feat: handle profile and log4j -> logback (#62)

* feat: use spring profile and logback

* fix: copy files from jar = boom

Author: davdarras

Dockerfile

@@ -1,17 +1,14 @@
-FROM tomcat:9-jre17-temurin
+FROM gitlab-registry.insee.fr/kubernetes/images/run/java:21.0.8_9-jre-jammy-rootless
 
-# Create a non-root user and group
-
-RUN rm -rf "$CATALINA_HOME"/webapps/*
-COPY sabdatab.properties log4j2.xml $CATALINA_HOME/webapps/
-COPY target/*.war $CATALINA_HOME/webapps/ROOT.war
+WORKDIR /opt/app/
+COPY ./target/*.jar /opt/app/app.jar
 
 # Setup a non-root user context (security)
-RUN addgroup -g 1000 tomcatgroup; \
-    adduser -D -s / -u 1000 tomcatuser -G tomcatgroup; \
-    chown -R tomcat:tomcat "$CATALINA_HOME"
+RUN addgroup -g 1000 tomcatgroup
+RUN adduser -D -s / -u 1000 tomcatuser -G tomcatgroup
+RUN mkdir /opt/app/temp-files
+RUN chown -R 1000:1000 /opt/app
 
 USER 1000
 
-# Start Tomcat
-CMD ["catalina.sh", "run"]
+ENTRYPOINT ["java", "-jar",  "/opt/app/app.jar"]

log4j2.xml

@@ -7,19 +7,19 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>3.5.5</version>
+		<version>3.5.6</version>
 		<relativePath/> <!-- Use default parent from central repo -->
 	</parent>
 
 	<groupId>fr.insee</groupId>
 	<artifactId>sabdatab</artifactId>
-	<packaging>war</packaging>
-	<version>4.1.1</version>
+	<packaging>jar</packaging>
+	<version>4.1.2</version>
 	<name>Sabiane Data</name>
 
 	<properties>
 		<java.version>17</java.version>
-		<final.war.name>sabdatab</final.war.name>
+		<final.jar.name>sabdatab</final.jar.name>
 		<springdoc-openapi-ui.version>1.7.0</springdoc-openapi-ui.version>
 		<saxon.version>12.5</saxon.version>
 		<commons-io.version>2.18.0</commons-io.version>
@@ -71,22 +71,6 @@
 			<optional>true</optional>
 		</dependency>
 
-		<!-- log4j -->
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter</artifactId>
-			<exclusions>
-				<exclusion>
-					<groupId>org.springframework.boot</groupId>
-					<artifactId>spring-boot-starter-logging</artifactId>
-				</exclusion>
-			</exclusions>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-log4j2</artifactId>
-		</dependency>
-
 		<dependency>
 			<groupId>commons-io</groupId>
 			<artifactId>commons-io</artifactId>
@@ -103,7 +87,7 @@
 	</dependencies>
 
 	<build>
-		<finalName>${final.war.name}</finalName>
+		<finalName>${final.jar.name}</finalName>
 		<resources>
 			<resource>
 				<filtering>true</filtering>
@@ -123,14 +107,13 @@
 					<target>${java.version}</target>
 				</configuration>
 			</plugin>
-			<plugin>
-				<groupId>org.apache.maven.plugins</groupId>
-				<artifactId>maven-war-plugin</artifactId>
-				<version>3.4.0</version> <!-- Update this version -->
-			</plugin>
+
 			<plugin>
 				<groupId>org.springframework.boot</groupId>
 				<artifactId>spring-boot-maven-plugin</artifactId>
+				<configuration>
+					<mainClass>fr.insee.sabianedata.ws.AppWS</mainClass>
+				</configuration>
 				<executions>
 					<execution>
 						<id>repackage</id>

pom.xml

@@ -8,10 +8,8 @@
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
-import org.springframework.boot.builder.SpringApplicationBuilder;
 import org.springframework.boot.context.event.ApplicationReadyEvent;
 import org.springframework.boot.context.properties.ConfigurationPropertiesScan;
-import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.event.ContextRefreshedEvent;
 import org.springframework.context.event.EventListener;
@@ -25,27 +23,13 @@
 @SpringBootApplication
 @ConfigurationPropertiesScan
 @Slf4j
-public class AppWS extends SpringBootServletInitializer {
+public class AppWS {
 
-    public static final String APP_NAME = "sabdatab";
 
     public static void main(String[] args) {
-        System.setProperty("spring.config.name", APP_NAME);
         SpringApplication.run(AppWS.class, args);
     }
 
-    @Override
-    protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
-        System.setProperty("spring.config.name", APP_NAME);
-        setProperty();
-        return application.sources(AppWS.class);
-    }
-
-    public static void setProperty() {
-        System.setProperty("spring.config.location",
-                "classpath:/," + "file:///${catalina.base}/webapps/" + APP_NAME + ".properties");
-    }
-
     @EventListener
     public void handleContextRefresh(ContextRefreshedEvent event) {
         final Environment env = event.getApplicationContext().getEnvironment();
@@ -65,7 +49,7 @@ public void handleContextRefresh(ContextRefreshedEvent event) {
 
