chore(deps): Bump org.springframework.boot from 3.3.5 to 3.4.0 (#1268)

* chore(deps): Bump org.springframework.boot from 3.3.5 to 3.4.0 Bumps [org.springframework.boot](https://github.com/spring-projects/spring-boot) from 3.3.5 to 3.4.0. - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v3.3.5...v3.4.0) --- updated-dependencies: - dependency-name: org.springframework.boot dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * align spring cloud version * simplify test conf * feat: update FirewallConfig wrt Spring Security 6.4.1 * chore: use ConfluentKafkaContainer module as KafkaContainer is deprecated --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Benoit Orihuela <benoit.orihuela@egm.io>
stellio-hub · Nov 27, 2024 · ed38961 · ed38961
1 parent 5dddc8b
commit ed38961
Show file tree

Hide file tree

Showing 8 changed files with 26 additions and 48 deletions.
diff --git a/api-gateway/src/main/kotlin/com/egm/stellio/apigateway/config/FirewallConfig.kt b/api-gateway/src/main/kotlin/com/egm/stellio/apigateway/config/FirewallConfig.kt
@@ -1,28 +1,18 @@
 package com.egm.stellio.apigateway.config
 
-import org.springframework.beans.BeansException
-import org.springframework.beans.factory.config.BeanPostProcessor
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
-import org.springframework.security.web.server.WebFilterChainProxy
+import org.springframework.security.web.server.firewall.ServerWebExchangeFirewall
 import org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall
 
 @Configuration
 class FirewallConfig {
 
     @Bean
-    fun beanPostProcessor(): BeanPostProcessor {
-        return object : BeanPostProcessor {
-            @Throws(BeansException::class)
-            override fun postProcessBeforeInitialization(bean: Any, beanName: String): Any {
-                if (bean is WebFilterChainProxy) {
-                    val firewall = StrictServerWebExchangeFirewall()
-                    firewall.setAllowUrlEncodedSlash(true)
-                    firewall.setAllowUrlEncodedDoubleSlash(true)
-                    bean.setFirewall(firewall)
-                }
-                return bean
-            }
+    fun httpFirewall(): ServerWebExchangeFirewall =
+        StrictServerWebExchangeFirewall().apply {
+            setAllowUrlEncodedDoubleSlash(true)
+            setAllowUrlEncodedSlash(true)
+            setAllowUrlEncodedPercent(true)
         }
-    }
 }
diff --git a/build.gradle.kts b/build.gradle.kts
@@ -11,15 +11,15 @@ buildscript {
     }
 }
 
-extra["springCloudVersion"] = "2023.0.3"
+extra["springCloudVersion"] = "2024.0.0-RC1"
 
 plugins {
     // https://docs.spring.io/spring-boot/docs/current/gradle-plugin/reference/htmlsingle/#reacting-to-other-plugins.java
     java
     `kotlin-dsl`
     // only apply the plugin in the subprojects requiring it because it expects a Spring Boot app
     // and the shared lib is obviously not one
-    id("org.springframework.boot") version "3.3.5" apply false
+    id("org.springframework.boot") version "3.4.0" apply false
     id("io.spring.dependency-management") version "1.1.6" apply false
     id("org.graalvm.buildtools.native") version "0.10.3"
     kotlin("jvm") version "2.0.21" apply false
@@ -77,12 +77,9 @@ subprojects {
         runtimeOnly("de.siegmar:logback-gelf:6.1.0")
         runtimeOnly("io.micrometer:micrometer-registry-prometheus")
 
-        testImplementation("org.springframework.boot:spring-boot-starter-test") {
-            // to ensure we are using mocks and spies from springmockk (and not from Mockito)
-            exclude(module = "mockito-core")
-        }
-        testImplementation("com.ninja-squad:springmockk:4.0.2")
+        testImplementation("org.springframework.boot:spring-boot-starter-test")
         testImplementation("io.projectreactor:reactor-test")
+        testImplementation("com.ninja-squad:springmockk:4.0.2")
         testImplementation("org.springframework.security:spring-security-test")
         testImplementation("org.jetbrains.kotlinx:kotlinx-coroutines-test")
     }

