Upgrade spring to latest version

pom.xml

@@ -2,7 +2,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>edu.wisc.uwss</groupId>
 	<artifactId>uw-spring-security</artifactId>
-	<version>2.0.1</version>
+	<version>${revision}</version>
 	<packaging>pom</packaging>
 	<name>UW Spring Security Parent</name>
 	<description>Parent project for module to integrate Spring Security with UW authentication mechanism.</description>
@@ -42,11 +42,12 @@
 	</repositories>
 
 	<properties>
+		<revision>3.0.0</revision>
 		<adi.development.version>0.5.1</adi.development.version>
-		<jackson.version>2.7.4</jackson.version>
+		<jackson.version>2.11.1</jackson.version>
 		<slf4j.version>1.7.7</slf4j.version>
-		<spring.framework.version>4.1.6.RELEASE</spring.framework.version>
-		<spring.security.version>4.0.1.RELEASE</spring.security.version>
+		<spring.framework.version>5.2.7.RELEASE</spring.framework.version>
+		<spring.security.version>5.3.3.RELEASE</spring.security.version>
 	</properties>
 	<dependencyManagement>
 		<dependencies>
@@ -97,6 +98,10 @@
                         <groupId>org.springframework.ws</groupId>
                         <artifactId>spring-ws-security</artifactId>
                     </exclusion>
+					<exclusion>
+						<groupId>joda-time</groupId>
+						<artifactId>joda-time</artifactId>
+					</exclusion>
                 </exclusions>
             </dependency>
 			<dependency>
@@ -217,7 +222,7 @@
 				<plugin>
 					<groupId>org.eclipse.jetty</groupId>
 					<artifactId>jetty-maven-plugin</artifactId>
-					<version>9.2.8.v20150217</version>
+					<version>9.4.30.v20200611</version>
 				</plugin>
 			</plugins>
 		</pluginManagement>
@@ -249,6 +254,11 @@
 				<artifactId>maven-surefire-plugin</artifactId>
 				<version>3.0.0-M5</version>
 			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-install-plugin</artifactId>
+				<version>3.0.0-M1</version>
+			</plugin>
 		</plugins>
 	</build>
 	<modules>

uw-spring-security-config/pom.xml

@@ -3,7 +3,7 @@
 	<parent>
 		<groupId>edu.wisc.uwss</groupId>
 		<artifactId>uw-spring-security</artifactId>
-		<version>2.0.0-SNAPSHOT</version>
+		<version>${revision}</version>
 	</parent>
 	<artifactId>uw-spring-security-config</artifactId>
 	<name>UW Spring Security Configuration</name>

uw-spring-security-core/pom.xml

@@ -3,7 +3,7 @@
 	<parent>
 		<groupId>edu.wisc.uwss</groupId>
 		<artifactId>uw-spring-security</artifactId>
-		<version>2.0.0-SNAPSHOT</version>
+		<version>${revision}</version>
 	</parent>
 	<artifactId>uw-spring-security-core</artifactId>
 	<name>UW Spring Security Core</name>

uw-spring-security-core/src/main/java/edu/wisc/uwss/local/LocalUserDetailsLoader.java

@@ -36,7 +36,7 @@ public interface LocalUserDetailsLoader {
    * @return a never null, but potentially empty, {@link List} of {@link UWUserDetails} instances
    * @throws UWSpringSecurityException if the {@link Resource} couldn't be read
    */
-  List<UWUserDetails> loadUsers(Resource resource);
+  List<? extends UWUserDetails> loadUsers(Resource resource);
 
   /**
    * Default loader uses Jackson and can parse both JSON and YAML formats.
@@ -54,9 +54,9 @@ public interface LocalUserDetailsLoader {
       return objectMapper;
     }
     @Override
-    public List<UWUserDetails> loadUsers(Resource resource) {
+    public List<? extends UWUserDetails> loadUsers(Resource resource) {
       try {
-        List<UWUserDetails> users = getObjectMapper().readValue(resource.getInputStream(), new TypeReference<List<UWUserDetailsImpl>>(){});
+        List<? extends UWUserDetails> users = getObjectMapper().readValue(resource.getInputStream(), new TypeReference<List<UWUserDetailsImpl>>(){});
         return users;
       } catch (IOException e) {
         throw new UWSpringSecurityException("failed to read " + resource, e);

uw-spring-security-core/src/main/java/edu/wisc/uwss/local/LocalUserDetailsManagerImpl.java

@@ -81,7 +81,7 @@ public class LocalUserDetailsManagerImpl implements UserDetailsManager {
   @PostConstruct
   public void init() {
       logger.debug("LocalUserDetailsLoader of type {} enabled, processing resource {}", localUserDetailsLoader.getClass(), localUserResource);
-      List<UWUserDetails> users = localUserDetailsLoader.loadUsers(localUserResource);
+      List<? extends UWUserDetails> users = localUserDetailsLoader.loadUsers(localUserResource);
       for(UWUserDetails u : users) {
         addDemoUser(u);
       }

