Dependency upgrades 4.0

pom.xml

@@ -5,7 +5,7 @@
     <artifactId>api</artifactId>
     <packaging>jar</packaging>
     <name>${project.groupId}:${project.artifactId}</name>
-    <version>3.4.1-SNAPSHOT</version>
+    <version>4.0.0-SNAPSHOT</version>
     <description>Hygieia Rest API Layer</description>
     <url>https://github.com/Hygieia/api</url>
 
@@ -44,6 +44,16 @@
             <organization>CapitalOne</organization>
             <organizationUrl>http://www.capitalone.com</organizationUrl>
         </developer>
+        <developer>
+            <id>erictice</id>
+            <name>Eric Tice</name>
+            <email>[email protected]</email>
+            <url>https://github.com/erictice</url>
+            <roles>
+                <role>maintainer</role>
+            </roles>
+            <timezone>America/Chicago</timezone>
+        </developer>
     </developers>
 
     <organization>
@@ -54,26 +64,27 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>1.5.22.RELEASE</version>
+        <version>2.5.0</version>
     </parent>
 
     <properties>
         <!-- Dependencies -->
-        <com.capitalone.dashboard.core.version>3.14.0</com.capitalone.dashboard.core.version>
-        <spring-security.version>4.2.18.RELEASE</spring-security.version>
-        <tomcat.version>8.5.57</tomcat.version>
+        <com.capitalone.dashboard.core.version>4.0.0</com.capitalone.dashboard.core.version>
+        <spring-security.version>5.5.1</spring-security.version>
+        <tomcat.version>10.1.0-M2</tomcat.version>
         <commons-beanutils.version>1.9.4</commons-beanutils.version>
-        <commons-codec.version>1.14</commons-codec.version>
+        <commons-codec.version>1.15</commons-codec.version>
         <commons-collections4.version>4.1</commons-collections4.version>
         <commons-io.version>2.4</commons-io.version>
         <commons-lang.version>3.10</commons-lang.version>
         <fongo.version>2.2.0-RC2</fongo.version>
         <guava.version>29.0-jre</guava.version>
-        <hibernate-validator.version>5.4.2.Final</hibernate-validator.version>
-        <jackson.version>2.10.3</jackson.version>
+        <hibernate-validator.version>6.1.5.Final</hibernate-validator.version>
+        <jackson.version>2.11.4</jackson.version>
         <jasypt.version>1.18</jasypt.version>
         <logback.version>1.2.3</logback.version>
-        <mongodb.version>3.6.4</mongodb.version>
+        <log4j2.version>2.14.1</log4j2.version>
+        <mongodb.version>4.0.6</mongodb.version>
         <jjwt.version>0.6.0</jjwt.version>
         <springfox.version>2.4.0</springfox.version>
         <assertj.version>3.9.0</assertj.version>
@@ -84,8 +95,8 @@
         <jacoco.maven.plugin.version>0.8.3</jacoco.maven.plugin.version>
         <jacoco.coverage.percentage.minimum>0.200</jacoco.coverage.percentage.minimum>
         <jacoco.classes.missed.minimum>300</jacoco.classes.missed.minimum>
-        <java.compilation.source>1.8</java.compilation.source>
-        <java.compilation.target>1.8</java.compilation.target>
+        <java.compilation.source>14</java.compilation.source>
+        <java.compilation.target>14</java.compilation.target>
         <maven.compiler.plugin.version>3.1</maven.compiler.plugin.version>
         <maven.changes.plugin.version>2.12.1</maven.changes.plugin.version>
         <maven.checkstyle.plugin.version>3.0.0</maven.checkstyle.plugin.version>
@@ -136,7 +147,27 @@
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
+             <version>2.5.3</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.apache.tomcat.embed</groupId>
+                    <artifactId>tomcat-embed-websocket</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
+
+        <!-- https://mvnrepository.com/artifact/log4j/log4j -->
+<dependency>
+    <groupId>org.apache.logging.log4j</groupId>
+    <artifactId>log4j-api</artifactId>
+     <version>${log4j2.version}</version>
+  </dependency>
+  <dependency>
+    <groupId>org.apache.logging.log4j</groupId>
+    <artifactId>log4j-core</artifactId>
+     <version>${log4j2.version}</version>
+  </dependency>
+
 
         <dependency>
             <groupId>org.springframework.boot</groupId>
@@ -153,9 +184,16 @@
             <artifactId>spring-boot-starter-aop</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-configuration-processor</artifactId>
+            <optional>true</optional>
+        </dependency>
+
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-test</artifactId>
+              <version>2.5.0</version>
             <scope>test</scope>
         </dependency>
 
