Spring3 migration (#479)

* Updated spring boot to version 3.0

- Changed spring boot from 2.7 to 3.0
- Removed javax.el-api dependency (https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.0-Migration-Guide#jakarta-ee)
- Updaed thymeleaf to use spring6 and springsecurity6

* Changed port to 8080 in devcontainer config so that logging in works

* Moved javax imports to jakarta

https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.0-Migration-Guide#jakarta-ee

* Fix websecurityconfigureradapter

Renamed authorizeRequests, antMatchers and ignoringMatchers to new versions
- https://spring.io/blog/2022/02/21/spring-security-without-the-websecurityconfigureradapter
- https://stackoverflow.com/questions/74609057/how-to-fix-spring-authorizerequests-is-deprecated

* Remove Java8TimeDialect

TODO: Check whether this breaks anything

* Temp fix validation errors becuse of NotNull constraint in Order

TODO: Figure out how to keep this constraint?

* Fix trailing slashes and html errs due to deprecated #httpServletRequest

* Fix first tests

* Fix loading of orders in dev environment

* move valid check to before entity change

* fix non-null event initialization in test

* Spring boot 3.1

* Rewrite securityfilterchain

https://docs.spring.io/spring-security/reference/6.0/migration/servlet/authorization.html

* Upgrade to Spring Boot 3.2.5

* Remove unused imports

* Setup java 17 for codeql

* Update codeql workflow versions

* Replace deprecated thymeleaf syntax

* Specify registry and fix devcontainer ports

---------

Co-authored-by: Joep de Jong <joep@joepdejong.com>

.devcontainer/Dockerfile

@@ -1,4 +1,4 @@
-FROM mcr.microsoft.com/devcontainers/java:0-17
+FROM mcr.microsoft.com/devcontainers/java:17
 
 RUN su vscode -c "umask 0002 && . /usr/local/sdkman/bin/sdkman-init.sh && sdk install gradle "
 

.devcontainer/devcontainer.json

@@ -14,14 +14,24 @@
 	// Use 'forwardPorts' to make a list of ports inside the container available locally.
 	// This can be used to network with other containers or with the host.
 	"forwardPorts": [
-		1080,
-		80,
-		8082
+		1080, // Mailcatcher
+		5432, // PostgreSQL
+		8080, // Events
+		8082  // Adminer
 	],
 	// Use 'postCreateCommand' to run commands after the container is created.
-	"postCreateCommand": "gradle bootRun",
+	// "postCreateCommand": "gradle bootRun",
 	// Configure tool-specific properties.
 	// "customizations": {},
 	// Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root.
-	"remoteUser": "root"
+	"remoteUser": "root",
+	"customizations": {
+		"vscode": {
+			"extensions": [
+				"vmware.vscode-boot-dev-pack",
+				"vscjava.vscode-gradle",
+				"vscjava.vscode-java-pack"
+			]
+		}
+	}
 }

.devcontainer/docker-compose.yml

@@ -26,7 +26,7 @@ services:
       - mailcatcher
 
   postgres:
-    image: postgres:latest
+    image: docker.io/library/postgres:latest
     restart: unless-stopped
     volumes:
       - postgres-data:/var/lib/postgresql/data
@@ -36,14 +36,14 @@ services:
       POSTGRES_HOST_AUTH_METHOD: trust
 
   adminer:
-    image: adminer
+    image: docker.io/library/adminer:latest
     restart: always
     depends_on: 
       - postgres
     ports:
       - "8082:8080"
 
   mailcatcher:
-    image: schickling/mailcatcher
+    image: docker.io/schickling/mailcatcher:latest
     restart: on-failure
     network_mode: service:postgres

.github/workflows/codeql-analysis.yml

@@ -10,10 +10,15 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
+    - name: Setup JDK
+      uses: actions/setup-java@v3
+      with:
+        distribution: 'temurin'
+        java-version: '17'
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3

build.gradle

@@ -1,6 +1,6 @@
 buildscript {
     ext {
-        springBootVersion = '2.7.18'
+        springBootVersion = '3.2.5'
     }
     repositories {
         mavenCentral()
@@ -56,16 +56,11 @@ dependencies {
     //TEMP APPLICATION PROPERTIES HELPER
     runtimeOnly 'org.springframework.boot:spring-boot-properties-migrator'
 
-
-    implementation 'javax.el:javax.el-api:2.2.5'
     implementation "be.woutschoovaerts:mollie:3.6.1"
 
