Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge develop to master #475

Merged
merged 31 commits into from
Jan 5, 2024
Merged

Merge develop to master #475

Show file tree
Hide file tree
Changes from 27 commits
Commits
Show all changes
31 commits
Select commit Hold shift + click to select a range
b57b9b6
Fix #448: Update to develop version 1.6.0-SNAPSHOT
banterCZ Sep 19, 2023
7f78ef0
Merge pull request #449 from wultra/issues/448-version-1.6.0-SNAPSHOT
banterCZ Sep 20, 2023
cbf8ea9
Fix #450: Restrict import of javax.annotation
banterCZ Sep 20, 2023
eeb17a0
Bump org.springframework.boot:spring-boot-dependencies
dependabot[bot] Sep 25, 2023
1b88af2
Merge pull request #454 from wultra/dependabot/maven/org.springframew…
dependabot[bot] Sep 25, 2023
214c6f3
Merge pull request #451 from wultra/issues/450-restrict-javax-import
banterCZ Sep 25, 2023
ee22456
Fix #455: PowerAuthClientException#getPowerAuthError is nullable
banterCZ Oct 19, 2023
6be94f8
Merge pull request #456 from wultra/issues/455-PowerAuthClientExcepti…
banterCZ Oct 20, 2023
dec1a88
Bump org.springframework.boot:spring-boot-dependencies
dependabot[bot] Oct 23, 2023
00971b6
Merge pull request #457 from wultra/dependabot/maven/org.springframew…
dependabot[bot] Oct 23, 2023
6f02c2a
Bump org.apache.commons:commons-text from 1.10.0 to 1.11.0
dependabot[bot] Oct 30, 2023
33bff8c
Merge pull request #458 from wultra/dependabot/maven/org.apache.commo…
dependabot[bot] Oct 30, 2023
9e68e52
Fix #459: Update Wultra dependencies to SNAPSHOT version
banterCZ Oct 30, 2023
d4356d2
Merge pull request #460 from wultra/issues/459-wultra-snapshot-versions
banterCZ Oct 30, 2023
ec9a55f
Fix #452: Use core-bom
banterCZ Sep 21, 2023
dde4705
Merge pull request #453 from wultra/issues/452-core-bom
banterCZ Oct 31, 2023
1cbc34a
Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.0 to 3.6.2
dependabot[bot] Nov 13, 2023
464d60b
Merge pull request #461 from wultra/dependabot/maven/org.apache.maven…
dependabot[bot] Nov 13, 2023
149b99f
Bump org.bouncycastle:bcprov-jdk18on from 1.76 to 1.77
dependabot[bot] Nov 20, 2023
9712636
Merge pull request #462 from wultra/dependabot/maven/org.bouncycastle…
dependabot[bot] Nov 20, 2023
ad19219
Bump org.springframework.boot:spring-boot-dependencies
dependabot[bot] Nov 27, 2023
39790d9
Merge pull request #464 from wultra/dependabot/maven/org.springframew…
dependabot[bot] Nov 27, 2023
69a6cd5
Fix #465: Update Spring Security configuration in the documentation (…
banterCZ Nov 27, 2023
cf2aa72
Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.2 to 3.6.3
dependabot[bot] Dec 4, 2023
bfefe78
Merge pull request #467 from wultra/dependabot/maven/org.apache.maven…
dependabot[bot] Dec 4, 2023
03e7689
Fix #468: Update logback
banterCZ Dec 8, 2023
51d86ca
Merge pull request #469 from wultra/issues/468-update-logback
banterCZ Dec 12, 2023
4b7fb3c
Fix #470: Set release version to 1.6.0
banterCZ Dec 13, 2023
6ee0838
Fix #473: Update Wultra dependencies
banterCZ Dec 13, 2023
a72439a
Merge pull request #474 from wultra/issues/473-wultra-dependencies
banterCZ Jan 5, 2024
cffe5e0
Merge pull request #472 from wultra/issues/470-version-1.6.0
banterCZ Jan 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 12 additions & 11 deletions docs/RESTful-API-for-Spring.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -194,7 +194,7 @@ public class ApplicationConfiguration implements PowerAuthApplicationConfigurati

_(optional)_

Create a security configuration class `SecurityConfig` extending `WebSecurityConfigurerAdapter`. The configuration we will use:
Create a security configuration class `SecurityConfig` configuring a bean `SecurityFilterChain`. The configuration we will use:

- disable default Basic HTTP authentication
- disables CSRF (we don't need it for REST)
Expand All @@ -205,17 +205,18 @@ Create a security configuration class `SecurityConfig` extending `WebSecurityCon
```java
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
public class SecurityConfig {

@Autowired
private PowerAuthApiAuthenticationEntryPoint apiAuthenticationEntryPoint;