@@ -732,4 +770,4 @@
             </build>
         </profile>
     </profiles>
-</project>
+</project>

src/main/java/com/capitalone/dashboard/Application.java

@@ -4,7 +4,7 @@
 
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.builder.SpringApplicationBuilder;
-import org.springframework.boot.web.support.SpringBootServletInitializer;
+import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
 import org.springframework.context.annotation.Bean;
 
 import com.capitalone.dashboard.config.MongoConfig;

src/main/java/com/capitalone/dashboard/auth/access/MethodLevelSecurityHandler.java

@@ -1,5 +1,7 @@
 package com.capitalone.dashboard.auth.access;
 
+import java.util.Optional;
+
 import org.bson.types.ObjectId;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
@@ -21,10 +23,11 @@ public MethodLevelSecurityHandler(DashboardRepository dashboardRepository) {
 	}
 
 	public boolean isOwnerOfDashboard(ObjectId dashboardId) {
-		Dashboard dashboard = dashboardRepository.findOne(dashboardId);
-		if (dashboard == null) {
+		Optional<Dashboard> optDash = dashboardRepository.findById(dashboardId);
+		if (optDash == null) {
 			return false;
 		}
+		Dashboard dashboard = optDash.get(); 
 
 		String username = AuthenticationUtil.getUsernameFromContext();
 		AuthType authType = AuthenticationUtil.getAuthTypeFromContext();

src/main/java/com/capitalone/dashboard/auth/ldap/CustomUserDetailsContextMapper.java

@@ -1,6 +1,7 @@
 package com.capitalone.dashboard.auth.ldap;
 
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.ldap.core.DirContextAdapter;
 import org.springframework.ldap.core.DirContextOperations;
@@ -14,7 +15,7 @@
 @Configuration
 public class CustomUserDetailsContextMapper extends LdapUserDetailsMapper {
 
-    private static final Logger LOGGER = Logger.getLogger(CustomUserDetailsContextMapper.class);
+    private static final Logger LOGGER = LogManager.getLogger(CustomUserDetailsContextMapper.class);
 
     @Override
     public CustomUserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection authorities) {

src/main/java/com/capitalone/dashboard/auth/sso/SsoAuthenticationFilter.java

@@ -7,7 +7,8 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.core.Authentication;
@@ -19,7 +20,7 @@
 
 @Component
 public class SsoAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
-	private static final Logger LOGGER = Logger.getLogger(SsoAuthenticationFilter.class);
+	private static final Logger LOGGER = LogManager.getLogger(SsoAuthenticationFilter.class);
 
 	@Autowired
 	private SsoAuthenticationService ssoAuthenticationService;

src/main/java/com/capitalone/dashboard/auth/sso/SsoAuthenticationServiceImpl.java

@@ -5,7 +5,8 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
@@ -17,7 +18,7 @@
 
 @Component
 public class SsoAuthenticationServiceImpl implements SsoAuthenticationService {
-	private static final Logger LOGGER = Logger.getLogger(SsoAuthenticationServiceImpl.class);
+	private static final Logger LOGGER = LogManager.getLogger(SsoAuthenticationServiceImpl.class);
 
 	@Autowired
 	private SsoAuthenticationUtil ssoAuthenticationUtil;

src/main/java/com/capitalone/dashboard/auth/sso/SsoAuthenticationUtil.java

@@ -3,7 +3,8 @@
 import java.util.ArrayList;
 import java.util.Map;
 
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
@@ -16,7 +17,7 @@
 
 @Component
 public class SsoAuthenticationUtil {
-	private static final Logger LOGGER = Logger.getLogger(SsoAuthenticationUtil.class);
+	private static final Logger LOGGER = LogManager.getLogger(SsoAuthenticationUtil.class);
 
 	@Autowired
 	private AuthProperties authProperties;

src/main/java/com/capitalone/dashboard/auth/token/JwtAuthenticationFilter.java

@@ -11,7 +11,8 @@
 
 import org.apache.commons.collections4.MapUtils;
 import org.apache.commons.lang3.StringUtils;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.core.annotation.Order;
 import org.springframework.security.core.Authentication;
@@ -24,7 +25,7 @@
 @Order(2)
 public class JwtAuthenticationFilter extends OncePerRequestFilter {
 
-    private static final Logger LOGGER = Logger.getLogger(JwtAuthenticationFilter.class);
+    private static final Logger LOGGER = LogManager.getLogger(JwtAuthenticationFilter.class);
 	private TokenAuthenticationService tokenAuthenticationService;
 
