sciserver · glemson · Mar 3, 2026 · Mar 3, 2026 · Mar 3, 2026 · Mar 3, 2026
diff --git a/.gitignore b/.gitignore
@@ -28,7 +28,11 @@ docs/_build/
 .idea
 .project
 .classpath
+.settings/
+bin/
+*.bak
 .gradle
+ajcore.*.txt
 **/WebContent/WEB-INF/application.properties
 **/WebContent/WEB-INF/version
 

diff --git a/components/java/racm/.gitignore b/components/java/racm/.gitignore
@@ -0,0 +1,2 @@
+/lib/
+/WebContent/WEB-INF/classes/
diff --git a/components/java/racm/CLAUDE.md b/components/java/racm/CLAUDE.md
@@ -0,0 +1,39 @@
+# RACM Component
+
+## Code Style
+- Java 17 project
+- ALWAYS use Gradle for package dependencies and managing the environment
+- Always use SIMPLEST code and structure, don't over-engineer
+- Don't create unnecessary files. When creating new version of a file, archive or delete the legacy file
+- DO NOT ADD UNNECESSARY FEATURES! Keep code simple
+
+## Building
+- Gradle root is at `components/java/` (where `settings.gradle` lives)
+- Build racm and deps: `cd components/java && ./gradlew :racm:modelJar && ./gradlew :racm:build`
+- RACM's `build.gradle` excludes `spring-boot-starter-logging` to avoid log4j bridge conflicts
+
+## Eclipse Setup
+- Import as Gradle project from `components/java/` — creates separate projects per subproject
+- Buildship prefs `connection.project.dir` must point to the Gradle root (`..` for depth-1, `../..` for depth-2 subprojects)
+- Do NOT use the legacy flat `.classpath` at root (renamed to `.classpath.bak`)
+
+## Debugging in Eclipse
+- Run/debug `org.sciserver.springapp.RACMApplication` as Java Application
+- Requires two `-javaagent` VM arguments in Debug Configuration:
+  - `-javaagent:<path>/aspectjweaver-1.9.22.1.jar` (AspectJ load-time weaving, found in Gradle cache)
+  - `-javaagent:<path>/spring-instrument-<version>.jar` (Spring classloader instrumentation, stored in `racm/lib/`; version should match Spring Framework)
+- The `lib/` folder is gitignored and holds JARs needed only for local Eclipse debugging
+- Without these agents, `@EnableLoadTimeWeaving` and EclipseLink entity enhancement will fail
+
+## Configuration
+- `application.properties` consolidates all config for local development (server, login, admin, DB, URLs, etc.)
+- `jpa-config.properties` is loaded separately by EclipseLink via `RACMDatabaseConfiguration`
+- `persistence.xml` lists all JPA entity classes
+- In production, Helm generates `racm-application.yaml` with all config (see `helm/sciserver/files/racm-application.yaml`)
+
+## Key Architecture
+- Spring Boot with EclipseLink JPA (not Hibernate)
+- AspectJ for `@Transactional` support (`AdviceMode.ASPECTJ`)
+- SQL Server database
+- Auth: header, cookie, and query param filters via Spring Security
+- Depends on: `springutils:logging-interceptor`, `springutils:authenticator`, `clients:auth`
diff --git a/components/java/racm/README.md b/components/java/racm/README.md
@@ -0,0 +1,90 @@
+# RACM - Resource Access Control Manager
+
+RACM is the central authorization and resource management service for SciServer.
+It manages users, groups, resources, access control, compute jobs, and storage.
+
+## Building
+
+```sh
+cd components/java
+./gradlew :racm:modelJar && ./gradlew :racm:build
+```
+
+## Running Locally
+
+RACM can be run locally via the Spring Boot main class
+`org.sciserver.springapp.RACMApplication`. This starts an embedded Tomcat server
+without needing an external servlet container.
+
+### Prerequisites
+
+- Java 17 JDK
+- SQL Server with a `racm` database
+- Two Java agent JARs (required by AspectJ load-time weaving and EclipseLink):
