Release 5.14.0

.github/workflows/build-dev-image.yml

@@ -30,6 +30,7 @@ jobs:
     with:
       aws-region: ${{ vars.AWS_REGION }}
       image-tag: 'develop-${{ github.run_number }}'
+      additional-tag: 'develop-latest'
       version: 'develop-${{ github.run_number }}'
       date: ${{ needs.variables-setup.outputs.date }}
       runs-on: ubuntu-latest

.github/workflows/java-checks.yml

@@ -7,18 +7,18 @@ on:
       - '.github/**'
       - README.md
       - gradle.properties
-  push:
-    branches:
-      - master
-      - develop
-    paths-ignore:
-      - '.github/**'
-      - README.md
-      - gradle.properties
 
 jobs:
-  call-java-cheks:
-    name: Call Java checks
+  call-java-checks:
+    if : ${{ github.event_name == 'pull_request' && github.base_ref != 'refs/heads/master' }}
+    name: Call Java Checks
+    uses: reportportal/.github/.github/workflows/java-checks.yaml@main
+    secrets: inherit
+
+  call-release-java-checks:
+    if: ${{ github.event_name == 'pull_request' && github.base_ref == 'refs/heads/master' }}
+    name: Call Release Java Checks
     uses: reportportal/.github/.github/workflows/java-checks.yaml@main
     with:
-      runs-on: ubuntu-latest
+      release-mode: true
+    secrets: inherit

.github/workflows/release.yml

@@ -1,44 +1,13 @@
-name: Release
+name: Release Workflow
 
 on:
-  push:
-    branches:
-      - master
-    paths-ignore:
-      - '.github/**'
-      - README.md
-      - gradle.properties
-
-env:
-  GH_USER_NAME: github.actor
-  RELEASE_VERSION: 5.13.2
-
-jobs:
   release:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v2
+    types: [published]
 
-      - name: Set up JDK 21
-        uses: actions/setup-java@v2
-        with:
-          distribution: 'adopt'
-          java-version: '21'
-
-      - name: Grant execute permission for gradlew
-        run: chmod +x gradlew
-
-      - name: Setup git credentials
-        uses: oleksiyrudenko/gha-git-credentials@v2-latest
-        with:
-          name: 'reportportal.io'
-          email: '[email protected]'
-          token: ${{ secrets.GITHUB_TOKEN }}
+jobs:
+  publish-artifacts:
+    uses: reportportal/.github/.github/workflows/java-build-release.yaml@main
 
-      - name: Release with Gradle
-        id: release
-        run: |
-          ./gradlew release -PreleaseMode -PgithubUserName=${{env.GH_USER_NAME}} -PgithubToken=${{secrets.GITHUB_TOKEN}} \
-          -PgpgPassphrase=${{secrets.GPG_PASSPHRASE}} -PgpgPrivateKey="${{secrets.GPG_PRIVATE_KEY}}" \
-          -Prelease.releaseVersion=${{env.RELEASE_VERSION}}
+    with:
+      artifact_upload_url: 'https://maven.pkg.github.com/'
+      java_version: "21"

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "migrations"]
+	path = migrations
+	url = https://github.com/reportportal/migrations

Dockerfile

@@ -9,11 +9,11 @@ RUN if [ "${RELEASE_MODE}" = true ]; then \
         -Dorg.gradle.project.version=${APP_VERSION}; \
     else gradle build --no-build-cache --exclude-task test -Dorg.gradle.project.version=${APP_VERSION}; fi
 
