Remove compiler warnings in spring-security-web

- fix compiler warnings in ServerOneTimeTokenAuthenticationConverter
- Replace deprecated API calls to create a OneTimeTokenAuthenticationToken.unauthenticated with OneTimeTokenAuthenticationToken(String token) call
- Update HttpMessageConverterAuthenticationSuccessHandler to replace deprecated MappingJackson2HttpMessageConverter with JacksonJsonHttpMessageConverter
- Replace updated OneTimeTokenAuthenticationConverter to use non-deprecated OneTimeTokenAuthenticationToken constructor
- update tests to remove use of deprecated methods
- refactor JdbcTokenRepositoryImpl to remove extension of deprecated JdbcDaoSupport class
- enable compile-warnings-error plugin

Closes gh-18441

Signed-off-by: Joe Kuhel <4983938+jkuhel@users.noreply.github.com>

web/spring-security-web.gradle

@@ -1,6 +1,7 @@
 plugins {
 	id 'io.spring.convention.spring-module'
 	id 'security-nullability'
+	id 'compile-warnings-error'
 	id 'javadoc-warnings-error'
 	id 'test-compile-target-jdk25'
 }

web/src/main/java/org/springframework/security/web/authentication/ott/OneTimeTokenAuthenticationConverter.java

@@ -46,7 +46,7 @@ public class OneTimeTokenAuthenticationConverter implements AuthenticationConver
 			this.logger.debug("No token found in request");
 			return null;
 		}
-		return OneTimeTokenAuthenticationToken.unauthenticated(token);
+		return new OneTimeTokenAuthenticationToken(token);
 	}
 
 }

web/src/main/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImpl.java

@@ -35,6 +35,7 @@ import org.springframework.jdbc.core.support.JdbcDaoSupport;
  * @author Luke Taylor
  * @since 2.0
  */
+@SuppressWarnings("removal")
 public class JdbcTokenRepositoryImpl extends JdbcDaoSupport implements PersistentTokenRepository {
 
 	/** Default SQL for creating the database table to store the tokens */

web/src/main/java/org/springframework/security/web/server/authentication/ott/ServerOneTimeTokenAuthenticationConverter.java

@@ -51,13 +51,13 @@ public final class ServerOneTimeTokenAuthenticationConverter implements ServerAu
 		if (isFormEncodedRequest(exchange.getRequest())) {
 			return exchange.getFormData()
 				.flatMap((data) -> Mono.justOrEmpty(data.getFirst(TOKEN)))
-				.map((data) -> OneTimeTokenAuthenticationToken.unauthenticated(data));
+				.map(OneTimeTokenAuthenticationToken::new);
 		}
 		String token = resolveTokenFromRequest(exchange.getRequest());
 		if (!StringUtils.hasText(token)) {
 			return Mono.empty();
 		}
-		return Mono.just(OneTimeTokenAuthenticationToken.unauthenticated(token));
+		return Mono.just(new OneTimeTokenAuthenticationToken(token));
 	}
 
 	private @Nullable String resolveTokenFromRequest(ServerHttpRequest request) {

web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTests.java

@@ -18,7 +18,6 @@ package org.springframework.security.web.authentication;
 
 import java.io.IOException;
 import java.util.Collections;
-import java.util.LinkedHashMap;
 import java.util.List;
 
 import jakarta.servlet.ServletException;
@@ -52,8 +51,6 @@ public class DelegatingAuthenticationEntryPointTests {
 
 	private DelegatingAuthenticationEntryPoint daep;
 
-	private LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> entryPoints;
-
 	private AuthenticationEntryPoint defaultEntryPoint;
 
 	private HttpServletRequest request = new MockHttpServletRequest();
@@ -61,7 +58,6 @@ public class DelegatingAuthenticationEntryPointTests {
 	@BeforeEach
 	public void before() {
 		this.defaultEntryPoint = mock(AuthenticationEntryPoint.class);
-		this.entryPoints = new LinkedHashMap<>();
 	}
 
