From 86f2d8729537c25e6e78f59e5e3cbb9c8cf5ef31 Mon Sep 17 00:00:00 2001 From: Domonkos Gulyas Date: Fri, 5 Dec 2025 14:40:30 +0100 Subject: [PATCH 1/7] Uplift Spring Boot and Java versions Upgrade the Spring Boot version to 3.x.x and the Java version to 21. Update dependencies for compatibility, and align the code with these upgrades, especially in WebSecurityConfig. --- pom.xml | 18 +- .../configuration/ElasticConfig.java | 4 +- .../configuration/WebSecurityConfig.java | 200 ++++++++++++------ .../repository/ChannelRepository.java | 2 +- .../rest/controller/ChannelController.java | 2 +- .../service/ChannelFinderEpicsService.java | 4 +- .../channelfinder/service/MetricsService.java | 2 +- .../ChannelProcessorControllerIT.java | 4 +- 8 files changed, 149 insertions(+), 87 deletions(-) diff --git a/pom.xml b/pom.xml index 4336b1b..0b3e673 100644 --- a/pom.xml +++ b/pom.xml @@ -35,12 +35,14 @@ UTF-8 - 2.7.18 - 8.11.2 + 3.4.4 + 2.18.3 + 8.18.0 5.10.0 true true true + 21 ${git.commit.time} @@ -84,12 +86,12 @@ com.fasterxml.jackson.core jackson-databind - 2.16.0 + ${jackson.version} com.fasterxml.jackson.core jackson-core - 2.16.0 + ${jackson.version} jakarta.json @@ -347,10 +349,10 @@ org.apache.maven.plugins maven-compiler-plugin - 3.11.0 + 3.14.0 - 17 - 17 + ${java.version} + ${java.version} ${project.build.sourceEncoding} @@ -452,7 +454,7 @@ -Xdoclint:none - 17 + ${java.version} diff --git a/src/main/java/org/phoebus/channelfinder/configuration/ElasticConfig.java b/src/main/java/org/phoebus/channelfinder/configuration/ElasticConfig.java index 736e118..a7fc37e 100644 --- a/src/main/java/org/phoebus/channelfinder/configuration/ElasticConfig.java +++ b/src/main/java/org/phoebus/channelfinder/configuration/ElasticConfig.java @@ -24,14 +24,14 @@ import co.elastic.clients.transport.endpoints.BooleanResponse; import co.elastic.clients.transport.rest_client.RestClientTransport; import com.fasterxml.jackson.databind.ObjectMapper; +import jakarta.servlet.ServletContextEvent; +import jakarta.servlet.ServletContextListener; import java.io.IOException; import java.io.InputStream; import java.text.MessageFormat; import java.util.Arrays; import java.util.logging.Level; import java.util.logging.Logger; -import javax.servlet.ServletContextEvent; -import javax.servlet.ServletContextListener; import org.apache.http.Header; import org.apache.http.HttpHost; import org.apache.http.auth.AuthScope; diff --git a/src/main/java/org/phoebus/channelfinder/configuration/WebSecurityConfig.java b/src/main/java/org/phoebus/channelfinder/configuration/WebSecurityConfig.java index 4fe197d..788fc53 100644 --- a/src/main/java/org/phoebus/channelfinder/configuration/WebSecurityConfig.java +++ b/src/main/java/org/phoebus/channelfinder/configuration/WebSecurityConfig.java @@ -1,34 +1,52 @@ package org.phoebus.channelfinder.configuration; +import static org.springframework.security.config.Customizer.withDefaults; + +import java.util.List; +import org.apache.commons.lang3.ArrayUtils; import org.springframework.beans.factory.annotation.Value; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; +import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; +import org.springframework.context.annotation.