Enable usage of recent Spring security modules

[mbarto]

Description

MapStore backend is based on a set of java frameworks and libraries, whose version is very old (more than 10 years in some cases).
This was inherited from the main backend component, geostore, that is considered a stable project and has not been updated for a while.

Recent attempts to integrate in MapStore support for additional authentication protocols, in particular OAuth2 and OpenID Connect, have shown that the security infrastruture, based on the spring-security framework, version 3.0.5, is incompatible with existing modules that implement the above protocols.

Our options are:

• upgrade to the first Spring version that is compatible with the OAuth2 and OpenId security packages (from a first investigation, this is version 3.1.1, quite old too, indeed)
• try to upgrade to the latest and greatest version (5.3.9)

The first option would allow a quicker upgrade, but will probably only delay the need for further upgrades in the future. The second option should make us more future-proof, with the cost of a bigger initiial effort.

We already did a first investigation, and we used geostore as a proof of concept of the migration.

What we had to do is upgrading a bunch of libraries that are interdependent, so that every piece is fully working again. Our acceptance test for "fully working" were:

• all tests (unit and online) passing
• war starting and rest api endpoints answering to a bunch of requests

Currently, the acceptance test is green.

A quick summary of the upgraded libraries:

Library	Old	New
Spring	3.0.5	5.3.9
Spring-security	3.0.5	5.3.10
CXF	2.3.2	3.4.4
Hibernate	3.3.2	5.5.0
JPA	1.0	2.1
hibernate-generic-dao	0.5.1	1.3.0-SNAPSHOT

hibernate-generic-dao is a dead project, but we found the source code and were able to upgrade it to the latest Spring 5 and Hibernate 5 (producing the 1.3.0-SNAPSHOT mentioned above). This needs to be published to a maven repo to build geostore. The source code is available here: https://github.com/mbarto/hibernate-generic-dao/tree/spring5_hibernate5

Results are a proof that a migration to the latest and greatest is possible.

Implementation steps (WIP):

• geostore libraries upgrade (Upgrade of Spring dependency to a more recent version geostore#233)
• integration of upgraded geostore in MapStore (#7172: migration to GeoStore 1.8-SNAPSHOT to inherit latest spring co… #7267)
• automatic and manual tests, looking for regressions, and fixing

Other useful information

[tdipisa]

Thank you for this @mbarto
I think for the next MS major 2021.02.00 we have to release GeoStore 1.7 so that we can proceed with this in GeoStore master for MS v2021.03.00