Merge pull request #87 from Opetushallitus/spring-boot-3

KH-410 upgrade to springboot 3
Opetushallitus · Apr 8, 2024 · 6c29d64 · 6c29d64
2 parents cd4b233 + 9a45754
commit 6c29d64
Show file tree

Hide file tree

Showing 9 changed files with 120 additions and 198 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -13,16 +13,15 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout source
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Code coverrage cache
-        uses: actions/cache@v2
+        uses: actions/cache@v4
         env:
           cache-name: cache-cypress-coverage
         with:
           path: cypress-coverage
           key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ github.sha }}
-      - name: Use node 14
-        uses: actions/setup-node@v2
+      - uses: actions/setup-node@v4
         with:
           node-version: '16.17.0'
           cache: 'npm'
@@ -35,18 +34,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout source
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Code coverrage cache
-        uses: actions/cache@v2
+        uses: actions/cache@v4
         env:
           cache-name: cache-code-coverage
         with:
           path: coverage
           key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ github.sha }}
-      - name: Use node 14
-        uses: actions/setup-node@v2
+      - uses: actions/setup-node@v4
         with:
           node-version: '16.17.0'
           cache: 'npm'
@@ -57,17 +55,19 @@ jobs:
       - name: Run react Build
         run: npm run build
       - name: Set up JDK 21
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
           java-version: '21'
           distribution: 'corretto'
           cache: 'maven'
       - name: Maven version
         run: mvn --version
       - name: Build Spring-Boot
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: cd server && mvn clean install && cd -
       - name: Upload koodisto-app-spring-boot
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: koodisto-app-spring-boot
           path: server/target/koodisto-app.jar
@@ -77,9 +77,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout source
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Download koodisto-app-spring-boot
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@v4
         with:
           name: koodisto-app-spring-boot
       - name: Build Docker Conainer
@@ -102,18 +102,18 @@ jobs:
     name: SonarCloud
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
       - name: Code coverrage cache
-        uses: actions/cache@v2
+        uses: actions/cache@v4
         env:
           cache-name: cache-code-coverage
         with:
           path: coverage
           key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ github.sha }}
       - name: Cypress coverrage cache
-        uses: actions/cache@v2
+        uses: actions/cache@v4
         env:
           cache-name: cache-cypress-coverage
         with:

diff --git a/server/pom.xml b/server/pom.xml
@@ -5,7 +5,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>2.7.18</version>
+        <version>3.2.4</version>
         <relativePath/> <!-- lookup parent from repository -->
     </parent>
     <groupId>fi.vm.sade.koodisto</groupId>
@@ -42,7 +42,7 @@
         <dependency>
             <groupId>fi.vm.sade.java-utils</groupId>
             <artifactId>opintopolku-cas-servlet-filter</artifactId>
-            <version>0.1.2-SNAPSHOT</version>
+            <version>1.0.0-SNAPSHOT</version>
         </dependency>
         <dependency>
             <groupId>fi.vm.sade.java-utils</groupId>
@@ -52,7 +52,6 @@
         <dependency>
             <groupId>org.springframework.security</groupId>
             <artifactId>spring-security-cas</artifactId>
-            <version>5.3.0.RELEASE</version>
         </dependency>
         <dependency>
             <groupId>org.projectlombok</groupId>
@@ -69,20 +68,6 @@
     <build>
         <finalName>${project.artifactId}</finalName>
         <plugins>
-
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-compiler-plugin</artifactId>
-                <configuration>
-                    <annotationProcessorPaths>
-                        <path>
-                            <groupId>org.projectlombok</groupId>
-                            <artifactId>lombok</artifactId>
-                            <version>1.18.30</version>
-                        </path>
-                    </annotationProcessorPaths>
-                </configuration>
-            </plugin>
             <plugin>
                 <groupId>org.springframework.boot</groupId>
                 <artifactId>spring-boot-maven-plugin</artifactId>
@@ -127,5 +112,10 @@
             <id>oph-sade-artifactory-releases</id>
             <url>https://artifactory.opintopolku.fi/artifactory/oph-sade-release-local</url>
         </repository>
+        <repository>
+            <id>github</id>
+            <name>GitHub Packages</name>
+            <url>https://maven.pkg.github.com/Opetushallitus/java-utils</url>
+        </repository>
     </repositories>
 </project>
diff --git a/server/src/main/java/fi/vm/sade/koodisto/config/CustomAccessDeniedHandler.java b/server/src/main/java/fi/vm/sade/koodisto/config/CustomAccessDeniedHandler.java
@@ -6,9 +6,9 @@
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.access.AccessDeniedHandler;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
 
 /* Tätä voi käyttää tunkkaamaan 403 virheilmoituksia */

diff --git a/server/src/main/java/fi/vm/sade/koodisto/config/DevUserDetailsServiceConfiguration.java b/server/src/main/java/fi/vm/sade/koodisto/config/DevUserDetailsServiceConfiguration.java
diff --git a/server/src/main/java/fi/vm/sade/koodisto/config/DevWebSecurityConfiguration.java b/server/src/main/java/fi/vm/sade/koodisto/config/DevWebSecurityConfiguration.java
@@ -1,59 +1,54 @@
 package fi.vm.sade.koodisto.config;
 
-
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
-import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.access.AccessDeniedHandler;
 
