Merging changes for updating Spring boot and Java version. Squashed c…

…ommit of the following:

commit dccc0b6
Merge: 0c674fb cc3b4d5
Author: Sam Glendenning <[email protected]>
Date:   Mon Nov 22 14:55:04 2021 +0000

    Merge branch 'iam-spring-update-oct-2021' of git://github.com/indigo-iam/iam into iam-spring-update-oct-2021

commit cc3b4d5
Author: Andrea Ceccanti <[email protected]>
Date:   Mon Nov 15 08:33:55 2021 +0100

    More fixes for SonarCloud warnings

commit 5ff5e3b
Author: Andrea Ceccanti <[email protected]>
Date:   Sun Nov 14 16:38:07 2021 +0100

    Fixes for Sonar warnings/errors

    and other minor improvements

commit 91d0533
Author: Andrea Ceccanti <[email protected]>
Date:   Sat Nov 13 16:02:51 2021 +0100

    Tests green (locally)

commit d575a47
Author: Andrea Ceccanti <[email protected]>
Date:   Sat Nov 13 08:59:09 2021 +0100

    More warning and test fixes

commit 0b62963
Author: Andrea Ceccanti <[email protected]>
Date:   Fri Nov 12 18:38:35 2021 +0100

    More test fixes

commit 922b464
Author: Andrea Ceccanti <[email protected]>
Date:   Tue Nov 9 11:00:34 2021 +0100

    Test errors -> 0, Test failures -> ~12%

commit f7f8513
Author: Andrea Ceccanti <[email protected]>
Date:   Sat Nov 6 09:50:08 2021 +0100

    Silence deprecation warnings

    Only if coming from the latest spring-security-oauth2 (for which we do
    not and won't have a replacement for some time).

commit 8f27bd2
Author: Andrea Ceccanti <[email protected]>
Date:   Sat Nov 6 08:44:07 2021 +0100

    Use H2 datasource for the tests

    This prevents issues with the hikari connection pool being closed.

commit 45c7b4e
Author: Andrea Ceccanti <[email protected]>
Date:   Fri Nov 5 19:44:15 2021 +0100

    Service starts up!

commit 4f984ee
Author: Andrea Ceccanti <[email protected]>
Date:   Fri Nov 5 19:27:01 2021 +0100

    Use a keystore with key size 2048

commit 3efc9f9
Author: Andrea Ceccanti <[email protected]>
Date:   Fri Nov 5 18:37:34 2021 +0100

    Flyway migration refactoring to avoid naming errors

commit 3f5e741
Author: Andrea Ceccanti <[email protected]>
Date:   Fri Nov 5 18:22:42 2021 +0100

    Moved source/target compatibility to Java 11

commit 7e1f1d6
Author: Andrea Ceccanti <[email protected]>
Date:   Fri Nov 5 18:14:18 2021 +0100

    License updates

commit b63ce93
Author: Andrea Ceccanti <[email protected]>
Date:   Fri Nov 5 18:13:32 2021 +0100

    Config files changes

commit 66d28d2
Author: Andrea Ceccanti <[email protected]>
Date:   Fri Nov 5 17:59:07 2021 +0100

    Builds against spring boot 2.5.6

commit 0d9167a
Author: Andrea Ceccanti <[email protected]>
Date:   Fri Nov 5 10:26:35 2021 +0100

    Fixed flyway migrations compilation problems

commit 1ca9d73
Author: Andrea Ceccanti <[email protected]>
Date:   Fri Nov 5 10:09:10 2021 +0100

    wip

commit acd7e4f
Author: Andrea Ceccanti <[email protected]>
Date:   Fri Nov 5 08:07:33 2021 +0100

    WIP: maven clean succeeds

commit 2b9835e
Author: Andrea Ceccanti <[email protected]>
Date:   Thu Nov 4 18:18:33 2021 +0100

    wip

commit 8dbf1cf
Author: Andrea Ceccanti <[email protected]>
Date:   Wed Nov 3 19:35:18 2021 +0100

    Fixed code smells reported by Sonar

commit 56b570e
Author: Andrea Ceccanti <[email protected]>
Date:   Wed Nov 3 19:16:59 2021 +0100

