Skip to content

Commit

Permalink
Spring 6 Upgrade!!! (#1931)
Browse files Browse the repository at this point in the history
* migrating to spring6 boot 3

* work toward spring6

* use jakarta

* fix hypersistence issue

* rebase and upgrade openapi gradle plugin

* Changed dependencies in some files to satisfy the spring/camel/springboot upgrade

* Added MockEndpoint method to replace     assertMockEndpointsSatisfied();
* Removed remaining javax imports and replaced with jakarta
* Updated the SecurityConfig class to use new lambda functions instead of the currently implemented method calls

* Formatting change

* More test fixes to update dependencies for the spring upgrade

- Changed postgres dialect for tests to PostgreSQLDialect
- Changed camel-rabbitmq version to spring...-rabbitmq
- Bumped the h2_version, and hibernate_types_version
- Updated various jakarta class dependencies
- Added DuplicatesStrategy.EXCLUDE to bootJar tasks to prevent xample-workflows tests from failing

TODO: Change GenericGenerator strategy to type in the Persistence models

* Added test-code java step to test-python

* Updated mocks api code to include jakarta spring changes.

- Updated the jsonwebtoken:jjwt version
- Changed the jwtprops secret to a secret key based on the HS256 signature algo
-

* Change HttpStatus to match the exception type statusCode

* More Jwt test fixes

- Updates the props secret to use a key for the SignatureAlgorithm.HS256

* Spotless Apply check

* Trying new AntPathRequestMatchers to manage securityConfig requests to the api

* added actuator urls to spring security request matcher

* SpotlessApply on mock-bip-claims/ce SecurityConfig

* Testing if removing SecurityFilterBean fixes 401 issues in pipeline tests.

* Changed to use the new springdoc libraries for vro-app and other openapi usage.

* reverts the @EnableWebSecurity removal test

* Changed to use the new springdoc libraries for vro-app and other openapi usage.

* reverts the @EnableWebSecurity removal test

* Adding version number to openapi dependencies

* testing an add to v3_urls

* adding more dependency changes to springdoc dependencies

* Testing adding securityMatcher() to authorizeHttpRequests().

* Experimenting permitAll()

* Experimenting adding the requestMatchers back

* Experimenting with removing anyRequest()

* Testing more spring stuff with securityMatchers->requestmatching

* Add antPathMatchers to the requestMatchers fields on authorizeHttpRequests. This should help define our routes so they are clearly using AntMatchers.

* Adding more camel springboot rabbitmq dependencies

* Updates to camel routes
* updated endpoint prefixes to be spring-rabbitmq:
* change the queue -> queues
* added some camel config formatting/additions

* Added CamelQueue and TopicExchange Beans so they are explicitly created by the app.

* Add Queue and FanoutExchange beans for the bie-events-contention queues.

* Change durable flag to true on all queues

* Tweaked some fields so they don't conflict with existing definitions.

* Was deleted somehow during previous merge (@cheng)

Added migration script and code changes for action and actionResultNa… (#2069)

* added migration script and code changes for action and actionResultName changes

* added ActionName and ActionResultName to the builder method

* added unit test for 2 added fields

* Bump version to where they are on develop to address comments.

* Fix formatting

* Change assertIsSatisfied to the new method

* Change assertIsSatisfied to the new method

* Formatting Changes

* Chengjie8/issue 230 (#2112)

* update tomcat embed core library version

* more library version upgrades

* fix minor format issue

* Automated commit: Unpin versions of updated images

* update uri version in bgs service

* update to 10.1.14'

* upgrade lib version

---------

Co-authored-by: VRO Machine User <[email protected]>

* revert back the gem upgrade

---------

Co-authored-by: josiahjones <[email protected]>
Co-authored-by: Josiah Jones <[email protected]>
Co-authored-by: Chengjie Yin <[email protected]>
Co-authored-by: VRO Machine User <[email protected]>
  • Loading branch information
5 people authored Oct 19, 2023
1 parent ab091d6 commit 9b88b1a
Show file tree
Hide file tree
Showing 111 changed files with 675 additions and 350 deletions.
3 changes: 3 additions & 0 deletions .github/workflows/test-code.yml
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,9 @@ jobs:
# Need to fetch more than 1 deep to see changes
fetch-depth: 2