@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/secured/**").fullyAuthenticated();
http.httpBasic().disable();
http.csrf().disable();
http.exceptionHandling().authenticationEntryPoint(apiAuthenticationEntryPoint);
@Bean
public SecurityFilterChain filterChain(final HttpSecurity http, final PowerAuthApiAuthenticationEntryPoint apiAuthenticationEntryPoint) throws Exception {
return http
.authorizeHttpRequests(authorize -> authorize
.requestMatchers("/secured/**").fullyAuthenticated())
.exceptionHandling(exceptionHandling ->
exceptionHandling.authenticationEntryPoint(apiAuthenticationEntryPoint))
.httpBasic(AbstractHttpConfigurer::disable)
.csrf(AbstractHttpConfigurer::disable)
.build();
}

}
Expand Down
74 changes: 58 additions & 16 deletions pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@

<groupId>io.getlime.security</groupId>
<artifactId>powerauth-restful-integration-parent</artifactId>
<version>1.5.0</version>
<version>1.6.0-SNAPSHOT</version>
<packaging>pom</packaging>

<inceptionYear>2017</inceptionYear>
Expand Down Expand Up @@ -78,17 +78,21 @@
<java.version>17</java.version>
<maven.compiler.source>${java.version}</maven.compiler.source>
<maven.compiler.target>${java.version}</maven.compiler.target>
<maven-jar-plugin.version>3.3.0</maven-jar-plugin.version>
<maven-deploy-plugin.version>3.1.1</maven-deploy-plugin.version>
<maven-javadoc-plugin.version>3.6.0</maven-javadoc-plugin.version>
<maven-enforcer-plugin.version>3.4.1</maven-enforcer-plugin.version>
<maven-jar-plugin.version>3.3.0</maven-jar-plugin.version>
<maven-javadoc-plugin.version>3.6.3</maven-javadoc-plugin.version>
<maven-source-plugin.version>3.3.0</maven-source-plugin.version>
<maven-war-plugin.version>3.4.0</maven-war-plugin.version>
<spring-boot.version>3.1.3</spring-boot.version>
<commons-text.version>1.10.0</commons-text.version>
<bcprov.version>1.76</bcprov.version>
<wultra-core.version>1.7.0</wultra-core.version>
<powerauth.version>1.5.0</powerauth.version>
<powerauth-crypto.version>1.5.1</powerauth-crypto.version>
<spring-boot.version>3.1.6</spring-boot.version>
<commons-text.version>1.11.0</commons-text.version>
<bcprov.version>1.77</bcprov.version>
<!-- TODO (racansky, 2023-12-08) temporarily override the version 1.4.11 from spring boot version because of CVE -->
<logback.version>1.4.14</logback.version>

<wultra-core.version>1.8.0-SNAPSHOT</wultra-core.version>
<powerauth.version>1.6.0-SNAPSHOT</powerauth.version>
<powerauth-crypto.version>1.6.0-SNAPSHOT</powerauth-crypto.version>
</properties>

<dependencyManagement>
Expand All @@ -101,6 +105,18 @@
<scope>import</scope>
</dependency>

<!-- TODO (racansky, 2023-12-08) temporarily override the version 1.4.11 from spring boot version because of CVE -->
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>${logback.version}</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-core</artifactId>
<version>${logback.version}</version>
</dependency>

<!-- PowerAuth Restful Integration Dependencies -->
<dependency>
<groupId>io.getlime.security</groupId>
Expand All @@ -116,14 +132,10 @@

<dependency>
<groupId>io.getlime.core</groupId>
<artifactId>annotations</artifactId>
<version>${wultra-core.version}</version>
</dependency>

<dependency>
<groupId>io.getlime.core</groupId>
<artifactId>rest-model-base</artifactId>
<artifactId>core-bom</artifactId>
<version>${wultra-core.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>

<!-- 3rd Party Dependencies -->
Expand Down Expand Up @@ -190,6 +202,36 @@
<artifactId>maven-deploy-plugin</artifactId>
<version>${maven-deploy-plugin.version}</version>
</plugin>

<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>${maven-enforcer-plugin.version}</version>
<dependencies>
<dependency>
<groupId>de.skuzzle.enforcer</groupId>
<artifactId>restrict-imports-enforcer-rule</artifactId>
<version>2.4.0</version>
</dependency>
</dependencies>
<executions>
<execution>
<id>enforce-banned-java-imports</id>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<RestrictImports>
