This is an automated email from the ASF dual-hosted git repository. riemer pushed a commit to branch bump-spring-boot-4-java-25 in repository https://gitbox.apache.org/repos/asf/streampipes.git
commit a8332bc612405ecc881627e381bee1600b0f108c Author: Dominik Riemer <[email protected]> AuthorDate: Wed Jan 28 21:03:33 2026 +0100 chore(deps): Bump Spring Boot to v4 --- pom.xml | 78 ++++--------- streampipes-extensions-management/pom.xml | 4 - .../streampipes-connect-adapters/pom.xml | 4 - streampipes-messaging-pulsar/pom.xml | 5 - .../rest/security/SpPermissionEvaluator.java | 4 +- streampipes-service-base/pom.xml | 11 +- streampipes-service-core/pom.xml | 49 ++++++-- .../service/core/StreamPipesCoreApplication.java | 4 +- .../service/core/WebSecurityConfig.java | 130 +++++++++++---------- streampipes-service-extensions/pom.xml | 6 - .../extensions/security/WebSecurityConfig.java | 49 ++++---- 11 files changed, 153 insertions(+), 191 deletions(-) diff --git a/pom.xml b/pom.xml index bb4369da70..6fa2a6a881 100644 --- a/pom.xml +++ b/pom.xml @@ -24,7 +24,7 @@ <parent> <groupId>org.apache</groupId> <artifactId>apache</artifactId> - <version>32</version> + <version>37</version> </parent> <groupId>org.apache.streampipes</groupId> @@ -63,7 +63,6 @@ <file-management.version>3.1.0</file-management.version> <findbugs.version>3.0.2</findbugs.version> <fogsy-qudt.version>1.0</fogsy-qudt.version> - <geojson-jackson.version>1.14</geojson-jackson.version> <google-maps-services.version>2.2.0</google-maps-services.version> <graalvm.js.version>25.0.0</graalvm.js.version> <groovy.version>5.0.3</groovy.version> @@ -77,24 +76,22 @@ <influxdb.version>2.24</influxdb.version> <inlong.version>1.13.0</inlong.version> <iotdb.version>1.3.0</iotdb.version> - <jackson.version>2.18.3</jackson.version> - <jackson.databind.version>2.18.3</jackson.databind.version> + <jackson-annotations.version>2.21</jackson-annotations.version> + <jackson2.version>2.21.0</jackson2.version> <jakarta-annotation.version>3.0.0</jakarta-annotation.version> <jakarta-activation-api.version>2.1.3</jakarta-activation-api.version> <jakarta-inject-api.version>2.0.1</jakarta-inject-api.version> <jakarta-servlet-api.version>6.0.0</jakarta-servlet-api.version> <jakarta-xml-bind-api.version>4.0.0</jakarta-xml-bind-api.version> + <jakarta-persistence-api.version>3.0.1</jakarta-persistence-api.version> <javax.xml.bind.version>2.4.0-b180725.0427</javax.xml.bind.version> <java-websocket.version>1.6.0</java-websocket.version> <jaxb-runtime.version>2.3.2</jaxb-runtime.version> <javax-websocket-api.version>1.1</javax-websocket-api.version> - <jakarta-persistence-api.version>3.0.1</jakarta-persistence-api.version> <javassist.version>3.30.1-GA</javassist.version> - <jboss-logging.version>3.5.2.Final</jboss-logging.version> <jedis.version>5.1.4</jedis.version> <jetbrains.version> 16.0.3</jetbrains.version> <jetty-client.version>12.0.19</jetty-client.version> - <jersey.version>3.1.3</jersey.version> <jgrapht.version>1.5.1</jgrapht.version> <json-smart.version>2.4.10</json-smart.version> <jsrosbridge.version>0.2.0</jsrosbridge.version> @@ -104,8 +101,8 @@ <lightcouch.version>0.2.0</lightcouch.version> <maven-plugin-annotations.version>3.13.0</maven-plugin-annotations.version> <mailapi.version>1.4.3</mailapi.version> - <micrometer-prometheus.version>1.14.3</micrometer-prometheus.version> - <micrometer-observation.version>1.14.3</micrometer-observation.version> + <micrometer-prometheus.version>1.16.2</micrometer-prometheus.version> + <micrometer-observation.version>1.16.2</micrometer-observation.version> <reactive-streams.version>1.0.4</reactive-streams.version> <mqtt-client.version>1.3.0</mqtt-client.version> <milvus-sdk-java.version>2.5.10</milvus-sdk-java.version> @@ -134,11 +131,11 @@ <slf4j.version>2.0.6</slf4j.version> <slf4j-simple.version>2.0.6</slf4j-simple.version> <snakeyaml.version>2.2</snakeyaml.version> - <springdoc.version>2.8.4</springdoc.version> - <spring.version>6.2.2</spring.version> - <spring-boot.version>3.4.2</spring-boot.version> - <spring-security.version>6.5.5</spring-security.version> - <swagger.version>2.2.19</swagger.version> + <springdoc.version>3.0.1</springdoc.version> + <spring.version>7.0.3</spring.version> + <spring-boot.version>4.0.2</spring-boot.version> + <spring-security.version>7.0.2</spring-security.version> + <swagger.version>2.2.42</swagger.version> <type-parser.version>0.8.1</type-parser.version> <tsfile.version>1.1.0</tsfile.version> <hawtbuf.version>1.11</hawtbuf.version> @@ -206,27 +203,27 @@ <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-annotations</artifactId> - <version>${jackson.version}</version> + <version>${jackson-annotations.version}</version> </dependency> <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-core</artifactId> - <version>${jackson.version}</version> + <version>${jackson2.version}</version> </dependency> <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> - <version>${jackson.databind.version}</version> + <version>${jackson2.version}</version> </dependency> <dependency> <groupId>com.fasterxml.jackson.dataformat</groupId> <artifactId>jackson-dataformat-xml</artifactId> - <version>${jackson.version}</version> + <version>${jackson2.version}</version> </dependency> <dependency> <groupId>com.fasterxml.jackson.dataformat</groupId> <artifactId>jackson-dataformat-yaml</artifactId> - <version>${jackson.version}</version> + <version>${jackson2.version}</version> </dependency> <dependency> <groupId>com.fasterxml.woodstox</groupId> @@ -264,11 +261,6 @@ <artifactId>okhttp</artifactId> <version>${okhttp.version}</version> </dependency> - <dependency> - <groupId>de.grundid.opendatalab</groupId> - <artifactId>geojson-jackson</artifactId> - <version>${geojson-jackson.version}</version> - </dependency> <dependency> <groupId>io.fogsy</groupId> <artifactId>qudt</artifactId> @@ -659,21 +651,6 @@ <artifactId>hawtbuf</artifactId> <version>${hawtbuf.version}</version> </dependency> - <dependency> - <groupId>org.glassfish.jersey.containers</groupId> - <artifactId>jersey-container-jetty-http</artifactId> - <version>${jersey.version}</version> - </dependency> - <dependency> - <groupId>org.glassfish.jersey.media</groupId> - <artifactId>jersey-media-json-jackson</artifactId> - <version>${jersey.version}</version> - </dependency> - <dependency> - <groupId>org.glassfish.jersey.media</groupId> - <artifactId>jersey-media-multipart</artifactId> - <version>${jersey.version}</version> - </dependency> <dependency> <groupId>org.influxdb</groupId> <artifactId>influxdb-java</artifactId> @@ -721,22 +698,22 @@ </dependency> <dependency> <groupId>org.springframework.boot</groupId> - <artifactId>spring-boot-starter-jersey</artifactId> + <artifactId>spring-boot-starter-logging</artifactId> <version>${spring-boot.version}</version> </dependency> <dependency> <groupId>org.springframework.boot</groupId> - <artifactId>spring-boot-starter-logging</artifactId> + <artifactId>spring-boot-starter-security</artifactId> <version>${spring-boot.version}</version> </dependency> <dependency> <groupId>org.springframework.boot</groupId> - <artifactId>spring-boot-starter-security</artifactId> + <artifactId>spring-boot-starter-tomcat</artifactId> <version>${spring-boot.version}</version> </dependency> <dependency> <groupId>org.springframework.boot</groupId> - <artifactId>spring-boot-starter-undertow</artifactId> + <artifactId>spring-boot-starter-validation</artifactId> <version>${spring-boot.version}</version> </dependency> <dependency> @@ -934,11 +911,6 @@ <artifactId>dictionary-reader</artifactId> <version>${eclipse.milo.version}</version> </dependency> - <dependency> - <groupId>org.glassfish.jersey.media</groupId> - <artifactId>jersey-media-sse</artifactId> - <version>${jersey.version}</version> - </dependency> <dependency> <groupId>org.apache.groovy</groupId> <artifactId>groovy</artifactId> @@ -987,16 +959,6 @@ <!