Merge pull request #475 from wultra/develop

Merge develop to master
wultra · Jan 5, 2024 · 5b389ea · 5b389ea
2 parents 29065d0 + cffe5e0
commit 5b389ea
Show file tree

Hide file tree

Showing 13 changed files with 91 additions and 47 deletions.
diff --git a/docs/RESTful-API-for-Spring.md b/docs/RESTful-API-for-Spring.md
@@ -194,7 +194,7 @@ public class ApplicationConfiguration implements PowerAuthApplicationConfigurati
 
 _(optional)_
 
-Create a security configuration class `SecurityConfig` extending `WebSecurityConfigurerAdapter`. The configuration we will use:
+Create a security configuration class `SecurityConfig` configuring a bean `SecurityFilterChain`. The configuration we will use:
 
 - disable default Basic HTTP authentication
 - disables CSRF (we don't need it for REST)
@@ -205,17 +205,18 @@ Create a security configuration class `SecurityConfig` extending `WebSecurityCon
 ```java
 @Configuration
 @EnableWebSecurity
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
+public class SecurityConfig {
 
-    @Autowired
-    private PowerAuthApiAuthenticationEntryPoint apiAuthenticationEntryPoint;
-
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        http.authorizeRequests().antMatchers("/secured/**").fullyAuthenticated();
-        http.httpBasic().disable();
-        http.csrf().disable();
-        http.exceptionHandling().authenticationEntryPoint(apiAuthenticationEntryPoint);
+    @Bean
+    public SecurityFilterChain filterChain(final HttpSecurity http, final PowerAuthApiAuthenticationEntryPoint apiAuthenticationEntryPoint) throws Exception {
+        return http
+                .authorizeHttpRequests(authorize -> authorize
+                        .requestMatchers("/secured/**").fullyAuthenticated())
+                .exceptionHandling(exceptionHandling ->
+                        exceptionHandling.authenticationEntryPoint(apiAuthenticationEntryPoint))
+                .httpBasic(AbstractHttpConfigurer::disable)
+                .csrf(AbstractHttpConfigurer::disable)
+                .build();
     }
 
 }

diff --git a/pom.xml b/pom.xml
@@ -28,7 +28,7 @@
 
     <groupId>io.getlime.security</groupId>
     <artifactId>powerauth-restful-integration-parent</artifactId>
-    <version>1.5.0</version>
+    <version>1.6.0</version>
     <packaging>pom</packaging>
 
     <inceptionYear>2017</inceptionYear>
@@ -78,17 +78,21 @@
         <java.version>17</java.version>
         <maven.compiler.source>${java.version}</maven.compiler.source>
         <maven.compiler.target>${java.version}</maven.compiler.target>
-        <maven-jar-plugin.version>3.3.0</maven-jar-plugin.version>
         <maven-deploy-plugin.version>3.1.1</maven-deploy-plugin.version>
-        <maven-javadoc-plugin.version>3.6.0</maven-javadoc-plugin.version>
+        <maven-enforcer-plugin.version>3.4.1</maven-enforcer-plugin.version>
+        <maven-jar-plugin.version>3.3.0</maven-jar-plugin.version>
+        <maven-javadoc-plugin.version>3.6.3</maven-javadoc-plugin.version>
         <maven-source-plugin.version>3.3.0</maven-source-plugin.version>
         <maven-war-plugin.version>3.4.0</maven-war-plugin.version>
-        <spring-boot.version>3.1.3</spring-boot.version>
-        <commons-text.version>1.10.0</commons-text.version>
-        <bcprov.version>1.76</bcprov.version>
-        <wultra-core.version>1.7.0</wultra-core.version>
-        <powerauth.version>1.5.0</powerauth.version>
-        <powerauth-crypto.version>1.5.1</powerauth-crypto.version>
+        <spring-boot.version>3.1.6</spring-boot.version>
+        <commons-text.version>1.11.0</commons-text.version>
+        <bcprov.version>1.77</bcprov.version>