<!-- https://github.com/google/guava/issues/2960 -->
<reason>Guava depends on jsr305 but we prefer jakarta in our code</reason>
<bannedImport>javax.annotation.**</bannedImport>
</RestrictImports>
</rules>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>

Expand Down
2 changes: 1 addition & 1 deletion powerauth-restful-model/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@
<parent>
<groupId>io.getlime.security</groupId>
<artifactId>powerauth-restful-integration-parent</artifactId>
<version>1.5.0</version>
<version>1.6.0-SNAPSHOT</version>
</parent>

<dependencies>
Expand Down
2 changes: 1 addition & 1 deletion powerauth-restful-security-spring-annotation/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@
<parent>
<groupId>io.getlime.security</groupId>
<artifactId>powerauth-restful-integration-parent</artifactId>
<version>1.5.0</version>
<version>1.6.0-SNAPSHOT</version>
</parent>

<dependencies>
Expand Down
4 changes: 2 additions & 2 deletions ...getlime/security/powerauth/rest/api/spring/filter/ResettableStreamHttpServletRequest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,12 +20,12 @@
package io.getlime.security.powerauth.rest.api.spring.filter;

import com.google.common.io.ByteStreams;

import javax.annotation.Nonnull;
import jakarta.annotation.Nonnull;
import jakarta.servlet.ReadListener;
import jakarta.servlet.ServletInputStream;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletRequestWrapper;

import java.io.*;
import java.util.Arrays;

Expand Down
2 changes: 1 addition & 1 deletion ...io/getlime/security/powerauth/rest/api/spring/provider/MinimalClaimsUserInfoProvider.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,8 @@

import com.wultra.core.annotations.PublicSpi;
import io.getlime.security.powerauth.rest.api.spring.model.UserInfoContext;
import jakarta.annotation.Nonnull;

import javax.annotation.Nonnull;
import java.time.Instant;
import java.util.Collections;
import java.util.LinkedHashMap;
Expand Down
4 changes: 2 additions & 2 deletions .../getlime/security/powerauth/rest/api/spring/provider/PowerAuthAuthenticationProvider.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,15 +50,15 @@
import io.getlime.security.powerauth.rest.api.spring.model.ActivationStatus;
import io.getlime.security.powerauth.rest.api.spring.model.AuthenticationContext;
import io.getlime.security.powerauth.rest.api.spring.service.HttpCustomizationService;
import jakarta.annotation.Nonnull;
import jakarta.annotation.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.stereotype.Component;

import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import java.util.Base64;
import java.util.List;

Expand Down
6 changes: 3 additions & 3 deletions ...lime/security/powerauth/rest/api/spring/provider/PowerAuthAuthenticationProviderBase.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,12 +26,12 @@
import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthRequestFilterException;
import io.getlime.security.powerauth.rest.api.spring.model.PowerAuthRequestBody;
import io.getlime.security.powerauth.rest.api.spring.model.PowerAuthRequestObjects;
import jakarta.annotation.Nonnull;
import jakarta.annotation.Nullable;
import jakarta.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import jakarta.servlet.http.HttpServletRequest;
import java.util.ArrayList;
import java.util.List;

Expand Down
5 changes: 2 additions & 3 deletions ...a/io/getlime/security/powerauth/rest/api/spring/provider/PowerAuthEncryptionProvider.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,14 +25,13 @@
import io.getlime.security.powerauth.rest.api.spring.encryption.PowerAuthEncryptorParameters;
import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthEncryptionException;
import io.getlime.security.powerauth.rest.api.spring.service.HttpCustomizationService;
import jakarta.annotation.Nonnull;
import jakarta.annotation.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import javax.annotation.Nonnull;
import javax.annotation.Nullable;

/**
* Implementation of PowerAuth encryption provider.
