Update spring 5.1

build.gradle

@@ -31,7 +31,7 @@ plugins {
     id 'com.github.ben-manes.versions' version '0.20.0'
     id 'com.github.hierynomus.license' version '0.14.0'
     id 'net.researchgate.release' version '2.7.0'
-    id 'org.springframework.boot' version '2.0.6.RELEASE'
+    id 'org.springframework.boot' version '2.1.0.RELEASE'
 }
 
 apply plugin: 'java'
@@ -138,24 +138,24 @@ dependencies {
     }
     compile 'com.moodysalem:LatLongToTimezoneMaven:1.2'
     /**/
-    compile "com.openhtmltopdf:openhtmltopdf-core:0.0.1-RC16"
-    compile "com.openhtmltopdf:openhtmltopdf-pdfbox:0.0.1-RC16"
-    compile "com.openhtmltopdf:openhtmltopdf-jsoup-dom-converter:0.0.1-RC16"
+    compile "com.openhtmltopdf:openhtmltopdf-core:0.0.1-RC17"
+    compile "com.openhtmltopdf:openhtmltopdf-pdfbox:0.0.1-RC17"
+    compile "com.openhtmltopdf:openhtmltopdf-jsoup-dom-converter:0.0.1-RC17"
     /**/
     compile "com.google.zxing:core:3.3.3"
     compile "com.google.zxing:javase:3.3.3"
     compile "org.flywaydb:flyway-core:5.1.3"
-    compile "org.postgresql:postgresql:42.2.2"
+    compile "org.postgresql:postgresql:42.2.5"
     compile "com.zaxxer:HikariCP:2.7.7"
     compile "org.apache.logging.log4j:log4j-api:$log4jVersion"
     compile "com.stripe:stripe-java:5.42.0"
     compile 'com.paypal.sdk:rest-api-sdk:1.14.0'
-    compile 'com.squareup.okhttp3:okhttp:3.10.0'
+    compile 'com.squareup.okhttp3:okhttp:3.11.0'
     compile "org.apache.commons:commons-lang3:3.7"
     compile "org.apache.commons:commons-text:1.2"
     compile "com.opencsv:opencsv:4.2"
     compile 'commons-codec:commons-codec:1.11'
-    compile 'net.sf.biweekly:biweekly:0.6.1'
+    compile 'net.sf.biweekly:biweekly:0.6.2'
     compile 'com.atlassian.commonmark:commonmark:0.11.0'
     compile 'com.ryantenney.passkit4j:passkit4j:2.0.1'
     compile 'com.github.ben-manes.caffeine:caffeine:2.6.2'

gradle.properties

@@ -5,8 +5,8 @@ version=2.0-M1-SNAPSHOT
 sourceCompatibility=1.8
 targetCompatibility=1.8
 
-springVersion=5.0.10.RELEASE
-springSecurityConfigVersion=5.0.9.RELEASE
+springVersion=5.1.2.RELEASE
+springSecurityConfigVersion=5.1.1.RELEASE
 log4jVersion=2.11.1
-jacksonVersion=2.9.6
+jacksonVersion=2.9.7
 junitVersion=5.1.0

src/main/java/alfio/config/Initializer.java

@@ -22,6 +22,7 @@
 import org.apache.commons.lang3.Validate;
 import org.springframework.core.env.ConfigurableEnvironment;
 import org.springframework.core.env.Environment;
+import org.springframework.core.env.Profiles;
 import org.springframework.web.context.ConfigurableWebApplicationContext;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.filter.CharacterEncodingFilter;
@@ -86,7 +87,7 @@ private void configureSessionCookie(ServletContext servletContext) {
 
         Validate.notNull(environment, "environment cannot be null!");
         // set secure cookie only if current environment doesn't strictly need HTTP
-        config.setSecure(environment.acceptsProfiles(Initializer.PROFILE_LIVE));
+        config.setSecure(environment.acceptsProfiles(Profiles.of(Initializer.PROFILE_LIVE)));
 
