Skip to content

Update Spring Boot version from 2.7 to 3.0 #24

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dtreskunov wants to merge 9 commits into
base: master
Choose a base branch
from
Open

Update Spring Boot version from 2.7 to 3.0 #24

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
5c45ff0
update build to jvm 19
Dec 6, 2023
ef0aeba
downgrade java to 17 and gradle to 7.4
Dec 6, 2023
55c7be1
wip: update to spring boot 3.0
Dec 6, 2023
75e6b8b
wip: fix openssl warning
Dec 6, 2023
733c5cf
fix failing tests related to revoked cert checks
Dec 6, 2023
fbd9127
try out using arm64 for unlimited travis build minutes
Dec 6, 2023
4735853
fix failing jetty tests
Dec 7, 2023
b01181b
update versions of spring and logback
Dec 20, 2024
7907ac7
try out using ppc64le for unlimited travis build minutes
Dec 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion .travis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,11 @@
os: linux
arch:
- ppc64le

language: java

jdk:
- openjdk11
- openjdk17

# don't run `gradle assemble` https://docs.travis-ci.com/user/customizing-the-build/#Skipping-the-Installation-Step
install: true
Expand Down Expand Up @@ -78,6 +82,7 @@ before_install:
- env | grep '^TRAVIS_' | sort
- openssl aes-256-cbc -K $encrypted_7a85652b67b9_key -iv $encrypted_7a85652b67b9_iv
-in secring.gpg.enc -out secring.gpg -d
- openssl version

env:
global:
Expand Down
39 changes: 31 additions & 8 deletions build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ plugins {
id 'com.palantir.git-version' version '0.12.2'
id 'io.codearte.nexus-staging' version '0.21.2'
id 'de.marcphilipp.nexus-publish' version '0.4.0'
id 'io.spring.dependency-management' version '1.1.7'
}

group = 'com.github.dtreskunov'
Expand All @@ -38,24 +39,37 @@ println "Project version: ${version}"

ext {
isSnapshotVersion = version.endsWith('SNAPSHOT')
servletContainer = project.getProperties().getOrDefault('servletContainer', 'tomcat')
}
java {
sourceCompatibility = 17
targetCompatibility = 17
}

sourceCompatibility = 1.8
targetCompatibility = 1.8
// override dependency versions specified in
// https://repo1.maven.org/maven2/org/springframework/boot/spring-boot-dependencies/2.7.18/spring-boot-dependencies-2.7.18.pom
ext['logback.version'] = '1.4.14'
ext['spring-framework.version'] = '6.0.23'

repositories {
mavenCentral()
}

// https://www.baeldung.com/spring-boot-override-dependency-versions
dependencyManagement {
imports {
mavenBom 'org.springframework.boot:spring-boot-dependencies:3.0.13'
mavenBom 'software.amazon.awssdk:bom:2.21.33'
}
}

dependencies {
implementation platform('org.springframework.boot:spring-boot-dependencies:2.7.18')
implementation platform('software.amazon.awssdk:bom:2.21.33')
api('org.springframework.boot:spring-boot')
api('org.springframework.boot:spring-boot-autoconfigure')
api('org.springframework:spring-web')
api('org.slf4j:slf4j-api')
api('javax.validation:validation-api:2.0.1.Final')
api('javax.servlet:javax.servlet-api')
api('jakarta.servlet:jakarta.servlet-api')
api(project.getProperties().getOrDefault('fips', 'true').toBoolean() ? 'org.bouncycastle:bcpkix-fips:1.0.5' : 'org.bouncycastle:bcpkix-jdk15on:1.69')
compileOnly('org.eclipse.jetty:jetty-server') // needed for jetty-specific customizations
compileOnly('org.apache.tomcat.embed:tomcat-embed-core') // needed for tomcat-specific customizations
Expand All @@ -65,15 +79,24 @@ dependencies {
testRuntimeOnly('org.springframework.boot:spring-boot-starter-web') {
exclude group: 'org.springframework.boot', module: 'spring-boot-starter-tomcat'
}
testRuntimeOnly('org.springframework.boot:spring-boot-starter-' + project.getProperties().getOrDefault('servletContainer', 'tomcat'))
testRuntimeOnly('org.springframework.boot:spring-boot-starter-' + servletContainer)
testImplementation('org.springframework.boot:spring-boot-starter-security')
testImplementation('org.springframework.boot:spring-boot-starter-test')
testImplementation('org.springframework.security:spring-security-test')
testImplementation('org.apache.httpcomponents:httpclient')
testImplementation('org.apache.httpcomponents.client5:httpclient5')
testImplementation('org.junit-pioneer:junit-pioneer:1.4.2')
testImplementation('software.amazon.awssdk:secretsmanager') // needed for AWS Secrets Manager support
}

if ('jetty'.equals(servletContainer)) {
dependencies {
// this shouldn't be needed for Spring Boot 3.2+
// https://github.com/spring-projects/spring-boot/issues/33044
// https://github.com/spring-projects/spring-boot/issues/31720
testRuntimeOnly('org.eclipse.jetty.toolchain:jetty-jakarta-servlet-api:5.0.2')
}
}

task generateTestCerts(type: Exec) {
def dir = new File(project.rootDir, "src/test/resources/ssl")
doFirst {
Expand All @@ -90,7 +113,7 @@ test {
showStandardStreams = true
}
// https://junit-pioneer.org/docs/environment-variables/#warnings-for-reflective-access
jvmArgs '--add-opens=java.base/java.util=ALL-UNNAMED'
jvmArgs '--add-opens=java.base/java.lang=ALL-UNNAMED', '--add-opens=java.base/java.util=ALL-UNNAMED'
}