-FROM amazoncorretto:21.0.6
+FROM amazoncorretto:21.0.7
 LABEL version=${APP_VERSION} description="EPAM ReportPortal. Auth Service" maintainer="Andrei Varabyeu <[email protected]>, Hleb Kanonik <[email protected]>"
 ARG APP_VERSION=${APP_VERSION}
 ENV APP_DIR=/usr/app
-ENV JAVA_OPTS="-Xmx1g -XX:+UseG1GC -XX:InitiatingHeapOccupancyPercent=70 -Djava.security.egd=file:/dev/./urandom  --add-opens=java.base/java.lang=ALL-UNNAMED"
+ENV JAVA_OPTS="-Xmx1g -XX:+UseG1GC -XX:InitiatingHeapOccupancyPercent=70 -Djava.security.egd=file:/dev/./urandom"
 WORKDIR $APP_DIR
 COPY --from=build $APP_DIR/build/libs/service-authorization-*exec.jar .
 VOLUME ["/tmp"]

build.gradle

@@ -1,16 +1,14 @@
 plugins {
-    id 'io.spring.dependency-management' version '1.1.4'
-    id 'org.springframework.boot' version '2.5.15'
+    id 'io.spring.dependency-management' version '1.1.7'
+    id 'org.springframework.boot' version '3.4.4'
     id 'java'
     id 'java-library'
-    id "org.owasp.dependencycheck" version "9.0.9"
+    id "org.owasp.dependencycheck" version "11.1.1"
 }
 
 apply from: 'project-properties.gradle'
-//apply from: "$scriptsUrl/build-docker.gradle"
 apply from: "$scriptsUrl/build-info.gradle"
 apply from: "$scriptsUrl/build-commons.gradle"
-//apply from: "$scriptsUrl/build-quality.gradle"
 apply from: "$scriptsUrl/release-service.gradle"
 apply from: "$scriptsUrl/signing.gradle"
 
@@ -21,102 +19,98 @@ repositories {
     }
 }
 
-ext['spring-boot.version'] = '2.5.15'
-//https://nvd.nist.gov/vuln/detail/CVE-2020-10683 (dom4j 2.1.3 version dependency) AND https://nvd.nist.gov/vuln/detail/CVE-2019-14900
-ext['hibernate.version'] = '5.4.18.Final'
-//https://nvd.nist.gov/vuln/detail/CVE-2020-10693
-ext['hibernate-validator.version'] = '6.1.5.Final'
-//https://nvd.nist.gov/vuln/detail/CVE-2020-13692
+ext['spring-boot.version'] = '3.4.4'
+ext['hibernate-validator.version'] = '8.0.2.Final'
 //ext['postgresql.version'] = '42.2.13'
-//https://nvd.nist.gov/vuln/detail/CVE-2020-9488
-ext['log4j2.version'] = '2.21.1'
 
 
-dependencyManagement {
-    imports {
-        mavenBom(releaseMode ? 'com.epam.reportportal:commons-bom:' + '5.13.4' : 'com.epam.reportportal:commons-bom:5.13.4')
-    }
-}
-
 dependencies {
-    if (releaseMode) {
-        api 'com.epam.reportportal:commons-dao'
-        api 'com.epam.reportportal:commons'
-    } else {
-        api 'com.epam.reportportal:commons-dao'
-        api 'com.epam.reportportal:commons'
-    }
 
-    //Fix CVE-2021-41079, CVE-2022-23181, CVE-2021-33037, CVE-2021-30640, CVE-2022-42252, CVE-2023-46589, CVE-2024-24549
-    implementation 'org.apache.tomcat.embed:tomcat-embed-core:9.0.99'
-    implementation 'org.apache.tomcat.embed:tomcat-embed-el:9.0.99'
-    implementation 'org.apache.tomcat.embed:tomcat-embed-websocket:9.0.99'
-    //Fix CVE-2015-7501, CVE-2015-4852
-    implementation 'org.apache.commons:commons-collections4:4.4'
-    //Fix CVE-2018-10237
-    implementation 'com.google.guava:guava:33.3.0-jre'
-    //Fix CVE-2020-13956
-    api 'org.apache.httpcomponents:httpclient:4.5.14'
-    //Fix CVE-2022-40152
-    api 'com.fasterxml.woodstox:woodstox-core:6.5.1'
+    implementation 'org.apache.tomcat.embed:tomcat-embed-core:10.1.40'
+    implementation 'org.apache.tomcat.embed:tomcat-embed-el:10.1.40'
+    implementation 'org.apache.tomcat.embed:tomcat-embed-websocket:10.1.40'
 
