summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/dummy/SpringSecurityConfiguration.java11
-rw-r--r--eaaf_core/pom.xml5
-rw-r--r--eaaf_core_api/checks/spotbugs-exclude.xml16
-rw-r--r--eaaf_core_api/pom.xml8
-rw-r--r--eaaf_core_utils/checks/spotbugs-exclude.xml16
-rw-r--r--eaaf_core_utils/pom.xml4
-rw-r--r--eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java4
-rw-r--r--eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/SymmetricKeyConfiguration.java4
-rw-r--r--eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java4
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/pom.xml4
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/pom.xml1
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/pom.xml4
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/pom.xml8
-rw-r--r--eaaf_modules/eaaf_module_pvp2_sp/pom.xml8
-rw-r--r--pom.xml47
15 files changed, 97 insertions, 47 deletions
diff --git a/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/dummy/SpringSecurityConfiguration.java b/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/dummy/SpringSecurityConfiguration.java
index b5054b70..2242b428 100644
--- a/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/dummy/SpringSecurityConfiguration.java
+++ b/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/dummy/SpringSecurityConfiguration.java
@@ -1,15 +1,16 @@
package at.gv.egiz.eaaf.utils.springboot.test.dummy;
+import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.SecurityFilterChain;
@Configuration
-public class SpringSecurityConfiguration extends WebSecurityConfigurerAdapter {
+public class SpringSecurityConfiguration {
- @Override
- public void configure(HttpSecurity http) throws Exception {
- http.csrf().disable();
+ @Bean
+ SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+ return http.csrf((csfr) -> csfr.disable()).build();
}
diff --git a/eaaf_core/pom.xml b/eaaf_core/pom.xml
index f983a335..50d51400 100644
--- a/eaaf_core/pom.xml
+++ b/eaaf_core/pom.xml
@@ -90,8 +90,9 @@
<artifactId>commons-fileupload</artifactId>
</dependency>
<dependency>
- <groupId>javax.servlet</groupId>
- <artifactId>javax.servlet-api</artifactId>
+ <groupId>jakarta.servlet</groupId>
+ <artifactId>jakarta.servlet-api</artifactId>
+ <scope>provided</scope>
</dependency>
<dependency>
<groupId>org.apache.velocity</groupId>
diff --git a/eaaf_core_api/checks/spotbugs-exclude.xml b/eaaf_core_api/checks/spotbugs-exclude.xml
index 1c4cf203..acc5bd3f 100644
--- a/eaaf_core_api/checks/spotbugs-exclude.xml
+++ b/eaaf_core_api/checks/spotbugs-exclude.xml
@@ -9,4 +9,18 @@
<Bug pattern="JACKSON_UNSAFE_DESERIALIZATION" />
</OR>
</Match>
-</FindBugsFilter> \ No newline at end of file
+ <Match>
+ <!-- These exceptions forward internal errors by design -->
+ <OR>
+ <Class name="at.gv.egiz.eaaf.core.api.data.ExceptionContainer" />
+ <Class name="at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException" />
+ <Class name="at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException" />
+ <Class name="at.gv.egiz.eaaf.core.exceptions.TaskExecutionException" />
+ <Class name="at.gv.egiz.eaaf.core.exceptions.XPathException" />
+ </OR>
+ <OR>
+ <Bug pattern="EI_EXPOSE_REP" />
+ <Bug pattern="EI_EXPOSE_REP2" />
+ </OR>
+ </Match>
+</FindBugsFilter>
diff --git a/eaaf_core_api/pom.xml b/eaaf_core_api/pom.xml
index 4fea906f..9a482b7e 100644
--- a/eaaf_core_api/pom.xml
+++ b/eaaf_core_api/pom.xml
@@ -53,8 +53,8 @@
