Jakarta Cookie HttpOnly Serialization

The new specification represents Cookie attribute using HttpOnly: "" vs
HttpOnly: "true".

This updates the test to correspond to the new Servlet specification and
is a breaking change related to jakarta updates.

web/src/main/java/org/springframework/security/web/jackson2/CookieDeserializer.java

@@ -52,7 +52,7 @@ class CookieDeserializer extends JsonDeserializer<Cookie> {
 		cookie.setVersion(readJsonNode(jsonNode, "version").asInt());
 		cookie.setPath(readJsonNode(jsonNode, "path").asText());
 		JsonNode attributes = readJsonNode(jsonNode, "attributes");
-		cookie.setHttpOnly(readJsonNode(attributes, "HttpOnly").asBoolean());
+		cookie.setHttpOnly(readJsonNode(attributes, "HttpOnly") != null);
 		return cookie;
 	}
 

web/src/test/java/org/springframework/security/web/jackson2/CookieMixinTests.java

@@ -52,7 +52,7 @@ public class CookieMixinTests extends AbstractMixinTests {
 		"	\"@class\": \"jakarta.servlet.http.Cookie\"," +
 		"	\"name\": \"demo\"," +
 		"	\"value\": \"cookie1\"," +
-		"	\"attributes\":{\"@class\":\"java.util.Collections$UnmodifiableMap\", \"HttpOnly\": \"true\"}," +
+		"	\"attributes\":{\"@class\":\"java.util.Collections$UnmodifiableMap\", \"HttpOnly\": \"\"}," +
 		"	\"comment\": null," +
 		"	\"maxAge\": -1," +
 		"	\"path\": null," +