Java21+Spring6 upgrade, Keycloak removal

.github/workflows/coverage.yml

@@ -24,10 +24,10 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v3
 
-      - name: Set up JDK 11
+      - name: Set up JDK 21
         uses: actions/setup-java@v3
         with:
-          java-version: "11"
+          java-version: "21"
           distribution: "temurin"
 
       - name: Build Maven

.github/workflows/maven.yml

@@ -25,10 +25,10 @@ jobs:
 
     steps:
     - uses: actions/checkout@v3
-    - name: Set up JDK 11
+    - name: Set up JDK 21
       uses: actions/setup-java@v3
       with:
-        java-version: '11'
+        java-version: '21'
         distribution: 'temurin'
         cache: maven
         server-id: ${{ (fromJSON(env.isProduction) && 'creatis-releases') || 'creatis-snapshots' }}

.github/workflows/pmd.yml

@@ -38,7 +38,7 @@ jobs:
       - uses: actions/setup-java@v3
         with:
           distribution: 'temurin'
-          java-version: '11'
+          java-version: '21'
       - uses: pmd/pmd-github-action@v1
         with:
           rulesets: 'ruleset.xml'

pom.xml

@@ -49,8 +49,8 @@ knowledge of the CeCILL-B license and that you accept its terms.
 
         <!-- other maven config -->
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <maven.compiler.target>11</maven.compiler.target>
-        <maven.compiler.source>11</maven.compiler.source>
+        <maven.compiler.target>21</maven.compiler.target>
+        <maven.compiler.source>21</maven.compiler.source>
 
 
         <!-- VIP related dependencies version -->
@@ -59,11 +59,11 @@ knowledge of the CeCILL-B license and that you accept its terms.
         <sma.version>0.3.0</sma.version>
 
         <!-- 3rd party dependencies version -->
-        <junit.version>5.6.2</junit.version>
-        <spring-framework.version>5.3.15</spring-framework.version>
-        <springsecurity.version>5.6.1</springsecurity.version>
-        <springoauth.version>5.6.1</springoauth.version>
-        <jackson.version>2.11.0</jackson.version>
+        <junit.version>5.11.3</junit.version>
+        <spring-framework.version>6.1.14</spring-framework.version>
+        <springsecurity.version>6.3.4</springsecurity.version>
+        <springoauth.version>6.3.4</springoauth.version>
+        <jackson.version>2.18.0</jackson.version>
         <h2database.version>1.3.173</h2database.version>
     </properties>
 
@@ -101,18 +101,18 @@ knowledge of the CeCILL-B license and that you accept its terms.
     <dependencyManagement>
         <dependencies>
             <dependency>
-                <groupId>com.google.gwt</groupId>
-                <artifactId>gwt</artifactId>
-                <version>2.8.2</version>
+                <groupId>org.gwtproject</groupId>
+                <artifactId>gwt-servlet-jakarta</artifactId>
+                <version>2.11.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
             <dependency>
                 <groupId>com.isomorphic.smartgwt.lgpl</groupId>
                 <artifactId>smartgwt-lgpl</artifactId>
-                <version>12.0p</version>
+                <version>13.0p</version>
             </dependency>
-            
+
             <!-- empty jars to ensure commons logging and log4j is not
               used in project and not present in final war.
               (see alternative 3 in https://www.slf4j.org/faq.html#excludingJCL)
@@ -143,12 +143,27 @@ knowledge of the CeCILL-B license and that you accept its terms.
                 <artifactId>logback-classic</artifactId>
                 <version>1.2.3</version>
             </dependency>
+
+            <!-- make sure we pick a version of commons-io recent enough for
+              commons-fileupload2-jakarta-servlet6 in vip-datamanagement,
+              otherwise commons-io 2.4 is pulled by com.github.h-thurow -->
+            <dependency>
+                <groupId>commons-io</groupId>
+                <artifactId>commons-io</artifactId>
+                <version>2.17.0</version>
+            </dependency>
         </dependencies>
     </dependencyManagement>
 
-    <!-- Test dependencies -->
-
     <dependencies>
+        <!-- jakarta.servlet is used in almost all submodules, provided by Tomcat -->
+        <dependency>
+            <groupId>jakarta.servlet</groupId>
+            <artifactId>jakarta.servlet-api</artifactId>
+            <version>6.1.0</version>
+            <scope>provided</scope>
+        </dependency>
+        <!-- Test dependencies -->
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter</artifactId>
@@ -229,6 +244,17 @@ knowledge of the CeCILL-B license and that you accept its terms.
 
