From 129160e1fd1bb7db2064caabc65134694ed8b892 Mon Sep 17 00:00:00 2001
From: OZGCloud <ozgcloud@mgm-tp.com>
Date: Wed, 27 Sep 2023 18:23:07 +0200
Subject: [PATCH] OZG-3928 OZG-4345 update dependencies - use spring security
5.8.7
---
alfa-service/pom.xml | 146 ++++++++++++++++--
.../ozgcloud/alfa/SecurityConfiguration.java | 24 +--
goofy-server/pom.xml | 122 ++++++++++++++-
pom.xml | 2 +-
4 files changed, 257 insertions(+), 37 deletions(-)
diff --git a/alfa-service/pom.xml b/alfa-service/pom.xml
index afa097c22d..4da849466d 100644
--- a/alfa-service/pom.xml
+++ b/alfa-service/pom.xml
@@ -43,6 +43,8 @@
<properties>
<maven.compiler.source>${java.version}</maven.compiler.source>
<maven.compiler.target>${java.version}</maven.compiler.target>
+
+ <spring-security.version>5.8.7</spring-security.version>
</properties>
<dependencies>
@@ -50,52 +52,151 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-log4j2</artifactId>
- <version>2.7.16</version>
</dependency>
-
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
- <version>2.7.16</version>
-
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-hateoas</artifactId>
- <version>2.7.16</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-validation</artifactId>
- <version>2.7.16</version>
</dependency>
-
<dependency>
<groupId>net.devh</groupId>
<artifactId>grpc-client-spring-boot-starter</artifactId>
</dependency>
-
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
- <version>2.7.16</version>
</dependency>
-
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
- <version>2.7.16</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-config</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-web</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-config</artifactId>
+ <version>${spring-security.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-core</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-core</artifactId>
+ <version>${spring-security.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-crypto</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-crypto</artifactId>
+ <version>${spring-security.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-web</artifactId>
+ <version>${spring-security.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
- <dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-oauth2-client</artifactId>
- <version>2.7.16</version>
- </dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
- <version>2.7.16</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-config</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-core</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-oauth2-resource-server</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-oauth2-jose</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-oauth2-resource-server</artifactId>
+ <version>${spring-security.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-core</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-oauth2-core</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-web</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-oauth2-jose</artifactId>
+ <version>${spring-security.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-core</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-oauth-core</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-oauth2-core</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-oauth2-core</artifactId>
+ <version>${spring-security.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
+
<dependency>
<groupId>com.jayway.jsonpath</groupId>
<artifactId>json-path</artifactId>
@@ -174,7 +275,18 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
+ <version>5.8.7</version>
<scope>test</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-core</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-web</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>de.itvsh.ozg.pluto</groupId>
diff --git a/alfa-service/src/main/java/de/ozgcloud/alfa/SecurityConfiguration.java b/alfa-service/src/main/java/de/ozgcloud/alfa/SecurityConfiguration.java
index 1dce554a47..51fa301389 100644
--- a/alfa-service/src/main/java/de/ozgcloud/alfa/SecurityConfiguration.java
+++ b/alfa-service/src/main/java/de/ozgcloud/alfa/SecurityConfiguration.java
@@ -64,18 +64,18 @@ public class SecurityConfiguration {
http.sessionManagement(management -> management.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
http.authorizeHttpRequests(authorize -> authorize
- .antMatchers(HttpMethod.GET, "/api/environment").permitAll()
- .antMatchers(HttpMethod.GET, "/assets/**").permitAll()
- .antMatchers(HttpMethod.GET, "/vorgang/**").permitAll()
- .antMatchers(HttpMethod.GET, "/meine/**").permitAll()
- .antMatchers(HttpMethod.GET, "/alle/**").permitAll()
- .antMatchers(HttpMethod.GET, "/unassigned/**").permitAll()
- .antMatchers("/api").authenticated()
- .antMatchers("/api/**").authenticated()
- .antMatchers("/actuator").permitAll()
- .antMatchers("/actuator/**").permitAll()
- .antMatchers("/").permitAll()
- .antMatchers("/*").permitAll()
+ .requestMatchers(HttpMethod.GET, "/api/environment").permitAll()
+ .requestMatchers(HttpMethod.GET, "/assets/**").permitAll()
+ .requestMatchers(HttpMethod.GET, "/vorgang/**").permitAll()
+ .requestMatchers(HttpMethod.GET, "/meine/**").permitAll()
+ .requestMatchers(HttpMethod.GET, "/alle/**").permitAll()
+ .requestMatchers(HttpMethod.GET, "/unassigned/**").permitAll()
+ .requestMatchers("/api").authenticated()
+ .requestMatchers("/api/**").authenticated()
+ .requestMatchers("/actuator").permitAll()
+ .requestMatchers("/actuator/**").permitAll()
+ .requestMatchers("/").permitAll()
+ .requestMatchers("/*").permitAll()
.anyRequest().denyAll());
http.oauth2ResourceServer(this::setOAuth2ResourceServer);
diff --git a/goofy-server/pom.xml b/goofy-server/pom.xml
index 58579ddc04..509827775b 100644
--- a/goofy-server/pom.xml
+++ b/goofy-server/pom.xml
@@ -16,15 +16,129 @@
<maven.compiler.target>${java.version}</maven.compiler.target>
<spring-boot.build-image.imageName>docker.ozg-sh.de/goofy:build-latest</spring-boot.build-image.imageName>
+ <spring-security.version>5.8.7</spring-security.version>
</properties>
<dependencies>
-
<dependency>
<groupId>de.itvsh.ozg</groupId>
<artifactId>alfa-service</artifactId>
<version>${project.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-config</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-core</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-crypto</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-web</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-oauth2-resource-server</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-oauth2-jose</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-oauth2-core</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-config</artifactId>
+ <version>${spring-security.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-core</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-core</artifactId>
+ <version>${spring-security.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-crypto</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-crypto</artifactId>
+ <version>${spring-security.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-web</artifactId>
+ <version>${spring-security.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
+ <dependency>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-oauth2-resource-server</artifactId>
+ <version>${spring-security.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-core</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-oauth2-core</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-web</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-oauth2-jose</artifactId>
+ <version>${spring-security.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-core</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-oauth2-core</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-oauth2-core</artifactId>
+ <version>${spring-security.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-core</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+
<dependency>
<groupId>de.itvsh.ozg</groupId>
<artifactId>alfa-xdomea</artifactId>
@@ -34,12 +148,6 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
- <version>2.7.16</version>
- </dependency>
- <dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-security</artifactId>
- <version>2.7.16</version>
</dependency>
</dependencies>
diff --git a/pom.xml b/pom.xml
index 46ae5cc7d1..c6ff182a9a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -37,7 +37,7 @@
<parent>
<groupId>de.itvsh.kop.common</groupId>
<artifactId>kop-common-parent</artifactId>
- <version>1.7.0</version>
+ <version>1.9.0-SNAPSHOT</version>
</parent>
<modules>
--
GitLab