IKC-424 Update backend dependencies

Author: Piotr Belke

kouncil-backend/pom.xml

@@ -15,7 +15,7 @@
     </parent>
 
     <properties>
-        <confluent.version>7.2.3</confluent.version>
+        <confluent.version>7.7.1</confluent.version>
         <springdoc-openapi-ui.version>1.8.0</springdoc-openapi-ui.version>
         <swagger-annotations.version>2.2.6</swagger-annotations.version>
         <testcontainers.version>1.17.6</testcontainers.version>
@@ -162,6 +162,10 @@
             <artifactId>postgresql</artifactId>
             <version>${postgresql.version}</version>
         </dependency>
+        <dependency>
+            <groupId>org.flywaydb</groupId>
+            <artifactId>flyway-database-postgresql</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.flywaydb</groupId>
             <artifactId>flyway-core</artifactId>

kouncil-backend/src/main/java/com/consdata/kouncil/broker/BrokersController.java

@@ -6,13 +6,13 @@
 import com.consdata.kouncil.config.KouncilConfiguration;
 import com.consdata.kouncil.logging.EntryExitLogger;
 import com.consdata.kouncil.model.admin.SystemFunctionName.Fields;
+import jakarta.annotation.security.RolesAllowed;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.List;
 import java.util.Optional;
-import javax.annotation.security.RolesAllowed;
 import javax.management.MalformedObjectNameException;
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;

kouncil-backend/src/main/java/com/consdata/kouncil/clusters/ClusterController.java

@@ -2,7 +2,7 @@
 
 import com.consdata.kouncil.clusters.dto.ClusterDto;
 import com.consdata.kouncil.model.admin.SystemFunctionName.Fields;
-import javax.annotation.security.RolesAllowed;
+import jakarta.annotation.security.RolesAllowed;
 import lombok.AllArgsConstructor;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;

kouncil-backend/src/main/java/com/consdata/kouncil/clusters/ClustersController.java

@@ -2,7 +2,7 @@
 
 import com.consdata.kouncil.clusters.dto.ClustersDto;
 import com.consdata.kouncil.model.admin.SystemFunctionName.Fields;
-import javax.annotation.security.RolesAllowed;
+import jakarta.annotation.security.RolesAllowed;
 import lombok.AllArgsConstructor;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;

kouncil-backend/src/main/java/com/consdata/kouncil/config/KouncilConfiguration.java

@@ -4,6 +4,7 @@
 import com.consdata.kouncil.clusters.ClustersService;
 import com.consdata.kouncil.clusters.converter.ClusterConfigConverter;
 import com.consdata.kouncil.clusters.dto.ClustersDto;
+import jakarta.annotation.PostConstruct;
 import java.io.IOException;
 import java.net.InetAddress;
 import java.net.UnknownHostException;
@@ -17,11 +18,10 @@
 import java.util.UUID;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
-import javax.annotation.PostConstruct;
 import lombok.Data;
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.boot.actuate.trace.http.HttpTraceRepository;
-import org.springframework.boot.actuate.trace.http.InMemoryHttpTraceRepository;
+import org.springframework.boot.actuate.web.exchanges.HttpExchangeRepository;
+import org.springframework.boot.actuate.web.exchanges.InMemoryHttpExchangeRepository;
 import org.springframework.boot.autoconfigure.kafka.KafkaProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.DependsOn;
@@ -112,8 +112,8 @@ private void generateInstallationId() {
     }
 
     @Bean
-    public HttpTraceRepository httpTraceRepository() {
-        return new InMemoryHttpTraceRepository();
+    public HttpExchangeRepository httpTraceRepository() {
+        return new InMemoryHttpExchangeRepository();
     }
 
     @Bean("fixedThreadPool")

kouncil-backend/src/main/java/com/consdata/kouncil/config/KouncilConfigurationController.java

@@ -3,9 +3,9 @@
 import com.consdata.kouncil.KouncilRuntimeException;
 import com.consdata.kouncil.logging.EntryExitLogger;
 import com.consdata.kouncil.model.admin.SystemFunctionName.Fields;
+import jakarta.annotation.security.RolesAllowed;
 import java.util.Map;
 import java.util.stream.Collectors;
-import javax.annotation.security.RolesAllowed;
 import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.web.bind.annotation.GetMapping;

kouncil-backend/src/main/java/com/consdata/kouncil/config/cluster/ClusterConfigReader.java