+        <!--  TODO (racansky, 2023-12-08) temporarily override the version 1.4.11 from spring boot version because of CVE  -->
+        <logback.version>1.4.14</logback.version>
+
+        <wultra-core.version>1.8.0</wultra-core.version>
+        <powerauth.version>1.6.0</powerauth.version>
+        <powerauth-crypto.version>1.6.0</powerauth-crypto.version>
     </properties>
 
     <dependencyManagement>
@@ -101,6 +105,18 @@
                 <scope>import</scope>
             </dependency>
 
+            <!--  TODO (racansky, 2023-12-08) temporarily override the version 1.4.11 from spring boot version because of CVE  -->
+            <dependency>
+                <groupId>ch.qos.logback</groupId>
+                <artifactId>logback-classic</artifactId>
+                <version>${logback.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>ch.qos.logback</groupId>
+                <artifactId>logback-core</artifactId>
+                <version>${logback.version}</version>
+            </dependency>
+
             <!-- PowerAuth Restful Integration Dependencies -->
             <dependency>
                 <groupId>io.getlime.security</groupId>
@@ -116,14 +132,10 @@
 
             <dependency>
                 <groupId>io.getlime.core</groupId>
-                <artifactId>annotations</artifactId>
-                <version>${wultra-core.version}</version>
-            </dependency>
-
-            <dependency>
-                <groupId>io.getlime.core</groupId>
-                <artifactId>rest-model-base</artifactId>
+                <artifactId>core-bom</artifactId>
                 <version>${wultra-core.version}</version>
+                <type>pom</type>
+                <scope>import</scope>
             </dependency>
 
             <!-- 3rd Party Dependencies -->
@@ -190,6 +202,36 @@
                 <artifactId>maven-deploy-plugin</artifactId>
                 <version>${maven-deploy-plugin.version}</version>
             </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-enforcer-plugin</artifactId>
+                <version>${maven-enforcer-plugin.version}</version>
+                <dependencies>
+                    <dependency>
+                        <groupId>de.skuzzle.enforcer</groupId>
+                        <artifactId>restrict-imports-enforcer-rule</artifactId>
+                        <version>2.4.0</version>
+                    </dependency>
+                </dependencies>
+                <executions>
+                    <execution>
+                        <id>enforce-banned-java-imports</id>
+                        <goals>
+                            <goal>enforce</goal>
+                        </goals>
+                        <configuration>
+                            <rules>
+                                <RestrictImports>
+                                    <!--  https://github.com/google/guava/issues/2960  -->
+                                    <reason>Guava depends on jsr305 but we prefer jakarta in our code</reason>
+                                    <bannedImport>javax.annotation.**</bannedImport>
+                                </RestrictImports>
+                            </rules>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
         </plugins>
     </build>
 

diff --git a/powerauth-restful-model/pom.xml b/powerauth-restful-model/pom.xml
@@ -30,7 +30,7 @@
     <parent>
         <groupId>io.getlime.security</groupId>
         <artifactId>powerauth-restful-integration-parent</artifactId>
-        <version>1.5.0</version>
+        <version>1.6.0</version>
     </parent>
 
     <dependencies>

diff --git a/powerauth-restful-security-spring-annotation/pom.xml b/powerauth-restful-security-spring-annotation/pom.xml