    Just build on Java 11

    Still not there for Java 17...

commit 1529049
Author: Andrea Ceccanti <[email protected]>
Date:   Wed Nov 3 18:41:18 2021 +0100

    Restore sonar analysis

commit ed52207
Author: Andrea Ceccanti <[email protected]>
Date:   Wed Nov 3 18:40:23 2021 +0100

    Use openjdk:11 docker images

commit cc382c2
Author: Andrea Ceccanti <[email protected]>
Date:   Wed Nov 3 18:26:14 2021 +0100

    Drop java 8

commit 9dc729c
Author: Andrea Ceccanti <[email protected]>
Date:   Wed Nov 3 17:59:29 2021 +0100

    Build on Jenkins with Java 11

commit 7c090dd
Author: Andrea Ceccanti <[email protected]>
Date:   Wed Nov 3 17:52:18 2021 +0100

    First attempt at java version matrix build

commit d77d860
Author: Andrea Ceccanti <[email protected]>
Date:   Wed Nov 3 17:43:21 2021 +0100

    Dropped validator-collections dependency

commit 47cf69b
Author: Andrea Ceccanti <[email protected]>
Date:   Mon Nov 1 16:46:22 2021 +0100

    Fix test fixture initialization

commit 59406e0
Author: Andrea Ceccanti <[email protected]>
Date:   Mon Nov 1 16:45:23 2021 +0100

    Drop DevToolsDataSourceAutoConfiguration

    Which breaks h2 tests.

commit 6c18f35
Author: Andrea Ceccanti <[email protected]>
Date:   Mon Nov 1 16:44:52 2021 +0100

    Add flyway debug log handle

commit 2f433ad
Author: Andrea Ceccanti <[email protected]>
Date:   Mon Nov 1 16:44:28 2021 +0100

    Streamlined h2 db test configuration

commit c9eaa16
Author: Andrea Ceccanti <[email protected]>
Date:   Mon Nov 1 16:41:39 2021 +0100

    Upgrade surefire plugin to the latest version

commit 3ae9b7f
Author: Andrea Ceccanti <[email protected]>
Date:   Fri Oct 29 08:18:12 2021 +0200

    Archive JUnit reports

commit 9626982
Author: Andrea Ceccanti <[email protected]>
Date:   Fri Oct 29 07:45:04 2021 +0200

    Removed ununsed dependency

commit de574c8
Author: Andrea Ceccanti <[email protected]>
Date:   Fri Oct 29 07:44:30 2021 +0200

    More test fixes

commit b3620ac
Author: Andrea Ceccanti <[email protected]>
Date:   Fri Oct 29 07:43:58 2021 +0200

    Control how many test contexts are cached during builds

commit a853f94
Author: Andrea Ceccanti <[email protected]>
Date:   Thu Oct 28 12:32:08 2021 +0200

    More test fixes

commit 481a456
Author: Andrea Ceccanti <[email protected]>
Date:   Thu Oct 28 11:13:39 2021 +0200

    More test fixes

commit 003a486
Author: Andrea Ceccanti <[email protected]>
Date:   Thu Oct 28 08:49:19 2021 +0200

    More test fixes

commit 0417ad1
Author: Andrea Ceccanti <[email protected]>
Date:   Wed Oct 27 19:25:19 2021 +0200

    More test porting

commit ed30322
Author: Andrea Ceccanti <[email protected]>
Date:   Wed Oct 27 18:29:58 2021 +0200

    Fixed Velocity initialization

    And moved email templates from the /templates folder
    to the /email-templates folder in the classpath.

commit b35bf83
Author: Andrea Ceccanti <[email protected]>
Date:   Wed Oct 27 08:52:18 2021 +0200

    More test fixing work

commit c2b205b
Author: Andrea Ceccanti <[email protected]>
Date:   Tue Oct 26 17:48:16 2021 +0200

    More test fixes

commit b310d4c
Author: Andrea Ceccanti <[email protected]>
Date:   Tue Oct 26 17:23:47 2021 +0200

    All api tests green

commit 4a70982
Author: Andrea Ceccanti <[email protected]>
Date:   Tue Oct 26 12:17:49 2021 +0200