-- dependency convergence --> - <dependency> - <groupId>org.jboss.logging</groupId> - <artifactId>jboss-logging</artifactId> - <version>${jboss-logging.version}</version> - </dependency> - <dependency> - <groupId>org.glassfish.jersey.core</groupId> - <artifactId>jersey-common</artifactId> - <version>${jersey.version}</version> - </dependency> <dependency> <groupId>org.javassist</groupId> <artifactId>javassist</artifactId> diff --git a/streampipes-extensions-management/pom.xml b/streampipes-extensions-management/pom.xml index e857401aa6..41f4a4f6af 100644 --- a/streampipes-extensions-management/pom.xml +++ b/streampipes-extensions-management/pom.xml @@ -82,10 +82,6 @@ <!-- External dependencies --> - <dependency> - <groupId>de.grundid.opendatalab</groupId> - <artifactId>geojson-jackson</artifactId> - </dependency> <dependency> <groupId>com.fasterxml.jackson.dataformat</groupId> <artifactId>jackson-dataformat-xml</artifactId> diff --git a/streampipes-extensions/streampipes-connect-adapters/pom.xml b/streampipes-extensions/streampipes-connect-adapters/pom.xml index c4c3eb2184..282acc6a20 100644 --- a/streampipes-extensions/streampipes-connect-adapters/pom.xml +++ b/streampipes-extensions/streampipes-connect-adapters/pom.xml @@ -59,10 +59,6 @@ <groupId>org.apache.httpcomponents</groupId> <artifactId>fluent-hc</artifactId> </dependency> - <dependency> - <groupId>org.glassfish.jersey.media</groupId> - <artifactId>jersey-media-sse</artifactId> - </dependency> <dependency> <groupId>org.javassist</groupId> <artifactId>javassist</artifactId> diff --git a/streampipes-messaging-pulsar/pom.xml b/streampipes-messaging-pulsar/pom.xml index 5cd7e01f0a..3d42f22387 100644 --- a/streampipes-messaging-pulsar/pom.xml +++ b/streampipes-messaging-pulsar/pom.xml @@ -25,11 +25,6 @@ <artifactId>streampipes-messaging-pulsar</artifactId> - <properties> - <maven.compiler.source>11</maven.compiler.source> - <maven.compiler.target>11</maven.compiler.target> - </properties> - <dependencies> <!-- StreamPipes dependencies --> <dependency> diff --git a/streampipes-rest/src/main/java/org/apache/streampipes/rest/security/SpPermissionEvaluator.java b/streampipes-rest/src/main/java/org/apache/streampipes/rest/security/SpPermissionEvaluator.java index 28b43f709a..375d039b8f 100644 --- a/streampipes-rest/src/main/java/org/apache/streampipes/rest/security/SpPermissionEvaluator.java +++ b/streampipes-rest/src/main/java/org/apache/streampipes/rest/security/SpPermissionEvaluator.java @@ -25,17 +25,17 @@ import org.apache.streampipes.storage.api.IPermissionStorage; import org.apache.streampipes.storage.management.StorageDispatcher; import org.apache.streampipes.user.management.model.PrincipalUserDetails; -import org.springframework.context.annotation.Configuration; import org.springframework.security.access.PermissionEvaluator; import org.springframework.security.authentication.AnonymousAuthenticationToken; import org.springframework.security.core.Authentication; +import org.springframework.stereotype.Component; import java.io.Serializable; import java.util.List; import java.util.Objects; import java.util.function.Predicate; -@Configuration +@Component public class SpPermissionEvaluator implements PermissionEvaluator { private final IPermissionStorage permissionStorage; diff --git a/streampipes-service-base/pom.xml b/streampipes-service-base/pom.xml index 9ef3adf36c..18066bffd4 100644 --- a/streampipes-service-base/pom.xml +++ b/streampipes-service-base/pom.xml @@ -47,7 +47,11 @@ </dependency> <dependency> <groupId>org.springframework.boot</groupId> - <artifactId>spring-boot-starter-undertow</artifactId> + <artifactId>spring-boot-starter-tomcat</artifactId> + </dependency> + <dependency> + <groupId>org.springframework.boot</groupId> + <artifactId>spring-boot-starter-validation</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> @@ -74,11 +78,6 @@ <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-actuator</artifactId> </dependency> - - <dependency> - <groupId>org.jboss.logging</groupId> - <artifactId>jboss-logging</artifactId> - </dependency> </dependencies> <build> <plugins> diff --git a/streampipes-service-core/pom.xml b/streampipes-service-core/pom.xml index bdbc44bbaa..c508cc1b9f 100644 --- a/streampipes-service-core/pom.xml +++ b/streampipes-service-core/pom.xml @@ -47,12 +47,6 @@ <groupId>org.apache.streampipes</groupId> <artifactId>streampipes-service-base</artifactId> <version>0.99.0-SNAPSHOT</version> - <exclusions> - <exclusion> - <groupId>org.springframework.boot</groupId> - <artifactId>spring-boot-starter-undertow</artifactId> - </exclusion> - </exclusions> </dependency> <dependency> <groupId>org.apache.streampipes</groupId> @@ -93,6 +87,16 @@ <groupId>org.apache.streampipes</groupId> <artifactId>streampipes-messaging-pulsar</artifactId> <version>0.99.0-SNAPSHOT</version> + <exclusions> + <exclusion> + <groupId>javax.validation</groupId> + <artifactId>validation-api</artifactId> + </exclusion> + <exclusion> + <groupId>javax.el</groupId> + <artifactId>javax.el-api</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>org.apache.streampipes</groupId> @@ -120,15 +124,36 @@ <artifactId>springdoc-openapi-starter-webmvc-ui</artifactId> <exclusions> <exclusion> - <groupId>com.fasterxml.jackson.datatype</groupId> - <artifactId>jackson-datatype-jsr310</artifactId> + <groupId>org.springframework.boot</groupId> + <artifactId>spring-boot-web-server</artifactId> + </exclusion> + <exclusion> + <groupId>org.springframework.boot</groupId> + <artifactId>spring-boot-webmvc</artifactId> + </exclusion> + <exclusion> + <groupId>org.springframework.boot</groupId> + <artifactId>spring-boot-jackson</artifactId> + </exclusion> + <exclusion> + <groupId>org.springframework.boot</groupId> + <artifactId>spring-boot-validation</artifactId> + </exclusion> + <exclusion> + <groupId>org.springframework.boot</groupId> + <artifactId>spring-boot-jackson</artifactId> + </exclusion> + <exclusion> + <groupId>org.springframework.boot</groupId> + <artifactId>spring-boot-autoconfigure</artifactId> + </exclusion> + <exclusion> + <groupId>jakarta.validation</groupId> + <artifactId>jakarta.validation-api</artifactId> </exclusion> </exclusions> </dependency> - <dependency> - <groupId>jakarta.annotation</groupId> - <artifactId>jakarta.annotation-api</artifactId> - </dependency> + <!-- Test dependencies --> <dependency> diff --git a/streampipes-service-core/src/main/java/org/apache/streampipes/service/core/StreamPipesCoreApplication.java b/streampipes-service-core/src/main/java/org/apache/streampipes/service/core/StreamPipesCoreApplication.java index 643ba3f7ab..6564b04660 100644 --- a/streampipes-service-core/src/main/java/org/apache/streampipes/service/core/StreamPipesCoreApplication.java +++ b/streampipes-service-core/src/main/java/org/apache/streampipes/service/core/StreamPipesCoreApplication.java @@ -45,7 +45,6 @@ import org.apache.streampipes.model.configuration.SpCoreConfigurationStatus; import org.apache.streampipes.model.pipeline.Pipeline; import org.apache.streampipes.model.pipeline.PipelineOperationStatus; import org.apache.streampipes.resource.management.SpResourceManager; -import org.apache.streampipes.rest.security.SpPermissionEvaluator; import org.apache.streampipes.service.base.BaseNetworkingConfig; import