-
-    implementation 'org.thymeleaf:thymeleaf-spring5'
-     implementation 'org.thymeleaf:thymeleaf'
-     implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity5'
-     implementation 'org.thymeleaf.extras:thymeleaf-extras-java8time'
-
+    implementation 'org.thymeleaf:thymeleaf-spring6'
+    implementation 'org.thymeleaf:thymeleaf'
+    implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity6'
 
     implementation 'com.google.guava:guava:32.0.0-jre'
     implementation 'org.hibernate.validator:hibernate-validator'

config/application-devcontainer.yml

@@ -76,7 +76,7 @@ logging.level.web: DEBUG
 
 # Serve connect
 server:
-  port: 80
+  port: 8080
   servlet.context-path: /
 
 # CH Connect Configuration

src/main/java/ch/wisv/events/ChConnectConfiguration.java

@@ -9,17 +9,18 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
-import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
 import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService;
 import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
 import org.springframework.security.oauth2.core.oidc.OidcIdToken;
 import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
 import org.springframework.security.oauth2.core.oidc.user.OidcUser;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.cors.CorsConfigurationSource;
@@ -32,11 +33,11 @@
  */
 @Configuration
 @EnableWebSecurity
-@EnableGlobalMethodSecurity(prePostEnabled = true)
+@EnableMethodSecurity(prePostEnabled = true)
 @ConfigurationProperties(prefix = "wisvch.connect")
 @Validated
 @Profile("!test")
-public class ChConnectConfiguration extends WebSecurityConfigurerAdapter {
+public class ChConnectConfiguration {
 
     /**
      * Groups that are admin in the system.
@@ -64,24 +65,29 @@ public class ChConnectConfiguration extends WebSecurityConfigurerAdapter {
      * @param http
      * @throws Exception
      */
-    public void configure(HttpSecurity http) throws Exception {
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
-                .cors()
-                .and()
-                .csrf()
-                .and().authorizeRequests()
-                    .antMatchers("/administrator/**").hasRole("ADMIN")
-                    .antMatchers("/", "/management/health").permitAll()
+                .cors(Customizer.withDefaults())
+                .csrf(Customizer.withDefaults())
+                .authorizeHttpRequests((authorize) -> authorize
+                    .requestMatchers("/administrator/**").hasRole("ADMIN")
+                    .requestMatchers("/", "/management/health").permitAll()
                     .anyRequest().permitAll()
-                .and()
-                    .logout()
+                    )
+                .logout(logout -> logout
                     .logoutSuccessUrl("/")
-                .and()
-                    .csrf()
+                    )
+                .csrf(csrf -> csrf
                     .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
-                    .ignoringAntMatchers("/api/v1/**")
-                .and()
-                .oauth2Login().userInfoEndpoint().oidcUserService(oidcUserService());
+                    .ignoringRequestMatchers("/api/v1/**")
+                )
+                .oauth2Login(oauth -> oauth
+                    .userInfoEndpoint(userInfo -> userInfo 
+                        .oidcUserService(oidcUserService())
+                    )
+                );
+        return http.build();
     }
 
     /**

src/main/java/ch/wisv/events/EventsApplication.java

@@ -3,10 +3,8 @@
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.autoconfigure.domain.EntityScan;
-import org.springframework.context.annotation.Bean;
 import org.springframework.data.jpa.convert.threeten.Jsr310JpaConverters;
 import org.springframework.scheduling.annotation.EnableScheduling;
-import org.thymeleaf.extras.java8time.dialect.Java8TimeDialect;
 
 /**
  * EventsApplication class.
@@ -25,15 +23,4 @@ public class EventsApplication {
     public static void main(String[] args) {
         SpringApplication.run(EventsApplication.class, args);
     }
-
-    /**
-     * Enables Time formating in thymeleaf.
-     *
-     * @return Java8TimeDialect
-     */
-    @Bean
-    public Java8TimeDialect java8TimeDialect() {
-        return new Java8TimeDialect();
-    }
-
 }

src/main/java/ch/wisv/events/WebConfiguration.java

@@ -0,0 +1,15 @@
+package ch.wisv.events;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.PathMatchConfigurer;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+public class WebConfiguration implements WebMvcConfigurer {
+
+    @Override
+    public void configurePathMatch(PathMatchConfigurer configurer) {
+      configurer.setUseTrailingSlashMatch(true);
+    }
+
+}

src/main/java/ch/wisv/events/admin/controller/DashboardIndexController.java

@@ -5,7 +5,6 @@
 import ch.wisv.events.core.repository.EventRepository;
 import ch.wisv.events.core.service.customer.CustomerService;
 import ch.wisv.events.core.service.event.EventService;
-import ch.wisv.events.core.service.ticket.TicketService;
 import java.time.LocalDateTime;
 import java.util.HashMap;
 import java.util.List;

src/main/java/ch/wisv/events/api/controller/OrderRestController.java

@@ -1,16 +1,13 @@
 package ch.wisv.events.api.controller;
 