+    // Spring Boot Starters
+    api 'org.springframework.boot:spring-boot-starter-data-jpa'
     api 'org.springframework.boot:spring-boot-starter-web'
     implementation 'org.springframework.boot:spring-boot-starter-actuator'
-    api 'org.springframework.boot:spring-boot-starter-security'
     implementation 'org.springframework.boot:spring-boot-starter-amqp'
-    //Fix CVE-2023-34050
-    implementation 'org.springframework.amqp:spring-amqp:2.4.17'
-    //Fix CVE-2023-40827, CVE-2023-40828, CVE-2023-40826
-    implementation 'org.springframework:spring-webmvc:5.3.39'
-    implementation 'org.springframework:spring-web:5.3.39'
-
-    ///// Security
-    //https://nvd.nist.gov/vuln/detail/CVE-2020-5407 AND https://nvd.nist.gov/vuln/detail/CVE-2020-5408
-    implementation 'org.springframework.security:spring-security-core:5.8.16'
-    implementation 'org.springframework.security:spring-security-config:5.8.16'
-    implementation 'org.springframework.security:spring-security-web:5.8.16'
-    implementation 'org.springframework:spring-jdbc:6.1.5'
-    //
+    api 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.3'
+
+    // Spring Framework Core
+    api 'org.springframework:spring-jdbc'
+    implementation 'org.springframework:spring-webmvc'
+    api 'org.springframework:spring-web'
+    implementation 'org.springframework:spring-core'
+
+    // Database & Persistence
+    implementation 'org.postgresql:postgresql:42.7.3'
+    implementation "org.hibernate.validator:hibernate-validator:${hibernateValidatorVersion}"
 
+    // Utilities
+    implementation 'org.apache.commons:commons-collections4:4.4'
+    implementation 'com.google.guava:guava:33.3.0-jre'
+    implementation "org.apache.commons:commons-lang3:${commonsLangVersion}"
+    implementation 'net.coobird:thumbnailator:0.4.20'
+    api 'commons-validator:commons-validator:1.9.0'
+    api 'org.apache.commons:commons-compress:1.26.0'
+    implementation 'javax.xml.bind:jaxb-api:2.4.0-b180830.0359'
+    api 'jakarta.servlet:jakarta.servlet-api:6.1.0'
+    api 'org.apache.tika:tika-core:3.1.0'
+
+    // Cloud & Storage
+    implementation "software.amazon.awssdk:aws-core:${aws}"
+    implementation "io.netty:netty-handler:4.1.119.Final"
+    implementation "software.amazon.awssdk:sts:${aws}"
+    api "org.apache.jclouds.api:s3:${jclouds}"
+    implementation "org.apache.jclouds.provider:aws-s3:${jclouds}"
+    implementation "org.apache.jclouds.api:filesystem:${jclouds}"
+
+    // Security
+    implementation 'org.springframework.security:spring-security-core'
+    implementation 'org.springframework.security:spring-security-config'
+    implementation 'org.springframework.security:spring-security-web'
+    api 'org.springframework.boot:spring-boot-starter-oauth2-client'
+    api 'org.springframework.boot:spring-boot-starter-security'
     api 'org.springframework.security:spring-security-oauth2-client'
-    //Fix CVE-2023-1370
-    implementation 'net.minidev:json-smart:2.4.10'
-    //Fix CVE-2022-22969
-    api 'org.springframework.security.oauth:spring-security-oauth2:2.5.2.RELEASE'
-    implementation 'org.springframework.security.oauth:spring-security-oauth2:2.5.2.RELEASE'
+    implementation 'org.springframework.security:spring-security-oauth2-authorization-server:1.4.2'
+    implementation 'org.springframework.security:spring-security-oauth2-jose'
+    implementation 'org.springframework.security:spring-security-oauth2-core'
     implementation 'org.springframework.security:spring-security-jwt:1.1.1.RELEASE'
-    //Fix CVE-2020-15522 in org.springframework.security:spring-security-jwt:1.1.1.RELEASE
-    implementation 'org.bouncycastle:bcprov-jdk15on:1.70'
     implementation 'org.springframework.security:spring-security-ldap'
-    // TODO: consider migration to spring-security-saml2-service-provider
-    implementation 'org.springframework.security.extensions:spring-security-saml2-core:2.0.0.M31'
-    implementation 'commons-collections:commons-collections:3.2.2'
-    //Temporary fix of https://nvd.nist.gov/vuln/detail/CVE-2019-12400
-    implementation 'org.apache.santuario:xmlsec:3.0.3'
-    //Fix CVE-2015-7501, CVE-2015-4852
-    implementation 'org.apache.commons:commons-collections4:4.4'
-
-    //Fix CVE-2023-6378, CVE-2023-6481, CVE-2023-6378, CVE-2023-6481
-    implementation 'ch.qos.logback:logback-classic:1.2.13'
-    implementation 'ch.qos.logback:logback-core:1.2.13'
+    implementation 'org.springframework.security:spring-security-saml2-service-provider:6.4.2'
+    implementation 'org.opensaml:opensaml-saml-api:4.0.1'
+    implementation 'org.opensaml:opensaml-saml-impl:4.0.1'
+    runtimeOnly 'com.nimbusds:oauth2-oidc-sdk:9.43.4'
 