diff --git a/search-service/build.gradle.kts b/search-service/build.gradle.kts
@@ -36,8 +36,6 @@ dependencies {
     testImplementation("org.testcontainers:kafka")
     testImplementation("org.testcontainers:r2dbc")
     testImplementation(testFixtures(project(":shared")))
-    // https://docs.gradle.org/8.4/userguide/upgrading_version_8.html#test_framework_implementation_dependencies
-    testImplementation("org.springframework.boot:spring-boot-starter-test")
     testRuntimeOnly("org.junit.platform:junit-platform-launcher")
 }
 

diff --git a/search-service/src/test/kotlin/com/egm/stellio/search/discovery/web/AttributeHandlerTests.kt b/search-service/src/test/kotlin/com/egm/stellio/search/discovery/web/AttributeHandlerTests.kt
@@ -9,6 +9,7 @@ import com.egm.stellio.search.discovery.model.AttributeType
 import com.egm.stellio.search.discovery.model.AttributeTypeInfo
 import com.egm.stellio.search.discovery.service.AttributeService
 import com.egm.stellio.shared.config.ApplicationProperties
+import com.egm.stellio.shared.config.FirewallConfig
 import com.egm.stellio.shared.model.DEFAULT_DETAIL
 import com.egm.stellio.shared.model.ResourceNotFoundException
 import com.egm.stellio.shared.util.APIC_COMPOUND_CONTEXTS
@@ -28,11 +29,11 @@ import io.mockk.coEvery
 import io.mockk.coVerify
 import io.mockk.mockkClass
 import org.junit.jupiter.api.BeforeAll
-import org.junit.jupiter.api.Disabled
 import org.junit.jupiter.api.Test
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.boot.context.properties.EnableConfigurationProperties
 import org.springframework.boot.test.autoconfigure.web.reactive.WebFluxTest
+import org.springframework.context.annotation.Import
 import org.springframework.http.HttpHeaders
 import org.springframework.http.MediaType
 import org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.csrf
@@ -42,6 +43,7 @@ import org.springframework.test.web.reactive.server.WebTestClient
 
 @ActiveProfiles("test")
 @WebFluxTest(AttributeHandler::class)
+@Import(FirewallConfig::class)
 @EnableConfigurationProperties(ApplicationProperties::class, SearchProperties::class)
 class AttributeHandlerTests {
 
@@ -197,7 +199,6 @@ class AttributeHandlerTests {
         }
     }
 
-    @Disabled("Re-enable this test with spring-security 6.3.5")
     @Test
     fun `get attribute type information should search on attributes with the expanded id if provided`() {
         coEvery {

diff --git a/...ch-service/src/test/kotlin/com/egm/stellio/search/discovery/web/EntityTypeHandlerTests.kt b/...ch-service/src/test/kotlin/com/egm/stellio/search/discovery/web/EntityTypeHandlerTests.kt
@@ -10,6 +10,7 @@ import com.egm.stellio.search.discovery.model.EntityTypeInfo
 import com.egm.stellio.search.discovery.model.EntityTypeList
 import com.egm.stellio.search.discovery.service.EntityTypeService
 import com.egm.stellio.shared.config.ApplicationProperties
+import com.egm.stellio.shared.config.FirewallConfig
 import com.egm.stellio.shared.model.DEFAULT_DETAIL
 import com.egm.stellio.shared.model.ResourceNotFoundException
 import com.egm.stellio.shared.util.APIC_COMPOUND_CONTEXTS
@@ -24,11 +25,11 @@ import io.mockk.coEvery
 import io.mockk.coVerify
 import io.mockk.mockkClass
 import org.junit.jupiter.api.BeforeAll
-import org.junit.jupiter.api.Disabled
 import org.junit.jupiter.api.Test
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.boot.context.properties.EnableConfigurationProperties
 import org.springframework.boot.test.autoconfigure.web.reactive.WebFluxTest
+import org.springframework.context.annotation.Import
 import org.springframework.http.HttpHeaders
 import org.springframework.http.MediaType
 import org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.csrf
@@ -38,6 +39,7 @@ import org.springframework.test.web.reactive.server.WebTestClient
 
 @ActiveProfiles("test")
 @WebFluxTest(EntityTypeHandler::class)
+@Import(FirewallConfig::class)
 @EnableConfigurationProperties(ApplicationProperties::class, SearchProperties::class)
 class EntityTypeHandlerTests {
 
