diff --git a/backend/build.gradle b/backend/build.gradle index 53ddcae09..554674bbb 100644 --- a/backend/build.gradle +++ b/backend/build.gradle @@ -1,11 +1,11 @@ plugins { - id 'groovy' - id 'war' - id 'org.springframework.boot' version '2.5.12' - id 'com.gorylenko.gradle-git-properties' version '1.4.21' - id 'io.freefair.lombok' version '5.3.0' - id 'com.palantir.docker' version '0.28.0' - id 'com.palantir.docker-run' version '0.28.0' + id "groovy" + id "war" + id "org.springframework.boot" + id "io.freefair.lombok" + id "com.gorylenko.gradle-git-properties" version "1.4.21" + id "com.palantir.docker" version "0.28.0" + id "com.palantir.docker-run" version "0.28.0" } apply plugin: 'io.spring.dependency-management' @@ -24,13 +24,16 @@ repositories { url 'https://build.shibboleth.net/nexus/content/groups/public' artifactUrls = ['https://build.shibboleth.net/nexus/content/repositories/thirdparty-snapshots'] } + maven { // for the springboot plugin + url "https://plugins.gradle.org/m2/" + } mavenLocal() mavenCentral() } configurations.all { resolutionStrategy { - force 'org.cryptacular:cryptacular:1.1.3' + force "org.cryptacular:cryptacular:${project.'cryptacularVersion'}" eachDependency { details -> if (details.requested.group == 'org.seleniumhq.selenium' && details.requested.name != 'htmlunit-driver') { @@ -110,7 +113,7 @@ bootWar { } springBoot { - mainClassName = 'edu.internet2.tier.shibboleth.admin.ui.ShibbolethUiApplication' + mainClass = 'edu.internet2.tier.shibboleth.admin.ui.ShibbolethUiApplication' buildInfo() } @@ -119,7 +122,7 @@ generateLombokConfig.enabled = false dependencies { // opensaml deps ['opensaml-saml-api', 'opensaml-saml-impl', 'opensaml-xmlsec-api', 'opensaml-xmlsec-impl'].each { - compile "org.opensaml:${it}:${project.'opensaml.version'}" + compile "org.opensaml:${it}:${project.'opensamlVersion'}" } runtimeOnly "org.bouncycastle:bcprov-jdk15on:1.70" @@ -129,12 +132,12 @@ dependencies { // shibboleth idp deps ['idp-profile-spring', 'idp-profile-api'].each { - compile "net.shibboleth.idp:${it}:${project.'shibboleth.version'}" + compile "net.shibboleth.idp:${it}:${project.'shibbolethVersion'}" } // hibernate deps ['hibernate-core'].each { - compile "org.hibernate:${it}:${project.'hibernate.version'}" + compile "org.hibernate:${it}:${project.'hibernateVersion'}" } // spring boot auto-config starters @@ -142,18 +145,18 @@ dependencies { compile "org.springframework.boot:spring-boot-${it}" } // To override older version with security issue - https://www.lunasec.io/docs/blog/log4j-zero-day/ - implementation 'org.apache.logging.log4j:log4j-to-slf4j:2.17.2' - implementation 'org.apache.logging.log4j:log4j-api:2.17.2' + implementation "org.apache.logging.log4j:log4j-to-slf4j:${project.'log4JVersion'}" + implementation "org.apache.logging.log4j:log4j-api:${project.'log4JVersion'}" // TODO: figure out what this should really be - runtimeOnly 'org.springframework.boot:spring-boot-starter-tomcat:2.6.7' + runtimeOnly "org.springframework.boot:spring-boot-starter-tomcat:${project.'springbootVersion'}" //Spring Configuration Annotation Processor - makes IntelliJ happy about @ConfigurationProperties - compileOnly 'org.springframework.boot:spring-boot-configuration-processor:2.6.7' + compileOnly "org.springframework.boot:spring-boot-configuration-processor:${project.'springbootVersion'}" // lucene deps ['core', 'analyzers-common', 'queryparser'].each { - compile "org.apache.lucene:lucene-${it}:${project.'lucene.version'}" + compile "org.apache.lucene:lucene-${it}:${project.'luceneVersion'}" } compile "org.liquibase:liquibase-core" @@ -181,8 +184,8 @@ dependencies { testImplementation "org.spockframework:spock-core" testImplementation "org.spockframework:spock-spring" - testCompile 'org.springframework.boot:spring-boot-starter-test:2.6.7' - testCompile 'org.springframework.security:spring-security-test:5.6.3' + testCompile "org.springframework.boot:spring-boot-starter-test:${project.'springbootVersion'}" + testCompile "org.springframework.security:spring-security-test:${project.'springSecurityVersion'}" testCompile 'org.skyscreamer:jsonassert:1.5.0' testCompile "org.xmlunit:xmlunit-core:2.5.1" testRuntime 'cglib:cglib-nodep:3.2.5' @@ -201,18 +204,18 @@ dependencies { integrationTestCompile configurations.compile integrationTestCompile 'com.saucelabs:sebuilder-interpreter:1.0.6' integrationTestCompile 'jp.vmi:selenese-runner-java:3.20.0' - integrationTestCompile 'org.springframework.boot:spring-boot-starter-test:2.6.7' - integrationTestCompile 'org.springframework.security:spring-security-test:5.6.3' + integrationTestCompile "org.springframework.boot:spring-boot-starter-test:${project.'springbootVersion'}" + integrationTestCompile "org.springframework.security:spring-security-test:${project.'springSecurityVersion'}" // CSV file support compile 'com.opencsv:opencsv:4.4', { exclude group: 'commons-collections' } - compile 'org.apache.commons:commons-collections4:4.3' + compile "org.apache.commons:commons-collections4:${project.'commonsCollections4Version'}" // Envers for persistent entities versioning - compile 'org.hibernate:hibernate-envers' + compile "org.hibernate:hibernate-envers:${project.'hibernateVersion'}" //Pacj4 sub-project runtimeOnly project(':pac4j-module') diff --git a/beacon/core/build.gradle b/beacon/core/build.gradle index bad969c66..d84aac781 100644 --- a/beacon/core/build.gradle +++ b/beacon/core/build.gradle @@ -1,7 +1,7 @@ import org.springframework.boot.gradle.plugin.SpringBootPlugin plugins { - id 'org.springframework.boot' version '2.5.12' apply false + id 'org.springframework.boot' id 'io.spring.dependency-management' version '1.0.6.RELEASE' id 'groovy' } @@ -11,6 +11,9 @@ targetCompatibility = 11 repositories { jcenter() + maven { // for the springboot plugin + url "https://plugins.gradle.org/m2/" + } } dependencyManagement { @@ -20,7 +23,7 @@ dependencyManagement { } dependencies { - testCompile "org.springframework.boot:spring-boot-starter-test:2.6.7" + testCompile "org.springframework.boot:spring-boot-starter-test:${project.'springbootVersion'}" compile 'org.codehaus.groovy:groovy-all:3.0.10' testImplementation platform("org.spockframework:spock-bom:2.1-groovy-3.0") testImplementation "org.spockframework:spock-core" diff --git a/beacon/spring/build.gradle b/beacon/spring/build.gradle index f6ce16192..820f1d109 100644 --- a/beacon/spring/build.gradle +++ b/beacon/spring/build.gradle @@ -1,7 +1,7 @@ import org.springframework.boot.gradle.plugin.SpringBootPlugin plugins { - id 'org.springframework.boot' version '2.5.12' apply false + id 'org.springframework.boot' id 'io.spring.dependency-management' version '1.0.6.RELEASE' } @@ -11,6 +11,9 @@ targetCompatibility = 11 repositories { jcenter() + maven { // for the springboot plugin + url "https://plugins.gradle.org/m2/" + } } jar { diff --git a/gradle.properties b/gradle.properties index a1dc8806d..999d8eb9e 100644 --- a/gradle.properties +++ b/gradle.properties @@ -2,14 +2,22 @@ name=shibui group=edu.internet2.tier.shibboleth.admin.ui version=1.11.0-SNAPSHOT -shibboleth.version=4.2.1 -opensaml.version=4.2.0 - -spring-boot.version=2.5.12 - -hibernate.version=5.5.0.Final - -lucene.version=8.1.1 +### library versions +commonsCollections4Version=4.4 +cryptacularVersion=1.2.4 +hibernateVersion=5.5.0.Final +#hibernateVersion=5.6.9.Final +luceneVersion=8.1.1 +log4JVersion=2.17.2 +lombokVersion=5.3.3.3 +opensamlVersion=4.2.0 +pac4JVersion=5.4.3 +pac4jSpringSecurityVersion=7.0.3 +shibbolethVersion=4.2.1 +springbootVersion=2.5.12 +#springbootVersion=2.7.0 +springSecurityVersion=5.6.3 +# springSecurityVersion=5.7.1 org.gradle.jvmargs=-Xmx1g -XX:-UseGCOverheadLimit @@ -17,4 +25,14 @@ org.gradle.jvmargs=-Xmx1g -XX:-UseGCOverheadLimit