-import ch.wisv.events.core.service.order.OrderService;
 import ch.wisv.events.webshop.service.PaymentsService;
-import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
 
 /**
  * OrderRestController class.
  */
-@Slf4j
 @RestController
 @RequestMapping("/api/v1/orders")
 public class OrderRestController {

src/main/java/ch/wisv/events/api/request/ProductDto.java

@@ -1,6 +1,6 @@
 package ch.wisv.events.api.request;
 
-import javax.validation.constraints.NotNull;
+import jakarta.validation.constraints.NotNull;
 
 import ch.wisv.events.core.util.VatRate;
 import lombok.Getter;

src/main/java/ch/wisv/events/core/model/customer/Customer.java

@@ -5,16 +5,15 @@
 import java.util.ArrayList;
 import java.util.List;
 import java.util.UUID;
-import javax.persistence.Column;
-import javax.persistence.ElementCollection;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.Id;
+import jakarta.persistence.Column;
+import jakarta.persistence.ElementCollection;
+import jakarta.persistence.Entity;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.Id;
 import lombok.AccessLevel;
 import lombok.Data;
 import lombok.Getter;
 import lombok.Setter;
-import org.springframework.beans.factory.annotation.Value;
 
 /**
  * Customer object.

src/main/java/ch/wisv/events/core/model/document/Document.java

@@ -1,8 +1,8 @@
 package ch.wisv.events.core.model.document;
 
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.Id;
+import jakarta.persistence.Entity;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.Id;
 import lombok.Data;
 
 /**

src/main/java/ch/wisv/events/core/model/event/Event.java

@@ -6,22 +6,22 @@
 import java.util.ArrayList;
 import java.util.List;
 import java.util.UUID;
-import javax.persistence.CascadeType;
-import javax.persistence.Column;
-import javax.persistence.ElementCollection;
-import javax.persistence.Entity;
-import javax.persistence.FetchType;
-import javax.persistence.GeneratedValue;
-import javax.persistence.Id;
-import javax.persistence.OneToMany;
-import javax.persistence.OrderBy;
-import javax.validation.constraints.NotNull;
+import jakarta.persistence.CascadeType;
+import jakarta.persistence.Column;
+import jakarta.persistence.ElementCollection;
+import jakarta.persistence.Entity;
+import jakarta.persistence.FetchType;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.Id;
+import jakarta.persistence.OneToMany;
+import jakarta.persistence.OrderBy;
+import jakarta.validation.constraints.NotNull;
 
 import lombok.AccessLevel;
 import lombok.Data;
 import lombok.EqualsAndHashCode;
 import lombok.Setter;
-import javax.validation.constraints.NotEmpty;
+import jakarta.validation.constraints.NotEmpty;
 import org.springframework.format.annotation.DateTimeFormat;
 import org.springframework.format.annotation.DateTimeFormat.ISO;
 

src/main/java/ch/wisv/events/core/model/order/Order.java

@@ -6,23 +6,24 @@
 import java.util.HashMap;
 import java.util.List;
 import java.util.UUID;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.FetchType;
-import javax.persistence.GeneratedValue;
-import javax.persistence.Id;
-import javax.persistence.ManyToMany;
-import javax.persistence.ManyToOne;
-import javax.persistence.Table;
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.FetchType;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.Id;
+import jakarta.persistence.ManyToMany;
+import jakarta.persistence.ManyToOne;
+import jakarta.persistence.Table;
 
-import javax.validation.constraints.NotNull;
+import jakarta.validation.constraints.NotNull;
 
 import ch.wisv.events.core.util.VatRate;
 import lombok.AccessLevel;
 import lombok.Data;
 import lombok.Getter;
 import lombok.Setter;
 import org.springframework.format.annotation.DateTimeFormat;
+
 import static org.springframework.format.annotation.DateTimeFormat.ISO;
 
 @Entity
@@ -51,7 +52,7 @@ public class Order {
      * Field customer customer that order this.
      */
     @ManyToOne
-    @NotNull
+    // @NotNull
     private Customer owner;
 
     /**
@@ -120,6 +121,8 @@ public Order() {
         this.createdAt = LocalDateTime.now();
         this.status = OrderStatus.ANONYMOUS;
         this.orderProducts = new ArrayList<>();
+        this.createdBy = "ANONYMOUS";
+        this.amount = 0d;
     }
 
     /**