//disable javadoc doclint for Java8
Expand Down
12 changes: 6 additions & 6 deletions gradle/wrapper/gradle-wrapper.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#Tue Apr 16 12:15:33 PDT 2019
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-7.0.2-bin.zip
#Wed Dec 06 13:31:11 PST 2023
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-7.4.2-bin.zip
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists
13 changes: 7 additions & 6 deletions src/main/java/com/github/dtreskunov/easyssl/ClientCertificateCheckingFilter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,18 +5,19 @@
import java.security.cert.X509Certificate;

import javax.net.ssl.X509TrustManager;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.web.server.Ssl.ClientAuth;
import org.springframework.http.HttpStatus;
import org.springframework.web.filter.GenericFilterBean;

import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletResponse;

/**
* A servlet filter that responds with a {@link HttpStatus#FORBIDDEN 403 Forbidden} when the provided
* {@link X509Certificate client certificate} is not trusted according to the provided {@link X509TrustManager} - for example,
Expand All @@ -31,7 +32,7 @@
*/
class ClientCertificateCheckingFilter extends GenericFilterBean {

private static final String REQUEST_ATTRIBUTE_X509_CERTIFICATE = "javax.servlet.request.X509Certificate";
private static final String REQUEST_ATTRIBUTE_X509_CERTIFICATE = "jakarta.servlet.request.X509Certificate";
private final Logger m_log = LoggerFactory.getLogger(getClass());
private final X509TrustManager m_trustManager;

Expand Down
3 changes: 2 additions & 1 deletion src/main/java/com/github/dtreskunov/easyssl/EasySslBeans.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
import java.util.Map;

import javax.net.ssl.SSLContext;
import javax.servlet.Filter;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
Expand All @@ -26,6 +25,8 @@
import org.springframework.core.env.PropertySource;
import org.springframework.web.client.RestTemplate;

import jakarta.servlet.Filter;

/**
* Defines Spring beans that are used for mutual SSL. They are:
* <ol>
Expand Down
8 changes: 4 additions & 4 deletions src/test/gen.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,15 +82,15 @@ def gen
# Create private key
if key_pkcs8
if key_pass
`openssl ecparam -genkey -name secp256r1 | openssl ec | openssl pkcs8 -out #{key} -topk8 -v1 PBE-SHA1-RC4-128 -passout pass:#{key_pass}`
`openssl ecparam -genkey -name prime256v1 | openssl ec | openssl pkcs8 -out #{key} -topk8 -v1 PBE-SHA1-RC4-128 -passout pass:#{key_pass}`
else
`openssl ecparam -genkey -name secp256r1 | openssl ec | openssl pkcs8 -out #{key} -topk8 -nocrypt`
`openssl ecparam -genkey -name prime256v1 | openssl ec | openssl pkcs8 -out #{key} -topk8 -nocrypt`
end
else
if key_pass
`openssl ecparam -genkey -name secp256r1 | openssl ec -out #{key} -aes128 -passout pass:#{key_pass}`
`openssl ecparam -genkey -name prime256v1 | openssl ec -out #{key} -aes128 -passout pass:#{key_pass}`
else
`openssl ecparam -genkey -name secp256r1 | openssl ec -out #{key}`
`openssl ecparam -genkey -name prime256v1 | openssl ec -out #{key}`
end
end

Expand Down
19 changes: 16 additions & 3 deletions src/test/java/com/github/dtreskunov/easyssl/IntegrationTestUsingRealServer.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,12 @@

import javax.net.ssl.SSLContext;

import org.apache.http.client.HttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.hc.client5.http.classic.HttpClient;
import org.apache.hc.client5.http.impl.classic.HttpClients;
import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
import org.apache.hc.client5.http.io.HttpClientConnectionManager;
import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory;
import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactoryBuilder;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.Test;
Expand Down Expand Up @@ -56,7 +60,16 @@ public class IntegrationTestUsingRealServer {
private RestTemplate restTemplate;

private RestTemplate getRestTemplate(SSLContext sslContext) throws Exception {
HttpClient httpClient = HttpClientBuilder.create().setSSLContext(sslContext).build();
SSLConnectionSocketFactory sslSocketFactory = SSLConnectionSocketFactoryBuilder.create()
.setSslContext(sslContext)
.build();
HttpClientConnectionManager cm = PoolingHttpClientConnectionManagerBuilder.create()
.setSSLSocketFactory(sslSocketFactory)
.build();
HttpClient httpClient = HttpClients.custom()
.setConnectionManager(cm)
.evictExpiredConnections()
.build();
return new RestTemplateBuilder()
.rootUri(protocol + "://localhost:" + port)
.requestFactory(() -> new HttpComponentsClientHttpRequestFactory(httpClient))
Expand Down
4 changes: 2 additions & 2 deletions src/test/java/com/github/dtreskunov/easyssl/server/Security.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.authority.AuthorityUtils;
Expand All @@ -13,7 +13,7 @@
import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableMethodSecurity(prePostEnabled = true)
public class Security {

@Bean
Expand Down