feat(core): starting switch from Spring5/JAVA11 to Spring6/Java17

IMPORTEND: Is not finished because that contains a braking change, like javax.servlet.* --> jakarta.servket.* as one example and we miss some third-party libs that use the new API. # Conflicts: # eaaf_core_api/checks/spotbugs-exclude.xml # eaaf_core_api/pom.xml # eaaf_core_utils/checks/spotbugs-exclude.xml # pom.xml
author: Thomas <> 2023-08-31 12:04:23 +0200
committer: Thomas <> 2023-08-31 12:04:23 +0200
commit: 5acc09000c59c93510567e88cb701919122dc5b2 (patch)
tree: dbb36493b787f96804369753e4dde361f2725ff3
parent: 34d55551acd6c49c34cf1a8d7759558eb92fd617 (diff)
download: EAAF-Components-5acc09000c59c93510567e88cb701919122dc5b2.tar.gz
EAAF-Components-5acc09000c59c93510567e88cb701919122dc5b2.tar.bz2
EAAF-Components-5acc09000c59c93510567e88cb701919122dc5b2.zip
15 files changed, 97 insertions, 47 deletions
diff --git a/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/dummy/SpringSecurityConfiguration.java b/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/dummy/SpringSecurityConfiguration.java
index b5054b70..2242b428 100644
--- a/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/dummy/SpringSecurityConfiguration.java
+++ b/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/dummy/SpringSecurityConfiguration.java
@@ -1,15 +1,16 @@
 package at.gv.egiz.eaaf.utils.springboot.test.dummy;
 
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.SecurityFilterChain;
 
 @Configuration
-public class SpringSecurityConfiguration extends WebSecurityConfigurerAdapter {
+public class SpringSecurityConfiguration {
   
-  @Override 
-  public void configure(HttpSecurity http) throws Exception {
-    http.csrf().disable();
+  @Bean
+  SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+    return http.csrf((csfr) -> csfr.disable()).build();
     
   }
   
diff --git a/eaaf_core/pom.xml b/eaaf_core/pom.xml
index f983a335..50d51400 100644
--- a/eaaf_core/pom.xml
+++ b/eaaf_core/pom.xml
@@ -90,8 +90,9 @@
       <artifactId>commons-fileupload</artifactId>
     </dependency>
     <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
+      <groupId>jakarta.servlet</groupId>
+      <artifactId>jakarta.servlet-api</artifactId>
+      <scope>provided</scope>
     </dependency>
     <dependency>
       <groupId>org.apache.velocity</groupId>
diff --git a/eaaf_core_api/checks/spotbugs-exclude.xml b/eaaf_core_api/checks/spotbugs-exclude.xml
index 1c4cf203..acc5bd3f 100644
--- a/eaaf_core_api/checks/spotbugs-exclude.xml
+++ b/eaaf_core_api/checks/spotbugs-exclude.xml
@@ -9,4 +9,18 @@
         <Bug pattern="JACKSON_UNSAFE_DESERIALIZATION" />        
       </OR>        
     </Match>    
-</FindBugsFilter>
-\ No newline at end of file
+    <Match>
+      <!-- These exceptions forward internal errors by design -->
+      <OR>
+        <Class name="at.gv.egiz.eaaf.core.api.data.ExceptionContainer" />
+        <Class name="at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException" />
+        <Class name="at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException" />
+        <Class name="at.gv.egiz.eaaf.core.exceptions.TaskExecutionException" />
+        <Class name="at.gv.egiz.eaaf.core.exceptions.XPathException" />
+      </OR>  
+      <OR>
+        <Bug pattern="EI_EXPOSE_REP" />
+        <Bug pattern="EI_EXPOSE_REP2" />
+      </OR>
+    </Match>
+</FindBugsFilter>
diff --git a/eaaf_core_api/pom.xml b/eaaf_core_api/pom.xml
index 4fea906f..9a482b7e 100644
--- a/eaaf_core_api/pom.xml
+++ b/eaaf_core_api/pom.xml
@@ -53,8 +53,8 @@
       <artifactId>jackson-annotations</artifactId>
 	</dependency>     
     <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
+      <groupId>jakarta.servlet</groupId>
+      <artifactId>jakarta.servlet-api</artifactId>
       <scope>provided</scope>
     </dependency>
   </dependencies>
@@ -69,7 +69,7 @@
     </resources>
     