*; +import org.springframework.core.env.Environment; +import org.springframework.core.type.AnnotatedTypeMetadata; import org.springframework.http.HttpMethod; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.authentication.AuthenticationProvider; +import org.springframework.security.authentication.ProviderManager; +import org.springframework.security.authentication.dao.DaoAuthenticationProvider; +import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.builders.WebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.config.http.SessionCreationPolicy; +import org.springframework.security.core.userdetails.User; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.ldap.DefaultSpringSecurityContextSource; +import org.springframework.security.ldap.authentication.BindAuthenticator; +import org.springframework.security.ldap.authentication.LdapAuthenticationProvider; import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; +import org.springframework.security.web.SecurityFilterChain; @Configuration -public class WebSecurityConfig extends WebSecurityConfigurerAdapter { - - @Override - protected void configure(HttpSecurity http) throws Exception { - http.csrf().disable(); - http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); - http.authorizeRequests().anyRequest().authenticated(); - http.httpBasic(); +public class WebSecurityConfig { + + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + http.csrf(AbstractHttpConfigurer::disable) + .sessionManagement( + session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) + .authorizeHttpRequests(auth -> auth.anyRequest().authenticated()) + .httpBasic(withDefaults()); + + return http.build(); } - @Override - public void configure(WebSecurity web) throws Exception { + @Bean + public WebSecurityCustomizer ignoringCustomizer() { // Authentication and Authorization is only needed for non search/query operations - web.ignoring().antMatchers(HttpMethod.GET, "/**"); + return web -> web.ignoring().requestMatchers(HttpMethod.GET, "/**"); } /** External LDAP configuration properties */ @@ -83,71 +101,113 @@ public void configure(WebSecurity web) throws Exception { @Value("${file.auth.enabled:true}") boolean file_enabled; - @Override - public void configure(AuthenticationManagerBuilder auth) throws Exception { + @Bean + public AuthenticationManager authenticationManager( + AuthenticationConfiguration configuration, List providers) { + return new ProviderManager(providers); + } - if (ldap_enabled) { - DefaultSpringSecurityContextSource contextSource = - new DefaultSpringSecurityContextSource(ldap_url); - contextSource.afterPropertiesSet(); + @Bean + @ConditionalOnProperty(name = "ldap.enabled", havingValue = "true") + public AuthenticationProvider ldapAuthProvider() { + + DefaultSpringSecurityContextSource contextSource = + new DefaultSpringSecurityContextSource(ldap_url); + contextSource.afterPropertiesSet(); + + DefaultLdapAuthoritiesPopulator authPopulator = + new DefaultLdapAuthoritiesPopulator(contextSource, ldap_groups_search_base); + authPopulator.setGroupSearchFilter(ldap_groups_search_pattern); + authPopulator.setSearchSubtree(true); + authPopulator.setIgnorePartialResultException(true); + + LdapAuthenticationProvider provider = + new LdapAuthenticationProvider( + new BindAuthenticator(contextSource) { + { + setUserDnPatterns(new String[] {ldap_user_dn_pattern}); + } + }, + authPopulator); + + return provider; + } - DefaultLdapAuthoritiesPopulator myAuthPopulator = - new DefaultLdapAuthoritiesPopulator(contextSource, ldap_groups_search_base); - myAuthPopulator.setGroupSearchFilter(ldap_groups_search_pattern); - myAuthPopulator.setSearchSubtree(true); - myAuthPopulator.setIgnorePartialResultException(true); + @Bean + @ConditionalOnProperty(name = "embedded_ldap.enabled", havingValue = "true") + public AuthenticationProvider embeddedLdapAuthProvider() { + + DefaultSpringSecurityContextSource contextSource = + new DefaultSpringSecurityContextSource(embedded_ldap_url); + contextSource.afterPropertiesSet(); + + DefaultLdapAuthoritiesPopulator authPopulator = + new