diff options
15 files changed, 97 insertions, 47 deletions
diff --git a/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/dummy/SpringSecurityConfiguration.java b/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/dummy/SpringSecurityConfiguration.java index b5054b70..2242b428 100644 --- a/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/dummy/SpringSecurityConfiguration.java +++ b/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/dummy/SpringSecurityConfiguration.java @@ -1,15 +1,16 @@ package at.gv.egiz.eaaf.utils.springboot.test.dummy; +import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.web.SecurityFilterChain; @Configuration -public class SpringSecurityConfiguration extends WebSecurityConfigurerAdapter { +public class SpringSecurityConfiguration { - @Override - public void configure(HttpSecurity http) throws Exception { - http.csrf().disable(); + @Bean + SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { + return http.csrf((csfr) -> csfr.disable()).build(); } diff --git a/eaaf_core/pom.xml b/eaaf_core/pom.xml index f983a335..50d51400 100644 --- a/eaaf_core/pom.xml +++ b/eaaf_core/pom.xml @@ -90,8 +90,9 @@ <artifactId>commons-fileupload</artifactId> </dependency> <dependency> - <groupId>javax.servlet</groupId> - <artifactId>javax.servlet-api</artifactId> + <groupId>jakarta.servlet</groupId> + <artifactId>jakarta.servlet-api</artifactId> + <scope>provided</scope> </dependency> <dependency> <groupId>org.apache.velocity</groupId> diff --git a/eaaf_core_api/checks/spotbugs-exclude.xml b/eaaf_core_api/checks/spotbugs-exclude.xml index 1c4cf203..acc5bd3f 100644 --- a/eaaf_core_api/checks/spotbugs-exclude.xml +++ b/eaaf_core_api/checks/spotbugs-exclude.xml @@ -9,4 +9,18 @@ <Bug pattern="JACKSON_UNSAFE_DESERIALIZATION" /> </OR> </Match> -</FindBugsFilter>
\ No newline at end of file + <Match> + <!-- These exceptions forward internal errors by design --> + <OR> + <Class name="at.gv.egiz.eaaf.core.api.data.ExceptionContainer" /> + <Class name="at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException" /> + <Class name="at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException" /> + <Class name="at.gv.egiz.eaaf.core.exceptions.TaskExecutionException" /> + <Class name="at.gv.egiz.eaaf.core.exceptions.XPathException" /> + </OR> + <OR> + <Bug pattern="EI_EXPOSE_REP" /> + <Bug pattern="EI_EXPOSE_REP2" /> + </OR> + </Match> +</FindBugsFilter> diff --git a/eaaf_core_api/pom.xml b/eaaf_core_api/pom.xml index 4fea906f..9a482b7e 100644 --- a/eaaf_core_api/pom.xml +++ b/eaaf_core_api/pom.xml @@ -53,8 +53,8 @@ <artifactId>jackson-annotations</artifactId> </dependency> <dependency> - <groupId>javax.servlet</groupId> - <artifactId>javax.servlet-api</artifactId> + <groupId>jakarta.servlet</groupId> + <artifactId>jakarta.servlet-api</artifactId> <scope>provided</scope> </dependency> </dependencies> @@ -69,7 +69,7 @@ </resources> <plugins> - <plugin> + <plugin> <groupId>com.github.spotbugs</groupId> <artifactId>spotbugs-maven-plugin</artifactId> <version>${spotbugs-maven-plugin.version}</version> @@ -78,7 +78,7 @@ <excludeFilterFile>checks/spotbugs-exclude.xml</excludeFilterFile> </configuration> </plugin> - </plugins> + </plugins> </build> diff --git a/eaaf_core_utils/checks/spotbugs-exclude.xml b/eaaf_core_utils/checks/spotbugs-exclude.xml index 2b258e7c..f3ecd76e 100644 --- a/eaaf_core_utils/checks/spotbugs-exclude.xml +++ b/eaaf_core_utils/checks/spotbugs-exclude.xml @@ -40,4 +40,20 @@ <Bug pattern="EI_EXPOSE_REP2" /> </OR> </Match> + <Match> + <!-- Information are provided by design --> + <OR> + <Class name="at.gv.egiz.eaaf.core.impl.http.EaafSslContextBuilder" /> + <Class name="at.gv.egiz.eaaf.core.impl.http.HttpClientConfiguration" /> + <Class name="at.gv.egiz.eaaf.core.impl.idp.conf.SpConfigurationImpl" /> + <Class name="at.gv.egiz.eaaf.core.impl.idp.process.support.SecureRandomHolder" /> + <Class name="at.gv.egiz.eaaf.core.impl.utils.EaafObjectInputStream" /> + <Class name="at.gv.egiz.eaaf.core.impl.utils.JoseUtils" /> + <Class name="new at.gv.egiz.eaaf.core.impl.utils.NodeIteratorAdapter" /> + </OR> + <OR> + <Bug pattern="EI_EXPOSE_REP" /> + <Bug pattern="EI_EXPOSE_REP2" /> + </OR> + </Match> </FindBugsFilter>