-
-    api 'javax.inject:javax.inject:1'
-    implementation 'org.springdoc:springdoc-openapi-ui:1.7.0'
-    api 'org.apache.commons:commons-compress:1.26.0'
+    //Others dependencies
+    implementation 'org.jasypt:jasypt:1.9.3'
+    implementation 'net.minidev:json-smart:2.4.10'
+    implementation 'org.bouncycastle:bcprov-jdk18on:1.80'
+    implementation 'org.apache.santuario:xmlsec:3.0.3'
     implementation 'org.cryptacular:cryptacular:1.1.4'
-    // TODO: snakeyaml 2.0 supported by Spring Boot 2.7 and 3.X only
-    // We don't user application.yml, so it's safe to use 2.2
-    implementation 'org.yaml:snakeyaml:2.2'
-    implementation 'org.hibernate:hibernate-core:5.4.24.Final'
-    implementation 'org.springframework:spring-core:5.3.39'
-    implementation "com.rabbitmq:http-client:5.2.0"
-
-    // add lombok support
+    implementation 'org.apache.velocity:velocity-engine-core:2.4.1'
+    implementation 'com.rabbitmq:http-client:5.3.0'
+    api 'org.apache.httpcomponents.client5:httpclient5:5.4.3'
+    implementation 'org.bouncycastle:bcprov-jdk18on:1.80'
+
+    // Lombok
     compileOnly "org.projectlombok:lombok:${lombokVersion}"
     annotationProcessor "org.projectlombok:lombok:${lombokVersion}"
     testCompileOnly "org.projectlombok:lombok:${lombokVersion}"
     testAnnotationProcessor "org.projectlombok:lombok:${lombokVersion}"
+
+    // Testing
+    testImplementation 'org.springframework.boot:spring-boot-starter-test'
+    testImplementation 'org.flywaydb.flyway-test-extensions:flyway-spring-test:6.1.0'
+    implementation platform("org.testcontainers:testcontainers-bom:${testContainers}")
+    testImplementation "org.testcontainers:junit-jupiter:${testContainers}"
+    testImplementation "org.testcontainers:postgresql:${testContainers}"
+    testImplementation("org.testcontainers:minio:${testContainers}")
+}
+
+tasks.register('updateSubmodule', Exec) {
+    commandLine 'git', 'submodule', 'update', '--init'
 }
 