@@ -20,6 +20,7 @@
 import com.consdata.kouncil.model.schemaregistry.SchemaRegistrySecurityConfig;
 import com.consdata.kouncil.model.schemaregistry.SchemaSecurityProtocol;
 import com.consdata.kouncil.model.schemaregistry.StoreType;
+import jakarta.annotation.PostConstruct;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.HashSet;
@@ -28,7 +29,6 @@
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import java.util.stream.StreamSupport;
-import javax.annotation.PostConstruct;
 import lombok.Data;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;

kouncil-backend/src/main/java/com/consdata/kouncil/config/security/UserGroupsConfigReader.java

@@ -6,6 +6,7 @@
 import com.consdata.kouncil.security.KouncilRole;
 import com.consdata.kouncil.security.function.SystemFunctionsRepository;
 import com.consdata.kouncil.security.group.UserGroupRepository;
+import jakarta.annotation.PostConstruct;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.EnumMap;
@@ -16,7 +17,6 @@
 import java.util.Set;
 import java.util.stream.Collectors;
 import java.util.stream.StreamSupport;
-import javax.annotation.PostConstruct;
 import lombok.Data;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;

kouncil-backend/src/main/java/com/consdata/kouncil/config/security/ad/ActiveDirectoryWebSecurityConfig.java

@@ -19,6 +19,7 @@
 import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
+import org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
@@ -35,8 +36,11 @@ public class ActiveDirectoryWebSecurityConfig {
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
-                .csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and()
-                .cors().configurationSource(request -> {
+                .csrf(csrf -> csrf
+                        .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
+                        .csrfTokenRequestHandler(new CsrfTokenRequestAttributeHandler())
+                )
+                .cors(cors -> cors.configurationSource(request -> {
                     CorsConfiguration configuration = new CorsConfiguration();
                     configuration.setAllowedOrigins(List.of("*"));
                     configuration.setAllowedMethods(List.of("*"));
@@ -45,11 +49,11 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                     UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
                     source.registerCorsConfiguration("/**", configuration);
                     return configuration;
-                })
-                .and()
-                .authorizeRequests()
-                .antMatchers("/api/info/version", "/api/login", "/api/activeProvider", "/api/context-path", "/*", "/assets/**").permitAll()
-                .anyRequest().authenticated();
+                }))
+                .authorizeHttpRequests(authorize -> authorize
+                        .requestMatchers("/api/info/version", "/api/login", "/api/activeProvider", "/api/context-path", "/*", "/assets/**").permitAll()
+                        .anyRequest().authenticated()
+                );
         return http.build();
     }
 
@@ -59,7 +63,7 @@ GrantedAuthorityDefaults grantedAuthorityDefaults() {
     }
 
     @Bean
-    public DefaultUserPermissionsReloader userPermissionsReloader(){
+    public DefaultUserPermissionsReloader userPermissionsReloader() {
         return new DefaultUserPermissionsReloader(eventSender);
     }
 

kouncil-backend/src/main/java/com/consdata/kouncil/config/security/inmemory/InMemoryWebSecurityConfig.java

@@ -34,7 +34,7 @@
 import org.springframework.context.annotation.DependsOn;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.core.GrantedAuthorityDefaults;
@@ -45,6 +45,7 @@
 import org.springframework.security.provisioning.UserDetailsManager;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
+import org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
@@ -53,7 +54,7 @@
 @Slf4j
 @RequiredArgsConstructor
 @ConditionalOnProperty(prefix = "kouncil.auth", name = "active-provider", havingValue = "inmemory")
-@EnableGlobalMethodSecurity(jsr250Enabled = true, securedEnabled = true, prePostEnabled = true)
+@EnableMethodSecurity(jsr250Enabled = true, securedEnabled = true)
 @DependsOn({"userGroupsConfigReader"})
 public class InMemoryWebSecurityConfig {
 