<artifactId>jackson-annotations</artifactId>
</dependency>
<dependency>
- <groupId>javax.servlet</groupId>
- <artifactId>javax.servlet-api</artifactId>
+ <groupId>jakarta.servlet</groupId>
+ <artifactId>jakarta.servlet-api</artifactId>
<scope>provided</scope>
</dependency>
</dependencies>
@@ -69,7 +69,7 @@
</resources>
<plugins>
- <plugin>
+ <plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<version>${spotbugs-maven-plugin.version}</version>
@@ -78,7 +78,7 @@
<excludeFilterFile>checks/spotbugs-exclude.xml</excludeFilterFile>
</configuration>
</plugin>
- </plugins>
+ </plugins>
</build>
diff --git a/eaaf_core_utils/checks/spotbugs-exclude.xml b/eaaf_core_utils/checks/spotbugs-exclude.xml
index 2b258e7c..f3ecd76e 100644
--- a/eaaf_core_utils/checks/spotbugs-exclude.xml
+++ b/eaaf_core_utils/checks/spotbugs-exclude.xml
@@ -40,4 +40,20 @@
<Bug pattern="EI_EXPOSE_REP2" />
</OR>
</Match>
+ <Match>
+ <!-- Information are provided by design -->
+ <OR>
+ <Class name="at.gv.egiz.eaaf.core.impl.http.EaafSslContextBuilder" />
+ <Class name="at.gv.egiz.eaaf.core.impl.http.HttpClientConfiguration" />
+ <Class name="at.gv.egiz.eaaf.core.impl.idp.conf.SpConfigurationImpl" />
+ <Class name="at.gv.egiz.eaaf.core.impl.idp.process.support.SecureRandomHolder" />
+ <Class name="at.gv.egiz.eaaf.core.impl.utils.EaafObjectInputStream" />
+ <Class name="at.gv.egiz.eaaf.core.impl.utils.JoseUtils" />
+ <Class name="new at.gv.egiz.eaaf.core.impl.utils.NodeIteratorAdapter" />
+ </OR>
+ <OR>
+ <Bug pattern="EI_EXPOSE_REP" />
+ <Bug pattern="EI_EXPOSE_REP2" />
+ </OR>
+ </Match>
</FindBugsFilter> \ No newline at end of file
diff --git a/eaaf_core_utils/pom.xml b/eaaf_core_utils/pom.xml
index 8949118e..103e8b13 100644
--- a/eaaf_core_utils/pom.xml
+++ b/eaaf_core_utils/pom.xml
@@ -107,8 +107,8 @@
<scope>provided</scope>
</dependency>
<dependency>
- <groupId>javax.servlet</groupId>
- <artifactId>javax.servlet-api</artifactId>
+ <groupId>jakarta.servlet</groupId>
+ <artifactId>jakarta.servlet-api</artifactId>
<scope>provided</scope>
</dependency>
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java
index 7e66ca86..6c00fb2e 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java
@@ -199,9 +199,9 @@ public class KeyStoreConfiguration {
*/
public static KeyStoreType fromString(final String s) {
try {
- return KeyStoreType.valueOf(s.toUpperCase());
+ return s != null ? KeyStoreType.valueOf(s.toUpperCase()) : null;
- } catch (IllegalArgumentException | NullPointerException e) {
+ } catch (IllegalArgumentException e) {
return null;
}
}
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/SymmetricKeyConfiguration.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/SymmetricKeyConfiguration.java
index 9477789c..96d46381 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/SymmetricKeyConfiguration.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/SymmetricKeyConfiguration.java
@@ -185,9 +185,9 @@ public class SymmetricKeyConfiguration {
*/
public static SymmetricKeyType fromString(final String s) {
try {
- return SymmetricKeyType.valueOf(s.toUpperCase());
+ return s != null ? SymmetricKeyType.valueOf(s.toUpperCase()) : null;
- } catch (IllegalArgumentException | NullPointerException e) {
+ } catch (IllegalArgumentException e) {
return null;
}
}
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java
index 7033a052..c189ff74 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java