\ No newline at end of file diff --git a/eaaf_core_utils/pom.xml b/eaaf_core_utils/pom.xml index 8949118e..103e8b13 100644 --- a/eaaf_core_utils/pom.xml +++ b/eaaf_core_utils/pom.xml @@ -107,8 +107,8 @@ <scope>provided</scope> </dependency> <dependency> - <groupId>javax.servlet</groupId> - <artifactId>javax.servlet-api</artifactId> + <groupId>jakarta.servlet</groupId> + <artifactId>jakarta.servlet-api</artifactId> <scope>provided</scope> </dependency> diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java index 7e66ca86..6c00fb2e 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java @@ -199,9 +199,9 @@ public class KeyStoreConfiguration { */ public static KeyStoreType fromString(final String s) { try { - return KeyStoreType.valueOf(s.toUpperCase()); + return s != null ? KeyStoreType.valueOf(s.toUpperCase()) : null; - } catch (IllegalArgumentException | NullPointerException e) { + } catch (IllegalArgumentException e) { return null; } } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/SymmetricKeyConfiguration.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/SymmetricKeyConfiguration.java index 9477789c..96d46381 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/SymmetricKeyConfiguration.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/SymmetricKeyConfiguration.java @@ -185,9 +185,9 @@ public class SymmetricKeyConfiguration { */ public static SymmetricKeyType fromString(final String s) { try { - return SymmetricKeyType.valueOf(s.toUpperCase()); + return s != null ? SymmetricKeyType.valueOf(s.toUpperCase()) : null; - } catch (IllegalArgumentException | NullPointerException e) { + } catch (IllegalArgumentException e) { return null; } } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java index 7033a052..c189ff74 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java @@ -206,9 +206,9 @@ public class HttpClientConfiguration { */ public static ClientAuthMode fromString(final String s) { try { - return ClientAuthMode.valueOf(s.toUpperCase()); + return s != null ? ClientAuthMode.valueOf(s.toUpperCase()) : null; - } catch (IllegalArgumentException | NullPointerException e) { + } catch (IllegalArgumentException e) { return null; } } diff --git a/eaaf_modules/eaaf_module_auth_sl20/pom.xml b/eaaf_modules/eaaf_module_auth_sl20/pom.xml index ffbc2961..556f3aea 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/pom.xml +++ b/eaaf_modules/eaaf_module_auth_sl20/pom.xml @@ -47,8 +47,8 @@ <scope>provided</scope> </dependency> <dependency> - <groupId>javax.servlet</groupId> - <artifactId>javax.servlet-api</artifactId> + <groupId>jakarta.servlet</groupId> + <artifactId>jakarta.servlet-api</artifactId> <scope>provided</scope> </dependency> diff --git a/eaaf_modules/eaaf_module_moa-sig/pom.xml b/eaaf_modules/eaaf_module_moa-sig/pom.xml index 2915119a..613e841d 100644 --- a/eaaf_modules/eaaf_module_moa-sig/pom.xml +++ b/eaaf_modules/eaaf_module_moa-sig/pom.xml @@ -180,7 +180,6 @@ <dependency> <groupId>ch.qos.logback</groupId> <artifactId>logback-classic</artifactId> - <version>1.2.3</version> <scope>test</scope> </dependency> diff --git a/eaaf_modules/eaaf_module_pvp2_core/pom.xml b/eaaf_modules/eaaf_module_pvp2_core/pom.xml index ab77aa94..88523925 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/pom.xml +++ b/eaaf_modules/eaaf_module_pvp2_core/pom.xml @@ -89,8 +89,8 @@ </dependency> <dependency> - <groupId>javax.servlet</groupId> - <artifactId>javax.servlet-api</artifactId> + <groupId>jakarta.servlet</groupId> + <artifactId>jakarta.servlet-api</artifactId> <scope>provided</scope> </dependency> diff --git a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml index 3b89f1d5..bfd3b278 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml +++ b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml @@ -24,10 +24,10 @@ <scope>provided</scope> </dependency> <dependency> - <groupId>javax.servlet</groupId> - <artifactId>javax.servlet-api</artifactId> - <scope>provided</scope> - </dependency> + <groupId>jakarta.servlet</groupId> + <artifactId>jakarta.servlet-api</artifactId> + <scope>provided</scope> + </dependency> <!