Merge pull request #1018 from bosch-io/fix_migration_to_new_spring_bo…

…ot_version

Update Spring Boot to 2.3.7.RELEASE

README.md

@@ -53,14 +53,14 @@ There are clients outside of the Eclipse IoT eco system as well, e.g.:
 
 ## SQL database
 
-| Database                          |                         H2                         |                               MySQL/MariaDB                               |                       MS SQL Server                       |                                  PostgreSQL                        |      IBM DB2       |
-| --------------------------------- | :------------------------------------------------: | :-----------------------------------------------------------------------: | :-------------------------------------------------------: | :----------------------------------------------------------------: | :----------------: |
-| DDLs maintained by project        |                 :white_check_mark:                 |                            :white_check_mark:                             |                    :white_check_mark:                     |                              :white_check_mark:                    | :white_check_mark: |
-| Test dependencies defined         |                 :white_check_mark:                 |                            :white_check_mark:                             |                    :white_check_mark:                     |                              :white_check_mark:                    |                    |
-| Versions tested                   |                        1.4                         |                         MySQL 5.6/5.7, AWS Aurora                         |                    MS SQL Server 2017/2019                     |                                PostgreSQL 12/13                     |  DB2 Server v11.1  |
-| Docker image with driver provided |                 :white_check_mark:                 |                    :white_check_mark: (Tag: "-mysql")                     |                    :white_check_mark:                     |                              :white_check_mark:                    |                    |
-| JDBC driver                       | [H2 1.4](https://github.com/h2database/h2database) | [MariaDB Connector/J 2.0](https://github.com/MariaDB/mariadb-connector-j) | [MSSQL-JDBC 6.4](https://github.com/Microsoft/mssql-jdbc) | [PostgreSQL JDBC Driver 42.2.10](https://github.com/pgjdbc/pgjdbc) |                    |
-| Status                            |                  Test, Dev                         |                             Production grade                              |                     Production grade                      |                                   Test, Dev                        |      Test, Dev     |
+| Database                          |                           H2                           |                                MySQL/MariaDB                                |                          MS SQL Server                           |                                  PostgreSQL                        |      IBM DB2       |
+| --------------------------------- | :----------------------------------------------------: | :-------------------------------------------------------------------------: | :--------------------------------------------------------------: | :----------------------------------------------------------------: | :----------------: |
+| DDLs maintained by project        |                   :white_check_mark:                   |                             :white_check_mark:                              |                       :white_check_mark:                         |                              :white_check_mark:                    | :white_check_mark: |
+| Test dependencies defined         |                   :white_check_mark:                   |                             :white_check_mark:                              |                       :white_check_mark:                         |                              :white_check_mark:                    |                    |
+| Versions tested                   |                          1.4                           |                          MySQL 5.6/5.7, AWS Aurora                          |                       MS SQL Server 2017/2019                    |                                PostgreSQL 12/13                    |  DB2 Server v11.1  |
+| Docker image with driver provided |                   :white_check_mark:                   |                     :white_check_mark: (Tag: "-mysql")                      |                       :white_check_mark:                         |                              :white_check_mark:                    |                    |
+| JDBC driver                       | [H2 1.4.200](https://github.com/h2database/h2database) | [MariaDB Connector/J 2.6.2](https://github.com/MariaDB/mariadb-connector-j) | [MSSQL-JDBC 7.4.1.jre8](https://github.com/Microsoft/mssql-jdbc) | [PostgreSQL JDBC Driver 42.2.14](https://github.com/pgjdbc/pgjdbc) |                    |
+| Status                            |                    Test, Dev                           |                              Production grade                               |                     Production grade                             |                                   Test, Dev                        |      Test, Dev     |
 
 ## (Optional) RabbitMQ: 3.6,3.7,3.8
 

hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java

@@ -12,13 +12,15 @@
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
+import java.util.List;
 
