#7172: migration to GeoStore 1.8-SNAPSHOT to inherit latest spring co…

…mpatibility (#7286)
geosolutions-it · Sep 15, 2021 · 1760520 · 1760520
1 parent 91627b6
commit 1760520
Show file tree

Hide file tree

Showing 42 changed files with 917 additions and 545 deletions.
diff --git a/docs/developer-guide/developing.md b/docs/developer-guide/developing.md
@@ -154,14 +154,14 @@ MapStore is configured to use a tomcat maven plugin-in to build and run mapstore
 
 * make sure to run at least once `mvn install` in the root directory, to make `mapstore-product` artifact available.
 * `cd product` directory
-* run `mvn tomcat7:run-war`
+* run `mvn cargo:run`
 
 Your local back-end will now start at [http://localhost:8080/mapstore/](http://localhost:8080/mapstore/).
 If you want to change the port you can edit the dedicated entry in `product/pom.xml`, just remember to change also the dev-server proxy configuration on the front-end in the same way.
 
 #### Local tomcat instance
 
-If you prefer, or if you have some problems with `mvn tomcat7:run-war`, you can run MapStore back-end in a tomcat instance instead of using the embedded one.
+If you prefer, or if you have some problems with `mvn cargo:run`, you can run MapStore back-end in a tomcat instance instead of using the embedded one.
 To do so, you can :
 
 * download a tomcat standalone [here](https://mapstore.readthedocs.io/en/latest/developer-guide/requirements/) and extract to a folder of your choice
@@ -193,7 +193,7 @@ then start tomcat
 
 ```bash
 cd product
-mvn tomcat7:run-war
+mvn cargo:run
 ```
 
 For your local tomcat, you can follow the standard procedure to debug with tomcat.

diff --git a/docs/developer-guide/mapstore-migration-guide.md b/docs/developer-guide/mapstore-migration-guide.md
@@ -21,6 +21,68 @@ This is a list of things to check if you want to update from a previous version
 - Follow the instructions below, in order, from your version to the one you want to update to.
 
 
+## Migration from 2021.02.00 to 2021.03.00
+
+This release includes several libraries upgrade on the backend side,
+in particular the following have been migrated to the latest available versions:
+
+| Library      | Old |New|
+| ----------- | ----------- |--|
+| Spring| 3.0.5|5.3.9|
+| Spring-security| 3.0.5        |5.3.10|
+| CXF| 2.3.2        |3.4.4|
+| Hibernate|      3.3.2   |5.5.0|
+| JPA| 1.0        |2.1|
+| hibernate-generic-dao| 0.5.1        |1.3.0-SNAPSHOT|
+| h2| 1.3.168        |1.3.175|
+| servlet-api| 2.5        |3.1|
+
+This requires also an upgrade of Tomcat to at least version 8.5.x
+
+### Updating projects configuration
+
+Projects need the following to update to this MapStore release:
+
+ - update dependencies (in web/pom.xml) copying those in MapStore2/java/web/pom.xml, in particular:
+
+| Dependency      | Version| Notes |
+| ----------- | ----------- |---|
+| mapstore-services| 1.3-SNAPSHOT| Replaces mapstore-backend|
+| geostore-webapp| 1.8-SNAPSHOT| |
+| javax.servlet-api| 3.0.1        | Tomcat 8.5 required|
+
+
+ - update packagingExcludes in web/pom.xml to this list:
+
+```
+WEB-INF/lib/commons-codec-1.2.jar,
+WEB-INF/lib/commons-io-1.1.jar,
+WEB-INF/lib/commons-logging-1.0.4.jar,
+WEB-INF/lib/commons-pool-1.3.jar,
+WEB-INF/lib/slf4j-api-1.5*.jar,
+WEB-INF/lib/slf4j-log4j12-1.5*.jar,
+WEB-INF/lib/spring-tx-5.2.15*.jar
+```
+
+ - upgrade Tomcat to 8.5 or greater
+ - update your geostore-spring-security.xml file to add the following setting, needed to disable CSRF validation, that MapStore services do not implement yet:
+
+```xml
+<security:http ... >
+    ...
+    <security:csrf disabled="true"/>
+    ...
+</security:http>
+```
+
+ - remove the spring log4j listener from web.xml
+
+```xml
+ <!-- spring context loader
+    <listener>
+		<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
+    </listener>-->
+```
 ## Migration from 2021.01.02 to 2021.02.00
 
