diff --git a/README.md b/README.md index cfa7f45f..a015f73c 100644 --- a/README.md +++ b/README.md @@ -109,7 +109,7 @@ Also try for example 'admin@xxx.example.com' or 'unknown@example.org'. If you want a formatted JSON output, you can pipe the result to `jq` or similar. -And to see the full, currently implemented, API, open http://localhost:8080/swagger-ui/index.html. +And to see the full, currently implemented, API, open http://localhost:8081/actuator/swagger-ui/index.html (uses management-port and thus bypasses authentication). If you still need to install some of these tools, find some hints in the next chapters. diff --git a/build.gradle b/build.gradle index dbc43589..7646a33b 100644 --- a/build.gradle +++ b/build.gradle @@ -1,11 +1,11 @@ plugins { id 'java' - id 'org.springframework.boot' version '3.3.4' - id 'io.spring.dependency-management' version '1.1.6' + id 'org.springframework.boot' version '3.3.7' + id 'io.spring.dependency-management' version '1.1.7' id 'io.openapiprocessor.openapi-processor' version '2023.2' id 'com.github.jk1.dependency-license-report' version '2.9' - id "org.owasp.dependencycheck" version "10.0.4" - id "com.diffplug.spotless" version "6.25.0" + id "org.owasp.dependencycheck" version "11.1.1" + id "com.diffplug.spotless" version "7.0.0" id 'jacoco' id 'info.solidsoft.pitest' version '1.15.0' id 'se.patrikerdes.use-latest-versions' version '0.2.18' @@ -60,25 +60,24 @@ dependencies { implementation 'org.springframework.boot:spring-boot-starter-validation' implementation 'org.springframework.boot:spring-boot-starter-actuator' implementation 'org.springframework.boot:spring-boot-starter-security' - implementation 'com.github.gavlyukovskiy:datasource-proxy-spring-boot-starter:1.9.2' + implementation 'com.github.gavlyukovskiy:datasource-proxy-spring-boot-starter:1.10.0' implementation 'org.springdoc:springdoc-openapi:2.6.0' implementation 'org.postgresql:postgresql:42.7.4' - implementation 'org.liquibase:liquibase-core:4.29.2' - implementation 'io.hypersistence:hypersistence-utils-hibernate-63:3.8.3' - implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.18.0' + implementation 'org.liquibase:liquibase-core:4.30.0' + implementation 'io.hypersistence:hypersistence-utils-hibernate-63:3.9.0' + implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.18.2' implementation 'org.openapitools:jackson-databind-nullable:0.2.6' - implementation 'org.apache.commons:commons-text:1.12.0' - implementation 'net.java.dev.jna:jna:5.15.0' - implementation 'org.modelmapper:modelmapper:3.2.1' + implementation 'org.apache.commons:commons-text:1.13.0' + implementation 'net.java.dev.jna:jna:5.16.0' + implementation 'org.modelmapper:modelmapper:3.2.2' implementation 'org.iban4j:iban4j:3.2.10-RELEASE' implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.6.0' - implementation 'org.webjars:swagger-ui:5.17.14' implementation 'org.reflections:reflections:0.10.2' compileOnly 'org.projectlombok:lombok' testCompileOnly 'org.projectlombok:lombok' - developmentOnly 'org.springframework.boot:spring-boot-devtools' + // FIXME: developmentOnly 'org.springframework.boot:spring-boot-devtools' annotationProcessor 'org.projectlombok:lombok' testAnnotationProcessor 'org.projectlombok:lombok' @@ -205,7 +204,7 @@ openApiGenerate.dependsOn processSpring spotless { java { removeUnusedImports() - indentWithSpaces(4) + leadingTabsToSpaces(4) endWithNewline() toggleOffOn() diff --git a/etc/owasp-dependency-check-suppression.xml b/etc/owasp-dependency-check-suppression.xml index b407e289..52fe065c 100644 --- a/etc/owasp-dependency-check-suppression.xml +++ b/etc/owasp-dependency-check-suppression.xml @@ -9,8 +9,12 @@ - CVE-2024-9329 + ^pkg:maven/ch\.qos\.logback/logback-core@.*$ + cpe:/a:qos:logback + CVE-2024-12798 + diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 69ad1e1b..f6a6fe88 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -9,7 +9,7 @@ management: web: exposure: # HOWTO: view _clickable_ Spring Actuator (Micrometer) Metrics endpoints: http://localhost:8081/actuator/metric-links - include: info, health, metrics, metric-links + include: info, health, metrics, metric-links, mappings, openapi, swaggerui observations: annotations: enabled: true @@ -30,6 +30,10 @@ spring: hibernate: dialect: net.hostsharing.hsadminng.config.PostgresCustomDialect +# keep this in sync with test/.../application.yml +springdoc: + use-management-port: true + liquibase: contexts: dev diff --git a/src/test/java/net/hostsharing/hsadminng/config/WebSecurityConfigIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/config/WebSecurityConfigIntegrationTest.java index 586702c2..00444c3a 100644 --- a/src/test/java/net/hostsharing/hsadminng/config/WebSecurityConfigIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/config/WebSecurityConfigIntegrationTest.java @@ -82,14 +82,14 @@ class WebSecurityConfigIntegrationTest { @Test public void shouldSupportSwaggerUi() { final var result = this.restTemplate.getForEntity( - "http://localhost:" + this.managementPort + "/swagger-ui/index.html", String.class); + "http://localhost:" + this.managementPort + "/actuator/swagger-ui/index.html", String.class); assertThat(result.getStatusCode()).isEqualTo(HttpStatus.OK); } @Test public void shouldSupportApiDocs() { final var result = this.restTemplate.getForEntity( - "http://localhost:" + this.managementPort + "/v3/api-docs/swagger-config", String.class); + "http://localhost:" + this.managementPort + "/actuator/v3/api-docs/swagger-config", String.class); assertThat(result.getStatusCode()).isEqualTo(HttpStatus.NOT_FOUND); // permitted but not configured } diff --git a/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerRestTest.java b/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerRestTest.java index ffc97a63..be1eaef9 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerRestTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerRestTest.java @@ -20,11 +20,11 @@ import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest; import org.springframework.boot.test.context.TestConfiguration; -import org.springframework.boot.test.mock.mockito.MockBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Import; import org.springframework.http.MediaType; import org.springframework.test.context.ActiveProfiles; +import org.springframework.boot.test.mock.mockito.MockBean; import org.springframework.test.context.junit4.SpringRunner; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; diff --git a/src/test/resources/application.yml b/src/test/resources/application.yml index a69f8aa1..954bdd63 100644 --- a/src/test/resources/application.yml +++ b/src/test/resources/application.yml @@ -39,6 +39,10 @@ spring: change-log: classpath:/db/changelog/db.changelog-master.yaml contexts: tc,test,dev,pg_stat_statements +# keep this in sync with main/.../application.yml +springdoc: + use-management-port: true + logging: level: liquibase: WARN