     <build>
         <plugins>
+            <plugin>
+                <!-- needed for Spring 6.1 -->
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>3.13.0</version>
+                <configuration>
+                    <compilerArgs>
+                        <arg>-parameters</arg>
+                    </compilerArgs>
+                </configuration>
+            </plugin>
             <plugin>
                 <!-- needed to replace the artifact version when calling install or deploy -->
               <groupId>org.codehaus.mojo</groupId>
@@ -276,7 +302,7 @@ knowledge of the CeCILL-B license and that you accept its terms.
             <plugin>
                 <groupId>org.jacoco</groupId>
                 <artifactId>jacoco-maven-plugin</artifactId>
-                <version>0.8.7</version>
+                <version>0.8.12</version>
                 <executions>
                     <execution>
                         <id>prepare-agent</id>

vip-api/pom.xml

@@ -48,7 +48,6 @@ knowledge of the CeCILL-B license and that you accept its terms.
         <skip.itests>true</skip.itests>
         <test.version.hamcrest>2.2</test.version.hamcrest>
         <test.version.mockito>3.3.3</test.version.mockito>
-        <keycloak.version>15.0.1</keycloak.version>
     </properties>
 
     <dependencies>
@@ -99,28 +98,22 @@ knowledge of the CeCILL-B license and that you accept its terms.
             <artifactId>spring-security-web</artifactId>
             <version>${springsecurity.version}</version>
         </dependency>
-
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-spring-security-adapter</artifactId>
-            <version>${keycloak.version}</version>
-        </dependency>
         <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-admin-client</artifactId>
-            <version>${keycloak.version}</version>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-oauth2-resource-server</artifactId>
+            <version>${springoauth.version}</version>
         </dependency>
 
         <!-- Validation implementation -->
         <dependency>
-            <groupId>org.hibernate</groupId>
+            <groupId>org.hibernate.validator</groupId>
             <artifactId>hibernate-validator</artifactId>
-            <version>6.1.5.Final</version>
+            <version>8.0.1.Final</version>
         </dependency>
         <dependency>
             <groupId>org.glassfish</groupId>
             <artifactId>jakarta.el</artifactId>
-            <version>3.0.3</version>
+            <version>4.0.2</version>
         </dependency>
 
         <!-- Test dependencies -->

vip-api/src/main/java/fr/insalyon/creatis/vip/api/ApiPropertiesInitializer.java

@@ -43,7 +43,7 @@
 import org.springframework.stereotype.Component;
 import org.springframework.util.Assert;
 
-import javax.annotation.PostConstruct;
+import jakarta.annotation.PostConstruct;
 import java.io.IOException;
 
 import static fr.insalyon.creatis.vip.api.CarminProperties.*;
@@ -96,12 +96,9 @@ private void verifyProperties() {
 
 
         if (env.getProperty(KEYCLOAK_ACTIVATED, Boolean.class, Boolean.FALSE)) {
-            logger.info("Keycloak activated");
-            verifyPropertyNotNull(KEYCLOAK_CLIENT_ID, String.class);
-            verifyPropertyNotNull(KEYCLOAK_CLIENT_SECRET, String.class);
-            verifyPropertyNotNull(KEYCLOAK_REALM_URL, String.class);
+            logger.info("Keycloak/OIDC activated");
         } else {
-            logger.info("Keycloak NOT active");
+            logger.info("Keycloak/OIDC NOT active");
         }
 
