar
 								"Value of blob parameter must be byte[]");
 					}
 					byte[] valueBytes = (byte[]) paramValue.getValue();
-					this.lobCreator.setBlobAsBytes(ps, parameterPosition, valueBytes);
+					this.setBytes.setBytes(ps, parameterPosition, valueBytes);
 					return;
 				}
 			}
@@ -275,14 +288,17 @@ protected void doSetValue(PreparedStatement ps, int parameterPosition, Object ar
 
 	private static class CredentialRecordRowMapper implements RowMapper<CredentialRecord> {
 
-		private LobHandler lobHandler = new DefaultLobHandler();
+		private final GetBytes getBytes;
+
+		CredentialRecordRowMapper(GetBytes getBytes) {
+			this.getBytes = getBytes;
+		}
 
 		@Override
 		public CredentialRecord mapRow(ResultSet rs, int rowNum) throws SQLException {
 			Bytes credentialId = Bytes.fromBase64(new String(rs.getString("credential_id").getBytes()));
 			Bytes userEntityUserId = Bytes.fromBase64(new String(rs.getString("user_entity_user_id").getBytes()));
-			ImmutablePublicKeyCose publicKey = new ImmutablePublicKeyCose(
-					this.lobHandler.getBlobAsBytes(rs, "public_key"));
+			ImmutablePublicKeyCose publicKey = new ImmutablePublicKeyCose(this.getBytes.getBytes(rs, "public_key"));
 			long signatureCount = rs.getLong("signature_count");
 			boolean uvInitialized = rs.getBoolean("uv_initialized");
 			boolean backupEligible = rs.getBoolean("backup_eligible");
@@ -291,13 +307,13 @@ public CredentialRecord mapRow(ResultSet rs, int rowNum) throws SQLException {
 			boolean backupState = rs.getBoolean("backup_state");
 
 			Bytes attestationObject = null;
-			byte[] rawAttestationObject = this.lobHandler.getBlobAsBytes(rs, "attestation_object");
+			byte[] rawAttestationObject = this.getBytes.getBytes(rs, "attestation_object");
 			if (rawAttestationObject != null) {
 				attestationObject = new Bytes(rawAttestationObject);
 			}
 
 			Bytes attestationClientDataJson = null;
-			byte[] rawAttestationClientDataJson = this.lobHandler.getBlobAsBytes(rs, "attestation_client_data_json");
+			byte[] rawAttestationClientDataJson = this.getBytes.getBytes(rs, "attestation_client_data_json");
 			if (rawAttestationClientDataJson != null) {
 				attestationClientDataJson = new Bytes(rawAttestationClientDataJson);
 			}