    Cors configuration & actuator test fixes

commit 4ed75ff
Author: Andrea Ceccanti <[email protected]>
Date:   Tue Oct 26 00:38:23 2021 +0200

    Remove cors filter configuration

commit a948741
Author: Andrea Ceccanti <[email protected]>
Date:   Mon Oct 25 19:37:51 2021 +0200

    Added license

commit e025b7d
Author: Andrea Ceccanti <[email protected]>
Date:   Mon Oct 25 19:37:25 2021 +0200

    Started migration of integration tests

commit ee7fc54
Author: Andrea Ceccanti <[email protected]>
Date:   Mon Oct 25 19:36:54 2021 +0200

    New unified test annotation

commit 149d9d1
Author: Andrea Ceccanti <[email protected]>
Date:   Mon Oct 25 19:14:54 2021 +0200

    Project compiles

commit 84ed532
Author: Andrea Ceccanti <[email protected]>
Date:   Mon Oct 25 19:12:59 2021 +0200

    Run update-tests script

commit ce93f59
Author: Andrea Ceccanti <[email protected]>
Date:   Mon Oct 25 19:07:21 2021 +0200

    Fix compilation problems on main code

    Fix renamed classes and changed JPAConfig

commit 93b80c6
Author: Andrea Ceccanti <[email protected]>
Date:   Mon Oct 25 19:06:47 2021 +0200

    First migrate to spring boot 1.5.22

commit de5f1b1
Author: Andrea Ceccanti <[email protected]>
Date:   Mon Oct 25 18:30:00 2021 +0200

    Updated Spring and mitreid deps

commit e9e5408
Merge: 8c9b8bc 4bfc271
Author: Andrea Ceccanti <[email protected]>
Date:   Sun Oct 24 17:47:19 2021 +0200

    Merge pull request #433 from indigo-iam/issue-432-include-groups-in-userinfo-response-wlcg

    Include wlcg.groups in userinfo response

commit 8c9b8bc
Merge: ec31232 8ffed21
Author: Andrea Ceccanti <[email protected]>
Date:   Sun Oct 24 17:47:05 2021 +0200

    Merge pull request #431 from indigo-iam/issue-430-improved-jwk-configuration

    Improved support for JWK configuration

commit ec31232
Merge: 767e86e 88bb278
Author: Andrea Ceccanti <[email protected]>
Date:   Sun Oct 24 17:46:45 2021 +0200

    Merge pull request #427 from indigo-iam/issue-426-jwt-based-client-auth

    First attempt at JWT-based client-auth

commit 4bfc271
Author: Andrea Ceccanti <[email protected]>
Date:   Sun Oct 24 17:23:36 2021 +0200

    Include wlcg.groups information in userinfo response

    Even though the IAM access token is a JWT and even though groups are
    included in the access token when requested, as mandated by the WLCG JWT
    profile, there are still apps treating the access token as an opaque
    string.

    To support those apps, and be more consistent with the traditional IAM
    profile behaviour, IAM should include group information in the userinfo
    endpoint response also for the WLCG profile.

    Issue: #432

commit 195c2d7
Merge: 7f90144 5b8d9d8
Author: Andrea Ceccanti <[email protected]>
Date:   Thu Sep 23 15:23:34 2021 +0200

    Merge pull request #425 from indigo-iam/issue-424-IAM-does-not-encode-group-names-correctly-aarc-g002

    Fix for issue-422: iam does not encode group names correctly according to AARC G002

commit 8ffed21
Author: Andrea Ceccanti <[email protected]>
Date:   Sun Oct 24 09:25:36 2021 +0200

    Improved support for JWT configuration

    It's now possible to specify the default key id and algorithm used for
    signing tokens.

