SEBSERV-405 boot 2.6.15 mybatis 3.5.6 (old)

2023-08-24 13:01:46 +02:00 · 2023-08-24 13:01:46 +02:00 · 40c6d2b1f3
commit 40c6d2b1f3
parent 26178f66fb
4 changed files with 13 additions and 20 deletions
--- a/pom.xml
+++ b/pom.xml
@ -12,7 +12,7 @@
  <parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
-    <version>2.3.7.RELEASE</version>
+    <version>2.6.15</version>
  </parent>

  <packaging>jar</packaging>
@ -23,9 +23,6 @@
    <revision>${sebserver-version}</revision>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
-    
-    <!-- Fix CVE-2021-44228 : https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot -->
-    <log4j2.version>2.17.0</log4j2.version> 
  </properties>


@ -34,12 +31,12 @@
    to support the Jenkins build on CI-Server that still no Java 11 installed -->
  <profiles>
    <profile>
-      <id>Java 11</id>
+      <id>Java 17</id>
      <activation>
        <activeByDefault>true</activeByDefault>
      </activation>
      <properties>
-        <java.version>11</java.version>
+        <java.version>17</java.version>
      </properties>
      <build>
        <finalName>${project.artifactId}-${build-version}</finalName>
@ -248,7 +245,7 @@
    <dependency>
      <groupId>com.github.pagehelper</groupId>
      <artifactId>pagehelper-spring-boot-starter</artifactId>
-      <version>1.2.10</version>
+      <version>1.4.6</version>
    </dependency>

    <!-- Spring / Spring Boot -->
--- a/src/main/java/ch/ethz/seb/sebserver/WebSecurityConfig.java
+++ b/src/main/java/ch/ethz/seb/sebserver/WebSecurityConfig.java
@ -100,8 +100,4 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter implements E
        response.flushBuffer();
    }

-    @Override
-    public String getErrorPath() {
-        return ERROR_PATH;
-    }
 }
--- a/src/main/java/ch/ethz/seb/sebserver/webservice/WebserviceConfig.java
+++ b/src/main/java/ch/ethz/seb/sebserver/webservice/WebserviceConfig.java
@ -8,14 +8,18 @@

 package ch.ethz.seb.sebserver.webservice;

+import javax.sql.DataSource;
+
 import org.cryptonode.jncryptor.AES256JNCryptor;
 import org.cryptonode.jncryptor.JNCryptor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Lazy;
+import org.springframework.security.oauth2.provider.token.TokenStore;

 import ch.ethz.seb.sebserver.gbl.Constants;
 import ch.ethz.seb.sebserver.gbl.profile.WebServiceProfile;
+import ch.ethz.seb.sebserver.webservice.weblayer.oauth.CachableJdbcTokenStore;

@Configuration
@WebServiceProfile
@ -29,6 +33,11 @@ public class WebserviceConfig {
        return aes256jnCryptor;
    }

+    @Bean
+    public TokenStore tokenStore(final DataSource dataSource) {
+        return new CachableJdbcTokenStore(dataSource);
+    }
+
 //  @Bean
 //  public WebServerFactoryCustomizer<TomcatServletWebServerFactory> tomcatCustomizer() {
 //      return (tomcat) -> tomcat.addConnectorCustomizers((connector) -> {
--- a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/WebServiceSecurityConfig.java
+++ b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/WebServiceSecurityConfig.java
@ -12,7 +12,6 @@ import java.io.IOException;

 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import javax.sql.DataSource;

 import org.apache.catalina.filters.RemoteIpFilter;
 import org.slf4j.Logger;
@ -24,7 +23,6 @@ import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
-import org.springframework.context.annotation.Lazy;
 import org.springframework.core.annotation.Order;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
@ -47,7 +45,6 @@ import org.springframework.security.web.AuthenticationEntryPoint;
 import ch.ethz.seb.sebserver.WebSecurityConfig;
 import ch.ethz.seb.sebserver.gbl.model.user.UserRole;
 import ch.ethz.seb.sebserver.gbl.profile.WebServiceProfile;
-import ch.ethz.seb.sebserver.webservice.weblayer.oauth.CachableJdbcTokenStore;
 import ch.ethz.seb.sebserver.webservice.weblayer.oauth.PreAuthProvider;
 import ch.ethz.seb.sebserver.webservice.weblayer.oauth.WebClientDetailsService;
 import ch.ethz.seb.sebserver.webservice.weblayer.oauth.WebserviceResourceConfiguration;
@ -107,12 +104,6 @@ public class WebServiceSecurityConfig extends WebSecurityConfigurerAdapter {
    @Value("${sebserver.webservice.api.exam.accessTokenValiditySeconds:43200}")
    private Integer examAccessTokenValSec;

-    @Lazy
-    @Bean
-    public TokenStore tokenStore(final DataSource dataSource) {
-        return new CachableJdbcTokenStore(dataSource);
-    }
-
    /** Used to get real remote IP address by using "X-Forwarded-For" and "X-Forwarded-Proto" header.
     * https://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/filters/RemoteIpFilter.html
     *