-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Java 21, Spring, code refactor and deploy as standalone container. #163
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- httpd - Jackson - deleted some commented out stuff
Bumps [com.jayway.jsonpath:json-path](https://github.com/jayway/JsonPath) from 2.4.0 to 2.9.0. - [Release notes](https://github.com/jayway/JsonPath/releases) - [Changelog](https://github.com/json-path/JsonPath/blob/master/changelog.md) - [Commits](json-path/JsonPath@json-path-2.4.0...json-path-2.9.0) --- updated-dependencies: - dependency-name: com.jayway.jsonpath:json-path dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>
* Add a new stored procedure to enable user creation * Specific database Auth * Update CreateUserWithRole stored procedure in auth DB The stored procedure, CreateUserWithRole, in the 'auth' database has been updated to improve user creation. It now checks for existing users and roles, and generates a new UUID if needed. Additionally, it associates new users with roles if they exist. * Rename CreateUserWithRole stored procedure file * Add general metadata parameter to CreateUserWithRole procedure
* Add connectionSubPrefix to user creation stored procedure * Refactor connection prefix manipulation in SQL procedure * Update user creation stored procedure The changes made address the process of user creation in the stored procedure. A new variable, @baseUUID, has been introduced for storing UUIDs during processing. Additionally, the preparation of @connectionSubPrefix has been adjusted to concatenate LONG_TERM_TOKEN with existing values instead of overriding them. * Add PIC-SURE User role assignment in CreateUserWithRole procedure Improved the CreateUserWithRole stored procedure in the auth-db. All new users are now automatically assigned the 'PIC-SURE User' role in addition to specific roles designated during account creation. This ensures all users have access to the base level of functionalities.
- Updated target java from 11 to 21 - Updated Spring dependencies to 3 or 6 based on the library - Started re-organizing the code base so there is an appropriate separation of concerns. The means we will have a repositories, services, controllers, configuration, filters, and more separated appropriately. - Fixed naming conventions and started to remove javax to jakarta or spring dependencies instead.
I am continuing to migrate the psama application over to java 21, Spring 6, and an embedded tomcat. As I do this I have been utilizing the time to refactor controller, configuration, etc. In order to improve the overall code quality of the application and to allow for better application testing. By separating our application layers we can more readily and reliably test our service layer.
Both classes have been refactored to separate out the controller and service.
This commit removes the mention of 'application.default.application.uuid' in the JSON and properties files, and replaces it with 'application.default.uuid'. The refactoring clarifies the parameter's functionality.
This commit updates JWTFilter with explicit injection of application properties and removes unused imports in AuthSecurityContext. Also, the JWTFilter has been added to SecurityConfig, enhancing security by ensuring request authenticity.
This commit mainly removes unused imports across various files, updates some classes with value injection and cleans out unnecessary comments. It also renames the 'MailService' class to 'BasicMailService' and updates the related references accordingly. The pom.xml file has been updated with the 'spring-boot-starter-mail' dependency addition. 'JWTUtil' class has been updated to include spring '@value' for properties instead of using static variables.
Removed the BaseEntityService class to streamline services. Updated several methods in the UserService to directly use the UserRepository, enhancing their reliability and readability. The AuthenticationService now also benefits from dependency injection for configuration properties, and ConnectionRepository has been incorporated.
Updated swagger, mail, and jackson dependencies to java 21 versions.
Code changes include an extensive refactoring of the security configuration to disable CSRF, enable stateless sessions, and other settings. A spring-boot-devtools dependency was added to the pom.xml file for development purposes. Authentication handling was also improved in the AuthController by adding additional checks and better handling of null requests. Trace logging for spring security was deactivated from application.properties file. A test file for authentication was also added.
The commit expands the permitted public paths within the SecurityConfig file. The "/actuator/health", "/actuator/info", "/authentication/**", "/swagger.yaml", "/swagger.json" paths have been added to the request matchers to allow these requests to pass through unhindered.
This update replaces string concatenation in a logging statement with parameterized logging. This change improves logging efficiency by avoiding unnecessary string concatenation when the logging level is set such that the log message wouldn't be outputted.
Updated com.auth0 dependency version from 1.8.0 to 2.10.1 in pom.xml. Also, modified import statement and argument on Base64.decodeBase64 in JWTUtil. The change was needed to support the upgrade and ensure proper parsing of Base64 encoded client secrets.