    Issue: #430

commit 88bb278
Author: Andrea Ceccanti <[email protected]>
Date:   Sat Oct 23 09:56:08 2021 +0200

    More integration tests

commit cd8ef61
Author: Andrea Ceccanti <[email protected]>
Date:   Sat Oct 23 08:39:43 2021 +0200

    More tests for JWTAuthenticationProvider

commit fc7148d
Author: Andrea Ceccanti <[email protected]>
Date:   Sun Oct 17 23:03:37 2021 +0200

    First attempt at JWT-based client-auth

commit 767e86e
Merge: 7f90144 5b8d9d8
Author: Andrea Ceccanti <[email protected]>
Date:   Thu Sep 23 15:23:34 2021 +0200

    Merge pull request #425 from indigo-iam/issue-424-IAM-does-not-encode-group-names-correctly-aarc-g002

    Fix for issue-422: iam does not encode group names correctly according to AARC G002

commit 5b8d9d8
Author: Andrea Ceccanti <[email protected]>
Date:   Thu Sep 23 14:50:32 2021 +0200

    Fix wrong AARC G002 group name encoding

commit 7f90144
Author: Andrea Ceccanti <[email protected]>
Date:   Tue Sep 14 07:56:12 2021 +0200

    Version bumped back to 1.8.0-SNAPSHOT

commit 1828bf0
Author: Andrea Ceccanti <[email protected]>
Date:   Tue Sep 14 07:55:41 2021 +0200

    Test custom logging conf

.github/workflows/sonar.yaml

@@ -4,6 +4,7 @@ on:
   push:
     branches:
       - develop
+
   pull_request:
     types: [opened, edited, reopened, synchronize]
 

Jenkinsfile

@@ -90,7 +90,7 @@ pipeline {
           post {
             always {
               script {
-                maybeArchiveJUnitReports()
+                maybeArchiveJUnitReportsWithJacoco()
               }
             }
           }

docker-compose.yml

@@ -85,7 +85,12 @@ services:
       - logs:/var/log/iam
       - .:/code:ro
       - /dev/urandom:/dev/random
+<<<<<<< HEAD
         # - ./compose/custom-logging/logback-spring.xml:/indigo-iam/logback-spring.xml:ro
+=======
+      - ./compose/custom-logging/logback-spring.xml:/indigo-iam/logback-spring.xml:ro
+
+>>>>>>> af13c9c9 (Merging changes for updating Spring boot and Java version. Squashed commit of the following:)
         # - ./compose/metadata/iam.local.io.metadata.xml:/indigo-iam/iam.local.io.metadata.xml:ro
         # - ./compose/metadata/spid-idp.example.metadata.xml:/indigo-iam/spid-idp.example.metadata.xml:ro
         # - ./compose/custom-saml/application-saml.yml:/indigo-iam/config/application-saml.yml:ro

iam-common/pom.xml

@@ -5,11 +5,7 @@
   <parent>
     <groupId>it.infn.mw.iam-parent</groupId>
     <artifactId>iam-parent</artifactId>
-<<<<<<< HEAD
     <version>1.11.0</version>
-=======
-    <version>1.7.1</version>
->>>>>>> a2dcabba (Bumped version to v1.7.1)
   </parent>
 
   <groupId>it.infn.mw.iam-common</groupId>

iam-login-service/docker/Dockerfile.prod

@@ -1,4 +1,5 @@
 FROM eclipse-temurin:17 as builder
+
 RUN mkdir /indigo-iam
 WORKDIR /indigo-iam
 COPY iam-login-service.war /indigo-iam/

iam-login-service/pom.xml

@@ -92,7 +92,6 @@
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-data-redis</artifactId>
     </dependency>
-
 
     <!-- Web Jars -->
     <dependency>
@@ -270,8 +269,13 @@
     </dependency>
 
     <dependency>
+<<<<<<< HEAD
       <groupId>com.mysql</groupId>
       <artifactId>mysql-connector-j</artifactId>
+=======
+      <groupId>mysql</groupId>
+      <artifactId>mysql-connector-java</artifactId>
+>>>>>>> af13c9c9 (Merging changes for updating Spring boot and Java version. Squashed commit of the following:)
       <scope>runtime</scope>
     </dependency>
 
