Merge pull request #44467 from nosan

* pr/44467:
  Close InputStream when loading Log4j2 Configuration from a Resource

Closes gh-44467

Author: mhalbritter

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerWebSecurityConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2023 the original author or authors.
+ * Copyright 2012-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerWebSecurityConfigurationTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2023 the original author or authors.
+ * Copyright 2012-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -28,14 +28,15 @@
 import org.springframework.context.annotation.Import;
 import org.springframework.core.annotation.Order;
 import org.springframework.security.config.BeanIds;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 import org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
-import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
+import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
 import org.springframework.security.oauth2.server.authorization.oidc.web.OidcClientRegistrationEndpointFilter;
 import org.springframework.security.oauth2.server.authorization.oidc.web.OidcProviderConfigurationEndpointFilter;
 import org.springframework.security.oauth2.server.authorization.oidc.web.OidcUserInfoEndpointFilter;
@@ -163,7 +164,11 @@ static class TestSecurityFilterChainConfiguration {
 		@Bean
 		@Order(1)
 		SecurityFilterChain authServerSecurityFilterChain(HttpSecurity http) throws Exception {
-			OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
+			OAuth2AuthorizationServerConfigurer authorizationServer = OAuth2AuthorizationServerConfigurer
+				.authorizationServer();
+			http.securityMatcher(authorizationServer.getEndpointsMatcher())
+				.with(authorizationServer, Customizer.withDefaults());
+			http.authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated());
 			return http.build();
 		}
 

spring-boot-project/spring-boot/src/main/java/org/springframework/boot/logging/log4j2/Log4J2LoggingSystem.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2024 the original author or authors.
+ * Copyright 2012-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,6 +17,7 @@
 package org.springframework.boot.logging.log4j2;
 
 import java.io.IOException;
+import java.io.InputStream;
 import java.net.URL;
 import java.net.URLConnection;
 import java.util.ArrayList;
@@ -278,13 +279,11 @@ protected void loadConfiguration(String location, LogFile logFile, List<String>
 
 	private Configuration load(String location, LoggerContext context) throws IOException {
 		Resource resource = new ApplicationResourceLoader().getResource(location);
-		ConfigurationSource source = getConfigurationSource(resource);
-		return ConfigurationFactory.getInstance().getConfiguration(context, source);
-	}
-
-	private ConfigurationSource getConfigurationSource(Resource resource) throws IOException {
+		ConfigurationFactory factory = ConfigurationFactory.getInstance();
 		if (resource.isFile()) {
-			return new ConfigurationSource(resource.getInputStream(), resource.getFile());
+			try (InputStream inputStream = resource.getInputStream()) {
+				return factory.getConfiguration(context, new ConfigurationSource(inputStream, resource.getFile()));
+			}
 		}
 		URL url = resource.getURL();
 		AuthorizationProvider authorizationProvider = ConfigurationFactory
@@ -293,7 +292,10 @@ private ConfigurationSource getConfigurationSource(Resource resource) throws IOE
 				? SslConfigurationFactory.getSslConfiguration() : null;
 		URLConnection connection = UrlConnectionFactory.createConnection(url, 0, sslConfiguration,
 				authorizationProvider);
-		return new ConfigurationSource(connection.getInputStream(), url, connection.getLastModified());
+		try (InputStream inputStream = connection.getInputStream()) {
+			return factory.getConfiguration(context,
+					new ConfigurationSource(inputStream, url, connection.getLastModified()));
+		}
 	}
 
 	private CompositeConfiguration createComposite(List<Configuration> configurations) {