The import statement for NotNull annotation in JsonUtils.java file has been updated. The previous import from org.jetbrains.annotations.NotNull has been replaced with jakarta.validation.constraints.NotNull.
Increased the pic-sure-auth-services version from 1.0 to 2.0 and changed the packaging from war to jar. Removed some dependencies, added and reordered some others to improve the project setup. Also, updated the build plugins not only to reflect these changes but to streamline the build process as well.
Increased the pic-sure-auth-services version from 1.0 to 2.0.
Moved original dockerfile to the bak directory in order to be able to quickly reference it fow now.
The application.properties file has been updated to make use of environment variables. This brings more flexibility and security as it allows for passing sensitive data, like server port numbers and passwords, through the system environment rather than having them in the plain text files. The default values are set to maintain backward compatibility.
Luke-Sikina
reviewed
May 15, 2024
pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/filter/JWTFilter.java
Outdated
Show resolved
Hide resolved
Luke-Sikina
reviewed
May 15, 2024
...ervices/src/main/java/edu/harvard/hms/dbmi/avillach/auth/model/response/PICSUREResponse.java
Show resolved
Hide resolved
Luke-Sikina
reviewed
May 15, 2024
.../src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/OauthUserMatchingService.java
Outdated
Show resolved
Hide resolved
Luke-Sikina
reviewed
May 15, 2024
.../src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/OauthUserMatchingService.java
Show resolved
Hide resolved
Luke-Sikina
reviewed
May 15, 2024
...uth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/TokenService.java
Outdated
Show resolved
Hide resolved
Luke-Sikina
reviewed
May 15, 2024
...auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/UserService.java
Show resolved
Hide resolved
Luke-Sikina
reviewed
May 15, 2024
...auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/UserService.java
Show resolved
Hide resolved
Luke-Sikina
reviewed
May 15, 2024
...auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/UserService.java
Show resolved
Hide resolved
Luke-Sikina
reviewed
May 15, 2024
...auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/UserService.java
Outdated
Show resolved
Hide resolved
Luke-Sikina
reviewed
May 15, 2024
...auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/UserService.java
Show resolved
Hide resolved
Luke-Sikina
reviewed
May 15, 2024
Luke-Sikina
reviewed
May 15, 2024
Luke-Sikina
reviewed
May 15, 2024
Luke-Sikina
reviewed
May 15, 2024
…lach/auth/service/RoleService.java Co-authored-by: Luke Sikina <[email protected]>
Co-authored-by: Luke Sikina <[email protected]>
Refactored the code to specify the return types in various API responses. Previously, the methods used to return a generic ResponseEntity object, which has now been replaced with ResponseEntity of specific types. This change increases the readability and robustness of the code.
This update includes adding a new method in RoleRepository to fetch multiple roles using a set of UUIDs, and applies this method in UserService. The change aims to ensure all roles can be fetched using their UUIDs and optimizes performance by reducing the number of queries to the database.
# Conflicts: # pic-sure-auth-services/pom.xml # pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/JAXRSConfiguration.java
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Deployment and Regression Testing:
The changes have been thoroughly regression tested and are currently live in the Nhanes Production environment.
Java Version:
Dependencies:
Docker Configuration:
Application Configuration:
standalone.xml
withapplication.properties
for managing application variables and configurations.SecurityConfig.java
.@Value
annotation, removing theJAXRSConfiguration
class.Controller and Service Layers:
Services
that were functioning as controllers into true services, adding necessaryControllers
.Controllers
to include the keyword 'Controller' and ensured all services contain 'Service' in their names.@API
->@Tag
@Path
->@RequestMapping
@ApiOperation
->@Operation
@Get
,@Post
,@Put
,@Delete
, etc. ->@GetMapping
,@PostMapping
,@PutMapping
,@DeleteMapping
, etc.@RolesAllowed
->@Secured
@ApiParam
->@Parameter
@PathParam
->@PathParameter
@RequestBody
requiredServices:
@Service
annotation for Spring auto-wiring.@Transactional
where necessary and removed the use ofBaseEntityService
in favor of Spring Data JPA.Repositories:
JpaRepository
.Entities and Models:
BaseEntity
with a local implementation to support Java 21.TokenInspection
andCustomUserDetails
for enhanced authentication processes.Enums and Utilities:
SecurityRoles
enum to centralize role management.RestClientUtil
JWTUtil
JWT handling with Java 21 compatible libraries.Filters and Unit Tests:
JWTFilter
to support Java 21, Spring Web, and Spring Security.