org.apache.streampipes.service.base.StreamPipesPrometheusConfig; import org.apache.streampipes.service.base.StreamPipesServiceBase; @@ -58,6 +57,7 @@ import org.apache.streampipes.storage.management.StorageDispatcher; import org.slf4j.Logger; import org.slf4j.LoggerFactory; + import org.springframework.boot.autoconfigure.EnableAutoConfiguration; import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.Configuration; @@ -76,7 +76,7 @@ import java.util.function.Supplier; @Configuration @EnableAutoConfiguration @EnableScheduling -@Import({OpenApiConfiguration.class, SpPermissionEvaluator.class, StreamPipesPasswordEncoder.class, +@Import({OpenApiConfiguration.class, StreamPipesPasswordEncoder.class, StreamPipesPrometheusConfig.class, WebSecurityConfig.class, WelcomePageController.class}) @ComponentScan({"org.apache.streampipes.rest.*", "org.apache.streampipes.service.core.oauth2", "org.apache.streampipes.service.core.scheduler"}) diff --git a/streampipes-service-core/src/main/java/org/apache/streampipes/service/core/WebSecurityConfig.java b/streampipes-service-core/src/main/java/org/apache/streampipes/service/core/WebSecurityConfig.java index e372963ae4..82a5377ace 100644 --- a/streampipes-service-core/src/main/java/org/apache/streampipes/service/core/WebSecurityConfig.java +++ b/streampipes-service-core/src/main/java/org/apache/streampipes/service/core/WebSecurityConfig.java @@ -34,23 +34,29 @@ import org.apache.streampipes.user.management.service.SpUserDetailsService; import org.slf4j.Logger; import org.slf4j.LoggerFactory; + import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Conditional; import org.springframework.context.annotation.Configuration; import org.springframework.http.converter.FormHttpMessageConverter; +import org.springframework.security.access.PermissionEvaluator; +import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler; +import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.BeanIds; +import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; -import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; +import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.core.userdetails.UserDetailsService; -import org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient; import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient; import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest; +import org.springframework.security.oauth2.client.endpoint.RestClientAuthorizationCodeTokenResponseClient; import org.springframework.security.oauth2.client.http.OAuth2ErrorResponseErrorHandler; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; @@ -62,15 +68,14 @@ import org.springframework.security.oauth2.core.http.converter.OAuth2AccessToken import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.security.web.context.RequestAttributeSecurityContextRepository; -import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.util.StringUtils; -import org.springframework.web.client.RestTemplate; +import org.springframework.web.client.RestClient; import java.util.List; @Configuration @EnableWebSecurity -@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true) +@EnableMethodSecurity(securedEnabled = true, jsr250Enabled = true) public class WebSecurityConfig { private static final Logger LOG = LoggerFactory.getLogger(WebSecurityConfig.class); @@ -98,61 +103,50 @@ public class WebSecurityConfig { } @Autowired - public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { + public void configureGlobal(AuthenticationManagerBuilder auth) { auth.userDetailsService(userDetailsService).passwordEncoder(this.passwordEncoder.passwordEncoder()); } @Bean - public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { - http - .cors() - .and() - .