Update woken-messages to 2.9.1, revert upgrade of Spring

Dockerfile

@@ -19,7 +19,8 @@ ARG BUILD_DATE
 ARG VCS_REF
 ARG VERSION
 
-ENV CONTEXT_PATH "/services"
+ENV CONTEXT_PATH "/services" \
+    BUGSNAG_KEY "dff301aa15eb795a6d8b22b600586f77"
 
 RUN apt-get update && apt-get install -y --no-install-recommends curl \
     && rm -rf /var/lib/apt/lists/* /tmp/*

pom.xml

@@ -14,7 +14,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>1.5.18.RELEASE</version>
+        <version>1.3.7.RELEASE</version>
         <relativePath />
     </parent>
 
@@ -27,7 +27,7 @@
         <asciidoctor.maven.plugin.version>1.5.5</asciidoctor.maven.plugin.version>
         <asciidoctorj.pdf.version>1.5.0-alpha.15</asciidoctorj.pdf.version>
         <asciidoctorj.version>1.5.5</asciidoctorj.version>
-        <spring-data-commons.version>1.12.11.RELEASE</spring-data-commons.version>
+        <spring-data-commons.version>1.13.17.RELEASE</spring-data-commons.version>
         <angularjs.version>1.5.7</angularjs.version>
         <jquery.version>3.0.0</jquery.version>
         <bootstrap.version>3.3.7</bootstrap.version>
@@ -45,9 +45,9 @@
         <hibernate-jpa-2.1-api.version>1.0.0.Final</hibernate-jpa-2.1-api.version>
         <hibernate.version>4.3.11.Final</hibernate.version>
         <spring-data-jpa.version>1.10.11.RELEASE</spring-data-jpa.version>
-        <spring-boot-starter-actuator.version>1.5.18.RELEASE</spring-boot-starter-actuator.version>
+        <spring-boot-starter-actuator.version>1.4.7.RELEASE</spring-boot-starter-actuator.version>
         <aspectjweaver.version>1.8.9</aspectjweaver.version>
-        <woken-messages.version>2.8.4</woken-messages.version>
+        <woken-messages.version>2.9.1</woken-messages.version>
         <javax-inject.version>1</javax-inject.version>
         <akka.version>2.5.19</akka.version>
         <spring-context.version>4.3.4.RELEASE</spring-context.version>
@@ -99,18 +99,6 @@
             <groupId>org.springframework.security.oauth</groupId>
             <artifactId>spring-security-oauth2</artifactId>
         </dependency>
-        <dependency>
-            <groupId>org.springframework.security</groupId>
-            <artifactId>spring-security-oauth2-client</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.springframework.security</groupId>
-            <artifactId>spring-security-oauth2-jose</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-data-jpa</artifactId>
-        </dependency>
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-orm</artifactId>

src/main/java/eu/hbp/mip/MIPApplication.java

@@ -6,14 +6,12 @@ package eu.hbp.mip;
 
 import eu.hbp.mip.configuration.*;
 import org.springframework.boot.SpringApplication;
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
-import org.springframework.boot.autoconfigure.validation.ValidationAutoConfiguration;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
 
 
 @Configuration
-@EnableAutoConfiguration(exclude = { ValidationAutoConfiguration.class })
+//@EnableAutoConfiguration(exclude = { ValidationAutoConfiguration.class })
 @Import({ AkkaConfiguration.class, BugsnagConfiguration.class,
         CacheConfiguration.class, PersistenceConfiguration.class,
         SecurityConfiguration.class, WebConfiguration.class})

src/main/java/eu/hbp/mip/configuration/BugsnagConfiguration.java

@@ -11,6 +11,6 @@ import org.springframework.context.annotation.Import;
 public class BugsnagConfiguration {
     @Bean
     public Bugsnag bugsnag() {
-        return new Bugsnag("dff301aa15eb795a6d8b22b600586f77");
+        return new Bugsnag(System.getenv("BUGSNAG_KEY"));
     }
-}
\ No newline at end of file
+}

src/main/java/eu/hbp/mip/configuration/PersistenceConfiguration.java

@@ -7,7 +7,6 @@ import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.autoconfigure.jdbc.DataSourceBuilder;
 import org.springframework.boot.context.properties.ConfigurationProperties;
-import org.springframework.boot.autoconfigure.domain.EntityScan;
 import org.springframework.context.annotation.*;
 import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
 import org.springframework.jdbc.core.JdbcTemplate;
@@ -27,7 +26,7 @@ import javax.sql.DataSource;
 @Configuration
 @EnableJpaRepositories("eu.hbp.mip.repositories")
 @EnableTransactionManagement
-@EntityScan(basePackages = "eu.hbp.mip.model")
+//@EntityScan(basePackages = "eu.hbp.mip.model")
 public class PersistenceConfiguration {
 