 ### Theme updates and CSS variables

diff --git a/docs/developer-guide/requirements.md b/docs/developer-guide/requirements.md
@@ -3,7 +3,7 @@ In this section you can have a glance of the minimum and recommended versions of
 
 ## War Installation
 
-You can download a java web container like Apache Tomcat from [here](https://tomcat.apache.org/download-70.cgi) and install it.
+You can download a java web container like Apache Tomcat (>= 8.5) from [here](hhttps://tomcat.apache.org/download-80.cgi) and install it.
 
 You will also need a Java [JRE](https://www.java.com/it/download/)(minimum version: 8)
 

diff --git a/docs/quick-start.md b/docs/quick-start.md
@@ -26,7 +26,7 @@ Linux: `./mapstore2_shutdown.sh`
 
 ## Package Contents
 * [MapStore](https://github.com/geosolutions-it/MapStore2/releases/latest)
-* [Tomcat7](http://tomcat.apache.org/)
+* [Tomcat8](http://tomcat.apache.org/)
 * [Java JRE (Win and Linux)](https://www.oracle.com/technetwork/java/javase/downloads/index.html)
 
 ## Demo Maps
@@ -50,7 +50,7 @@ Download the WAR file from the latest release [here](https://github.com/geosolut
 
 After downloading the MapStore war file, install it in your java web container (e.g. Tomcat), with usual procedures for the container (normally you only need to copy the war file in the webapps subfolder).
 
-If you don't have a java web container you can download Apache Tomcat from [here](https://tomcat.apache.org/download-70.cgi) and install it. You will also need a Java7 [JRE](https://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html).
+If you don't have a java web container you can download Apache Tomcat from [here](https://tomcat.apache.org/download-80.cgi) and install it. You will also need a Java7 [JRE](https://www.oracle.com/it/java/technologies/javase-jre8-downloads.html).
 
 Then you can access MapStore using the following URL (assuming the web container is on the standard 8080 port):
 

diff --git a/java/pom.xml b/java/pom.xml
@@ -4,7 +4,7 @@
   <groupId>it.geosolutions.mapstore</groupId>
   <artifactId>mapstore-java</artifactId>
   <packaging>pom</packaging>
-  <version>1.2-SNAPSHOT</version>
+  <version>1.3-SNAPSHOT</version>
   <name>MapStore 2</name>
   <url>http://www.geo-solutions.it</url>
 

diff --git a/java/services/pom.xml b/java/services/pom.xml
@@ -4,13 +4,14 @@
   <groupId>it.geosolutions.mapstore</groupId>
   <artifactId>mapstore-services</artifactId>
   <packaging>jar</packaging>
-  <version>1.2-SNAPSHOT</version>
+  <version>1.3-SNAPSHOT</version>
   <name>MapStore 2 - Backend Services</name>
   <url>http://www.geo-solutions.it</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <spring.version>3.0.5.RELEASE</spring.version>
+    <spring.version>5.3.9</spring.version>
+    <spring.security.version>5.3.10.RELEASE</spring.security.version>
   </properties>
 
   <dependencies>
@@ -38,22 +39,22 @@
     <dependency>
         <groupId>org.springframework.security</groupId>
         <artifactId>spring-security-core</artifactId>
-        <version>${spring.version}</version>
+        <version>${spring.security.version}</version>
     </dependency>
     <dependency>
         <groupId>org.springframework.security</groupId>
         <artifactId>spring-security-web</artifactId>
-        <version>${spring.version}</version>
+        <version>${spring.security.version}</version>
     </dependency>
     <dependency>
         <groupId>org.springframework.security</groupId>
         <artifactId>spring-security-config</artifactId>
-        <version>${spring.version}</version>
+        <version>${spring.security.version}</version>
     </dependency>
     <dependency>
         <groupId>org.springframework.security</groupId>
         <artifactId>spring-security-ldap</artifactId>
-        <version>${spring.version}</version>
+        <version>${spring.security.version}</version>
     </dependency>
     <dependency>
         <groupId>org.springframework</groupId>
@@ -77,11 +78,13 @@
       <scope>test</scope>
     </dependency>
     <!-- servlet -->
+    <!-- https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api -->
     <dependency>
-          <groupId>javax.servlet</groupId>
-          <artifactId>servlet-api</artifactId>
-          <version>2.5</version>
+        <groupId>javax.servlet</groupId>
+        <artifactId>javax.servlet-api</artifactId>
+        <version>3.0.1</version>
     </dependency>
+
     <!-- json-lib -->
     <dependency>
         <groupId>net.sf.json-lib</groupId>