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
 
 import org.eclipse.hawkbit.cache.DownloadIdCache;
 import org.eclipse.hawkbit.ddi.rest.api.DdiRestConstants;
@@ -56,6 +58,7 @@
 import org.springframework.context.annotation.AdviceMode;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Primary;
 import org.springframework.context.annotation.PropertySource;
 import org.springframework.core.Ordered;
 import org.springframework.core.annotation.Order;
@@ -91,9 +94,13 @@
 import org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter;
 import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
+import org.springframework.security.web.firewall.FirewalledRequest;
+import org.springframework.security.web.firewall.HttpFirewall;
+import org.springframework.security.web.firewall.StrictHttpFirewall;
 import org.springframework.security.web.session.HttpSessionEventPublisher;
 import org.springframework.security.web.session.SessionManagementFilter;
 import org.springframework.util.Assert;
+import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.CorsConfigurationSource;
@@ -183,7 +190,7 @@ static class ControllerSecurityConfigurationAdapter extends WebSecurityConfigure
         /**
          * Filter to protect the hawkBit server DDI interface against to many
          * requests.
-         * 
+         *
          * @param securityProperties
          *            for filter configuration
          *
@@ -299,7 +306,7 @@ static class ControllerDownloadSecurityConfigurationAdapter extends WebSecurityC
         /**
          * Filter to protect the hawkBit server DDI download interface against
          * to many requests.
-         * 
+         *
          * @param securityProperties
          *            for filter configuration
          *
@@ -389,7 +396,7 @@ protected void configure(final AuthenticationManagerBuilder auth) throws Excepti
     /**
      * Filter to protect the hawkBit server system management interface against
      * to many requests.
-     * 
+     *
      * @param securityProperties
      *            for filter configuration
      *
@@ -490,7 +497,7 @@ public static class RestSecurityConfigurationAdapter extends WebSecurityConfigur
         /**
          * Filter to protect the hawkBit server Management interface against to
          * many requests.
-         * 
+         *
          * @param securityProperties
          *            for filter configuration
          *
@@ -523,9 +530,8 @@ protected void configure(final HttpSecurity http) throws Exception {
                 httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and();
             }
 
-            httpSec.authorizeRequests().anyRequest().authenticated()
-                    .antMatchers(MgmtRestConstants.BASE_SYSTEM_MAPPING + "/admin/**")
-                    .hasAnyAuthority(SpPermission.SYSTEM_ADMIN);
+            httpSec.authorizeRequests().antMatchers(MgmtRestConstants.BASE_SYSTEM_MAPPING + "/admin/**")
+                    .hasAnyAuthority(SpPermission.SYSTEM_ADMIN).anyRequest().authenticated();
 
             if (oidcBearerTokenAuthenticationFilter != null) {
 
@@ -619,7 +625,7 @@ public static class UISecurityConfigurationAdapter extends WebSecurityConfigurer
 
         /**
          * Filter to protect the hawkBit management UI against to many requests.
-         * 
+         *
          * @param securityProperties
          *            for filter configuration
          *
@@ -647,8 +653,10 @@ public AuthenticationManager authenticationManagerBean() throws Exception {
         }
 
         /**
+         * Overwriting VaadinAuthenticationSuccessHandler of default VaadinSharedSecurityConfiguration
          * @return the vaadin success authentication handler
          */
+        @Primary
         @Bean(name = VaadinSharedSecurityConfiguration.VAADIN_AUTHENTICATION_SUCCESS_HANDLER_BEAN)
         public VaadinAuthenticationSuccessHandler redirectSaveHandler(final HttpService httpService,
                 final VaadinRedirectStrategy redirectStrategy) {
@@ -719,6 +727,49 @@ protected void configure(final HttpSecurity http) throws Exception {
                     .logoutSuccessHandler(logoutSuccessHandler);
         }
 
+        /**
+         * HttpFirewall which enables to define a list of allowed host names.
+         *
+         * @return the http firewall.
+         */
+        @Bean
+        public HttpFirewall httpFirewall() {
+            final List<String> allowedHostNames = hawkbitSecurityProperties.getAllowedHostNames();
+            final IgnorePathsStrictHttpFirewall firewall = new IgnorePathsStrictHttpFirewall(
+                    hawkbitSecurityProperties.getHttpFirewallIgnoredPaths());
+
+            if (!CollectionUtils.isEmpty(allowedHostNames)) {
+                firewall.setAllowedHostnames(hostName -> {
+                    LOG.debug("Firewall check host: {}, allowed: {}", hostName, allowedHostNames.contains(hostName));
+                    return allowedHostNames.contains(hostName);
+                });
+            }
+            return firewall;
+        }
+
+        private static class IgnorePathsStrictHttpFirewall extends StrictHttpFirewall {
+
+            private final Collection<String> pathsToIgnore;
+
+            public IgnorePathsStrictHttpFirewall(final Collection<String> pathsToIgnore) {
+                super();
+                this.pathsToIgnore = pathsToIgnore;
+            }
+
+            @Override
+            public FirewalledRequest getFirewalledRequest(final HttpServletRequest request) {
+                if (pathsToIgnore != null && pathsToIgnore.contains(request.getRequestURI())) {
+                    return new FirewalledRequest(request) {
+                        @Override
+                        public void reset() {
+                            //nothing to do
+                        }
+                    };
+                }
+                return super.getFirewalledRequest(request);
+            }
+        }
+
         @Override
         public void configure(final WebSecurity webSecurity) throws Exception {
             // No security for static content

hawkbit-core/src/test/java/org/eclipse/hawkbit/api/PropertyBasedArtifactUrlHandlerTest.java