         // due to arrays and generics, this verification aren't easy to factorize

vip-api/src/main/java/fr/insalyon/creatis/vip/api/CarminProperties.java

@@ -73,10 +73,7 @@ public interface CarminProperties {
 
     String SHANOIR_HOST_IP = "shanoir.host.ip";
     String KEYCLOAK_ACTIVATED = "keycloak.active";
-    String KEYCLOAK_REALM_URL = "keycloak.realm.url";
-    String KEYCLOAK_CLIENT_ID = "keycloak.client.id";
-    String KEYCLOAK_CLIENT_SECRET = "keycloak.client.secret";
-
+
     // Client secret EGI
     String EGI_CLIENT_ID = "oidc.egi.client_id";
     String EGI_CLIENT_SECRET = "oidc.egi.client_secret";

vip-api/src/main/java/fr/insalyon/creatis/vip/api/SpringWebConfig.java

@@ -31,26 +31,12 @@
  */
 package fr.insalyon.creatis.vip.api;
 
-import com.fasterxml.jackson.databind.ObjectMapper;
 import fr.insalyon.creatis.vip.api.business.VipConfigurer;
-import org.keycloak.adapters.springsecurity.client.KeycloakClientRequestFactory;
-import org.keycloak.adapters.springsecurity.client.KeycloakRestTemplate;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Profile;
-import org.springframework.context.annotation.DependsOn;
-import org.springframework.context.annotation.PropertySource;
-import org.springframework.core.env.ConfigurableEnvironment;
 import org.springframework.core.env.Environment;
-import org.springframework.core.env.MutablePropertySources;
-import org.springframework.core.env.PropertiesPropertySource;
-import org.springframework.core.io.ClassPathResource;
-import org.springframework.core.io.support.ResourcePropertySource;
-import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder;
 import org.springframework.web.servlet.config.annotation.*;
 
-import java.io.IOException;
 import java.util.Collections;
 
 import static fr.insalyon.creatis.vip.api.CarminProperties.CORS_AUTHORIZED_DOMAINS;
@@ -77,12 +63,6 @@ public SpringWebConfig(Environment env, VipConfigurer vipConfigurer) {
         this.vipConfigurer = vipConfigurer;
     }
 
-    //implements rest template to send requests with tokens
-    @Bean
-    public KeycloakRestTemplate keycloakRestTemplate(KeycloakClientRequestFactory keycloakClientRequestFactory) {
-        return new KeycloakRestTemplate(keycloakClientRequestFactory);
-    }
-
     @Override
     public void configurePathMatch(PathMatchConfigurer configurer) {
         // Otherwise all that follow a dot in an URL is considered an extension and removed

vip-api/src/main/java/fr/insalyon/creatis/vip/api/business/ApiBusiness.java

@@ -11,7 +11,6 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.core.env.Environment;
-import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.stereotype.Service;
 
 @Service

vip-api/src/main/java/fr/insalyon/creatis/vip/api/business/ApiUserBusiness.java

@@ -12,7 +12,6 @@
 import org.springframework.stereotype.Service;
 
 import java.util.*;
-import java.util.stream.Collectors;
 
 /**
  * @author khalilkes service to signup a user in VIP

vip-api/src/main/java/fr/insalyon/creatis/vip/api/business/DataApiBusiness.java

@@ -58,7 +58,7 @@
 import org.springframework.core.env.Environment;
 import org.springframework.stereotype.Service;
 
-import javax.annotation.PreDestroy;
+import jakarta.annotation.PreDestroy;
 import java.io.*;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;

vip-api/src/main/java/fr/insalyon/creatis/vip/api/business/VipConfigurer.java

@@ -42,8 +42,8 @@
 import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.HandlerInterceptor;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
 import java.util.Calendar;
 
 /**

vip-api/src/main/java/fr/insalyon/creatis/vip/api/controller/ApiController.java

@@ -7,8 +7,6 @@
 
 import java.util.function.Supplier;
 
-import static fr.insalyon.creatis.vip.api.CarminProperties.KEYCLOAK_ACTIVATED;
-
 public abstract class ApiController {
 
     protected Supplier<User> currentUserSupplier;
@@ -24,10 +22,6 @@ protected User currentUser() {
         return currentUserSupplier.get();
     }
 
-    protected boolean isKeycloakActive() {
-        return env.getProperty(KEYCLOAK_ACTIVATED, Boolean.class, Boolean.FALSE);
-    }
-
     protected void logMethodInvocation(Logger logger, String methodName, Object... parameters) {
         Object user = currentUser() != null ? currentUser() : "Anonymous";
         logger.debug( "({}) Calling API method {}} ({})", user, methodName, parameters);