+  - `aspectjweaver-1.9.22.1.jar` (available in Gradle cache after building)
+  - `spring-instrument.jar` (download from Maven Central, store in `racm/lib/` which is gitignored; version should match the Spring Framework version used by the project)
+
+### Configuration
+
+Create `src/main/resources/application.properties` (gitignored) with your local
+configuration. Use `helm/sciserver/files/racm-application.yaml` as a reference
+for all available properties. At minimum you need:
+
+```properties
+spring.application.name=racm
+server.servlet.context-path=/racm
+spring.mvc.pathmatch.matching-strategy=ant-path-matcher
+
+spring.datasource.url=jdbc:sqlserver://localhost;DatabaseName=RACM
+spring.datasource.username=racm_user
+spring.datasource.password=<your-password>
+
+spring.mvc.view.prefix=/WEB-INF/jsp/
+spring.mvc.view.suffix=.jsp
+spring.main.allow-circular-references=true
+spring.flyway.enabled=false
+
+eclipselink.logging.level=WARNING
+
+org.sciserver.racm.login.loginPortalUrl=http://localhost:8080/login-portal/
+org.sciserver.racm.login.login-admin.username=admin
+org.sciserver.racm.login.login-admin.password=<password>
+
+org.sciserver.racm.admin.username=__racm__
+org.sciserver.racm.admin.password=<password>
+org.sciserver.racm.admin.email=racm@do.not.send
+```
+
+### JVM Arguments
+
+Both Java agents must be passed as VM arguments when launching:
+
+```
+-javaagent:<path-to>/aspectjweaver-1.9.22.1.jar
+-javaagent:<path-to>/racm/lib/spring-instrument-<version>.jar
+```
+
+Without these, `@EnableLoadTimeWeaving` and EclipseLink entity enhancement will
+fail on startup.
+
+### Verifying
+
+The app starts on `http://localhost:8080/racm/`. Example endpoints:
+- `GET /racm/ugm/rest/publicgroups` — list public groups
+- `GET /racm/actuator/health` — health check
+
+### Eclipse Setup
+
+To debug in Eclipse:
+
+1. **File > Import > Gradle > Existing Gradle Project**, browse to `components/java/`
+2. Right-click `RACMApplication.java` in the `sciserver-java-racm` project > **Debug As > Java Application**
+3. In **Run > Debug Configurations > Arguments > VM arguments**, add both `-javaagent` entries above
+
+## Notes
+
+- `jpa-config.properties` is loaded separately by EclipseLink via `RACMDatabaseConfiguration`
+- External services (Login Portal, File Service, Logging) may not be available
+  locally — the app will start but those features won't work
+- The `aop.xml` excludes `org.springframework.boot.jdbc` from AspectJ weaving
+  to avoid Oracle DataSource class errors
diff --git a/components/java/racm/src/main/resources/META-INF/aop.xml b/components/java/racm/src/main/resources/META-INF/aop.xml
@@ -6,6 +6,7 @@
 		<!-- weave only our code, vourp, and spring framework -->
 		<include within="org.springframework..*"/>
 		<exclude within="org.springframework.boot.liquibase.*"/>
+		<exclude within="org.springframework.boot.jdbc..*"/>
 		<include within="org.ivoa..*"/>
 		<include within="org.sciserver.racm..*"/>
 		<include within="vourp..*"/>

diff --git a/components/java/springutils/build.gradle b/components/java/springutils/build.gradle
@@ -10,7 +10,9 @@ subprojects {
     }
 
     dependencies {
-        api 'org.springframework.boot:spring-boot-starter-web:2.6.6'
+        api('org.springframework.boot:spring-boot-starter-web:2.6.6') {
+            exclude group: 'org.springframework.boot', module: 'spring-boot-starter-logging'
+        }
         implementation 'org.springdoc:springdoc-openapi-ui:1.6.6'
         api project(':logging')
         testImplementation 'org.testng:testng:6.14.3'