- name: "Set up VRO build env"
uses: ./.github/actions/setup-vro

- name: "Get changed files"
if: '! inputs.run_all_tests'
id: changed-files-specific
Expand Down
3 changes: 2 additions & 1 deletion api-gateway/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,8 @@ dependencies {
}

// Swagger UI for WebFlux
implementation 'org.springdoc:springdoc-openapi-starter-webflux-ui:2.2.0'
implementation "org.springdoc:springdoc-openapi-starter-webflux-ui:${spring_doc_version}"
implementation 'io.netty:netty-codec-http2:4.1.100.Final'

constraints {
// To address Snyk alert on DoS vulnerability
Expand Down
2 changes: 1 addition & 1 deletion api-gateway/src/main/resources/templates/index.html
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ <h3>Swagger UI</h3>

<h3>VRO info</h3>
<ul>
<li>VRO version: <span th:text="${model.version}" /></li>
<li>VRO version: <span th:text="${model.version}"></span></li>
</ul>

</body>
Expand Down
20 changes: 12 additions & 8 deletions app/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -12,15 +12,15 @@ dependencies {
implementation project(':shared:persistence-model')
implementation project(':domain-xample:xample-api-controller')

implementation 'jakarta.servlet:jakarta.servlet-api:6.0.0'
implementation 'org.apache.httpcomponents.client5:httpclient5:5.2.1'
implementation 'org.springframework.boot:spring-boot-starter-web'
implementation 'org.springframework.boot:spring-boot-starter-security'
implementation 'org.springframework.boot:spring-boot-starter-actuator'
implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
implementation "org.springframework.security:spring-security-core:${spring_security_version}"
implementation "org.springframework.security:spring-security-config:${spring_security_version}"
implementation "org.springframework.security:spring-security-web:${spring_security_version}"
implementation "org.springframework.hateoas:spring-hateoas:1.5.5"

// https://mvnrepository.com/artifact/com.auth0/java-jwt
implementation "com.auth0:java-jwt:4.4.0"
// https://mvnrepository.com/artifact/com.auth0/jwks-rsa
Expand Down Expand Up @@ -52,26 +52,30 @@ tasks.named('jacocoTestReport').configure {
afterEvaluate {
// Disable https://github.com/springdoc/springdoc-openapi-gradle-plugin
// Not particularly useful
generateOpenApiDocs.enabled = false
forkedSpringBootRun.enabled = false
// generateOpenApiDocs.enabled = false
// forkedSpringBootRun.enabled = false

tasks.named('forkedSpringBootRun').configure {
dependsOn 'bootStartScripts'
dependsOn 'checkstyleIntegrationTest'
dependsOn 'checkstyleMain'
dependsOn 'checkstyleTest'
dependsOn 'compileIntegrationTestJava'
dependsOn 'dockerfileZip'
dependsOn 'integrationTest'
dependsOn 'jar'
dependsOn 'spotlessJava'
dependsOn 'startScripts'
dependsOn 'test'
// dependsOn ':service-python:pytest' // slows down `:app:build` task

dependsOn 'jacocoTestReport'
dependsOn 'jacocoTestCoverageVerification'

dependsOn 'dockerPrepare'
}

tasks.named('spectralLint').configure {
dependsOn 'forkedSpringBootStop'
}
//
// tasks.named('spectralLint').configure {
// dependsOn 'forkedSpringBootStop'
// }
}
4 changes: 2 additions & 2 deletions app/src/main/java/gov/va/vro/VroApplication.java
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
import org.springframework.boot.context.properties.ConfigurationPropertiesScan;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.FilterType;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;

@Slf4j
@SpringBootConfiguration
Expand All @@ -18,7 +18,7 @@
excludeFilters = {
@ComponentScan.Filter(
type = FilterType.ASSIGNABLE_TYPE,
value = {WebSecurityConfigurerAdapter.class})
value = {AbstractPreAuthenticatedProcessingFilter.class})
})
public class VroApplication {
public static void main(String[] args) {
Expand Down
10 changes: 6 additions & 4 deletions app/src/main/java/gov/va/vro/config/OpenApiConfiguration.java
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@
import io.swagger.v3.oas.models.servers.Server;
import io.swagger.v3.oas.models.tags.Tag;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

Expand All @@ -21,10 +20,13 @@
@OpenAPIDefinition
@Configuration
public class OpenApiConfiguration {
@Autowired(required = false)
private List<CustomSecuritySchemeProvider> securitySchemeProviders;
private final List<CustomSecuritySchemeProvider> securitySchemeProviders;

