diff --git a/build.gradle b/build.gradle index 4f616f0..a8574e4 100644 --- a/build.gradle +++ b/build.gradle @@ -1,45 +1,42 @@ plugins { id 'java' - id 'io.spring.dependency-management' version '1.0.11.RELEASE' - id 'org.springframework.boot' version '2.6.4' + id 'org.springframework.boot' version '3.4.2' + id 'io.spring.dependency-management' version '1.1.7' } -jar { - archivesBaseName = 'seminar' +group = 'ru.ulstu' +version = '0.0.1-SNAPSHOT' + +java { + toolchain { + languageVersion = JavaLanguageVersion.of(21) + } } repositories { maven { - url "http://repo.athene.tech/repository/maven-central/" + url = uri("http://repo.athene.tech/repository/maven-central/") allowInsecureProtocol(true) } } - -sourceCompatibility = 11 -targetCompatibility = 11 - dependencies { - ext { - versionSLF4J = '1.7.24' - versionJetty = '9.3.16.v20170120' - versionJackson = '2.9.4' - versionSwagger = '2.5.0' - } - - implementation group: 'org.springframework.boot', name: 'spring-boot-starter-web' + implementation 'org.springframework.boot:spring-boot-starter' + implementation 'org.springframework.boot:spring-boot-starter-web' implementation group: 'org.springframework.boot', name: 'spring-boot-starter-jetty' implementation group: 'org.springframework.boot', name: 'spring-boot-starter-thymeleaf' implementation group: 'org.springframework.boot', name: 'spring-boot-starter-validation' implementation group: 'org.springframework.boot', name:'spring-boot-starter-data-jpa' implementation group: 'org.springframework.boot', name: 'spring-boot-starter-security' - implementation group: 'org.slf4j', name: 'slf4j-api', version: versionSLF4J - implementation group: 'nz.net.ultraq.thymeleaf', name: 'thymeleaf-layout-dialect', version: '3.1.0' - implementation group: 'org.thymeleaf.extras', name: 'thymeleaf-extras-springsecurity5' + implementation group: 'org.slf4j', name: 'slf4j-api' + implementation group: 'nz.net.ultraq.thymeleaf', name: 'thymeleaf-layout-dialect' + implementation group: 'org.thymeleaf.extras', name: 'thymeleaf-extras-springsecurity6' implementation group: 'com.h2database', name:'h2' - implementation group: 'javax.xml.bind', name: 'jaxb-api' - implementation group: 'org.javassist', name: 'javassist' + implementation group: 'jakarta.xml.bind', name: 'jakarta.xml.bind-api', version: '4.0.2' + implementation group: 'org.javassist', name: 'javassist', version: '3.30.2-GA' + implementation group: 'com.fasterxml.jackson.module', name: 'jackson-module-blackbird' + implementation group: 'com.fasterxml.jackson.core', name: 'jackson-core', version: '2.13.2' - implementation group: 'org.eclipse.jetty', name: 'jetty-servlet', version: versionJetty + implementation group: 'org.eclipse.jetty', name: 'jetty-servlets', version: '11.0.24' implementation group: 'org.webjars', name: 'jquery', version: '3.6.0' implementation group: 'org.webjars', name: 'bootstrap', version: '4.3.0' @@ -48,9 +45,13 @@ dependencies { implementation group: 'org.webjars', name: 'font-awesome', version: '4.7.0' implementation group: 'org.webjars', name: 'momentjs', version: '2.24.0' implementation group: 'org.webjars', name: 'bootstrap-glyphicons', version: 'bdd2cbfba0' - implementation group: 'org.webjars', name: 'summernote', version: '0.8.10' - testImplementation group: 'org.springframework.boot', name: 'spring-boot-starter-test' + testImplementation 'org.springframework.boot:spring-boot-starter-test' + testRuntimeOnly 'org.junit.platform:junit-platform-launcher' +} + +tasks.named('test') { + useJUnitPlatform() } diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar index 13372ae..a4b76b9 100644 Binary files a/gradle/wrapper/gradle-wrapper.jar and b/gradle/wrapper/gradle-wrapper.jar differ diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index d66f36f..e2847c8 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,6 +1,7 @@ -#Mon Dec 28 10:00:20 PST 2015 distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists +distributionUrl=https\://services.gradle.org/distributions/gradle-8.11.1-bin.zip +networkTimeout=10000 +validateDistributionUrl=true zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-7.4-bin.zip diff --git a/src/main/java/ru/ulstu/configuration/SecurityConfiguration.java b/src/main/java/ru/ulstu/configuration/SecurityConfiguration.java index 5da4970..74dd2d1 100644 --- a/src/main/java/ru/ulstu/configuration/SecurityConfiguration.java +++ b/src/main/java/ru/ulstu/configuration/SecurityConfiguration.java @@ -2,85 +2,46 @@ package ru.ulstu.configuration; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.BeanInitializationException; -import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; -import org.springframework.security.web.authentication.AuthenticationSuccessHandler; -import org.springframework.security.web.authentication.logout.LogoutSuccessHandler; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; +import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer; +import org.springframework.security.web.SecurityFilterChain; import ru.ulstu.model.UserRoleConstants; -import ru.ulstu.user.UserService; @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true) -public class SecurityConfiguration extends WebSecurityConfigurerAdapter { +public class SecurityConfiguration { private final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class); - private final UserService userService; - private final BCryptPasswordEncoder bCryptPasswordEncoder; - private final AuthenticationSuccessHandler authenticationSuccessHandler; - private final LogoutSuccessHandler logoutSuccessHandler; - - public SecurityConfiguration(UserService userService, - BCryptPasswordEncoder bCryptPasswordEncoder, - AuthenticationSuccessHandler authenticationSuccessHandler, - LogoutSuccessHandler logoutSuccessHandler) { - this.userService = userService; - this.bCryptPasswordEncoder = bCryptPasswordEncoder; - this.authenticationSuccessHandler = authenticationSuccessHandler; - this.logoutSuccessHandler = logoutSuccessHandler; - } - - @Override - protected void configure(HttpSecurity http) throws Exception { - http.csrf().disable(); - http.headers().frameOptions().disable(); + @Bean + public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { log.debug("Security enabled"); - http.authorizeRequests() - .antMatchers("/").permitAll() - .antMatchers("/login", "/index", "/news/**", "/meetings/**", "/files/**", "/docs/**", - "/public/**", "/organizers", "/webjars/**", "/h2-console/*", "/h2-console").permitAll() - .antMatchers("/swagger-ui.html").hasAuthority(UserRoleConstants.ADMIN) - .anyRequest().authenticated() - .and() - .formLogin() - .loginPage("/login") - .failureUrl("/loginError") - .successHandler(authenticationSuccessHandler) - .permitAll() - .and() - .logout() - .logoutSuccessHandler(logoutSuccessHandler) - .logoutSuccessUrl(Constants.LOGOUT_URL) - .invalidateHttpSession(false) - .clearAuthentication(true) - .deleteCookies(Constants.COOKIES_NAME) - .permitAll(); + http + .headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable)) + .csrf(AbstractHttpConfigurer::disable) + .authorizeHttpRequests(auth -> + auth.requestMatchers("/").permitAll() + .requestMatchers("/login", "/index", "/news/**", "/meetings/**", "/files/**", "/docs/**", + "/public/**", "/organizers", "/webjars/**", "/h2-console/*", "/h2-console", + "/css/**", "/js/**", "/img/**", "/templates/**", "/webjars/**").permitAll() + .requestMatchers("/swagger-ui.html").hasAuthority(UserRoleConstants.ADMIN) + .anyRequest().authenticated()) + .formLogin(form -> + form.loginPage("/login") + .failureUrl("/loginError") + .permitAll()) + .logout(logout -> + logout + .logoutSuccessUrl(Constants.LOGOUT_URL) + .invalidateHttpSession(false) + .clearAuthentication(true) + .deleteCookies(Constants.COOKIES_NAME) + .permitAll()); + return