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) - .and() - .csrf().disable() - .formLogin().disable() - .httpBasic().disable() - .exceptionHandling() - .authenticationEntryPoint(new UnauthorizedRequestEntryPoint()) - .and() - .authorizeHttpRequests((authz) -> { - try { - authz - .requestMatchers(UnauthenticatedInterfaces - .get() - .stream() - .map(AntPathRequestMatcher::new) - .toList() - .toArray(new AntPathRequestMatcher[0])) - .permitAll() - .anyRequest() - .authenticated(); - - if (env.getOAuthEnabled().getValueOrDefault()) { - LOG.info("Configuring OAuth authentication from environment variables"); - authz - .and() - .oauth2Login() - .authorizationEndpoint() - .authorizationRequestRepository(cookieOAuth2AuthorizationRequestRepository()) - .and() - .redirectionEndpoint() - .and() - .userInfoEndpoint() - .oidcUserService(customOidcUserService) - .userService(customOAuth2UserService) - .and() - .tokenEndpoint() - .accessTokenResponseClient(authorizationCodeTokenResponseClient()) - .and() - .successHandler(oAuth2AuthenticationSuccessHandler) - .failureHandler(oAuth2AuthenticationFailureHandler); - } - } catch (Exception e) { - throw new RuntimeException(e); - } - }); + MethodSecurityExpressionHandler methodSecurityExpressionHandler( + PermissionEvaluator permissionEvaluator + ) { + var handler = new DefaultMethodSecurityExpressionHandler(); + handler.setPermissionEvaluator(permissionEvaluator); + return handler; + } + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) { + http + .cors(Customizer.withDefaults()) + .sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) + .csrf(AbstractHttpConfigurer::disable) + .formLogin(AbstractHttpConfigurer::disable) + .httpBasic(AbstractHttpConfigurer::disable) + .exceptionHandling(eh -> eh.authenticationEntryPoint(new UnauthorizedRequestEntryPoint())) + .authorizeHttpRequests(auth -> auth + .requestMatchers(UnauthenticatedInterfaces.get().toArray(String[]::new)).permitAll() + .anyRequest().authenticated() + ); + if (env.getOAuthEnabled().getValueOrDefault()) { + LOG.info("Configuring OAuth authentication from environment variables"); + http.oauth2Login(oauth -> oauth + .authorizationEndpoint(ae -> ae + .authorizationRequestRepository(cookieOAuth2AuthorizationRequestRepository()) + ) + .redirectionEndpoint(Customizer.withDefaults()) + .userInfoEndpoint(ui -> ui + .oidcUserService(customOidcUserService) + .userService(customOAuth2UserService) + ) + .tokenEndpoint(te -> te + .accessTokenResponseClient(authorizationCodeTokenResponseClient()) + ) + .successHandler(oAuth2AuthenticationSuccessHandler) + .failureHandler(oAuth2AuthenticationFailureHandler) + ); + } http.addFilterBefore(tokenAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class); @@ -248,16 +242,24 @@ public class WebSecurityConfig { } private OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> authorizationCodeTokenResponseClient() { - var tokenResponseHttpMessageConverter = new OAuth2AccessTokenResponseHttpMessageConverter(); - tokenResponseHttpMessageConverter - .setAccessTokenResponseConverter(new OAuth2AccessTokenResponseConverterWithDefaults()); - var restTemplate = new RestTemplate( - List.of(new FormHttpMessageConverter(), tokenResponseHttpMessageConverter) + var tokenResponseConverter = new OAuth2AccessTokenResponseHttpMessageConverter(); + tokenResponseConverter.setAccessTokenResponseConverter( + new OAuth2AccessTokenResponseConverterWithDefaults() ); - restTemplate.setErrorHandler(new OAuth2ErrorResponseErrorHandler()); - var tokenResponseClient = new DefaultAuthorizationCodeTokenResponseClient(); - tokenResponseClient.setRestOperations(restTemplate); - return tokenResponseClient; + + RestClient restClient = RestClient.builder() + .messageConverters(converters -> { + converters.clear(); + converters.add(new