DefaultLdapAuthoritiesPopulator(contextSource, embedded_ldap_groups_search_base); + authPopulator.setGroupSearchFilter(embedded_ldap_groups_search_pattern); + authPopulator.setSearchSubtree(true); + authPopulator.setIgnorePartialResultException(true); + + LdapAuthenticationProvider provider = + new LdapAuthenticationProvider( + new BindAuthenticator(contextSource) { + { + setUserDnPatterns(new String[] {embedded_ldap_user_dn_pattern}); + } + }, + authPopulator); + + return provider; + } - auth.ldapAuthentication() - .userDnPatterns(ldap_user_dn_pattern) - .ldapAuthoritiesPopulator(myAuthPopulator) - .contextSource(contextSource); - } + @Bean + @Conditional(EmbeddedLdapCondition.class) + public AuthenticationProvider demoAuthProvider() { + + InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager(); + PasswordEncoder encoder = encoder(); + + for (int i = 0; i < demo_auth_users.length; i++) { + String[] userroles = demo_auth_roles[i].split(demo_auth_delimiter_roles); - if (embedded_ldap_enabled) { - DefaultSpringSecurityContextSource contextSource = - new DefaultSpringSecurityContextSource(embedded_ldap_url); - contextSource.afterPropertiesSet(); - - DefaultLdapAuthoritiesPopulator myAuthPopulator = - new DefaultLdapAuthoritiesPopulator(contextSource, embedded_ldap_groups_search_base); - myAuthPopulator.setGroupSearchFilter(embedded_ldap_groups_search_pattern); - myAuthPopulator.setSearchSubtree(true); - myAuthPopulator.setIgnorePartialResultException(true); - - auth.ldapAuthentication() - .userDnPatterns(embedded_ldap_user_dn_pattern) - .ldapAuthoritiesPopulator(myAuthPopulator) - .groupSearchBase("ou=Group") - .contextSource(contextSource); + manager.createUser( + User.withUsername(demo_auth_users[i]) + .password(encoder.encode(demo_auth_pwds[i])) + .roles(userroles) + .build()); } - if (demo_auth_enabled) { - // read from configuration, no default content - // interpret users, pwds, roles - // user may have multiple roles - - if (demo_auth_users != null - && demo_auth_pwds != null - && demo_auth_roles != null - && demo_auth_users.length > 0 - && demo_auth_users.length == demo_auth_pwds.length - && demo_auth_pwds.length == demo_auth_roles.length) { - - for (int i = 0; i < demo_auth_users.length; i++) { - String[] userroles = demo_auth_roles[i].split(demo_auth_delimiter_roles); - if (userroles != null && userroles.length > 0) { - auth.inMemoryAuthentication() - .withUser(demo_auth_users[i]) - .password(encoder().encode(demo_auth_pwds[i])) - .roles(userroles); - } - } + return new DaoAuthenticationProvider() { + { + setUserDetailsService(manager); + setPasswordEncoder(encoder); } - } + }; } @Bean public PasswordEncoder encoder() { return new BCryptPasswordEncoder(); } + + private static class EmbeddedLdapCondition implements Condition { + + @Override + public boolean matches(ConditionContext context, AnnotatedTypeMetadata metadata) { + + Environment environment = context.getEnvironment(); + + Boolean isEmbeddedLdapEnabled = + environment.getProperty("embedded_ldap.enabled", Boolean.class, false); + String[] demoAuthPwds = environment.getProperty("demo_auth.pwds", String[].class); + String[] demoAuthRoles = environment.getProperty("demo_auth.roles", String[].class); + String[] demoAuthUsers = environment.getProperty("demo_auth.users", String[].class); + + return isEmbeddedLdapEnabled + && !ArrayUtils.isEmpty(demoAuthUsers) + && !ArrayUtils.isEmpty(demoAuthPwds) + && !ArrayUtils.isEmpty(demoAuthRoles) + && demoAuthUsers.length == demoAuthPwds.length + && demoAuthPwds.length == demoAuthRoles.length; + } + } } diff --git a/src/main/java/org/phoebus/channelfinder/repository/ChannelRepository.java b/src/main/java/org/phoebus/channelfinder/repository/ChannelRepository.java index d2f8d90..10a4877 100644 --- a/src/main/java/org/phoebus/channelfinder/repository/ChannelRepository.java +++ b/src/main/java/org/phoebus/channelfinder/repository/ChannelRepository.java @@ -29,6 +29,7 @@ import co.elastic.clients.json.JsonData; import co.elastic.clients.json.jackson.JacksonJsonpMapper; import com.fasterxml.jackson.databind.ObjectMapper; +import jakarta.annotation.PreDestroy; import java.io.IOException; import java.text.MessageFormat; import java.util.ArrayList; @@ -48,7 +49,6 @@ import java.util.logging.Logger; import java.util.stream.Collectors; import java.util.stream.StreamSupport; -import javax.annotation.PreDestroy; import org.phoebus.channelfinder.common.CFResourceDescriptors; import org.phoebus.channelfinder.common.TextUtil; import org.phoebus.channelfinder.configuration.ElasticConfig; diff --git a/src/main/java/org/phoebus/channelfinder/rest/controller/ChannelController.java b/src/main/java/org/phoebus/channelfinder/rest/controller/ChannelController.java index 1fbb4a9..57c3267 100644 --- a/src/main/java/org/phoebus/channelfinder/rest/controller/ChannelController.java +++ b/src/main/java/org/phoebus/channelfinder/rest/controller/ChannelController.java @@ -2,6 +2,7 @@ import com.google.common.collect.FluentIterable; import com.google.common.collect.Lists; +import jakarta.servlet.ServletContext; import java.text.MessageFormat; import java.util.List; import java.util.Map; @@ -10,7 +11,6 @@ import java.util.logging.Logger; import java.util.stream.Collectors; import java.util.stream.StreamSupport; -import javax.servlet.ServletContext; import org.phoebus.channelfinder.common.TextUtil; import org.phoebus.channelfinder.entity.Channel; import org.phoebus.channelfinder.entity.Property; diff --git a/src/main/java/org/phoebus/channelfinder/service/ChannelFinderEpicsService.java b/src/main/java/org/phoebus/channelfinder/service/ChannelFinderEpicsService.java index a1a3dc7..d553b0a 100644 --- a/src/main/java/org/phoebus/channelfinder/service/ChannelFinderEpicsService.java +++ b/src/main/java/org/phoebus/channelfinder/service/ChannelFinderEpicsService.java @@ -1,5 +1,7 @@ package org.phoebus.channelfinder.service; +import jakarta.annotation.PostConstruct; +import jakarta.annotation.PreDestroy; import java.util.Arrays; import java.util.HashMap; import java.util.List; @@ -7,8 +9,6 @@ import java.util.concurrent.atomic.AtomicInteger; import java.util.logging.Level; import java.util.logging.Logger; -import javax.annotation.PostConstruct; -import javax.annotation.PreDestroy; import org.epics.pva.data.PVABoolArray; import org.epics.pva.data.PVAStringArray; import org.epics.pva.data.PVAStructure; diff --git a/src/main/java/org/phoebus/channelfinder/service/MetricsService.java b/src/main/java/org/phoebus/channelfinder/service/MetricsService.java index 0d78df1..e07ec11 100644 --- a/src/main/java/org/phoebus/channelfinder/service/MetricsService.java +++ b/src/main/java/org/phoebus/channelfinder/service/MetricsService.java @@ -4,6 +4,7 @@ import io.micrometer.core.instrument.ImmutableTag; import io.micrometer.core.instrument.MeterRegistry; import io.micrometer.core.instrument.Tag; +import jakarta.annotation.PostConstruct; import java.util.ArrayList; import java.util.Arrays; import java.util.List; @@ -12,7 +13,6 @@ import java.util.concurrent.TimeUnit; import java.util.concurrent.atomic.AtomicLong; import java.util.stream.Collectors; -import javax.annotation.PostConstruct; import org.phoebus.channelfinder.repository.ChannelRepository; import org.phoebus.channelfinder.repository.PropertyRepository; import org.phoebus.channelfinder.repository.TagRepository; diff --git a/src/test/java/org/phoebus/channelfinder/processors/ChannelProcessorControllerIT.java b/src/test/java/org/phoebus/channelfinder/processors/ChannelProcessorControllerIT.java