     <plugins>
-	  <plugin>
+      <plugin>
         <groupId>com.github.spotbugs</groupId>
         <artifactId>spotbugs-maven-plugin</artifactId>
         <version>${spotbugs-maven-plugin.version}</version>
@@ -78,7 +78,7 @@
            <excludeFilterFile>checks/spotbugs-exclude.xml</excludeFilterFile>
         </configuration>
       </plugin>
-    </plugins>		
+    </plugins>
     
   </build>
 
diff --git a/eaaf_core_utils/checks/spotbugs-exclude.xml b/eaaf_core_utils/checks/spotbugs-exclude.xml
index 2b258e7c..f3ecd76e 100644
--- a/eaaf_core_utils/checks/spotbugs-exclude.xml
+++ b/eaaf_core_utils/checks/spotbugs-exclude.xml
@@ -40,4 +40,20 @@
         <Bug pattern="EI_EXPOSE_REP2" />          
       </OR>
     </Match>    
+	<Match>
+      <!-- Information are provided by design -->
+      <OR>
+        <Class name="at.gv.egiz.eaaf.core.impl.http.EaafSslContextBuilder" />
+        <Class name="at.gv.egiz.eaaf.core.impl.http.HttpClientConfiguration" />
+        <Class name="at.gv.egiz.eaaf.core.impl.idp.conf.SpConfigurationImpl" />
+        <Class name="at.gv.egiz.eaaf.core.impl.idp.process.support.SecureRandomHolder" />
+        <Class name="at.gv.egiz.eaaf.core.impl.utils.EaafObjectInputStream" />
+        <Class name="at.gv.egiz.eaaf.core.impl.utils.JoseUtils" />
+        <Class name="new at.gv.egiz.eaaf.core.impl.utils.NodeIteratorAdapter" />
+      </OR>  
+      <OR>
+        <Bug pattern="EI_EXPOSE_REP" />
+        <Bug pattern="EI_EXPOSE_REP2" />
+      </OR>
+    </Match>        
 </FindBugsFilter>
 \ No newline at end of file
diff --git a/eaaf_core_utils/pom.xml b/eaaf_core_utils/pom.xml
index 8949118e..103e8b13 100644
--- a/eaaf_core_utils/pom.xml
+++ b/eaaf_core_utils/pom.xml
@@ -107,8 +107,8 @@
       <scope>provided</scope>
     </dependency>
     <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
+      <groupId>jakarta.servlet</groupId>
+      <artifactId>jakarta.servlet-api</artifactId>
       <scope>provided</scope>
     </dependency>
 
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java
index 7e66ca86..6c00fb2e 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java
@@ -199,9 +199,9 @@ public class KeyStoreConfiguration {
      */
     public static KeyStoreType fromString(final String s) {
       try {
-        return KeyStoreType.valueOf(s.toUpperCase());
+        return s != null ? KeyStoreType.valueOf(s.toUpperCase()) : null;
 
-      } catch (IllegalArgumentException | NullPointerException e) {
+      } catch (IllegalArgumentException e) {
         return null;
       }
     }
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/SymmetricKeyConfiguration.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/SymmetricKeyConfiguration.java
index 9477789c..96d46381 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/SymmetricKeyConfiguration.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/SymmetricKeyConfiguration.java
@@ -185,9 +185,9 @@ public class SymmetricKeyConfiguration {
      */
     public static SymmetricKeyType fromString(final String s) {
       try {
-        return SymmetricKeyType.valueOf(s.toUpperCase());
+        return s != null ? SymmetricKeyType.valueOf(s.toUpperCase()) : null;
 
-      } catch (IllegalArgumentException | NullPointerException e) {
+      } catch (IllegalArgumentException e) {
         return null;
       }
     }
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java
index 7033a052..c189ff74 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java
@@ -206,9 +206,9 @@ public class HttpClientConfiguration {
      */
     public static ClientAuthMode fromString(final String s) {
       try {
-        return ClientAuthMode.valueOf(s.toUpperCase());
+        return s != null ? ClientAuthMode.valueOf(s.toUpperCase()) : null;
 