diff --git a/...ervices/src/main/java/it/geosolutions/mapstore/controllers/configs/ConfigsController.java b/...ervices/src/main/java/it/geosolutions/mapstore/controllers/configs/ConfigsController.java
@@ -44,6 +44,12 @@ public class ConfigsController extends BaseConfigController {
      */
     @RequestMapping(value="/{resource}", method = RequestMethod.GET) // TODO: search in configs directory base
     public @ResponseBody byte[] loadResource(@PathVariable("resource") String resourceName, @RequestParam(value="overrides", defaultValue="true") boolean applyOverrides) throws IOException {
-        return toBytes(readResource( Paths.get(getConfigsFolder(),  resourceName + ".json").toString(), applyOverrides, Paths.get(getConfigsFolder(),  resourceName + ".json.patch").toString()));
+        return toBytes(readResource( Paths.get(getConfigsFolder(),  normalizeExtension(resourceName, "json")).toString(), applyOverrides, Paths.get(getConfigsFolder(),  resourceName + ".json.patch").toString()));
     }
+
+	private String normalizeExtension(String name, String extension) {
+		if(name.toLowerCase().endsWith("." + extension.toLowerCase()))
+			return name;
+		return name + "." + extension;
+	}
 }
diff --git a/.../src/main/java/it/geosolutions/mapstore/controllers/rest/config/LoadAssetsController.java b/.../src/main/java/it/geosolutions/mapstore/controllers/rest/config/LoadAssetsController.java
@@ -53,13 +53,21 @@ public class LoadAssetsController extends BaseConfigController {
      */
     @RequestMapping(value="/load/{resource}", method = RequestMethod.GET)
     public @ResponseBody byte[] loadResource(@PathVariable("resource") String resourceName, @RequestParam(value="overrides", defaultValue="true") boolean applyOverrides) throws IOException {
+    	resourceName = normalizeResource(resourceName, "json");
         if (isAllowed(resourceName)) {
             return toBytes(readResource(resourceName + ".json", applyOverrides, resourceName + ".json.patch"));
         }
         throw new ResourceNotAllowedException("Resource is not allowed");
     }
 
-    /**
+    private String normalizeResource(String name, String extension) {
+    	if(name.toLowerCase().endsWith("." + extension.toLowerCase())) {
+    		return name.substring(0, name.length() - 1 - extension.length());
+    	}
+    	return name;
+	}
+
+	/**
      * Loads an asset from the datadir, if defined, from the webapp root folder otherwise.
      * Allows loading externalized assets (javascript bundles, translation files, and so on).
      * The rest of the URL from /loadasset/ is intended to be the path to resource.

diff --git a/java/web/pom.xml b/java/web/pom.xml
@@ -4,22 +4,22 @@
   <groupId>it.geosolutions.mapstore</groupId>
   <artifactId>mapstore-webapp</artifactId>
   <packaging>war</packaging>
-  <version>1.2-SNAPSHOT</version>
+  <version>1.3-SNAPSHOT</version>
   <name>MapStore 2 - WAR</name>
   <url>http://www.geo-solutions.it</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <mapstore2.version>DEV</mapstore2.version>
-    <tomcat.version>7.0.86</tomcat.version>
+    <tomcat.version>8.5.69</tomcat.version>
   </properties>
 
   <dependencies>
     <!-- MapStore services -->
     <dependency>
         <groupId>it.geosolutions.mapstore</groupId>
         <artifactId>mapstore-services</artifactId>
-        <version>1.2-SNAPSHOT</version>
+        <version>1.3-SNAPSHOT</version>
     </dependency>
 