index 020a5ea..c0d889c 100644 --- a/src/test/java/org/phoebus/channelfinder/processors/ChannelProcessorControllerIT.java +++ b/src/test/java/org/phoebus/channelfinder/processors/ChannelProcessorControllerIT.java @@ -5,6 +5,7 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.put; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*; +import java.util.Base64; import java.util.List; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; @@ -21,7 +22,6 @@ import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder; -import org.springframework.util.Base64Utils; @ExtendWith(SpringExtension.class) @WebMvcTest(ChannelProcessorController.class) @@ -31,7 +31,7 @@ class ChannelProcessorControllerIT { protected static final String AUTHORIZATION = - "Basic " + Base64Utils.encodeToString("admin:adminPass".getBytes()); + "Basic " + Base64.getEncoder().encodeToString("admin:adminPass".getBytes()); @Autowired protected MockMvc mockMvc; @MockBean IChannelScroll channelScroll; From f4637523aa342780c4368a9cfe38f8903181731c Mon Sep 17 00:00:00 2001 From: Domonkos Gulyas Date: Fri, 5 Dec 2025 14:44:27 +0100 Subject: [PATCH 2/7] Update Docker related files Update Docker related files to use Java 21 and elasticsearch 8.18.0 --- Dockerfile | 4 ++-- compose.yml | 2 +- src/test/resources/Dockerfile | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 32ce67b..7c49fc2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,12 +1,12 @@ # syntax=docker/dockerfile:1 -FROM eclipse-temurin:17-jdk AS builder +FROM eclipse-temurin:21-jdk AS builder WORKDIR /build RUN apt-get update && apt-get install -y maven COPY . . RUN mvn --batch-mode --update-snapshots clean package -DskipTests -FROM eclipse-temurin:17-jre AS runner +FROM eclipse-temurin:21-jre AS runner WORKDIR /app COPY --from=builder /build/target/ChannelFinder-*.jar ./channelfinder.jar CMD ["java", "-jar", "/app/channelfinder.jar", "--spring.config.name=application"] diff --git a/compose.yml b/compose.yml index be047a4..4e7b5a3 100644 --- a/compose.yml +++ b/compose.yml @@ -15,7 +15,7 @@ services: condition: service_healthy elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch:8.11.2 + image: docker.elastic.co/elasticsearch/elasticsearch:8.18.0 hostname: elasticsearch networks: - channelfinder-net diff --git a/src/test/resources/Dockerfile b/src/test/resources/Dockerfile index 959ae56..69f0bcf 100644 --- a/src/test/resources/Dockerfile +++ b/src/test/resources/Dockerfile @@ -16,7 +16,7 @@ # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # ------------------------------------------------------------------------------ -FROM eclipse-temurin:17-jre +FROM eclipse-temurin:21-jre # deployment unit COPY ../../../target/ChannelFinder-*.jar /channelfinder/ChannelFinder-*.jar From f879baf9b259a3ec990ec0ce02ab8c0f102f2d64 Mon Sep 17 00:00:00 2001 From: Domonkos Gulyas Date: Fri, 5 Dec 2025 14:46:23 +0100 Subject: [PATCH 3/7] Update readme Update readme to reference the correct versions. --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index be565d3..54d6a43 100644 --- a/README.md +++ b/README.md @@ -45,8 +45,8 @@ For using docker containers there is a barebones [docker compose file](./compose * Prerequisites - * JDK 17 - * Elastic version 8.11.x + * JDK 21 + * Elastic version 8.18.x * **For authN/authZ using LDAP:** LDAP server, e.g. OpenLDAP #### Setup Elasticsearch @@ -62,7 +62,7 @@ Options: #### Running ```bash -sudo apt-get install openjdk-17-jre git curl wget +sudo apt-get install openjdk-21-jre git curl wget sudo systemctl start elasticsearch # Or other command to run elastic search # Replace verison with the release you want @@ -98,7 +98,7 @@ and [Eclipse](https://eclipseide.org/). * Prerequisites - * JDK 17 + * JDK 21 * Maven (via package manager or via the wrapper `./mvnw`) (version specified in [the wrapper properties](./.mvn/wrapper/maven-wrapper.properties)) From e40f8904bf7da99f24cc264825cebec1ec57d416 Mon Sep 17 00:00:00 2001 From: Domonkos Gulyas Date: Fri, 5 Dec 2025 14:47:27 +0100 Subject: [PATCH 4/7] Update Github workflow files Uplift Java version in teh Github workflow files --- .github/workflows/codecov.yml | 4 ++-- .github/workflows/maven.yml | 12 ++++++------ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/codecov.yml b/.github/workflows/codecov.yml index fc9c177..cb6bcbe 100644 --- a/.github/workflows/codecov.yml +++ b/.github/workflows/codecov.yml @@ -22,10 +22,10 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - name: Set up JDK 17 + - name: Set up JDK 21 uses: actions/setup-java@v4 with: - java-version: '17' + java-version: '21' distribution: 'temurin' cache: maven - name: Runs Elasticsearch diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index 895d47c..68520db 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -19,10 +19,10 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - name: Set up JDK 17 + - name: Set up JDK 21 uses: actions/setup-java@v4 with: - java-version: '17' + java-version: '21' distribution: 'temurin' cache: maven - name: Build with Maven @@ -39,10 +39,10 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - name: Set up JDK 17 + - name: Set up JDK 21 uses: actions/setup-java@v4 with: - java-version: '17' + java-version: '21' distribution: 'temurin' cache: maven - name: Test with Maven @@ -59,10 +59,10 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - name: Set up JDK 17 + - name: Set up JDK 21 uses: actions/setup-java@v4 with: - java-version: '17' + java-version: '21' distribution: 'temurin' cache: maven - name: Runs Elasticsearch From d128c30bfbd76ecb25f6d8cc01055813b19485d1 Mon Sep 17 00:00:00 2001 From: Domonkos Gulyas Date: Wed, 10 Dec 2025 08:18:59 +0100 Subject: [PATCH 5/7] Undo elaticsearch upgrade It have to be done later in a separate pull request. --- README.md | 2 +- compose.yml | 2 +- pom.xml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 54d6a43..1973b2c 100644 --- a/README.md +++ b/README.md @@ -46,7 +46,7 @@ For using docker containers there is a barebones [docker compose file](./compose * Prerequisites * JDK 21 - * Elastic version 8.18.x + * Elastic version 8.11.x * **For authN/authZ using LDAP:** LDAP server, e.g. OpenLDAP #### Setup Elasticsearch diff --git a/compose.yml b/compose.yml index 4e7b5a3..be047a4 100644 --- a/compose.yml +++ b/compose.yml @@ -15,7 +15,7 @@ services: condition: service_healthy elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch:8.18.0 + image: docker.elastic.co/elasticsearch/elasticsearch:8.11.2 hostname: elasticsearch networks: - channelfinder-net diff --git a/pom.xml b/pom.xml index 0b3e673..08b1214 100644 --- a/pom.xml +++ b/pom.xml @@ -37,7 +37,7 @@ UTF-8 3.4.4 2.18.3 - 8.18.0 + 8.11.2 5.10.0 true true From 4862b42bcf3cd719c7e8b8b9e2198acd8bea311b Mon Sep 17 00:00:00 2001 From: Domonkos Gulyas Date: Wed, 10 Dec 2025 08:43:58 +0100 Subject: [PATCH 6/7] Correct demo auth config --- .../channelfinder/configuration/WebSecurityConfig.