@@ -422,6 +426,70 @@
         <directory>src/main/webapp</directory>
       </resource>
     </resources>
+<<<<<<< HEAD
+=======
+    <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-surefire-plugin</artifactId>
+        <configuration>
+          <!-- Jacoco prepare-agent builds some command-line params without -->
+          <!-- which jacoco will not instrument. Hence it is important to add -->
+          <!-- those command-line params here (${argLine} holds those params) -->
+          <argLine>${argLine} ${jvm.test.args}</argLine>
+          <runOrder>alphabetical</runOrder>
+          <useSystemClassLoader>false</useSystemClassLoader>
+        </configuration>
+      </plugin>
+      <plugin>
+        <groupId>org.jacoco</groupId>
+        <artifactId>jacoco-maven-plugin</artifactId>
+        <configuration>
+          <excludes>
+            <exclude>it/infn/mw/iam/api/registration/cern/mock/*.class</exclude>
+            <exclude>it/infn/mw/iam/api/registration/cern/dto/*.class</exclude>
+          </excludes>
+        </configuration>
+        <executions>
+          <execution>
+            <id>agent</id>
+            <goals>
+              <goal>prepare-agent</goal>
+            </goals>
+            <configuration>
+              <tasks>
+                <echo>Project Base Path (WEB):: ${project.basedir}</echo>
+                <echo>Jacoco exec target path (WEB)::
+                  ${sonar.jacoco.reportPath}</echo>
+              </tasks>
+            </configuration>
+          </execution>
+
+          <execution>
+            <id>report-aggregate</id>
+            <goals>
+              <goal>report-aggregate</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+      <plugin>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-maven-plugin</artifactId>
+        <configuration>
+          <mainClass>it.infn.mw.iam.IamLoginService</mainClass>
+        </configuration>
+        <executions>
+          <execution>
+            <goals>
+              <goal>build-info</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+    </plugins>
+
+>>>>>>> af13c9c9 (Merging changes for updating Spring boot and Java version. Squashed commit of the following:)
     <pluginManagement>
       <plugins>
         <plugin>

iam-login-service/src/main/java/it/infn/mw/iam/config/IamProperties.java

@@ -646,6 +646,11 @@ public void setEnrollment(String enrollment) {
 
   private ClientProperties client = new ClientProperties();
 
+  private ExternalConnectivityProbeProperties externalConnectivityProbe =
+      new ExternalConnectivityProbeProperties();
+
+  private AccountLinkingProperties accountLinking = new AccountLinkingProperties();
+
   public String getBaseUrl() {
     return baseUrl;
   }

iam-login-service/src/main/java/it/infn/mw/iam/config/security/MitreSecurityConfig.java

@@ -119,7 +119,6 @@ public static class RegisterEndpointAuthorizationConfig extends WebSecurityConfi
     @Autowired
     private OAuth2AuthenticationEntryPoint authenticationEntryPoint;
 
-
     @Override
     public void configure(final HttpSecurity http) throws Exception {
 

iam-login-service/src/main/java/it/infn/mw/iam/core/oauth/profile/aarc/AarcClaimValueHelper.java

@@ -21,9 +21,6 @@
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
 
-import com.google.common.base.Strings;
-import com.google.common.collect.Sets;
-
 import it.infn.mw.iam.persistence.model.IamGroup;
 import it.infn.mw.iam.persistence.model.IamUserInfo;
 

iam-login-service/src/main/java/it/infn/mw/iam/core/oauth/profile/common/BaseIdTokenCustomizer.java

@@ -29,6 +29,7 @@
 import it.infn.mw.iam.persistence.model.IamLabel;
 import it.infn.mw.iam.persistence.repository.IamAccountRepository;
 
+@SuppressWarnings("deprecation")
 public abstract class BaseIdTokenCustomizer implements IDTokenCustomizer {
 
   private final IamAccountRepository accountRepo;

iam-login-service/src/main/java/it/infn/mw/iam/core/oauth/profile/wlcg/WLCGProfileAccessTokenBuilder.java

@@ -75,6 +75,11 @@ public JWTClaimsSet buildAccessToken(OAuth2AccessTokenEntity token,
       if (properties.getAccessToken().isIncludeAuthnInfo()) {
         addAuthnInfoClaims(builder, token.getScope(), userInfo);
       }
+
+      if (token.getScope().contains(ATTR_SCOPE)) {
+        builder.claim(ATTR_SCOPE, attributeHelper
+          .getAttributeMapFromUserInfo(((UserInfoAdapter) userInfo).getUserinfo()));
+      }
     }
 
     addAudience(builder, authentication);