http.build(); } - - @Override - public void configure(WebSecurity web) { - web.ignoring() - .antMatchers("/css/**") - .antMatchers("/js/**") - .antMatchers("/img/**") - .antMatchers("/templates/**") - .antMatchers("/webjars/**"); - } - - @Autowired - public void configureGlobal(AuthenticationManagerBuilder auth) { - try { - auth.userDetailsService(userService).passwordEncoder(bCryptPasswordEncoder); - } catch (Exception e) { - throw new BeanInitializationException("Security configuration failed", e); - } - } -} +} \ No newline at end of file diff --git a/src/main/java/ru/ulstu/configuration/TemplateConfiguration.java b/src/main/java/ru/ulstu/configuration/TemplateConfiguration.java index 3b697a0..1d41306 100644 --- a/src/main/java/ru/ulstu/configuration/TemplateConfiguration.java +++ b/src/main/java/ru/ulstu/configuration/TemplateConfiguration.java @@ -9,8 +9,8 @@ package ru.ulstu.configuration; import nz.net.ultraq.thymeleaf.layoutdialect.LayoutDialect; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.thymeleaf.extras.springsecurity5.dialect.SpringSecurityDialect; -import org.thymeleaf.spring5.SpringTemplateEngine; +import org.thymeleaf.extras.springsecurity6.dialect.SpringSecurityDialect; +import org.thymeleaf.spring6.SpringTemplateEngine; import org.thymeleaf.templateresolver.ITemplateResolver; @Configuration diff --git a/src/main/java/ru/ulstu/meeting/Meeting.java b/src/main/java/ru/ulstu/meeting/Meeting.java index c118b45..023239e 100644 --- a/src/main/java/ru/ulstu/meeting/Meeting.java +++ b/src/main/java/ru/ulstu/meeting/Meeting.java @@ -1,16 +1,16 @@ package ru.ulstu.meeting; +import jakarta.persistence.CascadeType; +import jakarta.persistence.Entity; +import jakarta.persistence.JoinColumn; +import jakarta.persistence.Lob; +import jakarta.persistence.OneToOne; +import jakarta.persistence.Transient; +import jakarta.validation.constraints.NotEmpty; import org.springframework.format.annotation.DateTimeFormat; import ru.ulstu.model.BaseEntity; import ru.ulstu.news.News; -import javax.persistence.CascadeType; -import javax.persistence.Entity; -import javax.persistence.JoinColumn; -import javax.persistence.Lob; -import javax.persistence.OneToOne; -import javax.persistence.Transient; -import javax.validation.constraints.NotEmpty; import java.util.Date; @Entity diff --git a/src/main/java/ru/ulstu/meeting/MeetingController.java b/src/main/java/ru/ulstu/meeting/MeetingController.java index 1166961..8389143 100644 --- a/src/main/java/ru/ulstu/meeting/MeetingController.java +++ b/src/main/java/ru/ulstu/meeting/MeetingController.java @@ -6,6 +6,7 @@ package ru.ulstu.meeting; +import jakarta.validation.Valid; import org.springframework.data.domain.Page; import org.springframework.security.access.annotation.Secured; import org.springframework.stereotype.Controller; @@ -20,7 +21,6 @@ import org.springframework.web.bind.annotation.RequestParam; import ru.ulstu.model.OffsetablePageRequest; import ru.ulstu.model.UserRoleConstants; -import javax.validation.Valid; import java.util.List; import java.util.Optional; import java.util.stream.Collectors; diff --git a/src/main/java/ru/ulstu/meeting/MeetingService.java b/src/main/java/ru/ulstu/meeting/MeetingService.java index 42f8634..a50b4e2 100644 --- a/src/main/java/ru/ulstu/meeting/MeetingService.java +++ b/src/main/java/ru/ulstu/meeting/MeetingService.java @@ -1,14 +1,13 @@ package ru.ulstu.meeting; +import jakarta.transaction.Transactional; +import jakarta.validation.constraints.NotNull; import org.springframework.data.domain.Page; import org.springframework.data.domain.Pageable; import org.springframework.stereotype.Service; import ru.ulstu.news.News; import ru.ulstu.news.NewsService; -import javax.transaction.Transactional; -import javax.validation.constraints.NotNull; - @Service public class MeetingService { private final MeetingRepository meetingRepository; diff --git a/src/main/java/ru/ulstu/model/BaseEntity.java b/src/main/java/ru/ulstu/model/BaseEntity.java index 7946ec0..80b2022 100644 --- a/src/main/java/ru/ulstu/model/BaseEntity.java +++ b/src/main/java/ru/ulstu/model/BaseEntity.java @@ -1,11 +1,12 @@ package ru.ulstu.model; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.MappedSuperclass; -import javax.persistence.Version; -import javax.validation.constraints.NotNull; +import jakarta.persistence.GeneratedValue; +import jakarta.persistence.GenerationType; +import jakarta.persistence.Id; +import jakarta.persistence.MappedSuperclass; +import jakarta.persistence.Version; +import jakarta.validation.constraints.NotNull; + import java.io.Serializable; @MappedSuperclass diff --git a/src/main/java/ru/ulstu/model/User.java b/src/main/java/ru/ulstu/model/User.java index 5db0c57..8cedf25 100644 --- a/src/main/java/ru/ulstu/model/User.java +++ b/src/main/java/ru/ulstu/model/User.java @@ -1,16 +1,16 @@ package ru.ulstu.model; +import jakarta.persistence.Column; +import jakarta.persistence.Entity; +import jakarta.persistence.JoinColumn; +import jakarta.persistence.JoinTable; +import jakarta.persistence.ManyToMany; +import jakarta.persistence.Table; +import jakarta.validation.constraints.NotNull; +import jakarta.validation.constraints.Pattern; +import jakarta.validation.constraints.Size; import ru.ulstu.configuration.Constants; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.JoinColumn; -import javax.persistence.JoinTable; -import javax.persistence.ManyToMany; -import javax.persistence.Table; -import javax.validation.constraints.NotNull; -import javax.validation.constraints.Pattern; -import javax.validation.constraints.Size; import java.util.HashSet; import java.util.Set; diff --git a/src/main/java/ru/ulstu/model/UserRole.java b/src/main/java/ru/ulstu/model/UserRole.java index 6e0a45d..05a8c80 100644 --- a/src/main/java/ru/ulstu/model/UserRole.java +++ b/src/main/java/ru/ulstu/model/UserRole.java @@ -1,11 +1,11 @@ package ru.ulstu.model; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.Id; -import javax.persistence.Table; -import javax.validation.constraints.NotNull; -import javax.validation.constraints.Size; +import jakarta.persistence.Column; +import jakarta.persistence.Entity; +import jakarta.persistence.Id; +import jakarta.persistence.Table; +import jakarta.validation.constraints.NotNull; +import jakarta.validation.constraints.Size; @Entity @Table(name = "is_user_roles") diff --git a/src/main/java/ru/ulstu/model/UserSession.java b/src/main/java/ru/ulstu/model/UserSession.java index 42e9838..72efb58 100644 --- a/src/main/java/ru/ulstu/model/UserSession.java +++ b/src/main/java/ru/ulstu/model/UserSession.java @@ -1,13 +1,14 @@ package ru.ulstu.model; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.JoinColumn; -import javax.persistence.ManyToOne; -import javax.persistence.Table; -import javax.persistence.Temporal; -import javax.persistence.TemporalType; -import javax.validation.constraints.NotNull; +import jakarta.persistence.Column; +import jakarta.persistence.Entity; +import jakarta.persistence.JoinColumn; +import jakarta.persistence.ManyToOne; +import jakarta.persistence.Table; +import jakarta.persistence.Temporal; +import jakarta.persistence.TemporalType; +import jakarta.validation.constraints.NotNull; + import java.util.Date; @Entity diff --git a/src/main/java/ru/ulstu/news/News.java b/src/main/java/ru/ulstu/news/News.java index 1c3504d..76e22ba 100644 --- a/src/main/java/ru/ulstu/news/News.java +++ b/src/main/java/ru/ulstu/news/News.java @@ -1,13 +1,13 @@ package ru.ulstu.news; +import jakarta.persistence.Entity; +import jakarta.persistence.Lob; +import jakarta.persistence.OneToOne; +import jakarta.validation.constraints.NotEmpty; import org.springframework.format.annotation.DateTimeFormat; import ru.ulstu.meeting.Meeting; import