Dependency upgrades 4.0

pom.xml

@@ -5,7 +5,7 @@
     <artifactId>api</artifactId>
     <packaging>jar</packaging>
     <name>${project.groupId}:${project.artifactId}</name>
-    <version>3.4.1-SNAPSHOT</version>
+    <version>4.0.0-SNAPSHOT</version> 
     <description>Hygieia Rest API Layer</description>
     <url>https://github.com/Hygieia/api</url>
 
@@ -44,6 +44,16 @@
             <organization>CapitalOne</organization>
             <organizationUrl>http://www.capitalone.com</organizationUrl>
         </developer>
+        <developer>
+            <id>erictice</id>
+            <name>Eric Tice</name>
+            <email>[email protected]</email>
+            <url>https://github.com/erictice</url>
+            <roles>
+                <role>maintainer</role>
+            </roles>
+            <timezone>America/Chicago</timezone>
+        </developer>
     </developers>
 
     <organization>
@@ -54,26 +64,27 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>1.5.22.RELEASE</version>
+        <version>2.5.3</version>
     </parent>
 
     <properties>
         <!-- Dependencies -->
-        <com.capitalone.dashboard.core.version>3.14.0</com.capitalone.dashboard.core.version>
-        <spring-security.version>4.2.18.RELEASE</spring-security.version>
-        <tomcat.version>8.5.57</tomcat.version>
+        <com.capitalone.dashboard.core.version>4.0.0</com.capitalone.dashboard.core.version>
+        <spring-security.version>5.5.1</spring-security.version>
+        <tomcat.version>10.1.0-M2</tomcat.version>
         <commons-beanutils.version>1.9.4</commons-beanutils.version>
-        <commons-codec.version>1.14</commons-codec.version>
+        <commons-codec.version>1.15</commons-codec.version>
         <commons-collections4.version>4.1</commons-collections4.version>
         <commons-io.version>2.4</commons-io.version>
         <commons-lang.version>3.10</commons-lang.version>
         <fongo.version>2.2.0-RC2</fongo.version>
-        <guava.version>29.0-jre</guava.version>
-        <hibernate-validator.version>5.4.2.Final</hibernate-validator.version>
-        <jackson.version>2.10.3</jackson.version>
+        <guava.version>30.1.1-jre</guava.version>
+        <hibernate-validator.version>6.1.5.Final</hibernate-validator.version>
+        <jackson.version>2.11.4</jackson.version>
         <jasypt.version>1.18</jasypt.version>
         <logback.version>1.2.3</logback.version>
-        <mongodb.version>3.6.4</mongodb.version>
+        <log4j2.version>2.14.1</log4j2.version>
+        <mongodb.version>4.0.6</mongodb.version>
         <jjwt.version>0.6.0</jjwt.version>
         <springfox.version>2.4.0</springfox.version>
         <assertj.version>3.9.0</assertj.version>
@@ -84,8 +95,8 @@
         <jacoco.maven.plugin.version>0.8.3</jacoco.maven.plugin.version>
         <jacoco.coverage.percentage.minimum>0.200</jacoco.coverage.percentage.minimum>
         <jacoco.classes.missed.minimum>300</jacoco.classes.missed.minimum>
-        <java.compilation.source>1.8</java.compilation.source>
-        <java.compilation.target>1.8</java.compilation.target>
+        <java.compilation.source>14</java.compilation.source>
+        <java.compilation.target>14</java.compilation.target>
         <maven.compiler.plugin.version>3.1</maven.compiler.plugin.version>
         <maven.changes.plugin.version>2.12.1</maven.changes.plugin.version>
         <maven.checkstyle.plugin.version>3.0.0</maven.checkstyle.plugin.version>
@@ -136,7 +147,39 @@
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
+             <version>2.5.3</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.apache.tomcat.embed</groupId>
+                    <artifactId>tomcat-embed-websocket</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
+        <!-- https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api -->
+<dependency>
+    <groupId>javax.servlet</groupId>
+    <artifactId>javax.servlet-api</artifactId>
+    <version>4.0.1</version>
+    <scope>provided</scope>
+</dependency>
+
+        <!-- https://mvnrepository.com/artifact/log4j/log4j -->
+<dependency>
+    <groupId>org.apache.logging.log4j</groupId>
+    <artifactId>log4j-api</artifactId>
+     <version>${log4j2.version}</version>
+  </dependency>
+  <dependency>
+    <groupId>org.apache.logging.log4j</groupId>
+    <artifactId>log4j-core</artifactId>
+     <version>${log4j2.version}</version>
+  </dependency>
+        <!-- https://mvnrepository.com/artifact/org.apache.commons/commons-compress -->
+<dependency>
+    <groupId>org.apache.commons</groupId>
+    <artifactId>commons-compress</artifactId>
+    <version>1.21</version>
+</dependency>
 
         <dependency>
             <groupId>org.springframework.boot</groupId>
@@ -153,9 +196,16 @@
             <artifactId>spring-boot-starter-aop</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-configuration-processor</artifactId>
+            <optional>true</optional>
+        </dependency>
+
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-test</artifactId>
+              <version>2.5.3</version>
             <scope>test</scope>
         </dependency>
 