@Autowired private final OpenApiProperties openApiProperties = new OpenApiProperties();
private final OpenApiProperties openApiProperties = new OpenApiProperties();

public OpenApiConfiguration(List<CustomSecuritySchemeProvider> securitySchemeProviders) {
this.securitySchemeProviders = securitySchemeProviders;
}

/**
* Configure OpenAPI processor.
Expand Down
98 changes: 67 additions & 31 deletions app/src/main/java/gov/va/vro/config/SecurityConfig.java
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,11 @@
import org.springframework.http.HttpStatus;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

@Configuration
@EnableWebSecurity
Expand Down Expand Up @@ -53,6 +55,10 @@ public class SecurityConfig {

private final ApiAuthKeyManager apiAuthKeyManager;

private final String ACTUATOR_URLS = "/actuator/**";

private final String V3_URLS = "/v3/**";

/**
* Sets the security filter chain.
*
Expand All @@ -66,24 +72,43 @@ public SecurityFilterChain apikeyFilterChain(HttpSecurity httpSecurity) throws E
ApiAuthKeyFilter apiAuthKeyFilter = new ApiAuthKeyFilter(apiKeyAuthHeaderName);
apiAuthKeyFilter.setAuthenticationManager(apiAuthKeyManager);

httpSecurity
.exceptionHandling()
.authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
httpSecurity.exceptionHandling(
(httpSecurityExceptionHandlingConfigurer ->
httpSecurityExceptionHandlingConfigurer.authenticationEntryPoint(
new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED))));
// Secure end point
httpSecurity
.requestMatchers()
.antMatchers(
claimInfo, claimMetrics, evidencePdf, fullHealth, healthAssessment, immediatePdf)
.and()
.csrf()
.disable()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.addFilter(apiAuthKeyFilter)
.authorizeRequests()
.anyRequest()
.authenticated();
.securityMatchers(
(matchers) ->
matchers.requestMatchers(
new AntPathRequestMatcher(claimInfo),
new AntPathRequestMatcher(claimMetrics),
new AntPathRequestMatcher(evidencePdf),
new AntPathRequestMatcher(fullHealth),
new AntPathRequestMatcher(healthAssessment),
new AntPathRequestMatcher(immediatePdf)))
.authorizeHttpRequests(
(authz) -> {
authz
.requestMatchers(
new AntPathRequestMatcher(claimInfo),
new AntPathRequestMatcher(claimMetrics),
new AntPathRequestMatcher(evidencePdf),
new AntPathRequestMatcher(fullHealth),
new AntPathRequestMatcher(healthAssessment),
new AntPathRequestMatcher(immediatePdf),
new AntPathRequestMatcher(ACTUATOR_URLS),
new AntPathRequestMatcher(V3_URLS))
.permitAll()
.anyRequest()
.authenticated();
})
.csrf(AbstractHttpConfigurer::disable)
.sessionManagement(
httpSecuritySessionManagementConfigurer ->
httpSecuritySessionManagementConfigurer.sessionCreationPolicy(
SessionCreationPolicy.STATELESS))
.addFilter(apiAuthKeyFilter);
return httpSecurity.build();
}

Expand All @@ -100,23 +125,34 @@ public SecurityFilterChain jwtFilterChain(HttpSecurity httpSecurity) throws Exce
ApiAuthKeyFilter apiAuthKeyFilter = new ApiAuthKeyFilter(jwtAuthHeaderName);
apiAuthKeyFilter.setAuthenticationManager(apiAuthKeyManager);

httpSecurity
.exceptionHandling()
.authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
httpSecurity.exceptionHandling(
(httpSecurityExceptionHandlingConfigurer ->
httpSecurityExceptionHandlingConfigurer.authenticationEntryPoint(
new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED))));
// Secure end point
httpSecurity
.requestMatchers()
.antMatchers(automatedClaim, examOrder)
.and()
.csrf()
.disable()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.addFilter(apiAuthKeyFilter)
.authorizeRequests()
.anyRequest()
.authenticated();
.securityMatchers(
(matchers) ->
matchers.requestMatchers(
new AntPathRequestMatcher(automatedClaim),
new AntPathRequestMatcher(examOrder)))
.authorizeHttpRequests(
(authz) ->
authz
.requestMatchers(
new AntPathRequestMatcher(automatedClaim),
new AntPathRequestMatcher(examOrder),
new AntPathRequestMatcher(ACTUATOR_URLS),
new AntPathRequestMatcher(V3_URLS))
.permitAll()
.anyRequest()
.authenticated())
.csrf(AbstractHttpConfigurer::disable)
.sessionManagement(
httpSecuritySessionManagementConfigurer ->
httpSecuritySessionManagementConfigurer.sessionCreationPolicy(
SessionCreationPolicy.STATELESS))
.addFilter(apiAuthKeyFilter);
return httpSecurity.build();
}
}
3 changes: 1 addition & 2 deletions app/src/main/java/gov/va/vro/security/ApiAuthKeyFilter.java
Original file line number Diff line number Diff line change
@@ -1,10 +1,9 @@
package gov.va.vro.security;

