Dependency Updates (#55)

* Bump duracloud versions
* Dependency updates
* Spring Framework to 5
* Spring Data to 2.7
* Spring Security to 5
* Apache Tiles to 3
* Hibernate Validator to 5.4
* Various managed dependencies for resolving conflicts
* Spring data api updates
* Spring security api updates
* Remove static init so the default strategy is used
* When getting SecurityContext, use the strategy holder
* Quality of life changes
* Remove dead code
* Fix missing arguments in logging statements
* Unwrap object arrays in logging statements
* Other minor api changes
* Spring java config updates
* Hibernate validator api updates
* Tiles updates
* Replaces xml config with java for easier migrations
* Updates to Tiles API
* Spring xml updates
* Remove version where possible
* Update security password encoder bean
* Web xml updates
* xmlns cleanup
* add init param in order to remove servlet xml
* Update spring framework and security versions
* Bump aws sdk version; switch to aws sdk bom
* Move exclusion for commons-logging
* Update jsoup
* Bump xstream
* Bump spring versions to latest point release

account-management-app/pom.xml

@@ -18,7 +18,6 @@
 
   <!-- Project properties -->
   <properties>
-    <tiles.version>2.2.2</tiles.version>
     <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <unitTests>**/*Test.class</unitTests>
@@ -241,7 +240,7 @@
     <dependency>
       <groupId>org.jsoup</groupId>
       <artifactId>jsoup</artifactId>
-      <version>1.14.2</version>
+      <version>1.15.3</version>
     </dependency>
 
     <dependency>
@@ -254,7 +253,7 @@
     <dependency>
       <groupId>javax.validation</groupId>
       <artifactId>validation-api</artifactId>
-      <version>1.0.0.GA</version>
+      <version>1.1.0.Final</version>
     </dependency>
     <dependency>
       <groupId>javax.servlet</groupId>
@@ -282,27 +281,22 @@
     <dependency>
       <groupId>org.apache.tiles</groupId>
       <artifactId>tiles-api</artifactId>
-      <version>${tiles.version}</version>
     </dependency>
     <dependency>
       <groupId>org.apache.tiles</groupId>
       <artifactId>tiles-core</artifactId>
-      <version>${tiles.version}</version>
     </dependency>
     <dependency>
       <groupId>org.apache.tiles</groupId>
       <artifactId>tiles-template</artifactId>
-      <version>${tiles.version}</version>
     </dependency>
     <dependency>
       <groupId>org.apache.tiles</groupId>
       <artifactId>tiles-servlet</artifactId>
-      <version>${tiles.version}</version>
     </dependency>
     <dependency>
       <groupId>org.apache.tiles</groupId>
       <artifactId>tiles-jsp</artifactId>
-      <version>${tiles.version}</version>
     </dependency>
     <dependency>
       <groupId>javax.servlet</groupId>
@@ -328,8 +322,6 @@
     <dependency>
       <groupId>org.hibernate</groupId>
       <artifactId>hibernate-validator</artifactId>
-      <version>4.1.0.Final</version>
-      <scope>compile</scope>
     </dependency>
     <dependency>
       <groupId>org.seleniumhq.selenium</groupId>

account-management-app/src/main/java/org/duracloud/account/annotation/EmailAddressesValidator.java

@@ -15,7 +15,7 @@
 
 import org.apache.commons.lang.StringUtils;
 import org.duracloud.account.util.EmailAddressesParser;
-import org.hibernate.validator.constraints.impl.EmailValidator;
+import org.hibernate.validator.internal.constraintvalidators.hv.EmailValidator;
 
 /**
  * @author "Daniel Bernstein ([email protected])"
@@ -24,7 +24,7 @@
 public class EmailAddressesValidator
     implements ConstraintValidator<EmailAddressesConstraint, String> {
     private EmailAddressesConstraint constraintAnnotation;
-    private static EmailValidator EMAIL_VALIDATOR = new EmailValidator();
+    private static final EmailValidator EMAIL_VALIDATOR = new EmailValidator();
 
     /*
      * (non-Javadoc)
@@ -39,7 +39,7 @@ public boolean isValid(String value, ConstraintValidatorContext context) {
         for (String ea : emailAddresses) {
             if (!EMAIL_VALIDATOR.isValid(ea, null)) {
                 if (badAddresses == null) {
-                    badAddresses = new LinkedList<String>();
+                    badAddresses = new LinkedList<>();
                 }
 
                 badAddresses.add(ea);

account-management-app/src/main/java/org/duracloud/account/app/controller/AbstractAccountController.java