     <!-- ================================================================ -->
@@ -28,7 +28,7 @@
     <dependency>
       <groupId>it.geosolutions.geostore</groupId>
       <artifactId>geostore-webapp</artifactId>
-      <version>1.7-SNAPSHOT</version>
+      <version>1.8-SNAPSHOT</version>
       <type>war</type>
       <scope>runtime</scope>
     </dependency>
@@ -56,9 +56,9 @@
     </dependency>
     <!-- servlet -->
     <dependency>
-          <groupId>javax.servlet</groupId>
-          <artifactId>servlet-api</artifactId>
-          <version>2.5</version>
+        <groupId>javax.servlet</groupId>
+        <artifactId>javax.servlet-api</artifactId>
+        <version>3.0.1</version>
     </dependency>
     <!-- gzip compression filter -->
     <dependency>
@@ -86,7 +86,9 @@
                 WEB-INF/lib/commons-io-1.1.jar,
                 WEB-INF/lib/commons-logging-1.0.4.jar,
                 WEB-INF/lib/commons-pool-1.3.jar,
-                WEB-INF/lib/spring-*-3.1.0*.jar
+                WEB-INF/lib/slf4j-api-1.5*.jar,
+                WEB-INF/lib/slf4j-log4j12-1.5*.jar,
+                WEB-INF/lib/spring-tx-5.2.15*.jar
                 </packagingExcludes>
                 <overlays>
                     <overlay>

diff --git a/java/web/src/main/webapp/WEB-INF/web.xml b/java/web/src/main/webapp/WEB-INF/web.xml
@@ -25,11 +25,6 @@
 	<!-- <context-param> <param-name>log4jConfigLocation</param-name> <param-value>file:${config.dir}/log4j.xml</param-value>
 		</context-param> -->
 
-	<!-- spring context loader -->
-	<listener>
-		<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
-	</listener>
-
 	<!--
       - Loads the root application context of this web app at startup.
       - The application context is then available via

diff --git a/package.json b/package.json
@@ -295,7 +295,7 @@
   },
   "scripts": {
     "build-backend": "mvn clean install",
-    "backend": "npm run build-backend && mvn tomcat7:run-war -f ./product/pom.xml",
+    "backend": "npm run build-backend && mvn cargo:run -f ./product/pom.xml",
     "doc": "docma -c build/docma-config.json --dest web/docs",
     "cleandoc": "rimraf web/docs && rimraf web/client/mapstore/docs",
     "doctest": "docma -c build/docma-config.json --dest web/client/mapstore/docs && echo documentation is accessible from the mapstore/docs path when running npm start",

diff --git a/pom.xml b/pom.xml
@@ -4,12 +4,12 @@
   <groupId>it.geosolutions.mapstore</groupId>
   <artifactId>mapstore-root</artifactId>
   <packaging>pom</packaging>
-  <version>1.2-SNAPSHOT</version>
+  <version>1.3-SNAPSHOT</version>
   <name>MapStore Root</name>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <tomcat.version>7.0.86</tomcat.version>
+    <tomcat.version>8.5.69</tomcat.version>
   </properties>
 
   <modules>

diff --git a/product/config/db/geostore-spring-security-db.xml b/product/config/db/geostore-spring-security-db.xml
@@ -22,6 +22,7 @@
 
 	<security:http auto-config="true" create-session="never" >
 		<security:http-basic entry-point-ref="restAuthenticationEntryPoint"/>
+        <security:csrf disabled="true"/>
 		<security:custom-filter ref="authenticationTokenProcessingFilter" before="FORM_LOGIN_FILTER"/>
 		<security:custom-filter ref="sessionTokenProcessingFilter" after="FORM_LOGIN_FILTER"/>
 		<security:anonymous />

diff --git a/product/config/ldap/geostore-spring-security-ldap.xml b/product/config/ldap/geostore-spring-security-ldap.xml
@@ -22,6 +22,7 @@
 
 	<security:http auto-config="true" create-session="never" >
 		<security:http-basic entry-point-ref="restAuthenticationEntryPoint"/>
+        <security:csrf disabled="true"/>
 		<security:custom-filter ref="authenticationTokenProcessingFilter" before="FORM_LOGIN_FILTER"/>
 		<security:custom-filter ref="sessionTokenProcessingFilter" after="FORM_LOGIN_FILTER"/>
 		<security:anonymous />