diff --git a/pom.xml b/pom.xml
index 0b59a310a2d8856a64c64f952699dd9df3aca7ad..92f859b1fd813976cc7440d06014b81431845f93 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2,7 +2,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>edu.wisc.uwss</groupId>
<artifactId>uw-spring-security</artifactId>
- <version>2.0.1</version>
+ <version>${revision}</version>
<packaging>pom</packaging>
<name>UW Spring Security Parent</name>
<description>Parent project for module to integrate Spring Security with UW authentication mechanism.</description>
@@ -42,11 +42,12 @@
</repositories>
<properties>
+ <revision>3.0.0</revision>
<adi.development.version>0.5.1</adi.development.version>
- <jackson.version>2.7.4</jackson.version>
+ <jackson.version>2.11.1</jackson.version>
<slf4j.version>1.7.7</slf4j.version>
- <spring.framework.version>4.1.6.RELEASE</spring.framework.version>
- <spring.security.version>4.0.1.RELEASE</spring.security.version>
+ <spring.framework.version>5.2.7.RELEASE</spring.framework.version>
+ <spring.security.version>5.3.3.RELEASE</spring.security.version>
</properties>
<dependencyManagement>
<dependencies>
@@ -97,6 +98,10 @@
<groupId>org.springframework.ws</groupId>
<artifactId>spring-ws-security</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>joda-time</groupId>
+ <artifactId>joda-time</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -217,7 +222,7 @@
<plugin>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-maven-plugin</artifactId>
- <version>9.2.8.v20150217</version>
+ <version>9.4.30.v20200611</version>
</plugin>
</plugins>
</pluginManagement>
@@ -249,6 +254,11 @@
<artifactId>maven-surefire-plugin</artifactId>
<version>3.0.0-M5</version>
</plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-install-plugin</artifactId>
+ <version>3.0.0-M1</version>
+ </plugin>
</plugins>
</build>
<modules>
diff --git a/uw-spring-security-config/pom.xml b/uw-spring-security-config/pom.xml
index 058dda02cdb85986c359dd1fd0e9995a2cbf6cc1..6c24d40408a976d91373e427424905a2b620f997 100644
--- a/uw-spring-security-config/pom.xml
+++ b/uw-spring-security-config/pom.xml
@@ -3,7 +3,7 @@
<parent>
<groupId>edu.wisc.uwss</groupId>
<artifactId>uw-spring-security</artifactId>
- <version>2.0.0-SNAPSHOT</version>
+ <version>${revision}</version>
</parent>
<artifactId>uw-spring-security-config</artifactId>
<name>UW Spring Security Configuration</name>
diff --git a/uw-spring-security-core/pom.xml b/uw-spring-security-core/pom.xml
index cb4b56687a2ac97ffb1c158f764105e770473dba..fff85ba64a039f36a6790a3c6e0f059e2e6b555d 100644
--- a/uw-spring-security-core/pom.xml
+++ b/uw-spring-security-core/pom.xml
@@ -3,7 +3,7 @@
<parent>
<groupId>edu.wisc.uwss</groupId>
<artifactId>uw-spring-security</artifactId>
- <version>2.0.0-SNAPSHOT</version>
+ <version>${revision}</version>
</parent>
<artifactId>uw-spring-security-core</artifactId>
<name>UW Spring Security Core</name>
diff --git a/uw-spring-security-core/src/main/java/edu/wisc/uwss/local/LocalUserDetailsLoader.java b/uw-spring-security-core/src/main/java/edu/wisc/uwss/local/LocalUserDetailsLoader.java
index 88e52db6936e5e7b477ceb9b9b647bb2521b6da4..5ed2696311a68e4b4992ecc5752c102f9bb1ba5c 100644
--- a/uw-spring-security-core/src/main/java/edu/wisc/uwss/local/LocalUserDetailsLoader.java
+++ b/uw-spring-security-core/src/main/java/edu/wisc/uwss/local/LocalUserDetailsLoader.java
@@ -36,7 +36,7 @@ public interface LocalUserDetailsLoader {
* @return a never null, but potentially empty, {@link List} of {@link UWUserDetails} instances
* @throws UWSpringSecurityException if the {@link Resource} couldn't be read
*/
- List<UWUserDetails> loadUsers(Resource resource);
+ List<? extends UWUserDetails> loadUsers(Resource resource);
/**
* Default loader uses Jackson and can parse both JSON and YAML formats.