i2.github.token= i2.github.owner=TIER i2.github.repo=shib-idp-ui -i2.github.apiEndpoint=https://github.internet2.edu/api/v3 \ No newline at end of file +i2.github.apiEndpoint=https://github.internet2.edu/api/v3 + +## NOTES +# pac4j spring security 7.0.3 here uses the pac4j 5.4.3 core, thus differences in versions (they used use the same versions, now +# keeping them in sync takes paying attention +# +# Springboot 2.7.0 and Hibernate 5.6.9 are current, but don't like all the columns named "value" in the db (along with H2), so don't +# update to these versions until ready to migrate the database columns. (the tests fail under these versions because the test database +# doesn't work). +# +# Additionally, springbootsecurity for tests doesn't like 5.7.1 \ No newline at end of file diff --git a/pac4j-module/build.gradle b/pac4j-module/build.gradle index 20f44e058..bd43c7351 100644 --- a/pac4j-module/build.gradle +++ b/pac4j-module/build.gradle @@ -1,9 +1,9 @@ plugins { id 'groovy' id 'jacoco' - id 'org.springframework.boot' version '2.5.12' apply false + id 'org.springframework.boot' id 'io.spring.dependency-management' version '1.0.7.RELEASE' - id 'io.freefair.lombok' version '5.3.0' + id 'io.freefair.lombok' } sourceCompatibility = 11 @@ -16,6 +16,9 @@ repositories { url 'https://build.shibboleth.net/nexus/content/groups/public' artifactUrls = ['https://build.shibboleth.net/nexus/content/repositories/thirdparty-snapshots'] } + maven { // for the springboot plugin + url "https://plugins.gradle.org/m2/" + } } test { @@ -33,24 +36,24 @@ generateLombokConfig.enabled = false dependencies { compileOnly project(':backend') - compile 'org.pac4j:spring-security-pac4j:7.0.3' - // pac4j is "off" - spring security 7.0.3 here uses the pac4j 5.4.3 core, thus differences in versions - compile 'org.pac4j:pac4j-core:5.4.3' - compile 'org.pac4j:pac4j-http:5.4.3' - compile 'org.pac4j:pac4j-saml:5.4.3', { + compile "org.pac4j:spring-security-pac4j:${project.'pac4jSpringSecurityVersion'}" + compile "org.pac4j:pac4j-core:${project.'pac4JVersion'}" + compile "org.pac4j:pac4j-http:${project.'pac4JVersion'}" + compile "org.pac4j:pac4j-saml:${project.'pac4JVersion'}", { // opensaml libraries are provided exclude group: 'org.opensaml' exclude group: 'commons-collections' } - compile 'org.apache.commons:commons-collections4:4.3' + compile "org.apache.commons:commons-collections4:${project.'commonsCollections4Version'}" testCompile project(':backend') - testCompile 'org.springframework.boot:spring-boot-starter-test:2.6.7' + testCompile "org.opensaml:opensaml-saml-api:${project.'opensamlVersion'}" + + testCompile "org.springframework.boot:spring-boot-starter-test:${project.'springbootVersion'}" compile 'org.codehaus.groovy:groovy-all:3.0.10' testImplementation platform("org.spockframework:spock-bom:2.1-groovy-3.0") testImplementation "org.spockframework:spock-core" testImplementation "org.spockframework:spock-spring" - testCompile 'org.opensaml:opensaml-saml-api:4.2.0' - annotationProcessor 'org.springframework.boot:spring-boot-configuration-processor:2.6.7' + annotationProcessor "org.springframework.boot:spring-boot-configuration-processor:${project.'springbootVersion'}" } \ No newline at end of file diff --git a/settings.gradle b/settings.gradle index 1b37654ef..f91662a36 100644 --- a/settings.gradle +++ b/settings.gradle @@ -1 +1,14 @@ -include 'backend', 'ui', 'pac4j-module', 'beacon', 'beacon:core', 'beacon:spring' +pluginManagement { + resolutionStrategy { + eachPlugin { + if ( requested.id.id == 'org.springframework.boot' ) { + useModule( "org.springframework.boot:spring-boot-gradle-plugin:$springbootVersion" ) + } + if ( requested.id.id == 'io.freefair.lombok' ) { + useModule( "io.freefair.gradle:lombok-plugin:$lombokVersion" ) + } + } + } +} + +include 'backend', 'ui', 'pac4j-module', 'beacon', 'beacon:core', 'beacon:spring' \ No newline at end of file