-      } catch (IllegalArgumentException | NullPointerException e) {
+      } catch (IllegalArgumentException e) {
         return null;
       }
     }
diff --git a/eaaf_modules/eaaf_module_auth_sl20/pom.xml b/eaaf_modules/eaaf_module_auth_sl20/pom.xml
index ffbc2961..556f3aea 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/pom.xml
+++ b/eaaf_modules/eaaf_module_auth_sl20/pom.xml
@@ -47,8 +47,8 @@
       <scope>provided</scope>
     </dependency>
     <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
+      <groupId>jakarta.servlet</groupId>
+      <artifactId>jakarta.servlet-api</artifactId>
       <scope>provided</scope>
     </dependency>
     
diff --git a/eaaf_modules/eaaf_module_moa-sig/pom.xml b/eaaf_modules/eaaf_module_moa-sig/pom.xml
index 2915119a..613e841d 100644
--- a/eaaf_modules/eaaf_module_moa-sig/pom.xml
+++ b/eaaf_modules/eaaf_module_moa-sig/pom.xml
@@ -180,7 +180,6 @@
     <dependency>
       <groupId>ch.qos.logback</groupId>
       <artifactId>logback-classic</artifactId>
-      <version>1.2.3</version>
       <scope>test</scope>
     </dependency>
 	  	  	
diff --git a/eaaf_modules/eaaf_module_pvp2_core/pom.xml b/eaaf_modules/eaaf_module_pvp2_core/pom.xml
index ab77aa94..88523925 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/pom.xml
+++ b/eaaf_modules/eaaf_module_pvp2_core/pom.xml
@@ -89,8 +89,8 @@
     </dependency>
     
     <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
+      <groupId>jakarta.servlet</groupId>
+      <artifactId>jakarta.servlet-api</artifactId>
       <scope>provided</scope>
     </dependency>
 
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml
index 3b89f1d5..bfd3b278 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml
+++ b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml
@@ -24,10 +24,10 @@
       <scope>provided</scope>
     </dependency>  	
   	<dependency>
-		<groupId>javax.servlet</groupId>
-		<artifactId>javax.servlet-api</artifactId>
-		<scope>provided</scope>
-	</dependency>
+      <groupId>jakarta.servlet</groupId>
+      <artifactId>jakarta.servlet-api</artifactId>
+      <scope>provided</scope>
+    </dependency>
   
   	<!--  Testing -->
     <dependency>
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml
index cf14d994..ea7f29fe 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml
+++ b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml
@@ -30,10 +30,10 @@
       <scope>provided</scope>
     </dependency>  	
   	<dependency>
-		<groupId>javax.servlet</groupId>
-		<artifactId>javax.servlet-api</artifactId>
-		<scope>provided</scope>
-	</dependency>
+      <groupId>jakarta.servlet</groupId>
+      <artifactId>jakarta.servlet-api</artifactId>
+      <scope>provided</scope>
+    </dependency>
   
     <!-- Only for testing -->
     <dependency>
diff --git a/pom.xml b/pom.xml
index 0befce46..36ce80a4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -46,17 +46,18 @@
     <io.grpc-core.version>1.53.0</io.grpc-core.version>
 
     <!-- Other third-party libs -->
-    <spring-boot-starter-web.version>2.7.11</spring-boot-starter-web.version>
-    <org.springframework.version>5.3.27</org.springframework.version>
-    <org.opensaml.version>4.3.0</org.opensaml.version>
-    <org.apache.santuario.xmlsec.version>2.3.3</org.apache.santuario.xmlsec.version>
+    <spring-boot-starter-web.version>3.0.5</spring-boot-starter-web.version>
+    <org.springframework.version>6.0.8</org.springframework.version>
+    <org.apache.tomcat.embed.version>9.0.73</org.apache.tomcat.embed.version>
+    <org.opensaml.version>4.0.1</org.opensaml.version>
+    <org.apache.santuario.xmlsec.version>2.3.2</org.apache.santuario.xmlsec.version>
     <org.cryptacular.version>1.2.5</org.cryptacular.version>
     <org.bouncycastle.bcprov-jdk18on.version>1.71.1</org.bouncycastle.bcprov-jdk18on.version>
     <org.bouncycastle.bctls-jdk18on.version>1.71.1</org.bouncycastle.bctls-jdk18on.version>
 
-    <org.slf4j.version>1.7.36</org.slf4j.version>
-    <log4j.version>2.20.0</log4j.version>
-    <ch.qos.logback.version>1.2.11</ch.qos.logback.version>
+    <org.slf4j.version>2.0.7</org.slf4j.version>
+    <log4j.version>2.19.0</log4j.version>
+    <ch.qos.logback.version>1.4.6</ch.qos.logback.version>
     