@@ -232,8 +282,10 @@
                 <configuration>
                     <source>${java.compilation.source}</source>
                     <target>${java.compilation.target}</target>
+
                 </configuration>
             </plugin>
+
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-checkstyle-plugin</artifactId>
@@ -668,8 +720,8 @@
                         <artifactId>maven-compiler-plugin</artifactId>
                         <version>3.5.1</version>
                         <configuration>
-                            <source>1.8</source>
-                            <target>1.8</target>
+                            <source>${java.compilation.source}</source>
+                    <target>${java.compilation.target}</target>
                         </configuration>
                     </plugin>
                     <plugin>
@@ -732,4 +784,4 @@
             </build>
         </profile>
     </profiles>
-</project>
+</project>

src/main/java/com/capitalone/dashboard/Application.java

@@ -4,7 +4,7 @@
 
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.builder.SpringApplicationBuilder;
-import org.springframework.boot.web.support.SpringBootServletInitializer;
+import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
 import org.springframework.context.annotation.Bean;
 
 import com.capitalone.dashboard.config.MongoConfig;

src/main/java/com/capitalone/dashboard/auth/access/MethodLevelSecurityHandler.java

@@ -1,5 +1,7 @@
 package com.capitalone.dashboard.auth.access;
 
+import java.util.Optional;
+
 import org.bson.types.ObjectId;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
@@ -21,10 +23,11 @@ public MethodLevelSecurityHandler(DashboardRepository dashboardRepository) {
 	}
 
 	public boolean isOwnerOfDashboard(ObjectId dashboardId) {
-		Dashboard dashboard = dashboardRepository.findOne(dashboardId);
-		if (dashboard == null) {
+		Optional<Dashboard> optDash = dashboardRepository.findById(dashboardId);
+		if (optDash == null) {
 			return false;
 		}
+		Dashboard dashboard = optDash.get(); 
 
 		String username = AuthenticationUtil.getUsernameFromContext();
 		AuthType authType = AuthenticationUtil.getAuthTypeFromContext();

src/main/java/com/capitalone/dashboard/auth/ldap/CustomUserDetailsContextMapper.java

@@ -1,6 +1,7 @@
 package com.capitalone.dashboard.auth.ldap;
 
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.ldap.core.DirContextAdapter;
 import org.springframework.ldap.core.DirContextOperations;
@@ -14,7 +15,7 @@
 @Configuration
 public class CustomUserDetailsContextMapper extends LdapUserDetailsMapper {
 
-    private static final Logger LOGGER = Logger.getLogger(CustomUserDetailsContextMapper.class);
+    private static final Logger LOGGER = LogManager.getLogger(CustomUserDetailsContextMapper.class);
 
     @Override
     public CustomUserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection authorities) {

src/main/java/com/capitalone/dashboard/auth/sso/SsoAuthenticationFilter.java

@@ -7,7 +7,8 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.core.Authentication;
@@ -19,7 +20,7 @@
 
 @Component
 public class SsoAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
-	private static final Logger LOGGER = Logger.getLogger(SsoAuthenticationFilter.class);
+	private static final Logger LOGGER = LogManager.getLogger(SsoAuthenticationFilter.class);
 
 	@Autowired
 	private SsoAuthenticationService ssoAuthenticationService;

src/main/java/com/capitalone/dashboard/auth/sso/SsoAuthenticationServiceImpl.java

@@ -5,7 +5,8 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
@@ -17,7 +18,7 @@
 
 @Component
 public class SsoAuthenticationServiceImpl implements SsoAuthenticationService {
-	private static final Logger LOGGER = Logger.getLogger(SsoAuthenticationServiceImpl.class);
+	private static final Logger LOGGER = LogManager.getLogger(SsoAuthenticationServiceImpl.class);
 
 	@Autowired
 	private SsoAuthenticationUtil ssoAuthenticationUtil;

src/main/java/com/capitalone/dashboard/auth/sso/SsoAuthenticationUtil.java

@@ -3,7 +3,8 @@
 import java.util.ArrayList;
 import java.util.Map;
 
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
@@ -16,7 +17,7 @@
 
 @Component
 public class SsoAuthenticationUtil {
-	private static final Logger LOGGER = Logger.getLogger(SsoAuthenticationUtil.class);
+	private static final Logger LOGGER = LogManager.getLogger(SsoAuthenticationUtil.class);
 
 	@Autowired
 	private AuthProperties authProperties;

src/main/java/com/capitalone/dashboard/auth/token/JwtAuthenticationFilter.java

@@ -11,7 +11,8 @@
 
 import org.apache.commons.collections4.MapUtils;
 import org.apache.commons.lang3.StringUtils;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.core.annotation.Order;
 import org.springframework.security.core.Authentication;
@@ -24,7 +25,7 @@
 @Order(2)
 public class JwtAuthenticationFilter extends OncePerRequestFilter {
 
-    private static final Logger LOGGER = Logger.getLogger(JwtAuthenticationFilter.class);
+    private static final Logger LOGGER = LogManager.getLogger(JwtAuthenticationFilter.class);
 	private TokenAuthenticationService tokenAuthenticationService;
 
 	@Autowired

src/main/java/com/capitalone/dashboard/config/WebSecurityConfig.java

@@ -15,12 +15,13 @@
 import com.capitalone.dashboard.settings.ApiSettings;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.security.Http401AuthenticationEntryPoint;
+import org.springframework.security.web.authentication.HttpStatusEntryPoint;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer;
@@ -100,7 +101,7 @@ protected void configure(HttpSecurity http) throws Exception {
                 .addFilterBefore(apiTokenRequestFilter(), UsernamePasswordAuthenticationFilter.class)
                 .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
                 .addFilterBefore(githubWebhookRequestFilter(), UsernamePasswordAuthenticationFilter.class)
-                .exceptionHandling().authenticationEntryPoint(new Http401AuthenticationEntryPoint("Authorization"));
+                .exceptionHandling().authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.ACCEPTED));
     }
 
     @Override