@@ -176,7 +176,7 @@ protected void addUserToModel(Model model) throws DBNotFoundException {
      * @return
      */
     protected DuracloudUser getUser() throws DBNotFoundException {
-        SecurityContext securityContext = SecurityContextHolder.getContext();
+        SecurityContext securityContext = SecurityContextHolder.getContextHolderStrategy().getContext();
         Authentication authentication = securityContext.getAuthentication();
         String username = authentication.getName();
         return this.userService.loadDuracloudUserByUsername(username);

account-management-app/src/main/java/org/duracloud/account/app/controller/AbstractController.java

@@ -137,16 +137,6 @@ public ModelAndView handleException(Exception e) {
         return new ModelAndView("exception", "ex", e);
     }
 
-    /*
-    @ExceptionHandler(Exception.class)
-    public ModelAndView handleException(Exception e) {
-        setError(e);
-        String username =
-            SecurityContextHolder.getContext().getAuthentication().getName();
-        return createRedirectMav(UserController.formatUserUrl(username));
-    }
-    */
-
     protected static String formatUserUrl(String username) {
         String url = USERS_MAPPING + USER_MAPPING;
         url = url.replaceAll("\\{username.*\\}", username);

account-management-app/src/main/java/org/duracloud/account/app/controller/AbstractCrudController.java

@@ -92,7 +92,7 @@ protected String createSuccessMessage() {
     public ModelAndView edit(@PathVariable Long id) {
 
         T form = getFormById(id);
-        log.debug("retrieved form: id={} -> form=", id, form);
+        log.debug("retrieved form: id={} -> form={}", id, form);
 
         return new ModelAndView(getEditViewId(), "form", form);
     }
@@ -120,7 +120,7 @@ public ModelAndView update(@PathVariable Long id,
 
         update(id, form);
 
-        log.info("updated form: id={} -> form=", id, form);
+        log.info("updated form: id={} -> form={}", id, form);
 
         setSuccessFeedback(updateSuccessMessage(),
                            redirectAttributes);

account-management-app/src/main/java/org/duracloud/account/app/controller/AccountController.java

@@ -58,7 +58,7 @@ public ModelAndView activate(@PathVariable Long accountId)
         accountService.storeAccountStatus(AccountInfo.AccountStatus.ACTIVE);
 
         String username =
-            SecurityContextHolder.getContext().getAuthentication().getName();
+            SecurityContextHolder.getContextHolderStrategy().getContext().getAuthentication().getName();
         return createUserRedirectModelAndView(username);
     }
 
@@ -71,7 +71,7 @@ public ModelAndView deactivate(@PathVariable Long accountId,
         accountService.storeAccountStatus(AccountInfo.AccountStatus.INACTIVE);
 
         String username =
-            SecurityContextHolder.getContext().getAuthentication().getName();
+            SecurityContextHolder.getContextHolderStrategy().getContext().getAuthentication().getName();
         return createUserRedirectModelAndView(username);
     }
 

account-management-app/src/main/java/org/duracloud/account/app/controller/DuracloudMillController.java

@@ -89,7 +89,7 @@ public DuracloudMillForm form() {
             }
 
             // Hidden value to ensure we can't use global props rmq conf
-            // if there is no gloabl props rmq conf available
+            // if there is no global props rmq conf available
             form.setGlobalPropsRmqConfAvailable(rabbitmqConfigService.get(1L) != null);
 
             return form;

account-management-app/src/main/java/org/duracloud/account/app/controller/UserController.java

@@ -148,7 +148,7 @@ public InstanceType[] instanceTypes() {
 
     @RequestMapping(value = {"/profile"}, method = RequestMethod.GET)
     public ModelAndView profileRedirect() {
-        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+        Authentication auth = SecurityContextHolder.getContextHolderStrategy().getContext().getAuthentication();
         if (auth.isAuthenticated() && auth instanceof AnonymousAuthenticationToken) {
             //this check is necessary because on logout the browser is getting directed here
             //I'm not sure why the request is getting through - everything seems properly configured

account-management-app/src/main/java/org/duracloud/account/app/view/GlobalPreparer.java