ru.ulstu.model.BaseEntity; -import javax.persistence.Entity; -import javax.persistence.Lob; -import javax.persistence.OneToOne; -import javax.validation.constraints.NotEmpty; import java.util.Date; @Entity diff --git a/src/main/java/ru/ulstu/news/NewsController.java b/src/main/java/ru/ulstu/news/NewsController.java index a85a47d..ef0efdf 100644 --- a/src/main/java/ru/ulstu/news/NewsController.java +++ b/src/main/java/ru/ulstu/news/NewsController.java @@ -6,6 +6,7 @@ package ru.ulstu.news; +import jakarta.validation.Valid; import org.springframework.data.domain.Page; import org.springframework.security.access.annotation.Secured; import org.springframework.stereotype.Controller; @@ -20,7 +21,6 @@ import org.springframework.web.bind.annotation.RequestParam; import ru.ulstu.model.OffsetablePageRequest; import ru.ulstu.model.UserRoleConstants; -import javax.validation.Valid; import java.util.List; import java.util.Optional; import java.util.stream.Collectors; diff --git a/src/main/java/ru/ulstu/news/NewsService.java b/src/main/java/ru/ulstu/news/NewsService.java index 8164f0a..7c66a7e 100644 --- a/src/main/java/ru/ulstu/news/NewsService.java +++ b/src/main/java/ru/ulstu/news/NewsService.java @@ -1,12 +1,12 @@ package ru.ulstu.news; +import jakarta.transaction.Transactional; +import jakarta.validation.constraints.NotNull; import org.springframework.data.domain.Page; import org.springframework.data.domain.Pageable; import org.springframework.stereotype.Service; import ru.ulstu.meeting.Meeting; -import javax.transaction.Transactional; -import javax.validation.constraints.NotNull; import java.util.Date; import java.util.List; diff --git a/src/main/java/ru/ulstu/user/IpAddressResolver.java b/src/main/java/ru/ulstu/user/IpAddressResolver.java index 0ed8a60..0b1f68a 100644 --- a/src/main/java/ru/ulstu/user/IpAddressResolver.java +++ b/src/main/java/ru/ulstu/user/IpAddressResolver.java @@ -1,9 +1,8 @@ package ru.ulstu.user; +import jakarta.servlet.http.HttpServletRequest; import org.springframework.util.StringUtils; -import javax.servlet.http.HttpServletRequest; - public final class IpAddressResolver { private static final String CLIENT_IP_HEADER = "Client-IP"; private static final String FORWARDED_FOR_HEADER = "X-Forwarded-For"; diff --git a/src/main/java/ru/ulstu/user/UserSessionLoginHandler.java b/src/main/java/ru/ulstu/user/UserSessionLoginHandler.java index dd62ef9..787814a 100644 --- a/src/main/java/ru/ulstu/user/UserSessionLoginHandler.java +++ b/src/main/java/ru/ulstu/user/UserSessionLoginHandler.java @@ -1,5 +1,9 @@ package ru.ulstu.user; +import jakarta.servlet.ServletException; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; +import jakarta.servlet.http.HttpSession; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.security.core.Authentication; @@ -8,10 +12,6 @@ import org.springframework.security.web.authentication.SavedRequestAwareAuthenti import org.springframework.stereotype.Component; import ru.ulstu.configuration.Constants; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; import java.io.IOException; @Component diff --git a/src/main/java/ru/ulstu/user/UserSessionLogoutHandler.java b/src/main/java/ru/ulstu/user/UserSessionLogoutHandler.java index 87979d3..3e541d8 100644 --- a/src/main/java/ru/ulstu/user/UserSessionLogoutHandler.java +++ b/src/main/java/ru/ulstu/user/UserSessionLogoutHandler.java @@ -1,5 +1,9 @@ package ru.ulstu.user; +import jakarta.servlet.ServletException; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; +import jakarta.servlet.http.HttpSession; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.security.core.Authentication; @@ -8,10 +12,6 @@ import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuc import org.springframework.stereotype.Component; import ru.ulstu.configuration.Constants; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; import java.io.IOException; @Component