@@ -54,9 +54,9 @@ public interface LocalUserDetailsLoader {
return objectMapper;
}
@Override
- public List<UWUserDetails> loadUsers(Resource resource) {
+ public List<? extends UWUserDetails> loadUsers(Resource resource) {
try {
- List<UWUserDetails> users = getObjectMapper().readValue(resource.getInputStream(), new TypeReference<List<UWUserDetailsImpl>>(){});
+ List<? extends UWUserDetails> users = getObjectMapper().readValue(resource.getInputStream(), new TypeReference<List<UWUserDetailsImpl>>(){});
return users;
} catch (IOException e) {
throw new UWSpringSecurityException("failed to read " + resource, e);
diff --git a/uw-spring-security-core/src/main/java/edu/wisc/uwss/local/LocalUserDetailsManagerImpl.java b/uw-spring-security-core/src/main/java/edu/wisc/uwss/local/LocalUserDetailsManagerImpl.java
index 03d4c41a241a4e6d569218bc30de0a6001d8d950..e7beabfbee2ed601a46d32ed5a663be422bb97e2 100644
--- a/uw-spring-security-core/src/main/java/edu/wisc/uwss/local/LocalUserDetailsManagerImpl.java
+++ b/uw-spring-security-core/src/main/java/edu/wisc/uwss/local/LocalUserDetailsManagerImpl.java
@@ -81,7 +81,7 @@ public class LocalUserDetailsManagerImpl implements UserDetailsManager {
@PostConstruct
public void init() {
logger.debug("LocalUserDetailsLoader of type {} enabled, processing resource {}", localUserDetailsLoader.getClass(), localUserResource);
- List<UWUserDetails> users = localUserDetailsLoader.loadUsers(localUserResource);
+ List<? extends UWUserDetails> users = localUserDetailsLoader.loadUsers(localUserResource);
for(UWUserDetails u : users) {
addDemoUser(u);
}
diff --git a/uw-spring-security-core/src/main/resources/edu/wisc/uwss/local/local-users.json b/uw-spring-security-core/src/main/resources/edu/wisc/uwss/local/local-users.json
index 7ad27b0e2159c0aed459b02b6ae7d9c3b9b1d522..50033d8140567092ac15f13739dc645b00c1911c 100644
--- a/uw-spring-security-core/src/main/resources/edu/wisc/uwss/local/local-users.json
+++ b/uw-spring-security-core/src/main/resources/edu/wisc/uwss/local/local-users.json
@@ -1,7 +1,7 @@
[
{
"username": "admin",
- "password": "admin",
+ "password": "{noop}admin",
"fullName": "Amy Administrator",
"firstName": "Amy",
"lastName": "Administrator",
@@ -12,7 +12,7 @@
},
{
"username": "jane",
- "password": "jane",
+ "password": "{noop}jane",
"fullName": "Jane Doe",
"firstName": "Jane",
"lastName": "Doe",
@@ -23,7 +23,7 @@
},
{
"username": "john",
- "password": "john",
+ "password": "{noop}john",
"fullName": "John Doe",
"firstName": "John",
"lastName": "Doe",
@@ -34,7 +34,7 @@
},
{
"username": "jim",
- "password": "jim",
+ "password": "{noop}jim",
"fullName": "Jim Doe",
"firstName": "Jim",
"lastName": "Doe",
diff --git a/uw-spring-security-core/src/main/resources/edu/wisc/uwss/local/local-users.yaml b/uw-spring-security-core/src/main/resources/edu/wisc/uwss/local/local-users.yaml
index 0ee90828447c106141ca5ae48e3e467973a45b45..073fa77afc3c72e48e03177e2788a9dbdbaa38c2 100644
--- a/uw-spring-security-core/src/main/resources/edu/wisc/uwss/local/local-users.yaml
+++ b/uw-spring-security-core/src/main/resources/edu/wisc/uwss/local/local-users.yaml
@@ -1,7 +1,7 @@
---
- pvi: "UW000A000"
username: "admin"
- password: "admin"
+ password: "{noop}admin"
fullName: "Amy Administrator"
emailAddress: "amy.administrator@demo.wisc.edu"
uddsMembership:
@@ -12,7 +12,7 @@
lastName: "Administrator"
- pvi: "UW000A001"
username: "jane"
- password: "jane"
+ password: "{noop}jane"
fullName: "Jane Doe"
emailAddress: "jane.doe@demo.wisc.edu"
uddsMembership:
@@ -22,7 +22,7 @@
lastName: "Doe"
- pvi: "UW000A002"
username: "john"
- password: "john"
+ password: "{noop}john"
fullName: "John Doe"
emailAddress: "john.doe@demo.wisc.edu"
uddsMembership:
@@ -32,7 +32,7 @@
lastName: "Doe"
- pvi: "UW000A003"
username: "jim"
- password: "jim"
+ password: "{noop}jim"
fullName: "Jim Doe"
emailAddress: "jim.doe@demo.wisc.edu"
uddsMembership: []
diff --git a/uw-spring-security-core/src/test/java/edu/wisc/uwss/local/LocalUserDetailsManagerImplTest.java b/uw-spring-security-core/src/test/java/edu/wisc/uwss/local/LocalUserDetailsManagerImplTest.java