 	@Autowired

src/main/java/com/capitalone/dashboard/config/WebSecurityConfig.java

@@ -15,12 +15,13 @@
 import com.capitalone.dashboard.settings.ApiSettings;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.security.Http401AuthenticationEntryPoint;
+import org.springframework.security.web.authentication.HttpStatusEntryPoint;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer;
@@ -100,7 +101,7 @@ protected void configure(HttpSecurity http) throws Exception {
                 .addFilterBefore(apiTokenRequestFilter(), UsernamePasswordAuthenticationFilter.class)
                 .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
                 .addFilterBefore(githubWebhookRequestFilter(), UsernamePasswordAuthenticationFilter.class)
-                .exceptionHandling().authenticationEntryPoint(new Http401AuthenticationEntryPoint("Authorization"));
+                .exceptionHandling().authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.ACCEPTED));
     }
 
     @Override

src/main/java/com/capitalone/dashboard/logging/LoggingFilter.java

@@ -1,37 +1,8 @@
 package com.capitalone.dashboard.logging;
 
 
-import com.capitalone.dashboard.misc.HygieiaException;
-import com.capitalone.dashboard.model.RequestLog;
-import com.capitalone.dashboard.repository.RequestLogRepository;
-import com.capitalone.dashboard.settings.ApiSettings;
-import com.mongodb.util.JSON;
-import org.apache.commons.io.output.TeeOutputStream;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.commons.lang3.exception.ExceptionUtils;
-import org.apache.log4j.Logger;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.core.annotation.Order;
-import org.springframework.http.HttpMethod;
-import org.springframework.http.HttpStatus;
-import org.springframework.stereotype.Component;
+import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
 
-import javax.activation.MimeType;
-import javax.activation.MimeTypeParseException;
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ReadListener;
-import javax.servlet.ServletException;
-import javax.servlet.ServletInputStream;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.WriteListener;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-import javax.servlet.http.HttpServletResponse;
 import java.io.BufferedReader;
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
@@ -49,13 +20,45 @@
 import java.util.Locale;
 import java.util.Map;
 
-import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
+import javax.activation.MimeType;
+import javax.activation.MimeTypeParseException;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ReadListener;
+import javax.servlet.ServletException;
+import javax.servlet.ServletInputStream;
+import javax.servlet.ServletOutputStream;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.WriteListener;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.io.output.TeeOutputStream;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.lang3.exception.ExceptionUtils;
+import org.apache.logging.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.annotation.Order;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
+import org.springframework.stereotype.Component;
+
+import com.capitalone.dashboard.misc.HygieiaException;
+import com.capitalone.dashboard.model.RequestLog;
+import com.capitalone.dashboard.repository.RequestLogRepository;
+import com.capitalone.dashboard.settings.ApiSettings;
+import com.mongodb.BasicDBObject;
 
 @Component
 @Order(1)
 public class LoggingFilter implements Filter {
 
-    private static final Logger LOGGER = Logger.getLogger("LoggingFilter");
+    private static final Logger LOGGER = LogManager.getLogger("LoggingFilter");
 
     private static final String API_USER_KEY = "apiUser";
 
@@ -107,10 +110,10 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
 
                 boolean skipBody = settings.checkIgnoreBodyEndPoint(endPointURI);
                 if ((httpServletRequest.getContentType() != null) && (new MimeType(httpServletRequest.getContentType()).match(new MimeType(APPLICATION_JSON_VALUE)))) {
-                    requestLog.setRequestBody(JSON.parse(bufferedRequest.getRequestBody()));
+                    requestLog.setRequestBody(BasicDBObject.parse(bufferedRequest.getRequestBody()));
                 }
                 if ((bufferedResponse.getContentType() != null) && (new MimeType(bufferedResponse.getContentType()).match(new MimeType(APPLICATION_JSON_VALUE)))) {
-                    requestLog.setResponseBody( skipBody ? StringUtils.EMPTY : JSON.parse(bufferedResponse.getContent()));
+                    requestLog.setResponseBody( skipBody ? StringUtils.EMPTY : BasicDBObject.parse(bufferedResponse.getContent()));
                 }
             }
             catch (MimeTypeParseException e) {

src/main/java/com/capitalone/dashboard/request/DashboardRemoteRequest.java

@@ -7,7 +7,7 @@
 import com.capitalone.dashboard.model.CollectorType;
 import com.capitalone.dashboard.model.Owner;
 import com.capitalone.dashboard.util.GitHubParsedUrl;
-import org.hibernate.validator.constraints.NotEmpty;
+import javax.validation.constraints.NotEmpty;
 
 import javax.validation.Valid;
 import javax.validation.constraints.NotNull;

src/main/java/com/capitalone/dashboard/request/PipelineSearchRequest.java

@@ -2,7 +2,7 @@
 
 import com.capitalone.dashboard.model.CollectorItem;
 import org.bson.types.ObjectId;
-import org.hibernate.validator.constraints.NotEmpty;
+import javax.validation.constraints.NotEmpty;
 
 import java.util.List;