import jakarta.servlet.http.HttpServletRequest;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;

import javax.servlet.http.HttpServletRequest;

@Slf4j
public class ApiAuthKeyFilter extends AbstractPreAuthenticatedProcessingFilter {
private final String headerName;
Expand Down
17 changes: 3 additions & 14 deletions app/src/main/java/gov/va/vro/security/ApiAuthKeyManager.java
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
package gov.va.vro.security;

import com.auth0.jwt.interfaces.DecodedJWT;
import jakarta.servlet.http.HttpServletRequest;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
Expand All @@ -12,8 +14,7 @@
import org.springframework.security.core.AuthenticationException;
import org.springframework.stereotype.Component;

import javax.servlet.http.HttpServletRequest;

@Getter
@Component
@Slf4j
@NoArgsConstructor
Expand All @@ -23,10 +24,6 @@ public class ApiAuthKeyManager implements AuthenticationManager {

private HttpServletRequest httpServletRequest;

public HttpServletRequest getHttpServletRequest() {
return httpServletRequest;
}

@Autowired
public void setHttpServletRequest(HttpServletRequest httpServletRequest) {
this.httpServletRequest = httpServletRequest;
Expand All @@ -36,19 +33,11 @@ public void setHttpServletRequest(HttpServletRequest httpServletRequest) {

private JwtValidator jwtValidator;

public ApiAuthKeys getApiAuthKeys() {
return apiAuthKeys;
}

@Autowired
public void setApiAuthKeys(ApiAuthKeys apiAuthKeys) {
this.apiAuthKeys = apiAuthKeys;
}

public JwtValidator getJwtValidator() {
return jwtValidator;
}

@Autowired
public void setJwtValidator(JwtValidator jwtValidator) {
this.jwtValidator = jwtValidator;
Expand Down
12 changes: 10 additions & 2 deletions app/src/main/resources/conf-camel.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# https://camel.apache.org/camel-spring-boot/3.11.x/spring-boot.html
# https://camel.apache.org/camel-spring-boot/4.0.x/spring-boot.html

vro:
context_path: "/vro"
Expand All @@ -14,4 +14,12 @@ vro:

# To fix jackson error: Java 8 date/time type `java.time.Instant` not supported by default
# https://stackoverflow.com/questions/33397359/how-to-configure-jackson-objectmapper-for-camel-in-spring-boot
camel.dataformat.json-jackson.auto-discover-object-mapper: true
camel:
component:
rest-api:
enabled: true
dataformat:
jackson:
auto-discover-object-mapper: true
rest:
api-context-path: "/vro"
2 changes: 1 addition & 1 deletion app/src/test/java/gov/va/vro/service/spi/model/Claim.java
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package gov.va.vro.service.spi.model;

import com.fasterxml.jackson.annotation.JsonIgnore;
import jakarta.validation.constraints.NotNull;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.EqualsAndHashCode;
Expand All @@ -12,7 +13,6 @@
import java.time.OffsetDateTime;
import java.util.Set;
import java.util.UUID;
import javax.validation.constraints.NotNull;

@Getter
@Setter
Expand Down
2 changes: 1 addition & 1 deletion build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ buildscript {

plugins {
id 'local.std.base-project-conventions'
id 'pl.allegro.tech.build.axion-release' version '1.15.5'
id 'pl.allegro.tech.build.axion-release' version '1.15.4'

// Set versions for these plugins (but don't apply) so we don't have to repeat the versions in subprojects
id "org.springframework.boot" version "${spring_boot_version}" apply false
Expand Down
Loading

0 comments on commit 9b88b1a

Please sign in to comment.