Merged in feature/SHIBUI-1724 (pull request #462)

Feature/SHIBUI-1724

Approved-by: Jonathan Johnson

.gitignore

@@ -394,4 +394,9 @@ rinteg
 
 #Local run with durable H2 shell script wrapper
 **/application-h2durable.properties
-rdurable
+rdurable
+
+#Local build with no tests script wrapper
+build-no-tests
+
+beacon/spring/out

backend/build.gradle

@@ -1,18 +1,18 @@
 plugins {
     id 'groovy'
     id 'war'
-    id 'org.springframework.boot' version '2.0.0.RELEASE'
+    id 'org.springframework.boot' version '2.4.2'
     id 'com.gorylenko.gradle-git-properties' version '1.4.21'
-    id 'io.franzbecker.gradle-lombok' version '1.13'
+    id 'io.freefair.lombok' version '5.3.0'
     id 'com.palantir.docker' version '0.20.1'
     id 'com.palantir.docker-run' version '0.20.1'
 }
 
 apply plugin: 'io.spring.dependency-management'
 apply plugin: 'jacoco'
 
-sourceCompatibility = 1.8
-targetCompatibility = 1.8
+sourceCompatibility = 11
+targetCompatibility = 11
 
 repositories {
     jcenter()
@@ -55,13 +55,19 @@ sourceSets {
         java {
             srcDirs = []
         }
+        resources {
+            srcDir new File(buildDir, 'generated/ui')
+        }
     }
     integrationTest {
         groovy {
             srcDirs = ['src/integration/groovy']
+            compileClasspath += main.output
+            runtimeClasspath += main.output
         }
         resources {
             srcDir 'src/integration/resources'
+            srcDir new File(buildDir, 'generated/ui')
         }
     }
 
@@ -103,11 +109,7 @@ springBoot {
     buildInfo()
 }
 
-lombok {
-    version = "1.18.4"
-    //TODO: get new sha256
-    sha256 = ""
-}
+generateLombokConfig.enabled = false
 
 dependencies {
     // opensaml deps
@@ -126,7 +128,7 @@ dependencies {
     }
 
     // spring boot auto-config starters
-    ['starter-web', 'starter-data-jpa', 'starter-security', 'starter-actuator', 'devtools', 'starter-webflux', 'starter-thymeleaf', 'starter-mail'].each {
+    ['starter-web', 'starter-data-jpa', 'starter-security', 'starter-actuator', 'devtools', 'starter-webflux', 'starter-thymeleaf', 'starter-mail', 'starter-validation'].each {
         compile "org.springframework.boot:spring-boot-${it}"
     }
     // TODO: figure out what this should really be
@@ -146,10 +148,12 @@ dependencies {
     //For easy data mocking capabilities
     compile 'net.andreinc.mockneat:mockneat:0.1.4'
 
-    compile 'org.codehaus.groovy:groovy-all:2.4.15'
+    compile 'org.codehaus.groovy:groovy-all:3.0.7'
 
     //So it works on Java 9 without explicitly requiring to load that module (needed by Hibernate)
     runtimeOnly 'javax.xml.bind:jaxb-api:2.3.0'
+    // runtime libraries for later java versions
+    runtimeOnly 'org.glassfish.jaxb:jaxb-runtime:2.3.0'
 
     compile "com.h2database:h2"
     runtimeOnly "org.postgresql:postgresql"
@@ -162,8 +166,8 @@ dependencies {
 
     testCompile "org.springframework.boot:spring-boot-starter-test"
     testCompile "org.springframework.security:spring-security-test"
-    testCompile "org.spockframework:spock-core:1.1-groovy-2.4"
-    testCompile "org.spockframework:spock-spring:1.1-groovy-2.4"
+    testCompile "org.spockframework:spock-core:1.3-groovy-2.5"
+    testCompile "org.spockframework:spock-spring:1.3-groovy-2.5"
     testCompile "org.xmlunit:xmlunit-core:2.5.1"
     testRuntime 'cglib:cglib-nodep:3.2.5'
 
@@ -183,8 +187,8 @@ dependencies {
     integrationTestCompile 'jp.vmi:selenese-runner-java:3.20.0'
     integrationTestCompile "org.springframework.boot:spring-boot-starter-test"
     integrationTestCompile "org.springframework.security:spring-security-test"
-    integrationTestCompile "org.spockframework:spock-core:1.1-groovy-2.4"
-    integrationTestCompile "org.spockframework:spock-spring:1.1-groovy-2.4"
+    integrationTestCompile "org.spockframework:spock-core:1.3-groovy-2.5"
+    integrationTestCompile "org.spockframework:spock-spring:1.3-groovy-2.5"
 
     // CSV file support
     compile 'com.opencsv:opencsv:4.4'
@@ -209,31 +213,6 @@ dependencies {
     enversTestRuntime configurations.testRuntime
 }
 