@@ -30,7 +30,7 @@
     <parent>
         <groupId>io.getlime.security</groupId>
         <artifactId>powerauth-restful-integration-parent</artifactId>
-        <version>1.5.0</version>
+        <version>1.6.0</version>
     </parent>
 
     <dependencies>

diff --git a/...getlime/security/powerauth/rest/api/spring/filter/ResettableStreamHttpServletRequest.java b/...getlime/security/powerauth/rest/api/spring/filter/ResettableStreamHttpServletRequest.java
@@ -20,12 +20,12 @@
 package io.getlime.security.powerauth.rest.api.spring.filter;
 
 import com.google.common.io.ByteStreams;
-
-import javax.annotation.Nonnull;
+import jakarta.annotation.Nonnull;
 import jakarta.servlet.ReadListener;
 import jakarta.servlet.ServletInputStream;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletRequestWrapper;
+
 import java.io.*;
 import java.util.Arrays;
 

diff --git a/...io/getlime/security/powerauth/rest/api/spring/provider/MinimalClaimsUserInfoProvider.java b/...io/getlime/security/powerauth/rest/api/spring/provider/MinimalClaimsUserInfoProvider.java
@@ -21,8 +21,8 @@
 
 import com.wultra.core.annotations.PublicSpi;
 import io.getlime.security.powerauth.rest.api.spring.model.UserInfoContext;
+import jakarta.annotation.Nonnull;
 
-import javax.annotation.Nonnull;
 import java.time.Instant;
 import java.util.Collections;
 import java.util.LinkedHashMap;

diff --git a/.../getlime/security/powerauth/rest/api/spring/provider/PowerAuthAuthenticationProvider.java b/.../getlime/security/powerauth/rest/api/spring/provider/PowerAuthAuthenticationProvider.java
@@ -50,15 +50,15 @@
 import io.getlime.security.powerauth.rest.api.spring.model.ActivationStatus;
 import io.getlime.security.powerauth.rest.api.spring.model.AuthenticationContext;
 import io.getlime.security.powerauth.rest.api.spring.service.HttpCustomizationService;
+import jakarta.annotation.Nonnull;
+import jakarta.annotation.Nullable;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.stereotype.Component;
 
-import javax.annotation.Nonnull;
-import javax.annotation.Nullable;
 import java.util.Base64;
 import java.util.List;
 

diff --git a/...lime/security/powerauth/rest/api/spring/provider/PowerAuthAuthenticationProviderBase.java b/...lime/security/powerauth/rest/api/spring/provider/PowerAuthAuthenticationProviderBase.java
@@ -26,12 +26,12 @@
 import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthRequestFilterException;
 import io.getlime.security.powerauth.rest.api.spring.model.PowerAuthRequestBody;
 import io.getlime.security.powerauth.rest.api.spring.model.PowerAuthRequestObjects;
+import jakarta.annotation.Nonnull;
+import jakarta.annotation.Nullable;
+import jakarta.servlet.http.HttpServletRequest;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.annotation.Nonnull;
-import javax.annotation.Nullable;
-import jakarta.servlet.http.HttpServletRequest;
 import java.util.ArrayList;
 import java.util.List;
 

diff --git a/...a/io/getlime/security/powerauth/rest/api/spring/provider/PowerAuthEncryptionProvider.java b/...a/io/getlime/security/powerauth/rest/api/spring/provider/PowerAuthEncryptionProvider.java
@@ -25,14 +25,13 @@
 import io.getlime.security.powerauth.rest.api.spring.encryption.PowerAuthEncryptorParameters;
 import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthEncryptionException;
 import io.getlime.security.powerauth.rest.api.spring.service.HttpCustomizationService;
+import jakarta.annotation.Nonnull;
+import jakarta.annotation.Nullable;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
-import javax.annotation.Nonnull;
-import javax.annotation.Nullable;
-
 /**
  * Implementation of PowerAuth encryption provider.