 @Profile("dev")
 @Configuration
 @EnableWebSecurity
-@EnableGlobalMethodSecurity(jsr250Enabled = false, prePostEnabled = false, securedEnabled = true)
-public class DevWebSecurityConfiguration extends WebSecurityConfigurerAdapter {
-
-    UserDetailsService userDetailsService;
-    PasswordEncoder passwordEncoder;
-
-    @Autowired
-    public DevWebSecurityConfiguration(UserDetailsService userDetailsService, PasswordEncoder passwordEncoder) {
-        this.userDetailsService = userDetailsService;
-        this.passwordEncoder = passwordEncoder;
-    }
-
+@EnableMethodSecurity(jsr250Enabled = false, prePostEnabled = false, securedEnabled = true)
+public class DevWebSecurityConfiguration {
     @Bean
-    public DaoAuthenticationProvider authProvider() {
-        DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
-        authProvider.setUserDetailsService(userDetailsService);
-        authProvider.setPasswordEncoder(this.passwordEncoder);
-        return authProvider;
+    SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http
+            .httpBasic(it -> {})
+            .headers(headers -> headers.disable())
+            .csrf(csrf -> csrf.disable())
+            .securityMatcher("/**")
+            .authorizeHttpRequests(authz -> authz
+                .requestMatchers("/health").permitAll()
+                .anyRequest().authenticated())
+            .exceptionHandling(exceptions -> exceptions.accessDeniedHandler(accessDeniedHandler()));
+        return http.build();
     }
 
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        http.csrf().disable().authorizeRequests()
-                .antMatchers("/health").permitAll()
-                .anyRequest().authenticated()
-                .and().exceptionHandling().accessDeniedHandler(accessDeniedHandler())
-                .and().httpBasic();
+    @Bean
+    AccessDeniedHandler accessDeniedHandler() {
+        return new CustomAccessDeniedHandler();
     }
 
     @Bean
-    public AccessDeniedHandler accessDeniedHandler() {
-        return new CustomAccessDeniedHandler();
+    BCryptPasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
     }
 
-    @Override
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-        auth.authenticationProvider(authProvider());
+    @Bean
+    UserDetailsService userDetailsService() {
+        UserDetails user = User.withUsername("devaaja")
+                .password(passwordEncoder().encode("devaaja"))
+                .roles("APP_OPPIJANUMEROREKISTERI_REKISTERINPITAJA")
+                .build();
+        return new InMemoryUserDetailsManager(user);
     }
 }
diff --git a/server/src/main/java/fi/vm/sade/koodisto/config/ServletContainerConfiguration.java b/server/src/main/java/fi/vm/sade/koodisto/config/ServletContainerConfiguration.java
@@ -1,12 +1,9 @@
-package fi.vm.sade.koodisto.configuration;
+package fi.vm.sade.koodisto.config;
 
 import org.apache.catalina.connector.Connector;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
-import org.springframework.boot.web.embedded.tomcat.TomcatConnectorCustomizer;
 import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
-import org.springframework.boot.web.server.WebServerFactory;
 import org.springframework.boot.web.server.WebServerFactoryCustomizer;
-import org.springframework.boot.web.servlet.server.ConfigurableServletWebServerFactory;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 
@@ -18,7 +15,7 @@ public class ServletContainerConfiguration {
 
     /**
      * Konfiguraatio kun palvelua ajetaan HTTPS proxyn läpi. Käytännössä tämä
-     * muuttaa {@link javax.servlet.ServletRequest#getScheme()} palauttamaan
+     * muuttaa {@link jakarta.servlet.ServletRequest#getScheme()} palauttamaan
      * `https` jolloin palvelun kautta luodut urlit muodostuvat oikein.
      *
      * Aktivointi: `koodisto-app.uses-ssl-proxy` arvoon `true`.
@@ -28,7 +25,7 @@ public class ServletContainerConfiguration {
      */
     @Bean
     @ConditionalOnProperty("koodisto-app.uses-ssl-proxy")
-    public WebServerFactoryCustomizer<TomcatServletWebServerFactory> sslProxyCustomizer() {
+    WebServerFactoryCustomizer<TomcatServletWebServerFactory> sslProxyCustomizer() {
         return (TomcatServletWebServerFactory container) -> {
             if (container != null) {
                 container.addConnectorCustomizers((Connector connector) -> {

diff --git a/server/src/main/java/fi/vm/sade/koodisto/config/UrlConfiguration.java b/server/src/main/java/fi/vm/sade/koodisto/config/UrlConfiguration.java
@@ -1,15 +1,13 @@
 package fi.vm.sade.koodisto.config;
 
 import fi.vm.sade.properties.OphProperties;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.PropertySource;
 import org.springframework.core.env.Environment;
 
 @PropertySource("classpath:application.properties")
 @Configuration
 public class UrlConfiguration extends OphProperties {
-    @Autowired
     public UrlConfiguration(Environment environment) {
         this.addOverride("host.virkailija", environment.getRequiredProperty("host.virkailija"));
         this.addOverride("url-virkailija", environment.getRequiredProperty("url-virkailija"));

diff --git a/server/src/main/java/fi/vm/sade/koodisto/config/UserDetailsServiceConfiguration.java b/server/src/main/java/fi/vm/sade/koodisto/config/UserDetailsServiceConfiguration.java