-sourceSets {
-    main {
-        groovy {
-            srcDirs = ['src/main/groovy', 'src/main/java', generatedSrcDir]
-        }
-        java {
-            srcDirs = []
-        }
-        resources {
-            srcDir new File(buildDir, 'generated/ui')
-        }
-    }
-    integrationTest {
-        groovy {
-            srcDirs = ['src/integration/groovy']
-            compileClasspath += main.output
-            runtimeClasspath += main.output
-        }
-        resources {
-            srcDir 'src/integration/resources'
-            srcDir new File(buildDir, 'generated/ui')
-        }
-    }
-}
-
 task copyUI(type: Copy) {
     from tasks.findByPath(':ui:npm_run_buildProd').outputs
     into new File(buildDir, 'generated/ui/static')
@@ -339,7 +318,7 @@ compileJava {
 }
 
 jacoco {
-    toolVersion = '0.8.1'
+    toolVersion = '0.8.4'
 }
 
 jacocoTestReport {

backend/src/enversTest/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorControllerVersionEndpointsIntegrationTests.groovy

@@ -125,15 +125,14 @@ class EntityDescriptorControllerVersionEndpointsIntegrationTests extends Specifi
             })
             entityDescriptorRepository.save(it)
         }
-
         when:
         def headers = new HttpHeaders().with {
             it.set(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
             it
         }
 
         def allVersions = getAllEntityDescriptorVersions(ed.resourceId, List)
-        def edv1 = getEntityDescriptorForVersion(ed.resourceId, allVersions.body[0].id, String).body
+        String edv1 = getEntityDescriptorForVersion(ed.resourceId, allVersions.body[0].id, String).body
         def tedv2 = getEntityDescriptorForVersion(ed.resourceId, allVersions.body[1].id, EntityDescriptorRepresentation).body
 
         def aedv1 = new JsonSlurper().parseText(edv1).with {

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/SearchConfiguration.java

@@ -6,6 +6,7 @@
 import org.apache.lucene.analysis.LowerCaseFilter;
 import org.apache.lucene.analysis.StopFilter;
 import org.apache.lucene.analysis.TokenFilter;
+import org.apache.lucene.analysis.en.EnglishAnalyzer;
 import org.apache.lucene.analysis.ngram.NGramTokenFilter;
 import org.apache.lucene.analysis.standard.StandardAnalyzer;
 import org.apache.lucene.analysis.standard.StandardTokenizer;
@@ -33,9 +34,9 @@ protected TokenStreamComponents createComponents(String fieldName) {
                 final StandardTokenizer src = new StandardTokenizer();
                 src.setMaxTokenLength(255);
                 TokenFilter tokenFilter;
-                tokenFilter = new NGramTokenFilter(src, 3, 10);
+                tokenFilter = new NGramTokenFilter(src, 3, 10, true);
                 tokenFilter = new LowerCaseFilter(tokenFilter);
-                tokenFilter = new StopFilter(tokenFilter, StandardAnalyzer.STOP_WORDS_SET);
+                tokenFilter = new StopFilter(tokenFilter, EnglishAnalyzer.ENGLISH_STOP_WORDS_SET);
                 return new TokenStreamComponents(src, tokenFilter);
             }
         };
@@ -50,7 +51,7 @@ protected TokenStreamComponents createComponents(String fieldName) {
                 src.setMaxTokenLength(255);
                 TokenFilter tokenFilter;
                 tokenFilter = new LowerCaseFilter(src);
-                tokenFilter = new StopFilter(tokenFilter, StandardAnalyzer.STOP_WORDS_SET);
+                tokenFilter = new StopFilter(tokenFilter, EnglishAnalyzer.ENGLISH_STOP_WORDS_SET);
                 return new TokenStreamComponents(src, tokenFilter);
             }
         };

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java

@@ -10,7 +10,6 @@
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.autoconfigure.AutoConfigureBefore;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
-import org.springframework.boot.autoconfigure.security.servlet.SpringBootWebSecurityConfiguration;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
@@ -22,6 +21,7 @@
 import org.springframework.security.crypto.factory.PasswordEncoderFactories;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
+import org.springframework.security.web.firewall.DefaultHttpFirewall;
 import org.springframework.security.web.firewall.HttpFirewall;
 import org.springframework.security.web.firewall.StrictHttpFirewall;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@@ -34,7 +34,6 @@
  * Workaround for slashes in URL from [https://stackoverflow.com/questions/48453980/spring-5-0-3-requestrejectedexception-the-request-was-rejected-because-the-url]
  */
 @Configuration
-@AutoConfigureBefore(SpringBootWebSecurityConfiguration.class)
 @ConditionalOnMissingBean(WebSecurityConfigurerAdapter.class)
 public class WebSecurityConfig {
 
@@ -57,6 +56,11 @@ public HttpFirewall allowUrlEncodedSlashHttpFirewall() {
         return firewall;
     }
 