uw-spring-security-core/src/main/resources/edu/wisc/uwss/local/local-users.json

 [
   {
     "username": "admin",
-    "password": "admin",
+    "password": "{noop}admin",
     "fullName": "Amy Administrator",
     "firstName": "Amy",
     "lastName": "Administrator",
@@ -12,7 +12,7 @@
   },
   {
     "username": "jane",
-    "password": "jane",
+    "password": "{noop}jane",
     "fullName": "Jane Doe",
     "firstName": "Jane",
     "lastName": "Doe",
@@ -23,7 +23,7 @@
   },
   {
     "username": "john",
-    "password": "john",
+    "password": "{noop}john",
     "fullName": "John Doe",
     "firstName": "John",
     "lastName": "Doe",
@@ -34,7 +34,7 @@
   },
   {
     "username": "jim",
-    "password": "jim",
+    "password": "{noop}jim",
     "fullName": "Jim Doe",
     "firstName": "Jim",
     "lastName": "Doe",

uw-spring-security-core/src/main/resources/edu/wisc/uwss/local/local-users.yaml

 ---
 - pvi: "UW000A000"
   username: "admin"
-  password: "admin"
+  password: "{noop}admin"
   fullName: "Amy Administrator"
   emailAddress: "amy.administrator@demo.wisc.edu"
   uddsMembership:
@@ -12,7 +12,7 @@
   lastName: "Administrator"
 - pvi: "UW000A001"
   username: "jane"
-  password: "jane"
+  password: "{noop}jane"
   fullName: "Jane Doe"
   emailAddress: "jane.doe@demo.wisc.edu"
   uddsMembership:
@@ -22,7 +22,7 @@
   lastName: "Doe"
 - pvi: "UW000A002"
   username: "john"
-  password: "john"
+  password: "{noop}john"
   fullName: "John Doe"
   emailAddress: "john.doe@demo.wisc.edu"
   uddsMembership:
@@ -32,7 +32,7 @@
   lastName: "Doe"
 - pvi: "UW000A003"
   username: "jim"
-  password: "jim"
+  password: "{noop}jim"
   fullName: "Jim Doe"
   emailAddress: "jim.doe@demo.wisc.edu"
   uddsMembership: []

uw-spring-security-core/src/test/java/edu/wisc/uwss/local/LocalUserDetailsManagerImplTest.java

@@ -297,7 +297,7 @@ public class LocalUserDetailsManagerImplTest {
   @Test
   public void unsupportedFormatWithUDDS() {
     LocalUserDetailsLoader attributesMapper = new LocalUserDetailsLoader.Default();
-    List<UWUserDetails> users = attributesMapper.loadUsers(new ClassPathResource("test-users.json"));
+    List<? extends UWUserDetails> users = attributesMapper.loadUsers(new ClassPathResource("test-users.json"));
 
     //demo STAR user with UDDS:
     String username = "aalpaca";
@@ -315,7 +315,7 @@ public class LocalUserDetailsManagerImplTest {
   @Test
   public void unsupportedFormatWithoutUDDS() {
     LocalUserDetailsLoader attributesMapper = new LocalUserDetailsLoader.Default();
-    List<UWUserDetails> users = attributesMapper.loadUsers(new ClassPathResource("test-users.json"));
+    List<? extends UWUserDetails> users = attributesMapper.loadUsers(new ClassPathResource("test-users.json"));
     //demo STAR user without UDDS:
     String username = "jim";
 

uw-spring-security-sample-war/pom.xml

@@ -3,7 +3,7 @@
 	<parent>
 		<groupId>edu.wisc.uwss</groupId>
 		<artifactId>uw-spring-security</artifactId>
-		<version>2.0.0-SNAPSHOT</version>
+		<version>${revision}</version>
 	</parent>
 	<artifactId>uw-spring-security-sample-war</artifactId>
 	<name>UW Spring Security Sample War</name>

uw-spring-security-sample-war/src/main/webapp/index.html

@@ -29,8 +29,10 @@
   <p>Start VM with 'mvn clean install jetty:run -P preauth', visit http://localhost:8080/.</p>
   <ol>
   <li>Click 'Lazy with "ignorepreauth"', expect "anonymousUser".</li>
-  <li>Visit http://localhost:8080/index.html. Click 'Lazy authentication', expect JSON object representing UWUserDetails for 'Amy Administrator'.</li>
-  <li>Visit http://localhost:8080/index.html. Click 'Required authentication', expect JSON object representing UWUserDetails for 'Amy Administrator'.</li>
+  <li>Visit http://localhost:8080/index.html. Click 'Lazy authentication', expect JSON object representing UWUserDetails for 'Amy Administrator'.
+    Since at least 1.6.0 this has been returning "anonymousUser" instead.  Requires additional investigation to determine if there is a bug here.</li>
+  <li>Visit http://localhost:8080/index.html. Click 'Required authentication', expect JSON object representing UWUserDetails for 'Amy Administrator'.
+    Since at least 1.6.0 this has been failing with "Access denied".  Requires additional investigation to determine if there is a bug here.</li>
   </ol>
 
   <h3>combined</h3>

uw-spring-security-web/pom.xml

 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
-	<parent>
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <configuration>
+                    <source>8</source>
+                    <target>8</target>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+    <parent>
 		<groupId>edu.wisc.uwss</groupId>
 		<artifactId>uw-spring-security</artifactId>
-		<version>2.0.0-SNAPSHOT</version>
+		<version>${revision}</version>
 	</parent>
 	<artifactId>uw-spring-security-web</artifactId>
 	<name>UW Spring Security Web</name>