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/phoebus/channelfinder/configuration/WebSecurityConfig.java b/src/main/java/org/phoebus/channelfinder/configuration/WebSecurityConfig.java index 788fc53..50dba98 100644 --- a/src/main/java/org/phoebus/channelfinder/configuration/WebSecurityConfig.java +++ b/src/main/java/org/phoebus/channelfinder/configuration/WebSecurityConfig.java @@ -196,13 +196,13 @@ public boolean matches(ConditionContext context, AnnotatedTypeMetadata metadata) Environment environment = context.getEnvironment(); - Boolean isEmbeddedLdapEnabled = - environment.getProperty("embedded_ldap.enabled", Boolean.class, false); + Boolean isDemoAuthEnabled = + environment.getProperty("demo_auth.enabled", Boolean.class, false); String[] demoAuthPwds = environment.getProperty("demo_auth.pwds", String[].class); String[] demoAuthRoles = environment.getProperty("demo_auth.roles", String[].class); String[] demoAuthUsers = environment.getProperty("demo_auth.users", String[].class); - return isEmbeddedLdapEnabled + return isDemoAuthEnabled && !ArrayUtils.isEmpty(demoAuthUsers) && !ArrayUtils.isEmpty(demoAuthPwds) && !ArrayUtils.isEmpty(demoAuthRoles) From aa26c17935cd11d0c5a096788d9483b445c469f8 Mon Sep 17 00:00:00 2001 From: Domonkos Gulyas Date: Wed, 10 Dec 2025 09:54:21 +0100 Subject: [PATCH 7/7] Resolve Sonar issues --- .../configuration/WebSecurityConfig.java | 42 ++++++------------- 1 file changed, 13 insertions(+), 29 deletions(-) diff --git a/src/main/java/org/phoebus/channelfinder/configuration/WebSecurityConfig.java b/src/main/java/org/phoebus/channelfinder/configuration/WebSecurityConfig.java index 50dba98..83a4470 100644 --- a/src/main/java/org/phoebus/channelfinder/configuration/WebSecurityConfig.java +++ b/src/main/java/org/phoebus/channelfinder/configuration/WebSecurityConfig.java @@ -17,7 +17,6 @@ import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; -import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.core.userdetails.User; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; @@ -34,13 +33,12 @@ public class WebSecurityConfig { @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { - http.csrf(AbstractHttpConfigurer::disable) + return http.csrf(csrf -> csrf.disable()) .sessionManagement( session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) .authorizeHttpRequests(auth -> auth.anyRequest().authenticated()) - .httpBasic(withDefaults()); - - return http.build(); + .httpBasic(withDefaults()) + .build(); } @Bean @@ -121,16 +119,10 @@ public AuthenticationProvider ldapAuthProvider() { authPopulator.setSearchSubtree(true); authPopulator.setIgnorePartialResultException(true); - LdapAuthenticationProvider provider = - new LdapAuthenticationProvider( - new BindAuthenticator(contextSource) { - { - setUserDnPatterns(new String[] {ldap_user_dn_pattern}); - } - }, - authPopulator); + BindAuthenticator bindAuthenticator = new BindAuthenticator(contextSource); + bindAuthenticator.setUserDnPatterns(new String[] {ldap_user_dn_pattern}); - return provider; + return new LdapAuthenticationProvider(bindAuthenticator, authPopulator); } @Bean @@ -147,16 +139,10 @@ public AuthenticationProvider embeddedLdapAuthProvider() { authPopulator.setSearchSubtree(true); authPopulator.setIgnorePartialResultException(true); - LdapAuthenticationProvider provider = - new LdapAuthenticationProvider( - new BindAuthenticator(contextSource) { - { - setUserDnPatterns(new String[] {embedded_ldap_user_dn_pattern}); - } - }, - authPopulator); + BindAuthenticator bindAuthenticator = new BindAuthenticator(contextSource); + bindAuthenticator.setUserDnPatterns(new String[] {embedded_ldap_user_dn_pattern}); - return provider; + return new LdapAuthenticationProvider(bindAuthenticator, authPopulator); } @Bean @@ -176,12 +162,10 @@ public AuthenticationProvider demoAuthProvider() { .build()); } - return new DaoAuthenticationProvider() { - { - setUserDetailsService(manager); - setPasswordEncoder(encoder); - } - }; + DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); + provider.setUserDetailsService(manager); + provider.setPasswordEncoder(encoder); + return provider; } @Bean