@@ -8,8 +8,8 @@
 package org.duracloud.account.app.view;
 
 import org.apache.tiles.AttributeContext;
-import org.apache.tiles.context.TilesRequestContext;
 import org.apache.tiles.preparer.ViewPreparer;
+import org.apache.tiles.request.Request;
 import org.springframework.stereotype.Component;
 
 /**
@@ -22,7 +22,7 @@
 public class GlobalPreparer implements ViewPreparer {
 
     @Override
-    public void execute(TilesRequestContext tilesContext,
+    public void execute(Request tilesContext,
                         AttributeContext attributeContext) {
 
     }

account-management-app/src/main/java/org/duracloud/account/app/view/RootPreparer.java

@@ -10,8 +10,8 @@
 import java.util.LinkedList;
 
 import org.apache.tiles.AttributeContext;
-import org.apache.tiles.context.TilesRequestContext;
 import org.apache.tiles.preparer.ViewPreparer;
+import org.apache.tiles.request.Request;
 import org.duracloud.account.app.controller.DuracloudMillController;
 import org.duracloud.account.app.controller.GlobalPropertiesController;
 import org.duracloud.account.app.controller.NotificationsController;
@@ -20,13 +20,11 @@
 @Component("rootPreparer")
 public class RootPreparer implements ViewPreparer {
     @Override
-    public void execute(TilesRequestContext tilesContext,
-                        AttributeContext attributeContext) {
-        tilesContext.getRequestScope().put("primaryTabs", new RootTabs());
-        String currentUri =
-            (String) tilesContext.getRequestScope()
-                                 .get("javax.servlet.forward.request_uri");
-        tilesContext.getRequestScope().put("currentUri", currentUri);
+    public void execute(final Request request, final AttributeContext attributeContext) {
+        final var requestScope = request.getContext("request");
+        requestScope.put("primaryTabs", new RootTabs());
+        String currentUri = (String) requestScope.get("javax.servlet.forward.request_uri");
+        requestScope.put("currentUri", currentUri);
     }
 
     public static class RootTabs extends LinkedList<Tab> {

account-management-app/src/main/java/org/duracloud/account/config/BinderControllerAdvice.java

@@ -14,6 +14,7 @@
 import org.springframework.web.bind.annotation.InitBinder;
 
 /**
+ * todo: likely deprecated w/ spring update to 5.3.25
  * Recommended solution for https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
  * @author dbernstein
  */

account-management-app/src/main/java/org/duracloud/account/config/ViewConfig.java

@@ -0,0 +1,53 @@
+/*
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ *     http://duracloud.org/license/
+ */
+package org.duracloud.account.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.ViewResolver;
+import org.springframework.web.servlet.view.InternalResourceViewResolver;
+import org.springframework.web.servlet.view.JstlView;
+import org.springframework.web.servlet.view.UrlBasedViewResolver;
+import org.springframework.web.servlet.view.tiles3.SpringBeanPreparerFactory;
+import org.springframework.web.servlet.view.tiles3.TilesConfigurer;
+import org.springframework.web.servlet.view.tiles3.TilesView;
+
+/**
+ * Configuration for Apache Tiles views
+ *
+ * @author mikejritter
+ */
+@Configuration
+public class ViewConfig {
+
+    @Bean
+    public ViewResolver viewResolver() {
+        final var resolver = new UrlBasedViewResolver();
+        resolver.setViewClass(TilesView.class);
+        resolver.setOrder(1);
+        return resolver;
+    }
+
+    @Bean
+    public TilesConfigurer tilesConfigurer() {
+        final var configurer = new TilesConfigurer();
+        configurer.setDefinitions("/WEB-INF/defs/general.xml", "/WEB-INF/defs/root.xml", "/WEB-INF/**/views.xml");
+        configurer.setPreparerFactoryClass(SpringBeanPreparerFactory.class);
+        return configurer;
+    }
+
+    @Bean
+    public InternalResourceViewResolver jspViewResolver() {
+        final var resolver = new InternalResourceViewResolver();
+        resolver.setViewClass(JstlView.class);
+        resolver.setPrefix("/WEB-INF/jspx/");
+        resolver.setSuffix(".jspx");
+        return resolver;
+    }
+
+}

account-management-app/src/main/java/org/duracloud/account/config/WebConfig.java

@@ -8,13 +8,16 @@
 package org.duracloud.account.config;
 
 import org.springframework.beans.PropertyEditorRegistrar;
-import org.springframework.beans.PropertyEditorRegistry;
 import org.springframework.beans.propertyeditors.StringTrimmerEditor;
 import org.springframework.binding.convert.ConversionService;
 import org.springframework.binding.convert.service.DefaultConversionService;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.format.support.DefaultFormattingConversionService;
+import org.springframework.format.support.FormattingConversionService;
+import org.springframework.lang.NonNull;
+import org.springframework.validation.Validator;
+import org.springframework.web.accept.ContentNegotiationManager;
 import org.springframework.web.bind.support.ConfigurableWebBindingInitializer;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;
 import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter;
@@ -29,17 +32,20 @@ public class WebConfig extends WebMvcConfigurationSupport {
 