@@ -206,9 +206,9 @@ public class HttpClientConfiguration {
*/
public static ClientAuthMode fromString(final String s) {
try {
- return ClientAuthMode.valueOf(s.toUpperCase());
+ return s != null ? ClientAuthMode.valueOf(s.toUpperCase()) : null;
- } catch (IllegalArgumentException | NullPointerException e) {
+ } catch (IllegalArgumentException e) {
return null;
}
}
diff --git a/eaaf_modules/eaaf_module_auth_sl20/pom.xml b/eaaf_modules/eaaf_module_auth_sl20/pom.xml
index ffbc2961..556f3aea 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/pom.xml
+++ b/eaaf_modules/eaaf_module_auth_sl20/pom.xml
@@ -47,8 +47,8 @@
<scope>provided</scope>
</dependency>
<dependency>
- <groupId>javax.servlet</groupId>
- <artifactId>javax.servlet-api</artifactId>
+ <groupId>jakarta.servlet</groupId>
+ <artifactId>jakarta.servlet-api</artifactId>
<scope>provided</scope>
</dependency>
diff --git a/eaaf_modules/eaaf_module_moa-sig/pom.xml b/eaaf_modules/eaaf_module_moa-sig/pom.xml
index 2915119a..613e841d 100644
--- a/eaaf_modules/eaaf_module_moa-sig/pom.xml
+++ b/eaaf_modules/eaaf_module_moa-sig/pom.xml
@@ -180,7 +180,6 @@
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
- <version>1.2.3</version>
<scope>test</scope>
</dependency>
diff --git a/eaaf_modules/eaaf_module_pvp2_core/pom.xml b/eaaf_modules/eaaf_module_pvp2_core/pom.xml
index ab77aa94..88523925 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/pom.xml
+++ b/eaaf_modules/eaaf_module_pvp2_core/pom.xml
@@ -89,8 +89,8 @@
</dependency>
<dependency>
- <groupId>javax.servlet</groupId>
- <artifactId>javax.servlet-api</artifactId>
+ <groupId>jakarta.servlet</groupId>
+ <artifactId>jakarta.servlet-api</artifactId>
<scope>provided</scope>
</dependency>
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml
index 3b89f1d5..bfd3b278 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml
+++ b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml
@@ -24,10 +24,10 @@
<scope>provided</scope>
</dependency>
<dependency>
- <groupId>javax.servlet</groupId>
- <artifactId>javax.servlet-api</artifactId>
- <scope>provided</scope>
- </dependency>
+ <groupId>jakarta.servlet</groupId>
+ <artifactId>jakarta.servlet-api</artifactId>
+ <scope>provided</scope>
+ </dependency>
<!-- Testing -->
<dependency>
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml
index cf14d994..ea7f29fe 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml
+++ b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml
@@ -30,10 +30,10 @@
<scope>provided</scope>
</dependency>
<dependency>
- <groupId>javax.servlet</groupId>
- <artifactId>javax.servlet-api</artifactId>
- <scope>provided</scope>
- </dependency>
+ <groupId>jakarta.servlet</groupId>
+ <artifactId>jakarta.servlet-api</artifactId>
+ <scope>provided</scope>
+ </dependency>
<!-- Only for testing -->
<dependency>
diff --git a/pom.xml b/pom.xml
index 0befce46..36ce80a4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -46,17 +46,18 @@
<io.grpc-core.version>1.53.0</io.grpc-core.version>
<!-- Other third-party libs -->
- <spring-boot-starter-web.version>2.7.11</spring-boot-starter-web.version>
- <org.springframework.version>5.3.27</org.springframework.version>
- <org.opensaml.version>4.3.0</org.opensaml.version>
- <org.apache.santuario.xmlsec.version>2.3.3</org.apache.santuario.xmlsec.version>
+ <spring-boot-starter-web.version>3.0.5</spring-boot-starter-web.version>
+ <org.springframework.version>6.0.8</org.springframework.version>