     <commons-codec.version>1.15</commons-codec.version>
     <org.apache.commons-lang3.version>3.12.0</org.apache.commons-lang3.version>
@@ -66,7 +67,7 @@
     <commons-io.version>2.11.0</commons-io.version>
     <commons-fileupload.version>1.5</commons-fileupload.version>
 
-    <javax.servlet-api>3.0.1</javax.servlet-api>
+    <jakarta.servlet-api>4.0.4</jakarta.servlet-api>
     
     <org.apache.velocity.version>2.3</org.apache.velocity.version>
     <javax.annotation-api>1.3.2</javax.annotation-api>
@@ -91,20 +92,20 @@
     <snakeyaml.version>1.33</snakeyaml.version>
 
     <!-- jUnit testing -->
-    <surefire.version>2.22.2</surefire.version>
+    <surefire.version>3.0.0</surefire.version>
     <junit-jupiter-api.version>5.8.2</junit-jupiter-api.version>
     <mockito-junit-jupiter.version>4.9.0</mockito-junit-jupiter.version>
     <com.squareup.okhttp3.version>4.9.3</com.squareup.okhttp3.version>
     <org.powermock.version>2.0.9</org.powermock.version>
 
     <!-- Code helper plug-ins -->
-    <org.projectlombok.lombok.version>1.18.16</org.projectlombok.lombok.version>
+    <org.projectlombok.lombok.version>1.18.26</org.projectlombok.lombok.version>
 
     <!-- Code quality checks -->
     <jacoco-maven-plugin.version>0.8.6</jacoco-maven-plugin.version>
     <maven-checkstyle-plugin.version>3.1.2</maven-checkstyle-plugin.version>
     <maven-pmd-plugin.version>3.14.0</maven-pmd-plugin.version>
-    <spotbugs-maven-plugin.version>4.2.0</spotbugs-maven-plugin.version>
+    <spotbugs-maven-plugin.version>4.7.3.4</spotbugs-maven-plugin.version>
     <findsecbugs-plugin.version>1.11.0</findsecbugs-plugin.version>
     <dependency-check-maven.version>6.0.3</dependency-check-maven.version>
 
@@ -492,6 +493,24 @@
         <artifactId>spring-webmvc</artifactId>
         <version>${org.springframework.version}</version>
       </dependency>
+
+      <!-- Embbeded Tomcat dependencies -->
+      <dependency>
+        <groupId>org.apache.tomcat.embed</groupId>
+        <artifactId>tomcat-embed-core</artifactId>
+        <version>${org.apache.tomcat.embed.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.apache.tomcat.embed</groupId>
+        <artifactId>tomcat-embed-el</artifactId>
+        <version>${org.apache.tomcat.embed.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.apache.tomcat.embed</groupId>
+        <artifactId>tomcat-embed-websocket</artifactId>
+        <version>${org.apache.tomcat.embed.version}</version>
+      </dependency>
+
       <dependency>
         <groupId>org.slf4j</groupId>
         <artifactId>slf4j-api</artifactId>
@@ -586,9 +605,9 @@
       </dependency>
 
       <dependency>
-        <groupId>javax.servlet</groupId>
-        <artifactId>javax.servlet-api</artifactId>
-        <version>${javax.servlet-api}</version>
+        <groupId>jakarta.servlet</groupId>
+        <artifactId>jakarta.servlet-api</artifactId>
+        <version>${jakarta.servlet-api}</version>
         <scope>provided</scope>
       </dependency>
       <dependency>
author	Thomas <>	2023-08-31 12:04:23 +0200
committer	Thomas <>	2023-08-31 12:04:23 +0200
commit	5acc09000c59c93510567e88cb701919122dc5b2 (patch)
tree	dbb36493b787f96804369753e4dde361f2725ff3
parent	34d55551acd6c49c34cf1a8d7759558eb92fd617 (diff)
download	EAAF-Components-5acc09000c59c93510567e88cb701919122dc5b2.tar.gz EAAF-Components-5acc09000c59c93510567e88cb701919122dc5b2.tar.bz2 EAAF-Components-5acc09000c59c93510567e88cb701919122dc5b2.zip