     @Override
     @Bean
-    public RequestMappingHandlerAdapter requestMappingHandlerAdapter() {
-        RequestMappingHandlerAdapter adapter = super.requestMappingHandlerAdapter();
+    @NonNull
+    public RequestMappingHandlerAdapter requestMappingHandlerAdapter(
+        @NonNull final ContentNegotiationManager contentNegotiationManager,
+        @NonNull final FormattingConversionService conversionService,
+        @NonNull final Validator validator) {
+        RequestMappingHandlerAdapter adapter = super.requestMappingHandlerAdapter(contentNegotiationManager,
+                                                                                  conversionService,
+                                                                                  validator);
         ConfigurableWebBindingInitializer initializer =
             (ConfigurableWebBindingInitializer) adapter.getWebBindingInitializer();
 
-        PropertyEditorRegistrar propertyEditorRegistrar = new PropertyEditorRegistrar() {
-            @Override
-            public void registerCustomEditors(PropertyEditorRegistry registry) {
-                //Trim strings before setting values on all form beans.
-                registry.registerCustomEditor(Object.class, new StringTrimmerEditor(true));
-            }
+        PropertyEditorRegistrar propertyEditorRegistrar = registry -> {
+            //Trim strings before setting values on all form beans.
+            registry.registerCustomEditor(Object.class, new StringTrimmerEditor(true));
         };
 
         initializer.setPropertyEditorRegistrar(propertyEditorRegistrar);

account-management-app/src/main/java/org/duracloud/account/jsp/SanitizeTag.java

@@ -8,13 +8,11 @@
 package org.duracloud.account.jsp;
 
 import java.io.IOException;
-import java.io.StringWriter;
-import javax.servlet.jsp.JspException;
 import javax.servlet.jsp.JspWriter;
 import javax.servlet.jsp.tagext.SimpleTagSupport;
 
 import org.jsoup.Jsoup;
-import org.jsoup.safety.Whitelist;
+import org.jsoup.safety.Safelist;
 
 /**
  * Uses JSoup.clean to sanitize html markup.
@@ -29,12 +27,10 @@ public void setText(String text) {
         this.text = text;
     }
 
-    StringWriter sw = new StringWriter();
-
-    public void doTag() throws JspException, IOException {
+    public void doTag() throws IOException {
         if (text != null) {
             JspWriter out = getJspContext().getOut();
-            out.println(Jsoup.clean(text, Whitelist.basic()));
+            out.println(Jsoup.clean(text, Safelist.basic()));
         }
 
     }

account-management-app/src/main/webapp/WEB-INF/applicationContext.xml

@@ -2,9 +2,9 @@
 <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:context="http://www.springframework.org/schema/context"
        xsi:schemaLocation="http://www.springframework.org/schema/beans
-        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+        http://www.springframework.org/schema/beans/spring-beans.xsd
         http://www.springframework.org/schema/context
-        http://www.springframework.org/schema/context/spring-context-3.0.xsd">
+        http://www.springframework.org/schema/context/spring-context.xsd">
   <context:annotation-config/>
   <context:component-scan base-package="org.duracloud.account,org.duracloud.common.changenotifier.impl"/>
 
@@ -33,7 +33,6 @@
 
   <import resource="config/service-config.xml"/>
   <import resource="config/security-config.xml"/>
-  <import resource="config/view-config.xml"/>
   <import resource="config/aop-config.xml"/>
   <import resource="config/webflow-config.xml"/>
 

account-management-app/src/main/webapp/WEB-INF/config/aop-config.xml

@@ -3,8 +3,8 @@
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:aop="http://www.springframework.org/schema/aop"
        xsi:schemaLocation="
-http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
-http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.0.xsd">
+http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd">
 
   <!--Enables auto-detection and proxying of Aspects-->
   <aop:aspectj-autoproxy/>