@@ -62,8 +63,11 @@ public class InMemoryWebSecurityConfig {
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
-                .csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and()
-                .cors().configurationSource(request -> {
+                .csrf(csrf -> csrf
+                        .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
+                        .csrfTokenRequestHandler(new CsrfTokenRequestAttributeHandler())
+                )
+                .cors(cors -> cors.configurationSource(request -> {
                     CorsConfiguration configuration = new CorsConfiguration();
                     configuration.setAllowedOrigins(List.of("*"));
                     configuration.setAllowedMethods(List.of("*"));
@@ -72,12 +76,12 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                     UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
                     source.registerCorsConfiguration("/**", configuration);
                     return configuration;
-                })
-                .and()
-                .authorizeRequests()
-                .antMatchers("/api/info/version", "/api/firstTimeLogin", "/api/login", "/api/activeProvider", "/api/context-path","/*", "/assets/**")
-                .permitAll()
-                .anyRequest().authenticated();
+                }))
+                .authorizeHttpRequests(authorize -> authorize
+                        .requestMatchers("/api/info/version", "/api/firstTimeLogin", "/api/login", "/api/activeProvider", "/api/context-path", "/*",
+                                "/assets/**").permitAll()
+                        .anyRequest().authenticated()
+                );
         return http.build();
     }
 

kouncil-backend/src/main/java/com/consdata/kouncil/config/security/ldap/LdapWebSecurityConfig.java

@@ -23,6 +23,7 @@
 import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
+import org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
@@ -39,8 +40,11 @@ public class LdapWebSecurityConfig {
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
-                .csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and()
-                .cors().configurationSource(request -> {
+                .csrf(csrf -> csrf
+                        .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
+                        .csrfTokenRequestHandler(new CsrfTokenRequestAttributeHandler())
+                )
+                .cors(cors -> cors.configurationSource(request -> {
                     CorsConfiguration configuration = new CorsConfiguration();
                     configuration.setAllowedOrigins(List.of("*"));
                     configuration.setAllowedMethods(List.of("*"));
@@ -49,11 +53,11 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                     UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
                     source.registerCorsConfiguration("/**", configuration);
                     return configuration;
-                })
-                .and()
-                .authorizeRequests()
-                .antMatchers("/api/info/version", "/api/login", "/api/activeProvider", "/api/context-path", "/*", "/assets/**").permitAll()
-                .anyRequest().authenticated();
+                }))
+                .authorizeHttpRequests(authorize -> authorize
+                        .requestMatchers("/api/info/version", "/api/login", "/api/activeProvider", "/api/context-path", "/*", "/assets/**").permitAll()
+                        .anyRequest().authenticated()
+                );
         return http.build();
     }
 
@@ -69,7 +73,7 @@ public AuthenticationManager authenticationManager(HttpSecurity http) throws Exc
     }
 
     @Bean
-    public DefaultUserPermissionsReloader userPermissionsReloader(){
+    public DefaultUserPermissionsReloader userPermissionsReloader() {
         return new DefaultUserPermissionsReloader(eventSender);
     }
 

kouncil-backend/src/main/java/com/consdata/kouncil/config/security/sso/InMemoryAuthRepository.java

@@ -1,9 +1,9 @@
 package com.consdata.kouncil.config.security.sso;
 
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import java.util.HashMap;
 import java.util.Map;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
 import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
 
@@ -15,7 +15,7 @@ public class InMemoryAuthRepository implements AuthorizationRequestRepository<OA
     public OAuth2AuthorizationRequest loadAuthorizationRequest(HttpServletRequest request) {
         String state = request.getParameter("state");
         if (state != null) {
-            return removeAuthorizationRequest(request);
+            return removeAuthorizationRequest(request, null);
         }
         return null;
     }
@@ -27,7 +27,7 @@ public void saveAuthorizationRequest(OAuth2AuthorizationRequest authorizationReq
     }
 
     @Override
-    public OAuth2AuthorizationRequest removeAuthorizationRequest(HttpServletRequest request) {
+    public OAuth2AuthorizationRequest removeAuthorizationRequest(HttpServletRequest request, HttpServletResponse response) {
         String state = request.getParameter("state");
         if (state != null) {
             return cache.remove(state);