-- Testing --> <dependency> diff --git a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml index cf14d994..ea7f29fe 100644 --- a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml +++ b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml @@ -30,10 +30,10 @@ <scope>provided</scope> </dependency> <dependency> - <groupId>javax.servlet</groupId> - <artifactId>javax.servlet-api</artifactId> - <scope>provided</scope> - </dependency> + <groupId>jakarta.servlet</groupId> + <artifactId>jakarta.servlet-api</artifactId> + <scope>provided</scope> + </dependency> <!-- Only for testing --> <dependency> @@ -46,17 +46,18 @@ <io.grpc-core.version>1.53.0</io.grpc-core.version> <!-- Other third-party libs --> - <spring-boot-starter-web.version>2.7.11</spring-boot-starter-web.version> - <org.springframework.version>5.3.27</org.springframework.version> - <org.opensaml.version>4.3.0</org.opensaml.version> - <org.apache.santuario.xmlsec.version>2.3.3</org.apache.santuario.xmlsec.version> + <spring-boot-starter-web.version>3.0.5</spring-boot-starter-web.version> + <org.springframework.version>6.0.8</org.springframework.version> + <org.apache.tomcat.embed.version>9.0.73</org.apache.tomcat.embed.version> + <org.opensaml.version>4.0.1</org.opensaml.version> + <org.apache.santuario.xmlsec.version>2.3.2</org.apache.santuario.xmlsec.version> <org.cryptacular.version>1.2.5</org.cryptacular.version> <org.bouncycastle.bcprov-jdk18on.version>1.71.1</org.bouncycastle.bcprov-jdk18on.version> <org.bouncycastle.bctls-jdk18on.version>1.71.1</org.bouncycastle.bctls-jdk18on.version> - <org.slf4j.version>1.7.36</org.slf4j.version> - <log4j.version>2.20.0</log4j.version> - <ch.qos.logback.version>1.2.11</ch.qos.logback.version> + <org.slf4j.version>2.0.7</org.slf4j.version> + <log4j.version>2.19.0</log4j.version> + <ch.qos.logback.version>1.4.6</ch.qos.logback.version> <commons-codec.version>1.15</commons-codec.version> <org.apache.commons-lang3.version>3.12.0</org.apache.commons-lang3.version> @@ -66,7 +67,7 @@ <commons-io.version>2.11.0</commons-io.version> <commons-fileupload.version>1.5</commons-fileupload.version> - <javax.servlet-api>3.0.1</javax.servlet-api> + <jakarta.servlet-api>4.0.4</jakarta.servlet-api> <org.apache.velocity.version>2.3</org.apache.velocity.version> <javax.annotation-api>1.3.2</javax.annotation-api> @@ -91,20 +92,20 @@ <snakeyaml.version>1.33</snakeyaml.version> <!-- jUnit testing --> - <surefire.version>2.22.2</surefire.version> + <surefire.version>3.0.0</surefire.version> <junit-jupiter-api.version>5.8.2</junit-jupiter-api.version> <mockito-junit-jupiter.version>4.9.0</mockito-junit-jupiter.version> <com.squareup.okhttp3.version>4.9.3</com.squareup.okhttp3.version> <org.powermock.version>2.0.9</org.powermock.version> <!-- Code helper plug-ins --> - <org.projectlombok.lombok.version>1.18.16</org.projectlombok.lombok.version> + <org.projectlombok.lombok.version>1.18.26</org.projectlombok.lombok.version> <!-- Code quality checks --> <jacoco-maven-plugin.version>0.8.6</jacoco-maven-plugin.version> <maven-checkstyle-plugin.version>3.1.2</maven-checkstyle-plugin.version> <maven-pmd-plugin.version>3.14.0</maven-pmd-plugin.version> - <spotbugs-maven-plugin.version>4.2.0</spotbugs-maven-plugin.version> + <spotbugs-maven-plugin.version>4.7.3.4</spotbugs-maven-plugin.version> <findsecbugs-plugin.version>1.11.0</findsecbugs-plugin.version> <dependency-check-maven.version>6.0.3</dependency-check-maven.version> @@ -492,6 +493,24 @@ <artifactId>spring-webmvc</artifactId> <version>${org.springframework.version}</version> </dependency> + + <!-- Embbeded Tomcat dependencies --> + <dependency> + <groupId>org.apache.tomcat.embed</groupId> + <artifactId>tomcat-embed-core</artifactId> + <version>${org.apache.tomcat.embed.version}</version> + </dependency> + <dependency> + <groupId>org.apache.tomcat.embed</groupId> + <artifactId>tomcat-embed-el</artifactId> + <version>${org.apache.tomcat.embed.version}</version> + </dependency> + <dependency> + <groupId>org.apache.tomcat.embed</groupId> + <artifactId>tomcat-embed-websocket</artifactId> + <version>${org.apache.tomcat.embed.version}</version> + </dependency> + <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-api</artifactId> @@ -586,9 +605,9 @@ </dependency> <dependency> - <groupId>javax.servlet</groupId> - <artifactId>javax.servlet-api</artifactId> - <version>${javax.servlet-api}</version> + <groupId>jakarta.servlet</groupId> + <artifactId>jakarta.servlet-api</artifactId> + <version>${jakarta.servlet-api}</version> <scope>provided</scope> </dependency> <dependency> |