Mysql and Keycloak Building Block + Several new Dependencies (#2)

* Add Dependency Building Block for Keycloak
Add Dependency Building Block for MySQL
Add Prometheus and Micrometer to Spring Boot Building Block
Add CBOR Cose Dependency Versions
Add Digital Covid Certificate Versions
Add PDF Box Version
Add Google ZXing Versions
Add OpenCSV Version
Add Keycloak Versions
Add ModelMapper Version
App Spring Rest Docs Plugin Versions

* Update OWASP Dependency Check
Add Keycloak 15.1.1 to OWASP Suppression

keycloak/pom.xml

@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>cwa-parent-keycloak</artifactId>
+    <packaging>pom</packaging>
+
+    <name>cwa-parent-keycloak</name>
+    <description>CWA Backend Service Parent POM with dependencies for Services using Keycloak.</description>
+
+    <parent>
+        <groupId>app.coronawarn</groupId>
+        <artifactId>cwa-parent</artifactId>
+        <version>1.0-SNAPSHOT</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+
+    <dependencies>
+        <dependency>
+            <groupId>${project.parent.groupId}</groupId>
+            <artifactId>cwa-parent-spring-boot</artifactId>
+            <version>${project.parent.version}</version>
+            <type>pom</type>
+        </dependency>
+
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-spring-boot-starter</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.c4-soft.springaddons</groupId>
+            <artifactId>spring-security-oauth2-test-addons</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.c4-soft.springaddons</groupId>
+            <artifactId>spring-security-oauth2-test-webmvc-addons</artifactId>
+        </dependency>
+    </dependencies>
+</project>

mysql-persistence/pom.xml

@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>cwa-parent-mysql-persistence</artifactId>
+    <packaging>pom</packaging>
+
+    <name>cwa-parent-mysql-persistence</name>
+    <description>CWA Backend Service Parent POM with dependencies for Services building on MySQL.</description>
+
+    <parent>
+        <groupId>app.coronawarn</groupId>
+        <artifactId>cwa-parent</artifactId>
+        <version>1.0-SNAPSHOT</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+
+    <dependencies>
+        <dependency>
+            <groupId>${project.parent.groupId}</groupId>
+            <artifactId>cwa-parent-spring-boot</artifactId>
+            <version>${project.parent.version}</version>
+            <type>pom</type>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-data-jpa</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.h2database</groupId>
+            <artifactId>h2</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>mysql</groupId>
+            <artifactId>mysql-connector-java</artifactId>
+            <scope>runtime</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.liquibase</groupId>
+            <artifactId>liquibase-core</artifactId>
+        </dependency>
+    </dependencies>
+</project>

owasp/suppressions.xml

@@ -1,4 +1,10 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
 
+    <suppress>
+        <notes>Updating of Keycloak Lib is not possible at the moment. Security risk is not affecting CWA components.</notes>
+        <cve>CVE-2022-1466</cve>
+        <cve>CVE-2021-20323</cve>
+    </suppress>
+
 </suppressions>

pom.xml

@@ -40,7 +40,9 @@
         <module>feign</module>
         <module>validation</module>
         <module>shedlock</module>
+        <module>keycloak</module>
         <module>psql-persistence</module>
+        <module>mysql-persistence</module>
     </modules>
 
     <distributionManagement>
@@ -91,6 +93,9 @@
                 <artifactId>lombok</artifactId>
                 <version>1.18.24</version>
             </dependency>
+
+
+            <!-- Shedlock -->
             <dependency>
                 <groupId>net.javacrumbs.shedlock</groupId>
                 <artifactId>shedlock-spring</artifactId>
@@ -134,6 +139,7 @@
                 <scope>runtime</scope>
             </dependency>
 