+    @Bean
+    public HttpFirewall defaultFirewall() {
+        return new DefaultHttpFirewall();
+    }
+
     @Bean
     @Profile("!no-auth")
     public WebSecurityConfigurerAdapter defaultAuth() {
@@ -144,7 +148,8 @@ protected void configure(HttpSecurity http) throws Exception {
             @Override
             public void configure(WebSecurity web) throws Exception {
                 super.configure(web);
-                web.httpFirewall(allowUrlEncodedSlashHttpFirewall());
+                //Switch to the default firewall
+                web.httpFirewall(defaultFirewall());
             }
         };
     }

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/FileCheckingFileWritingService.java

@@ -63,11 +63,11 @@ private boolean checkContentMatches(InputStream inputStream, String content) thr
         return Arrays.equals(fileDigest, contentDigest);
     }
 
-    void writeContent(Path path, String content) throws IOException {
+    protected void writeContent(Path path, String content) throws IOException {
         Files.write(path, content.getBytes());
     }
 
-    void writeContent(WritableResource resource, String content) throws IOException {
+    protected void writeContent(WritableResource resource, String content) throws IOException {
         try (OutputStream os = resource.getOutputStream()) {
             os.write(content.getBytes());
         }

backend/src/main/java/edu/internet2/tier/shibboleth/admin/util/FilterTargetRepresentationDeserializer.java

@@ -6,7 +6,6 @@
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.deser.std.StdDeserializer;
 import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.FilterTargetRepresentation;
-import jdk.nashorn.internal.runtime.regexp.joni.ast.StringNode;
 
 import java.io.IOException;
 import java.util.ArrayList;

backend/src/main/resources/application.properties

@@ -8,6 +8,8 @@
 logging.level.org.springframework=INFO
 logging.level.edu.internet2.tier.shibboleth.admin.ui=INFO
 
+spring.main.allow-bean-definition-overriding=true
+
 # Database Credentials
 spring.datasource.username=shibui
 spring.datasource.password=shibui
@@ -34,7 +36,6 @@ spring.jackson.default-property-inclusion=NON_NULL
 
 # Liquibase properties
 spring.liquibase.enabled=false
-#spring.liquibase.change-log=classpath:edu/internet2/tier/shibboleth/admin/ui/database/masterchangelog.xml
 
 # Hibernate properties
 # for production never ever use create, create-drop. It's BEST to use validate
@@ -48,6 +49,9 @@ spring.jpa.hibernate.use-new-id-generator-mappings=true
 #Envers versioning
 spring.jpa.properties.org.hibernate.envers.store_data_at_delete=true
 
+#Needed in the latest versions of Spring Boot when doing manual transaction management like we do in envers versioning code
+spring.jpa.properties.hibernate.current_session_context_class=org.springframework.orm.hibernate5.SpringSessionContext
+
 # Set the following property to periodically write out the generated metadata files. There is no default value; the following is just an example
 # shibui.metadata-dir=/opt/shibboleth-idp/metadata/generated
 shibui.logout-url=/dashboard
@@ -93,4 +97,4 @@ shibui.roles=ROLE_ADMIN,ROLE_USER,ROLE_NONE
 #This property must be set to true in order to enable posting stats to beacon endpoint. Furthermore, appropriate
 #environment variables must be set for beacon publisher to be used (the ones that are set when running shib-ui in
 #docker container
-shibui.beacon-enabled=true
+shibui.beacon-enabled=true

backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntitiesControllerIntegrationTests.groovy

@@ -17,6 +17,7 @@ import org.springframework.core.io.ClassPathResource
 import org.springframework.test.context.ActiveProfiles
 import org.springframework.test.web.reactive.server.WebTestClient
 import org.springframework.test.web.servlet.result.MockMvcResultHandlers
+import org.springframework.web.reactive.function.client.WebClient
 import org.springframework.web.util.DefaultUriBuilderFactory
 import org.xmlunit.builder.DiffBuilder
 import org.xmlunit.builder.Input
@@ -34,10 +35,11 @@ class EntitiesControllerIntegrationTests extends Specification {
     @Autowired
     private WebTestClient webClient
 
-    def setup() {
+    /*def setup() {
         // yeah, don't ask... this is just shenanigans
+        // The API is changed. Doesn't work anymore. Not sure if we need it here
         this.webClient.webClient.uriBuilderFactory.encodingMode = DefaultUriBuilderFactory.EncodingMode.NONE
-    }
+    }*/
 
     def "GET /api/entities returns the proper json"() {
         given:

backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntitiesControllerTests.groovy

@@ -104,7 +104,7 @@ class EntitiesControllerTests extends Specification {
         then:
         def x = content()
         result.andExpect(status().isOk())
-                .andExpect(content().contentType(MediaType.APPLICATION_JSON_UTF8))
+                .andExpect(content().contentType(MediaType.APPLICATION_JSON))
                 .andExpect(content().json(expectedBody, false))
     }