@@ -20,7 +20,7 @@
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
-import org.mockito.runners.MockitoJUnitRunner;
+import org.mockito.junit.MockitoJUnitRunner;
 
 import io.qameta.allure.Description;
 import io.qameta.allure.Feature;

hawkbit-core/src/test/java/org/eclipse/hawkbit/cache/DefaultDownloadIdCacheTest.java

@@ -18,7 +18,7 @@
 import org.mockito.ArgumentCaptor;
 import org.mockito.Captor;
 import org.mockito.Mock;
-import org.mockito.runners.MockitoJUnitRunner;
+import org.mockito.junit.MockitoJUnitRunner;
 import org.springframework.cache.Cache;
 import org.springframework.cache.CacheManager;
 import org.springframework.cache.support.SimpleValueWrapper;

hawkbit-dmf/hawkbit-dmf-amqp/pom.xml

@@ -21,7 +21,6 @@
    <name>hawkBit :: DMF :: AMQP 0.9 Implementation</name>
 
    <dependencies>
-
       <dependency>
          <groupId>org.eclipse.hawkbit</groupId>
          <artifactId>hawkbit-repository-api</artifactId>

hawkbit-dmf/hawkbit-dmf-amqp/src/test/java/org/eclipse/hawkbit/amqp/BaseAmqpServiceTest.java

@@ -21,7 +21,7 @@
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
-import org.mockito.runners.MockitoJUnitRunner;
+import org.mockito.junit.MockitoJUnitRunner;
 import org.springframework.amqp.core.Message;
 import org.springframework.amqp.core.MessageProperties;
 import org.springframework.amqp.rabbit.core.RabbitTemplate;

hawkbit-dmf/hawkbit-dmf-amqp/src/test/java/org/eclipse/hawkbit/matcher/SoftwareModuleJsonMatcher.java

@@ -16,7 +16,6 @@
 import org.eclipse.hawkbit.repository.model.SoftwareModule;
 import org.hamcrest.BaseMatcher;
 import org.hamcrest.Description;
-import org.hamcrest.Factory;
 
 /**
  * Set matcher for {@link SoftwareModule} and a list of
@@ -44,7 +43,6 @@ public final class SoftwareModuleJsonMatcher {
      * @param expectedModules
      *            the json sofware modules.
      */
-    @Factory
     public static SoftwareModulesMatcher containsExactly(final List<DmfSoftwareModule> expectedModules) {
         return new SoftwareModulesMatcher(expectedModules);
     }

hawkbit-http-security/src/test/java/org/eclipse/hawkbit/security/PreAuthTokenSourceTrustAuthenticationProviderTest.java

@@ -17,7 +17,7 @@
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
-import org.mockito.runners.MockitoJUnitRunner;
+import org.mockito.junit.MockitoJUnitRunner;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.InsufficientAuthenticationException;
 import org.springframework.security.core.Authentication;

hawkbit-repository/hawkbit-repository-api/pom.xml

@@ -25,6 +25,10 @@
          <artifactId>hawkbit-security-core</artifactId>
          <version>${project.version}</version>
       </dependency>
+      <dependency>
+         <groupId>com.fasterxml.jackson.core</groupId>
+         <artifactId>jackson-annotations</artifactId>
+      </dependency>
       <dependency>
          <groupId>javax.validation</groupId>
          <artifactId>validation-api</artifactId>

hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/ArtifactManagement.java

@@ -28,7 +28,6 @@
 import org.eclipse.hawkbit.repository.model.SoftwareModule;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.Pageable;
-import org.springframework.hateoas.Identifiable;
 import org.springframework.security.access.prepost.PreAuthorize;
 