@@ -277,7 +279,6 @@ class EntityTypeHandlerTests {
         }
     }
 
-    @Disabled("Re-enable this test with spring-security 6.3.5")
     @Test
     fun `get entity type information should search on entities with the expanded type if provided`() {
         coEvery { entityTypeService.getEntityTypeInfoByType(any(), any()) } returns

diff --git a/search-service/src/test/kotlin/com/egm/stellio/search/support/WithKafkaContainer.kt b/search-service/src/test/kotlin/com/egm/stellio/search/support/WithKafkaContainer.kt
@@ -2,7 +2,7 @@ package com.egm.stellio.search.support
 
 import org.springframework.test.context.DynamicPropertyRegistry
 import org.springframework.test.context.DynamicPropertySource
-import org.testcontainers.containers.KafkaContainer
+import org.testcontainers.kafka.ConfluentKafkaContainer
 import org.testcontainers.utility.DockerImageName
 
 interface WithKafkaContainer {
@@ -12,7 +12,7 @@ interface WithKafkaContainer {
         private val kafkaImage: DockerImageName =
             DockerImageName.parse("confluentinc/cp-kafka:7.6.0")
 
-        private val kafkaContainer = KafkaContainer(kafkaImage).apply {
+        private val kafkaContainer = ConfluentKafkaContainer(kafkaImage).apply {
             withReuse(true)
         }
 

diff --git a/shared/src/main/kotlin/com/egm/stellio/shared/config/FirewallConfig.kt b/shared/src/main/kotlin/com/egm/stellio/shared/config/FirewallConfig.kt
@@ -1,28 +1,18 @@
 package com.egm.stellio.shared.config
 
-import org.springframework.beans.BeansException
-import org.springframework.beans.factory.config.BeanPostProcessor
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
-import org.springframework.security.web.server.WebFilterChainProxy
+import org.springframework.security.web.server.firewall.ServerWebExchangeFirewall
 import org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall
 
 @Configuration
 class FirewallConfig {
 
     @Bean
-    fun beanPostProcessor(): BeanPostProcessor {
-        return object : BeanPostProcessor {
-            @Throws(BeansException::class)
-            override fun postProcessBeforeInitialization(bean: Any, beanName: String): Any {
-                if (bean is WebFilterChainProxy) {
-                    val firewall = StrictServerWebExchangeFirewall()
-                    firewall.setAllowUrlEncodedSlash(true)
-                    firewall.setAllowUrlEncodedDoubleSlash(true)
-                    bean.setFirewall(firewall)
-                }
-                return bean
-            }
+    fun httpFirewall(): ServerWebExchangeFirewall =
+        StrictServerWebExchangeFirewall().apply {
+            setAllowUrlEncodedDoubleSlash(true)
+            setAllowUrlEncodedSlash(true)
+            setAllowUrlEncodedPercent(true)
         }
-    }
 }
diff --git a/shared/src/main/kotlin/com/egm/stellio/shared/config/TenantAuthenticationManagerResolver.kt b/shared/src/main/kotlin/com/egm/stellio/shared/config/TenantAuthenticationManagerResolver.kt
@@ -8,6 +8,7 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty
 import org.springframework.context.annotation.Profile
 import org.springframework.security.authentication.ReactiveAuthenticationManager
 import org.springframework.security.authentication.ReactiveAuthenticationManagerResolver
+import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder
 import org.springframework.security.oauth2.jwt.ReactiveJwtDecoders
 import org.springframework.security.oauth2.server.resource.authentication.JwtReactiveAuthenticationManager
 import org.springframework.stereotype.Component
@@ -25,7 +26,7 @@ class TenantAuthenticationManagerResolver(
 
     override fun afterPropertiesSet() {
         applicationProperties.tenants.forEach { tenantConfiguration ->
-            val jwtDecoder = ReactiveJwtDecoders.fromIssuerLocation(tenantConfiguration.issuer)
+            val jwtDecoder: ReactiveJwtDecoder = ReactiveJwtDecoders.fromIssuerLocation(tenantConfiguration.issuer)
             val jwtAuthenticationManager = JwtReactiveAuthenticationManager(jwtDecoder)
             authenticationManagers[tenantConfiguration.name] = jwtAuthenticationManager
         }