 	@Test
@@ -70,9 +66,8 @@ public class DelegatingAuthenticationEntryPointTests {
 		AuthenticationEntryPoint firstAEP = mock(AuthenticationEntryPoint.class);
 		RequestMatcher firstRM = mock(RequestMatcher.class);
 		given(firstRM.matches(this.request)).willReturn(false);
-		this.entryPoints.put(firstRM, firstAEP);
-		this.daep = new DelegatingAuthenticationEntryPoint(this.entryPoints);
-		this.daep.setDefaultEntryPoint(this.defaultEntryPoint);
+		this.daep = new DelegatingAuthenticationEntryPoint(this.defaultEntryPoint,
+				new RequestMatcherEntry<>(firstRM, firstAEP));
 		this.daep.commence(this.request, null, null);
 		verify(this.defaultEntryPoint).commence(this.request, null, null);
 		verify(firstAEP, never()).commence(this.request, null, null);
@@ -86,10 +81,8 @@ public class DelegatingAuthenticationEntryPointTests {
 		AuthenticationEntryPoint secondAEP = mock(AuthenticationEntryPoint.class);
 		RequestMatcher secondRM = mock(RequestMatcher.class);
 		given(firstRM.matches(this.request)).willReturn(true);
-		this.entryPoints.put(firstRM, firstAEP);
-		this.entryPoints.put(secondRM, secondAEP);
-		this.daep = new DelegatingAuthenticationEntryPoint(this.entryPoints);
-		this.daep.setDefaultEntryPoint(this.defaultEntryPoint);
+		this.daep = new DelegatingAuthenticationEntryPoint(this.defaultEntryPoint,
+				new RequestMatcherEntry<>(firstRM, firstAEP), new RequestMatcherEntry<>(secondRM, secondAEP));
 		this.daep.commence(this.request, null, null);
 		verify(firstAEP).commence(this.request, null, null);
 		verify(secondAEP, never()).commence(this.request, null, null);
@@ -106,10 +99,8 @@ public class DelegatingAuthenticationEntryPointTests {
 		RequestMatcher secondRM = mock(RequestMatcher.class);
 		given(firstRM.matches(this.request)).willReturn(false);
 		given(secondRM.matches(this.request)).willReturn(true);
-		this.entryPoints.put(firstRM, firstAEP);
-		this.entryPoints.put(secondRM, secondAEP);
-		this.daep = new DelegatingAuthenticationEntryPoint(this.entryPoints);
-		this.daep.setDefaultEntryPoint(this.defaultEntryPoint);
+		this.daep = new DelegatingAuthenticationEntryPoint(this.defaultEntryPoint,
+				new RequestMatcherEntry<>(firstRM, firstAEP), new RequestMatcherEntry<>(secondRM, secondAEP));
 		this.daep.commence(this.request, null, null);
 		verify(secondAEP).commence(this.request, null, null);
 		verify(firstAEP, never()).commence(this.request, null, null);

web/src/test/java/org/springframework/security/web/authentication/ott/OneTimeTokenAuthenticationFilterTests.java

@@ -31,7 +31,7 @@ import org.springframework.http.HttpStatus;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.BadCredentialsException;
-import org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken;
+import org.springframework.security.authentication.ott.OneTimeTokenAuthentication;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.web.servlet.MockServletContext;
 
@@ -120,7 +120,7 @@ class OneTimeTokenAuthenticationFilterTests {
 	@SuppressWarnings("removal")
 	void doFilterWhenValidThenRedirectsToSavedRequest() throws ServletException, IOException {
 		given(this.authenticationManager.authenticate(any()))
-			.willReturn(OneTimeTokenAuthenticationToken.authenticated("username", AuthorityUtils.NO_AUTHORITIES));
+			.willReturn(new OneTimeTokenAuthentication("username", AuthorityUtils.NO_AUTHORITIES));
 		this.filter.doFilter(
 				post("/login/ott").param("token", "some-token-value").buildRequest(new MockServletContext()),
 				this.response, this.chain);