         // FIXME and CHECKME what a mess, ouch: https://issues.jboss.org/browse/WFLY-3448 ?
         config.setPath(servletContext.getContextPath() + "/");

src/main/java/alfio/config/MvcConfiguration.java

@@ -37,6 +37,7 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.support.DefaultMessageSourceResolvable;
 import org.springframework.core.env.Environment;
+import org.springframework.core.env.Profiles;
 import org.springframework.http.MediaType;
 import org.springframework.http.converter.HttpMessageConverter;
 import org.springframework.http.converter.StringHttpMessageConverter;
@@ -96,7 +97,7 @@ public MvcConfiguration(MessageSource messageSource,
     @Override
     public void addResourceHandlers(ResourceHandlerRegistry registry) {
         ResourceHandlerRegistration reg = registry.addResourceHandler("/resources/**").addResourceLocations("/resources/");
-        int cacheMinutes = environment.acceptsProfiles(Initializer.PROFILE_LIVE) ? 15 : 0;
+        int cacheMinutes = environment.acceptsProfiles(Profiles.of(Initializer.PROFILE_LIVE)) ? 15 : 0;
         reg.setCachePeriod(cacheMinutes * 60);
     }
 
@@ -179,11 +180,11 @@ public void postHandle(HttpServletRequest request, HttpServletResponse response,
                         mv.addObject("request", request);
                         final ModelMap modelMap = mv.getModelMap();
 
-                        boolean demoModeEnabled = environment.acceptsProfiles(Initializer.PROFILE_DEMO);
+                        boolean demoModeEnabled = environment.acceptsProfiles(Profiles.of(Initializer.PROFILE_DEMO));
 
                         modelMap.put("demoModeEnabled", demoModeEnabled);
-                        modelMap.put("devModeEnabled", environment.acceptsProfiles(Initializer.PROFILE_DEV));
-                        modelMap.put("prodModeEnabled", environment.acceptsProfiles(Initializer.PROFILE_LIVE));
+                        modelMap.put("devModeEnabled", environment.acceptsProfiles(Profiles.of(Initializer.PROFILE_DEV)));
+                        modelMap.put("prodModeEnabled", environment.acceptsProfiles(Profiles.of(Initializer.PROFILE_LIVE)));
 
                         Optional.ofNullable(request.getAttribute("ALFIO_EVENT_NAME")).map(Object::toString).ifPresent(eventName -> {
 
@@ -236,7 +237,7 @@ public void postHandle(HttpServletRequest request, HttpServletResponse response,
                         + " font-src 'self';"//
                         + " media-src blob: 'self';"//for loading camera api
                         + " connect-src 'self' https://checkout.stripe.com https://maps.googleapis.com/ https://geocoder.cit.api.here.com;" //<- currently stripe.js use jsonp but if they switch to xmlhttprequest+cors we will be ready
-                        + (environment.acceptsProfiles(Initializer.PROFILE_DEBUG_CSP) ? " report-uri /report-csp-violation" : ""));
+                        + (environment.acceptsProfiles(Profiles.of(Initializer.PROFILE_DEBUG_CSP)) ? " report-uri /report-csp-violation" : ""));
             }
         };
     }
@@ -272,7 +273,7 @@ public ViewResolver getViewResolver(Environment env) throws Exception {
         viewResolver.setTemplateFactory(getTemplateFactory());
         viewResolver.setOrder(1);
         //disable caching if we are in dev mode
-        viewResolver.setCache(env.acceptsProfiles(Initializer.PROFILE_LIVE));
+        viewResolver.setCache(env.acceptsProfiles(Profiles.of(Initializer.PROFILE_LIVE)));
         viewResolver.setContentType("text/html;charset=UTF-8");
         return viewResolver;
     }