+
             <!-- Persistence -->
             <dependency>
                 <groupId>org.liquibase</groupId>
@@ -146,6 +152,82 @@
                 <version>2.1.212</version>
                 <scope>runtime</scope>
             </dependency>
+
+
+            <!-- CBOR/ COSE -->
+            <dependency>
+                <groupId>com.upokecenter</groupId>
+                <artifactId>cbor</artifactId>
+                <version>4.5.2</version>
+            </dependency>
+
+
+            <!-- Digital Covid Certificate -->
+            <dependency>
+                <groupId>eu.europa.ec.dgc</groupId>
+                <artifactId>dgc-lib</artifactId>
+                <version>1.3.1</version>
+            </dependency>
+
+
+            <!-- PDF Box -->
+            <dependency>
+                <groupId>org.apache.pdfbox</groupId>
+                <artifactId>pdfbox</artifactId>
+                <version>2.0.26</version>
+            </dependency>
+
+
+            <!-- Google ZXing (QR Code Lib) -->
+            <dependency>
+                <groupId>com.google.zxing</groupId>
+                <artifactId>core</artifactId>
+                <version>3.5.0</version>
+            </dependency>
+            <dependency>
+                <groupId>com.google.zxing</groupId>
+                <artifactId>javase</artifactId>
+                <version>3.5.0</version>
+            </dependency>
+
+
+            <!-- OpenCSV -->
+            <dependency>
+                <groupId>com.opencsv</groupId>
+                <artifactId>opencsv</artifactId>
+                <version>5.6</version>
+            </dependency>
+
+
+            <!-- Keycloak -->
+            <dependency>
+                <groupId>org.keycloak</groupId>
+                <artifactId>keycloak-spring-boot-starter</artifactId>
+                <version>15.1.1</version>
+            </dependency>
+            <dependency>
+                <groupId>org.keycloak</groupId>
+                <artifactId>keycloak-admin-client</artifactId>
+                <version>15.1.1</version>
+            </dependency>
+            <dependency>
+                <groupId>com.c4-soft.springaddons</groupId>
+                <artifactId>spring-security-oauth2-test-addons</artifactId>
+                <version>3.1.15-jdk11</version>
+            </dependency>
+            <dependency>
+                <groupId>com.c4-soft.springaddons</groupId>
+                <artifactId>spring-security-oauth2-test-webmvc-addons</artifactId>
+                <version>3.1.15-jdk11</version>
+            </dependency>
+
+
+            <!-- Model Mapper -->
+            <dependency>
+                <groupId>org.modelmapper.extensions</groupId>
+                <artifactId>modelmapper-spring</artifactId>
+                <version>3.1.0</version>
+            </dependency>
         </dependencies>
     </dependencyManagement>
 
@@ -241,12 +323,31 @@
                 <plugin>
                     <groupId>org.owasp</groupId>
                     <artifactId>dependency-check-maven</artifactId>
-                    <version>7.0.4</version>
+                    <version>7.1.0</version>
                     <configuration>
                         <suppressionFile>./owasp/suppressions.xml</suppressionFile>
                         <failBuildOnAnyVulnerability>true</failBuildOnAnyVulnerability>
                     </configuration>
                 </plugin>
+
+                <!-- Spring Rest Docs (Deprecated, should be replaced with Springdoc OpenAPI) -->
+                <plugin>
+                    <groupId>org.asciidoctor</groupId>
+                    <artifactId>asciidoctor-maven-plugin</artifactId>
+                    <version>1.5.8</version>
+                    <dependencies>
+                        <dependency>
+                            <groupId>org.springframework.restdocs</groupId>
+                            <artifactId>spring-restdocs-asciidoctor</artifactId>
+                            <version>2.0.6.RELEASE</version>
+                        </dependency>
+                    </dependencies>
+                </plugin>
+                <plugin>
+                    <groupId>org.springdoc</groupId>
+                    <artifactId>springdoc-openapi-maven-plugin</artifactId>
+                    <version>1.1</version>
+                </plugin>
             </plugins>
         </pluginManagement>
 

spring-boot/pom.xml

@@ -35,6 +35,17 @@
             <groupId>org.springframework.cloud</groupId>
             <artifactId>spring-cloud-starter-sleuth</artifactId>
         </dependency>
+        <dependency>
+            <groupId>io.micrometer</groupId>
+            <artifactId>micrometer-registry-prometheus</artifactId>
+        </dependency>
+
+        <!-- Configuration -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-configuration-processor</artifactId>
+            <optional>true</optional>
+        </dependency>
 
         <!-- Vault -->
         <dependency>