 processResources {
@@ -136,15 +130,44 @@ tasks.withType(JavaCompile).configureEach {
 }
 
 bootJar {
+    duplicatesStrategy = duplicatesStrategy.EXCLUDE
     System.getenv().containsKey("K8S") ? getArchiveFileName().set('app.jar') : archiveClassifier.set('exec')
 }
 jar.enabled(true)
 jar.archiveClassifier.set('')
 
+test {
+    useJUnitPlatform()
+    testLogging {
+        events = ["failed"]
+        exceptionFormat = "short"
+    }
+}
+
+springBoot {
+    buildInfo {
+        properties {
+            name = "Authorization Service"
+            version = "${project.version}"
+            additional = [
+                    "description": "$project.description",
+                    "branch"     : getCurrentGitBranch(),
+                    "repo"       : "reportportal/service-authorization"
+            ]
+            excludes = ['time', 'artifact']
+        }
+    }
+}
+
+configurations {
+    all {
+        exclude group: 'commons-logging', module: 'commons-logging'
+    }
+}
 
 publish.dependsOn build
 publish.mustRunAfter build
 
 tasks.preTagCommit.enabled = false
 tasks.updateVersion.enabled = false
-tasks.commitNewVersion.enabled = false
+tasks.commitNewVersion.enabled = false

gradle.properties

@@ -1,8 +1,13 @@
-version=5.13.2
+version=5.14.0
 description=Unified Authorization Trap for all ReportPortal's Services
 dockerPrepareEnvironment=
 dockerJavaOpts=-Xmx512m -XX:+UseG1GC -XX:InitiatingHeapOccupancyPercent=70 -Djava.security.egd=file:/dev/./urandom
 dockerJavaOptsDev=-Xmx1g -XX:+UseG1GC -XX:InitiatingHeapOccupancyPercent=70 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp -Djava.security.egd=file:/dev/./urandom
 dockerServerUrl=unix:///var/run/docker.sock
 
-lombokVersion=1.18.30
+lombokVersion=1.18.36
+commonsLangVersion=3.9
+testContainers=1.20.5
+hibernateValidatorVersion=8.0.2.Final
+jclouds=2.6.0
+aws=2.31.23

project-properties.gradle

@@ -3,8 +3,8 @@ def commonScriptsUrl = 'https://raw.githubusercontent.com/reportportal/gradle-sc
 project.ext {
     publishRepo = "https://maven.pkg.github.com/reportportal/service-authorization"
     dependencyRepos = ["commons-dao", "commons-rules", "commons-model", "commons-bom"]
-    releaseMode = project.hasProperty("releaseMode")
-    scriptsUrl = commonScriptsUrl + (releaseMode ? '5.12.0' : 'develop')
+    releaseMode = project.hasProperty("releaseMode") ? project.releaseMode.toBoolean() : false
+    scriptsUrl = commonScriptsUrl + (releaseMode ? '5.14.0' : 'develop')
     isDebugMode = System.getProperty("DEBUG", "false") == "true"
 }
 

src/main/java/com/epam/reportportal/auth/AdminPasswordInitializer.java

@@ -18,11 +18,11 @@
 
 import static java.util.Optional.ofNullable;
 
+import com.epam.reportportal.auth.dao.UserRepository;
+import com.epam.reportportal.auth.entity.user.User;
 import com.epam.reportportal.auth.exception.EnvironmentVariablesNotProvidedException;
-import com.epam.ta.reportportal.dao.UserRepository;
-import com.epam.ta.reportportal.entity.user.User;
 import java.util.Optional;
-import javax.persistence.EntityNotFoundException;
+import jakarta.persistence.EntityNotFoundException;
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;