src/main/java/alfio/config/SpringBootInitializer.java

@@ -21,6 +21,7 @@
 import org.apache.commons.lang3.StringUtils;
 import org.eclipse.jetty.server.session.DefaultSessionIdManager;
 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.boot.autoconfigure.web.servlet.HttpEncodingAutoConfiguration;
 import org.springframework.boot.web.embedded.jetty.JettyServletWebServerFactory;
 import org.springframework.boot.web.server.ErrorPage;
 import org.springframework.boot.web.server.ErrorPageRegistrar;
@@ -30,6 +31,7 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
 import org.springframework.core.env.ConfigurableEnvironment;
+import org.springframework.core.env.Profiles;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.filter.CharacterEncodingFilter;
@@ -45,6 +47,7 @@
         org.springframework.boot.autoconfigure.flyway.FlywayAutoConfiguration.class,
         org.springframework.boot.autoconfigure.jackson.JacksonAutoConfiguration.class,
         org.springframework.boot.autoconfigure.web.servlet.error.ErrorMvcAutoConfiguration.class,
+        org.springframework.boot.autoconfigure.web.servlet.HttpEncodingAutoConfiguration.class,
         org.springframework.boot.autoconfigure.session.SessionAutoConfiguration.class,
         org.springframework.boot.autoconfigure.quartz.QuartzAutoConfiguration.class})
 @Configuration
@@ -60,7 +63,7 @@ public ServletContextInitializer servletContextInitializer() {
             ConfigurableEnvironment environment = ctx.getBean(ConfigurableEnvironment.class);
             SessionCookieConfig config = servletContext.getSessionCookieConfig();
             config.setHttpOnly(true);
-            config.setSecure(environment.acceptsProfiles(Initializer.PROFILE_LIVE));
+            config.setSecure(environment.acceptsProfiles(Profiles.of(Initializer.PROFILE_LIVE)));
             // force log initialization, then disable it
             XRLog.setLevel(XRLog.EXCEPTION, Level.WARNING);
             XRLog.setLoggingEnabled(false);

src/main/java/alfio/config/WebSecurityConfig.java

@@ -29,6 +29,7 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
 import org.springframework.core.env.Environment;
+import org.springframework.core.env.Profiles;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.authentication.AccountStatusException;
@@ -279,7 +280,7 @@ public CsrfTokenRepository getCsrfTokenRepository() {
         @Override
         protected void configure(HttpSecurity http) throws Exception {
 
-            if(environment.acceptsProfiles("!"+Initializer.PROFILE_DEV)) {
+            if(environment.acceptsProfiles(Profiles.of("!"+Initializer.PROFILE_DEV))) {
                 http.requiresChannel().antMatchers("/healthz").requiresInsecure()
                     .and()
                     .requiresChannel().mvcMatchers("/**").requiresSecure();
@@ -306,7 +307,7 @@ protected void configure(HttpSecurity http) throws Exception {
 
             Pattern pattern = Pattern.compile("^(GET|HEAD|TRACE|OPTIONS)$");
             Predicate<HttpServletRequest> csrfWhitelistPredicate = r -> r.getRequestURI().startsWith("/api/webhook/") || pattern.matcher(r.getMethod()).matches();
-            if(environment.acceptsProfiles(Initializer.PROFILE_DEBUG_CSP)) {
+            if(environment.acceptsProfiles(Profiles.of(Initializer.PROFILE_DEBUG_CSP))) {
                 csrfWhitelistPredicate = csrfWhitelistPredicate.or(r -> r.getRequestURI().equals("/report-csp-violation"));
             }
             configurer.requireCsrfProtectionMatcher(new NegatedRequestMatcher(csrfWhitelistPredicate::test));
@@ -356,7 +357,7 @@ protected void configure(HttpSecurity http) throws Exception {
 
             http.addFilterBefore(new RecaptchaLoginFilter(recaptchaService, "/authenticate", "/authentication?recaptchaFailed", configurationManager), UsernamePasswordAuthenticationFilter.class);
 
