feat(spring-security): instrument UsernameNotFoundException.fromUsername for Spring Security 7

[wconti27]

Summary

Spring Security 7 (included with Spring Boot 4) changes how UsernameNotFoundException is constructed: InMemoryUserDetailsManager and similar implementations now use the new static factory UsernameNotFoundException.fromUsername(String) rather than the public constructor. The existing constructor-based UsernameNotFoundExceptionInstrumentation no longer fires on this path.

• Adds UsernameNotFoundExceptionFactoryInstrumentation that hooks fromUsername(String) via @Advice.OnMethodEnter and calls SpringSecurityUserEventDecorator.DECORATE.onUserNotFound(username)
• Adds onUserNotFound(String) overload to SpringSecurityUserEventDecorator (forwards to existing no-arg path; forward-compat with SS7 factory signature)
• Bumps latestDepTestImplementation spring-boot-starter-* from 3.+ to 4.+
• Adds UsernameNotFoundFromUsernameTest (JUnit 5 Java)

Test plan

• ./gradlew :dd-java-agent:instrumentation:spring:spring-security:spring-security-5.0:test passes
• ./gradlew :dd-java-agent:instrumentation:spring:spring-security:spring-security-6.0:test passes
• latestDepTest exercises Spring Boot 4 (Spring Security 7)
• UsernameNotFoundFromUsernameTest verifies decorator overload is callable without throwing

Part of Spring Boot 4 support

This is one of several PRs adding Spring Boot 4 / Spring Security 7 support across the dd-trace-java instrumentation stack.

🤖 Generated with APM Instrumentation Toolkit

[datadog-official]

✨ Fix all issues with BitsAI

⚠️ Warnings

🚦 6 Pipeline jobs failed

DataDog/apm-reliability/dd-trace-java | build_tests: [:instrumentationLatestDepTest, latestdep]     

DataDog/apm-reliability/dd-trace-java | check_inst 2/4     

DataDog/apm-reliability/dd-trace-java | spotless     

View all 6 failed jobs.

Useful? React with 👍 / 👎

_{This comment will be updated automatically if new data arrives.
🔗 Commit SHA: d44d6c1 | Docs | Datadog PR Page | Give us feedback!}

[dd-octo-sts]

🟢 Java Benchmark SLOs — All performance SLOs passed

Suite	Status
Startup	🟢 pass

SLO thresholds are defined here based on automatically generated metrics. A warning is raised when results are within 5% of the threshold.

PR vs. master results

Scenario	Candidate	master	Δ (95% CI of mean)
startup:insecure-bank:iast:Agent	13.96 s	13.87 s	[-0.5%; +1.8%] (no difference)
startup:insecure-bank:tracing:Agent	12.94 s	12.91 s	[-0.7%; +1.1%] (no difference)
startup:petclinic:appsec:Agent	17.15 s	16.94 s	[-0.2%; +2.6%] (no difference)
startup:petclinic:iast:Agent	16.96 s	17.04 s	[-1.7%; +0.8%] (no difference)
startup:petclinic:profiling:Agent	15.87 s	16.99 s	[-15.0%; +1.9%] (unstable)
startup:petclinic:tracing:Agent	16.13 s	16.32 s	[-2.3%; +0.0%] (no difference)

Commit: d44d6c18 · CI Pipeline · Benchmarking Platform UI

---

Load and DaCapo benchmarks can be triggered manually in the GitLab pipeline. Results will appear in the Benchmarking Platform UI after completion.