FormHttpMessageConverter()); + converters.add(tokenResponseConverter); + }) + .defaultStatusHandler(new OAuth2ErrorResponseErrorHandler()) + .build(); + + var client = new RestClientAuthorizationCodeTokenResponseClient(); + client.setRestClient(restClient); + + return client; } diff --git a/streampipes-service-extensions/pom.xml b/streampipes-service-extensions/pom.xml index 03cb0b1a77..d370d673d1 100644 --- a/streampipes-service-extensions/pom.xml +++ b/streampipes-service-extensions/pom.xml @@ -65,12 +65,6 @@ <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> - <exclusions> - <exclusion> - <groupId>org.springframework.boot</groupId> - <artifactId>spring-boot-starter-tomcat</artifactId> - </exclusion> - </exclusions> </dependency> <!-- Test dependencies --> diff --git a/streampipes-service-extensions/src/main/java/org/apache/streampipes/service/extensions/security/WebSecurityConfig.java b/streampipes-service-extensions/src/main/java/org/apache/streampipes/service/extensions/security/WebSecurityConfig.java index 10e83f16d4..fcaada47ce 100644 --- a/streampipes-service-extensions/src/main/java/org/apache/streampipes/service/extensions/security/WebSecurityConfig.java +++ b/streampipes-service-extensions/src/main/java/org/apache/streampipes/service/extensions/security/WebSecurityConfig.java @@ -24,23 +24,24 @@ import org.apache.streampipes.service.base.security.UnauthorizedRequestEntryPoin import org.slf4j.Logger; import org.slf4j.LoggerFactory; + import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.BeanIds; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; -import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; +import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; -import org.springframework.security.web.util.matcher.AntPathRequestMatcher; @Configuration @EnableWebSecurity -@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true) +@EnableMethodSecurity(securedEnabled = true, jsr250Enabled = true) public class WebSecurityConfig { private static final Logger LOG = LoggerFactory.getLogger(WebSecurityConfig.class); @@ -62,34 +63,26 @@ public class WebSecurityConfig { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { if (isAnonymousAccess()) { - http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) - .and() - .csrf().disable() - .formLogin().disable() - .httpBasic().disable() - .authorizeHttpRequests() - .requestMatchers(new AntPathRequestMatcher("/**")).permitAll(); + http.sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) + .csrf(AbstractHttpConfigurer::disable) + .formLogin(AbstractHttpConfigurer::disable) + .httpBasic(AbstractHttpConfigurer::disable) + .authorizeHttpRequests(auth -> auth + .requestMatchers("/**").permitAll() + ); } else { http - .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) - .and() - .csrf().disable() - .formLogin().disable() - .httpBasic().disable() - .exceptionHandling() - .authenticationEntryPoint(new UnauthorizedRequestEntryPoint()) - .and() - .authorizeHttpRequests((authz) -> authz - .requestMatchers(UnauthenticatedInterfaces - .get() - .stream() - .map(AntPathRequestMatcher::new) - .toList() - .toArray(new AntPathRequestMatcher[0])) - .permitAll() + .sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) + .csrf(AbstractHttpConfigurer::disable) + .formLogin(AbstractHttpConfigurer::disable) + .httpBasic(AbstractHttpConfigurer::disable) + .exceptionHandling(eh -> eh.authenticationEntryPoint(new UnauthorizedRequestEntryPoint())) + .authorizeHttpRequests(auth -> auth + .requestMatchers(UnauthenticatedInterfaces.get().toArray(String[]::new)).permitAll() .anyRequest().authenticated() - .and() - .addFilterBefore(tokenAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)); + ) + .addFilterBefore(tokenAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class); + } return http.build();