-            if(environment.acceptsProfiles(Initializer.PROFILE_DEMO)) {
+            if(environment.acceptsProfiles(Profiles.of(Initializer.PROFILE_DEMO))) {
                 http.addFilterAfter(new UserCreatorBeforeLoginFilter(userManager, "/authenticate"), RecaptchaLoginFilter.class);
             }
         }

src/main/java/alfio/controller/api/admin/UtilsApiController.java

@@ -27,6 +27,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.core.env.Environment;
+import org.springframework.core.env.Profiles;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.MissingServletRequestParameterException;
@@ -90,7 +91,7 @@ public Map<String, Object> getApplicationInfo(Principal principal) {
         Map<String, Object> applicationInfo = new HashMap<>();
         applicationInfo.put("version", version);
         applicationInfo.put("username", principal.getName());
-        applicationInfo.put("isDemoMode", environment.acceptsProfiles(Initializer.PROFILE_DEMO));
+        applicationInfo.put("isDemoMode", environment.acceptsProfiles(Profiles.of(Initializer.PROFILE_DEMO)));
         return applicationInfo;
     }
 

src/main/java/alfio/manager/EventManager.java

@@ -51,6 +51,7 @@
 import org.apache.commons.lang3.tuple.Triple;
 import org.flywaydb.core.Flyway;
 import org.springframework.core.env.Environment;
+import org.springframework.core.env.Profiles;
 import org.springframework.jdbc.core.namedparam.MapSqlParameterSource;
 import org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate;
 import org.springframework.stereotype.Component;
@@ -177,7 +178,7 @@ public void toggleActiveFlag(int id, String username, boolean activate) {
         Event event = eventRepository.findById(id);
         checkOwnership(event, username, event.getOrganizationId());
 
-        if(environment.acceptsProfiles(Initializer.PROFILE_DEMO)) {
+        if(environment.acceptsProfiles(Profiles.of(Initializer.PROFILE_DEMO))) {
             throw new IllegalStateException("demo mode");
         }
         Event.Status status = activate ? Event.Status.PUBLIC : Event.Status.DRAFT;

src/main/java/alfio/manager/Jobs.java

@@ -32,6 +32,7 @@
 import org.quartz.JobExecutionException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.core.env.Environment;
+import org.springframework.core.env.Profiles;
 import org.springframework.stereotype.Component;
 
 import java.util.Date;
@@ -95,7 +96,7 @@ void cleanupUnreferencedBlobFiles() {
     }
 
     void cleanupForDemoMode() {
-        if(environment.acceptsProfiles(Initializer.PROFILE_DEMO)) {
+        if(environment.acceptsProfiles(Profiles.of(Initializer.PROFILE_DEMO))) {
             int expirationDate = configurationManager.getIntConfigValue(Configuration.getSystemConfiguration(ConfigurationKeys.DEMO_MODE_ACCOUNT_EXPIRATION_DAYS), 20);
             List<Integer> userIds = userManager.disableAccountsOlderThan(DateUtils.addDays(new Date(), -expirationDate), User.Type.DEMO);
             if(!userIds.isEmpty()) {

src/main/java/alfio/manager/StripeCreditCardManager.java

@@ -53,6 +53,7 @@
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.tuple.Pair;
 import org.springframework.core.env.Environment;
+import org.springframework.core.env.Profiles;
 import org.springframework.stereotype.Component;
 
 import java.time.ZonedDateTime;
@@ -147,7 +148,7 @@ public Optional<Boolean> processWebhookEvent(String body, String signature) {
             com.stripe.model.Event event = Webhook.constructEvent(body, signature, getWebhookSignatureKey());
             if("account.application.deauthorized".equals(event.getType())
                 && event.getLivemode() != null
-                && event.getLivemode() == environment.acceptsProfiles("dev", "test", "demo")) {
+                && event.getLivemode() == environment.acceptsProfiles(Profiles.of("dev", "test", "demo"))) {
                 return Optional.of(revokeToken(event.getAccount()));
             }
             return Optional.of(true);

src/main/java/alfio/manager/system/Mailer.java

@@ -20,6 +20,7 @@
 import alfio.model.Event;
 import lombok.Data;
 import org.springframework.core.env.Environment;
+import org.springframework.core.env.Profiles;
 
 import java.util.*;
 
@@ -40,7 +41,7 @@ class Attachment {
     }
 
     default String decorateSubjectIfDemo(String subject, Environment environment) {
-        if(environment.acceptsProfiles(Initializer.PROFILE_DEMO)) {
+        if(environment.acceptsProfiles(Profiles.of(Initializer.PROFILE_DEMO))) {
             return "THIS IS A TEST: " + subject;
         } else {
             return subject;