index c7b07a4e43f2cd2fde603d429469b277518b8a65..072ac49959b7e42d3d4d19af50fe1f64578102c4 100644
--- a/uw-spring-security-core/src/test/java/edu/wisc/uwss/local/LocalUserDetailsManagerImplTest.java
+++ b/uw-spring-security-core/src/test/java/edu/wisc/uwss/local/LocalUserDetailsManagerImplTest.java
@@ -297,7 +297,7 @@ public class LocalUserDetailsManagerImplTest {
@Test
public void unsupportedFormatWithUDDS() {
LocalUserDetailsLoader attributesMapper = new LocalUserDetailsLoader.Default();
- List<UWUserDetails> users = attributesMapper.loadUsers(new ClassPathResource("test-users.json"));
+ List<? extends UWUserDetails> users = attributesMapper.loadUsers(new ClassPathResource("test-users.json"));
//demo STAR user with UDDS:
String username = "aalpaca";
@@ -315,7 +315,7 @@ public class LocalUserDetailsManagerImplTest {
@Test
public void unsupportedFormatWithoutUDDS() {
LocalUserDetailsLoader attributesMapper = new LocalUserDetailsLoader.Default();
- List<UWUserDetails> users = attributesMapper.loadUsers(new ClassPathResource("test-users.json"));
+ List<? extends UWUserDetails> users = attributesMapper.loadUsers(new ClassPathResource("test-users.json"));
//demo STAR user without UDDS:
String username = "jim";
diff --git a/uw-spring-security-sample-war/pom.xml b/uw-spring-security-sample-war/pom.xml
index 44a82e31b2ff71d61dba8cd040235e2bec8dd094..9dad3966315d24c5d11ad8f890ceb97f09c38285 100644
--- a/uw-spring-security-sample-war/pom.xml
+++ b/uw-spring-security-sample-war/pom.xml
@@ -3,7 +3,7 @@
<parent>
<groupId>edu.wisc.uwss</groupId>
<artifactId>uw-spring-security</artifactId>
- <version>2.0.0-SNAPSHOT</version>
+ <version>${revision}</version>
</parent>
<artifactId>uw-spring-security-sample-war</artifactId>
<name>UW Spring Security Sample War</name>
diff --git a/uw-spring-security-sample-war/src/main/webapp/index.html b/uw-spring-security-sample-war/src/main/webapp/index.html
index 55239678978f749284d7a71b004ea9ce3c204630..1a5cf6ef43a973be8b2fce2d75c0aded255c151a 100644
--- a/uw-spring-security-sample-war/src/main/webapp/index.html
+++ b/uw-spring-security-sample-war/src/main/webapp/index.html
@@ -29,8 +29,10 @@
<p>Start VM with 'mvn clean install jetty:run -P preauth', visit http://localhost:8080/.</p>
<ol>
<li>Click 'Lazy with "ignorepreauth"', expect "anonymousUser".</li>
- <li>Visit http://localhost:8080/index.html. Click 'Lazy authentication', expect JSON object representing UWUserDetails for 'Amy Administrator'.</li>
- <li>Visit http://localhost:8080/index.html. Click 'Required authentication', expect JSON object representing UWUserDetails for 'Amy Administrator'.</li>
+ <li>Visit http://localhost:8080/index.html. Click 'Lazy authentication', expect JSON object representing UWUserDetails for 'Amy Administrator'.
+ Since at least 1.6.0 this has been returning "anonymousUser" instead. Requires additional investigation to determine if there is a bug here.</li>
+ <li>Visit http://localhost:8080/index.html. Click 'Required authentication', expect JSON object representing UWUserDetails for 'Amy Administrator'.
+ Since at least 1.6.0 this has been failing with "Access denied". Requires additional investigation to determine if there is a bug here.</li>
</ol>
<h3>combined</h3>
diff --git a/uw-spring-security-web/pom.xml b/uw-spring-security-web/pom.xml
index 4c6eedf84af3bfa43b89c83bf899f636fbef6843..9439fe8f492cbccf0b998cbfc5ab37d95d27ade0 100644
--- a/uw-spring-security-web/pom.xml
+++ b/uw-spring-security-web/pom.xml
@@ -1,9 +1,21 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
- <parent>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>8</source>
+ <target>8</target>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+ <parent>
<groupId>edu.wisc.uwss</groupId>
<artifactId>uw-spring-security</artifactId>
- <version>2.0.0-SNAPSHOT</version>
+ <version>${revision}</version>
</parent>
<artifactId>uw-spring-security-web</artifactId>
<name>UW Spring Security Web</name>