  *

diff --git a/.../getlime/security/powerauth/rest/api/spring/provider/PowerAuthEncryptionProviderBase.java b/.../getlime/security/powerauth/rest/api/spring/provider/PowerAuthEncryptionProviderBase.java
@@ -25,7 +25,9 @@
 import com.fasterxml.jackson.databind.type.TypeFactory;
 import io.getlime.security.powerauth.crypto.lib.encryptor.EncryptorFactory;
 import io.getlime.security.powerauth.crypto.lib.encryptor.ServerEncryptor;
-import io.getlime.security.powerauth.crypto.lib.encryptor.model.*;
+import io.getlime.security.powerauth.crypto.lib.encryptor.model.EncryptedRequest;
+import io.getlime.security.powerauth.crypto.lib.encryptor.model.EncryptedResponse;
+import io.getlime.security.powerauth.crypto.lib.encryptor.model.EncryptorParameters;
 import io.getlime.security.powerauth.crypto.lib.encryptor.model.v3.ServerEncryptorSecrets;
 import io.getlime.security.powerauth.http.PowerAuthEncryptionHttpHeader;
 import io.getlime.security.powerauth.http.PowerAuthSignatureHttpHeader;
@@ -36,17 +38,17 @@
 import io.getlime.security.powerauth.rest.api.model.response.EciesEncryptedResponse;
 import io.getlime.security.powerauth.rest.api.spring.encryption.EncryptionContext;
 import io.getlime.security.powerauth.rest.api.spring.encryption.EncryptionScope;
-import io.getlime.security.powerauth.rest.api.spring.encryption.PowerAuthEncryptorParameters;
 import io.getlime.security.powerauth.rest.api.spring.encryption.PowerAuthEncryptorData;
+import io.getlime.security.powerauth.rest.api.spring.encryption.PowerAuthEncryptorParameters;
 import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthEncryptionException;
 import io.getlime.security.powerauth.rest.api.spring.model.PowerAuthRequestBody;
 import io.getlime.security.powerauth.rest.api.spring.model.PowerAuthRequestObjects;
+import jakarta.annotation.Nonnull;
+import jakarta.annotation.Nullable;
 import jakarta.servlet.http.HttpServletRequest;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.annotation.Nonnull;
-import javax.annotation.Nullable;
 import java.io.IOException;
 import java.lang.reflect.Type;
 import java.util.Base64;

diff --git a/...rc/main/java/io/getlime/security/powerauth/rest/api/spring/provider/UserInfoProvider.java b/...rc/main/java/io/getlime/security/powerauth/rest/api/spring/provider/UserInfoProvider.java
@@ -22,8 +22,8 @@
 import com.wultra.core.annotations.PublicSpi;
 import io.getlime.security.powerauth.rest.api.model.entity.UserInfoStage;
 import io.getlime.security.powerauth.rest.api.spring.model.UserInfoContext;
+import jakarta.annotation.Nonnull;
 
-import javax.annotation.Nonnull;
 import java.util.Collections;
 import java.util.Map;
 

diff --git a/powerauth-restful-security-spring/pom.xml b/powerauth-restful-security-spring/pom.xml
@@ -30,7 +30,7 @@
     <parent>
         <groupId>io.getlime.security</groupId>
         <artifactId>powerauth-restful-integration-parent</artifactId>
-        <version>1.5.0</version>
+        <version>1.6.0</version>
     </parent>
 
     <dependencies>

diff --git a/...rc/main/java/io/getlime/security/powerauth/rest/api/spring/service/ActivationService.java b/...rc/main/java/io/getlime/security/powerauth/rest/api/spring/service/ActivationService.java
@@ -469,7 +469,7 @@ public ActivationLayer1Response createActivation(ActivationLayer1Request request
                 }
             }
         } catch (PowerAuthClientException ex) {
-            if (ex.getPowerAuthError() instanceof final PowerAuthErrorRecovery errorRecovery) {
+            if (ex.getPowerAuthError().orElse(null) instanceof final PowerAuthErrorRecovery errorRecovery) {
                 logger.debug("Invalid recovery code, current PUK index: {}", errorRecovery.getCurrentRecoveryPukIndex());
                 throw new PowerAuthRecoveryException(ex.getMessage(), "INVALID_RECOVERY_CODE", errorRecovery.getCurrentRecoveryPukIndex());
             }