     @Value("#{'${spring.featuresDatasource.main-table:features}'}")

src/main/java/eu/hbp/mip/configuration/SecurityConfiguration.java

@@ -2,6 +2,7 @@ package eu.hbp.mip.configuration;
 
 import eu.hbp.mip.model.UserInfo;
 import eu.hbp.mip.utils.CORSFilter;
+import eu.hbp.mip.utils.CustomLoginUrlAuthenticationEntryPoint;
 import eu.hbp.mip.utils.HTTPUtil;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -9,12 +10,11 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerProperties;
 import org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoTokenServices;
-import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.boot.context.embedded.FilterRegistrationBean;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.OAuth2ClientContext;
@@ -25,7 +25,6 @@ import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResour
 import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
 import org.springframework.security.web.access.channel.ChannelProcessingFilter;
-import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.logout.LogoutHandler;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
@@ -33,11 +32,6 @@ import org.springframework.security.web.csrf.CsrfFilter;
 import org.springframework.security.web.csrf.CsrfToken;
 import org.springframework.security.web.csrf.CsrfTokenRepository;
 import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
-import org.springframework.security.web.firewall.FirewalledRequest;
-import org.springframework.security.web.firewall.HttpFirewall;
-import org.springframework.security.web.firewall.RequestRejectedException;
-import org.springframework.security.web.firewall.StrictHttpFirewall;
-import org.springframework.web.filter.CommonsRequestLoggingFilter;
 import org.springframework.web.filter.OncePerRequestFilter;
 import org.springframework.web.util.WebUtils;
 
@@ -94,12 +88,6 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
     @Value("#{'${hbp.resource.revokeTokenUri:https://services.humanbrainproject.eu/oidc/revoke}'}")
     private String revokeTokenURI;
 
-    @Override
-    public void configure(WebSecurity web) throws Exception {
-        super.configure(web);
-        web.httpFirewall(allowUrlEncodedSlashHttpFirewall());
-    }
-
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         // @formatter:off
@@ -112,12 +100,11 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
                             "/", "/login/**", "/health/**", "/info/**", "/metrics/**", "/trace/**", "/frontend/**", "/webjars/**", "/v2/api-docs", "/swagger-ui.html", "/swagger-resources/**"
                     ).permitAll()
                     .anyRequest().authenticated()
-                    .and().exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint(loginUrl))
+                    .and().exceptionHandling().authenticationEntryPoint(new CustomLoginUrlAuthenticationEntryPoint(loginUrl))
                     .and().logout().addLogoutHandler(new CustomLogoutHandler()).logoutSuccessUrl(redirectAfterLogoutUrl)
                     .and().logout().permitAll()
                     .and().csrf().ignoringAntMatchers("/logout").csrfTokenRepository(csrfTokenRepository())
                     .and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
-                    .addFilterBefore(requestLoggingFilter(), BasicAuthenticationFilter.class)
                     .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
         }
         else {
@@ -145,29 +132,6 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
         return registration;
     }
 
-    @Bean
-    public CommonsRequestLoggingFilter requestLoggingFilter() {
-        CommonsRequestLoggingFilter loggingFilter = new CommonsRequestLoggingFilter();
-        loggingFilter.setIncludeClientInfo(true);
-        loggingFilter.setIncludeHeaders(true);
-        loggingFilter.setIncludeQueryString(true);
-        loggingFilter.setIncludePayload(true);
-        return loggingFilter;
-    }
-
-    @Bean
-    public HttpFirewall allowUrlEncodedSlashHttpFirewall() {
-        StrictHttpFirewall firewall = new StrictHttpFirewall() {
-            @Override
-            public FirewalledRequest getFirewalledRequest(HttpServletRequest request) throws RequestRejectedException {
-                System.out.println(request.getRequestURI() + " " + request.getContextPath());
-                return super.getFirewalledRequest(request);
-            }
-        };
-        firewall.setAllowUrlEncodedSlash(true);
-        return firewall;
-    }
-
     @Bean(name="hbp")
     @ConfigurationProperties("hbp.client")
     public OAuth2ProtectedResourceDetails hbp() {

src/main/java/eu/hbp/mip/utils/CustomLoginUrlAuthenticationEntryPoint.java

+package eu.hbp.mip.utils;
+
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+public class CustomLoginUrlAuthenticationEntryPoint extends LoginUrlAuthenticationEntryPoint {
+
+    public CustomLoginUrlAuthenticationEntryPoint(String url) {
+        super(url);
+    }
+
+    @Override
+    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
+        response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+    }
+}