+ <org.apache.tomcat.embed.version>9.0.73</org.apache.tomcat.embed.version>
+ <org.opensaml.version>4.0.1</org.opensaml.version>
+ <org.apache.santuario.xmlsec.version>2.3.2</org.apache.santuario.xmlsec.version>
<org.cryptacular.version>1.2.5</org.cryptacular.version>
<org.bouncycastle.bcprov-jdk18on.version>1.71.1</org.bouncycastle.bcprov-jdk18on.version>
<org.bouncycastle.bctls-jdk18on.version>1.71.1</org.bouncycastle.bctls-jdk18on.version>
- <org.slf4j.version>1.7.36</org.slf4j.version>
- <log4j.version>2.20.0</log4j.version>
- <ch.qos.logback.version>1.2.11</ch.qos.logback.version>
+ <org.slf4j.version>2.0.7</org.slf4j.version>
+ <log4j.version>2.19.0</log4j.version>
+ <ch.qos.logback.version>1.4.6</ch.qos.logback.version>
<commons-codec.version>1.15</commons-codec.version>
<org.apache.commons-lang3.version>3.12.0</org.apache.commons-lang3.version>
@@ -66,7 +67,7 @@
<commons-io.version>2.11.0</commons-io.version>
<commons-fileupload.version>1.5</commons-fileupload.version>
- <javax.servlet-api>3.0.1</javax.servlet-api>
+ <jakarta.servlet-api>4.0.4</jakarta.servlet-api>
<org.apache.velocity.version>2.3</org.apache.velocity.version>
<javax.annotation-api>1.3.2</javax.annotation-api>
@@ -91,20 +92,20 @@
<snakeyaml.version>1.33</snakeyaml.version>
<!-- jUnit testing -->
- <surefire.version>2.22.2</surefire.version>
+ <surefire.version>3.0.0</surefire.version>
<junit-jupiter-api.version>5.8.2</junit-jupiter-api.version>
<mockito-junit-jupiter.version>4.9.0</mockito-junit-jupiter.version>
<com.squareup.okhttp3.version>4.9.3</com.squareup.okhttp3.version>
<org.powermock.version>2.0.9</org.powermock.version>
<!-- Code helper plug-ins -->
- <org.projectlombok.lombok.version>1.18.16</org.projectlombok.lombok.version>
+ <org.projectlombok.lombok.version>1.18.26</org.projectlombok.lombok.version>
<!-- Code quality checks -->
<jacoco-maven-plugin.version>0.8.6</jacoco-maven-plugin.version>
<maven-checkstyle-plugin.version>3.1.2</maven-checkstyle-plugin.version>
<maven-pmd-plugin.version>3.14.0</maven-pmd-plugin.version>
- <spotbugs-maven-plugin.version>4.2.0</spotbugs-maven-plugin.version>
+ <spotbugs-maven-plugin.version>4.7.3.4</spotbugs-maven-plugin.version>
<findsecbugs-plugin.version>1.11.0</findsecbugs-plugin.version>
<dependency-check-maven.version>6.0.3</dependency-check-maven.version>
@@ -492,6 +493,24 @@
<artifactId>spring-webmvc</artifactId>
<version>${org.springframework.version}</version>
</dependency>
+
+ <!-- Embbeded Tomcat dependencies -->
+ <dependency>
+ <groupId>org.apache.tomcat.embed</groupId>
+ <artifactId>tomcat-embed-core</artifactId>
+ <version>${org.apache.tomcat.embed.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.tomcat.embed</groupId>
+ <artifactId>tomcat-embed-el</artifactId>
+ <version>${org.apache.tomcat.embed.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.tomcat.embed</groupId>
+ <artifactId>tomcat-embed-websocket</artifactId>
+ <version>${org.apache.tomcat.embed.version}</version>
+ </dependency>
+
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
@@ -586,9 +605,9 @@
</dependency>
<dependency>
- <groupId>javax.servlet</groupId>
- <artifactId>javax.servlet-api</artifactId>
- <version>${javax.servlet-api}</version>
+ <groupId>jakarta.servlet</groupId>
+ <artifactId>jakarta.servlet-api</artifactId>
+ <version>${jakarta.servlet-api}</version>
<scope>provided</scope>
</dependency>
<dependency>