*
Expand Down
10 changes: 6 additions & 4 deletions .../getlime/security/powerauth/rest/api/spring/provider/PowerAuthEncryptionProviderBase.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,9 @@
import com.fasterxml.jackson.databind.type.TypeFactory;
import io.getlime.security.powerauth.crypto.lib.encryptor.EncryptorFactory;
import io.getlime.security.powerauth.crypto.lib.encryptor.ServerEncryptor;
import io.getlime.security.powerauth.crypto.lib.encryptor.model.*;
import io.getlime.security.powerauth.crypto.lib.encryptor.model.EncryptedRequest;
import io.getlime.security.powerauth.crypto.lib.encryptor.model.EncryptedResponse;
import io.getlime.security.powerauth.crypto.lib.encryptor.model.EncryptorParameters;
import io.getlime.security.powerauth.crypto.lib.encryptor.model.v3.ServerEncryptorSecrets;
import io.getlime.security.powerauth.http.PowerAuthEncryptionHttpHeader;
import io.getlime.security.powerauth.http.PowerAuthSignatureHttpHeader;
Expand All @@ -36,17 +38,17 @@
import io.getlime.security.powerauth.rest.api.model.response.EciesEncryptedResponse;
import io.getlime.security.powerauth.rest.api.spring.encryption.EncryptionContext;
import io.getlime.security.powerauth.rest.api.spring.encryption.EncryptionScope;
import io.getlime.security.powerauth.rest.api.spring.encryption.PowerAuthEncryptorParameters;
import io.getlime.security.powerauth.rest.api.spring.encryption.PowerAuthEncryptorData;
import io.getlime.security.powerauth.rest.api.spring.encryption.PowerAuthEncryptorParameters;
import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthEncryptionException;
import io.getlime.security.powerauth.rest.api.spring.model.PowerAuthRequestBody;
import io.getlime.security.powerauth.rest.api.spring.model.PowerAuthRequestObjects;
import jakarta.annotation.Nonnull;
import jakarta.annotation.Nullable;
import jakarta.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import java.io.IOException;
import java.lang.reflect.Type;
import java.util.Base64;
Expand Down
2 changes: 1 addition & 1 deletion ...rc/main/java/io/getlime/security/powerauth/rest/api/spring/provider/UserInfoProvider.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,8 @@
import com.wultra.core.annotations.PublicSpi;
import io.getlime.security.powerauth.rest.api.model.entity.UserInfoStage;
import io.getlime.security.powerauth.rest.api.spring.model.UserInfoContext;
import jakarta.annotation.Nonnull;

import javax.annotation.Nonnull;
import java.util.Collections;
import java.util.Map;

Expand Down
2 changes: 1 addition & 1 deletion powerauth-restful-security-spring/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@
<parent>
<groupId>io.getlime.security</groupId>
<artifactId>powerauth-restful-integration-parent</artifactId>
<version>1.5.0</version>
<version>1.6.0-SNAPSHOT</version>
</parent>

<dependencies>
Expand Down
2 changes: 1 addition & 1 deletion ...rc/main/java/io/getlime/security/powerauth/rest/api/spring/service/ActivationService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -469,7 +469,7 @@ public ActivationLayer1Response createActivation(ActivationLayer1Request request
}
}
} catch (PowerAuthClientException ex) {
if (ex.getPowerAuthError() instanceof final PowerAuthErrorRecovery errorRecovery) {
if (ex.getPowerAuthError().orElse(null) instanceof final PowerAuthErrorRecovery errorRecovery) {
logger.debug("Invalid recovery code, current PUK index: {}", errorRecovery.getCurrentRecoveryPukIndex());
throw new PowerAuthRecoveryException(ex.getMessage(), "INVALID_RECOVERY_CODE", errorRecovery.getCurrentRecoveryPukIndex());
}
Expand Down
Loading