 /**
@@ -70,7 +69,7 @@ public interface ArtifactManagement {
 
     /**
      * Garbage collects artifact binaries if only referenced by given
-     * {@link SoftwareModule#getId()} or {@link SoftwareModules} that are marged
+     * {@link SoftwareModule#getId()} or {@link SoftwareModule}'s that are marked
      * as deleted.
      * 
      *

hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/Identifiable.java

@@ -0,0 +1,20 @@
+/**
+ * Copyright (c) 2020 Bosch.IO GmbH and others.
+ *
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ */
+package org.eclipse.hawkbit.repository;
+
+import java.io.Serializable;
+
+/**
+ * @param <T> the parameter of the class
+ */
+@FunctionalInterface
+public interface Identifiable<T extends Serializable> {
+
+    T getId();
+}

hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/event/remote/MultiActionEvent.java

@@ -8,9 +8,9 @@
  */
 package org.eclipse.hawkbit.repository.event.remote;
 
+import org.eclipse.hawkbit.repository.Identifiable;
 import org.eclipse.hawkbit.repository.model.Action;
 import org.eclipse.hawkbit.repository.model.Target;
-import org.springframework.hateoas.Identifiable;
 
 import java.util.ArrayList;
 import java.util.Iterator;

hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/model/AssignedSoftwareModule.java

@@ -8,9 +8,10 @@
  */
 package org.eclipse.hawkbit.repository.model;
 
+import org.eclipse.hawkbit.repository.Identifiable;
+
 import java.io.Serializable;
 
-import org.springframework.hateoas.Identifiable;
 
 /**
  * Use to display software modules for the selected distribution.

hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/model/BaseEntity.java

@@ -8,11 +8,11 @@
  */
 package org.eclipse.hawkbit.repository.model;
 
+import org.eclipse.hawkbit.repository.Identifiable;
+
 import java.io.Serializable;
 import java.util.concurrent.TimeUnit;
 
-import org.springframework.hateoas.Identifiable;
-
 /**
  * Core information of all entities.
  *

hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/model/TargetWithActionStatus.java

@@ -8,8 +8,8 @@
  */
 package org.eclipse.hawkbit.repository.model;
 
+import org.eclipse.hawkbit.repository.Identifiable;
 import org.eclipse.hawkbit.repository.model.Action.Status;
-import org.springframework.hateoas.Identifiable;
 
 /**
  * 

hawkbit-repository/hawkbit-repository-api/src/test/java/org/eclipse/hawkbit/repository/MaintenanceScheduleHelperTest.java

@@ -47,7 +47,7 @@ public void validateDurationInvalid() {
         final String duration = "10";
         assertThatThrownBy(() -> MaintenanceScheduleHelper.validateDuration(duration))
                 .isInstanceOf(InvalidMaintenanceScheduleException.class).hasMessage("Provided duration is not valid")
-                .extracting("durationErrorIndex").containsExactly(2);
+            .extracting("durationErrorIndex").isEqualTo(2);
     }
 
     @Test

hawkbit-repository/hawkbit-repository-core/src/main/java/org/eclipse/hawkbit/repository/builder/AbstractBaseEntityBuilder.java

@@ -8,7 +8,7 @@
  */
 package org.eclipse.hawkbit.repository.builder;
 
-import org.springframework.hateoas.Identifiable;
+import org.eclipse.hawkbit.repository.Identifiable;
 
 public abstract class AbstractBaseEntityBuilder implements Identifiable<Long> {
 

hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/JpaControllerManagement.java

@@ -914,7 +914,7 @@ public List<String> getActionHistoryMessages(final long actionId, final int mess
                 ? RepositoryConstants.MAX_ACTION_HISTORY_MSG_COUNT
                 : messageCount;
 
-        final PageRequest pageable = PageRequest.of(0, limit, new Sort(Direction.DESC, "occurredAt"));
+        final PageRequest pageable = PageRequest.of(0, limit, Sort.by(Direction.DESC, "occurredAt"));
         final Page<String> messages = actionStatusRepository.findMessagesByActionIdAndMessageNotLike(pageable, actionId,
                 RepositoryConstants.SERVER_MESSAGE_PREFIX + "%");
 

hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/JpaRolloutManagement.java

@@ -333,7 +333,7 @@ private void handleCreateRollout(final JpaRollout rollout) {
         LOGGER.debug("handleCreateRollout called for rollout {}", rollout.getId());
 
         final List<RolloutGroup> rolloutGroups = rolloutGroupManagement.findByRollout(
-                PageRequest.of(0, quotaManagement.getMaxRolloutGroupsPerRollout(), new Sort(Direction.ASC, "id")),
+                PageRequest.of(0, quotaManagement.getMaxRolloutGroupsPerRollout(), Sort.by(Direction.ASC, "id")),
                 rollout.getId()).getContent();
 
         int readyGroups = 0;