     @EventListener
     public void handleApplicationReady(ApplicationReadyEvent event) {
-        log.info("=============== " + APP_NAME + "  has successfully started. ===============");
+        log.info("=============== Massive Attack API has successfully started. ===============");
 
     }
 

sabdatab.properties

@@ -16,17 +16,19 @@
 import fr.insee.sabianedata.ws.service.ExtractionService;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import org.apache.commons.io.FileUtils;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.support.PathMatchingResourcePatternResolver;
+import org.springframework.core.io.support.ResourcePatternResolver;
+import org.springframework.util.StreamUtils;
+import java.io.OutputStream;
 import org.springframework.core.io.ResourceLoader;
 import org.springframework.stereotype.Component;
 import org.springframework.util.FileSystemUtils;
 
 import jakarta.annotation.PostConstruct;
 import jakarta.annotation.PreDestroy;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.io.InputStream;
+
+import java.io.*;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.util.*;
@@ -105,22 +107,43 @@ private void setupTempFolders() throws IOException {
 		Path scenariiPath = tempScenariiFolder.toPath().toRealPath(); // resolves symlinks in scenarii subfolder
 
 		// Ensure the scenarii folder is truly a subdirectory of the base temp folder
-		// This prevents path tricks or symlink-based attacks that could redirect outside of temp
 		if (!scenariiPath.startsWith(realBasePath)) {
 			throw new IOException("Potential directory traversal or symlink attack.");
 		}
 
-		// Load scenarii files from the classpath
-		File scenariosFolder = resourceLoader.getResource("classpath:scenarii").getFile();
-		if (!scenariosFolder.exists()) {
-			log.error("Scenarii folder not found in classpath.");
-			throw new IOException("Scenarii folder not found in classpath.");
+		// Load scenarii files
+		ResourcePatternResolver resolver = new PathMatchingResourcePatternResolver();
+		Resource[] resources = resolver.getResources("classpath*:/scenarii/**");
+
+		if (resources.length == 0) {
+			log.error("Scenarii folder not found in classpath or is empty.");
+			throw new IOException("Scenarii resources not found in classpath.");
 		}
 
-		// Safely copy classpath scenarii files into the validated temp/scenarii folder
-		FileUtils.copyDirectory(scenariosFolder, tempScenariiFolder);
+		for(Resource resource : resources) {
+			// handle only files
+			if (!resource.isReadable()) {
+				continue;
+			}
+
+			String urlPath = resource.getURL().toString();
+			int idx = urlPath.indexOf("/scenarii/");
+			String relativePath = urlPath.substring(idx + "/scenarii/".length());
+
+			File targetFile = new File(tempScenariiFolder, relativePath);
+			File parent = targetFile.getParentFile();
+			if (!parent.exists() && !parent.mkdirs()) {
+				throw new IOException("Failed to create directory: " + parent);
+			}
+
+			try (InputStream in = resource.getInputStream();
+				 OutputStream out = Files.newOutputStream(targetFile.toPath())) {
+				StreamUtils.copy(in, out);
+			}
+		}
 	}
 
+
 	private void loadScenarios() {
 		File[] scenarioFolders = tempScenariiFolder.listFiles();
 		checkScenarioFolder(scenarioFolders);

src/main/java/fr/insee/sabianedata/ws/AppWS.java

@@ -0,0 +1,50 @@
+spring:
+  config:
+    name: sabdatab
+  security:
+    oauth2:
+      resourceserver:
+        jwt:
+          issuer-uri: ${feature.oidc.authServerUrl}/realms/${feature.oidc.realm}
+
+application:
+  host: http://localhost:8080
+  cors-origins: '*'
+  temp-folder: logs/myTemp
+  management-url: http://localhost:8888
+  questionnaire-url: http://localhost:9999
+
+feature:
+  oidc:
+    enabled: true
+    authServerHost: http://localhost:7080
+    application-host: ${application.host}
+    authServerUrl: ${feature.oidc.authServerHost}
+    realm: sabiane
+    principalAttribute: preferred_username
+    clientId: myclient
+  swagger:
+    enabled: true
+
+springdoc:
+  swagger-ui:
+    path: /
+    oauth:
+      clientId: ${feature.oidc.clientId}
+    oauth2RedirectUrl: ${application.host}/swagger-ui/oauth2-redirect.html
+    try-it-out-enabled: true
+    doc-expansion: none
+
+logging:
+  appender: CONSOLE # CONSOLE | ROLLING_FILE
+  level:
+    root: INFO
+    fr:
+      insee:
+        sabianedata: INFO
+  pattern:
+    console: "%d{YYYY-MM-dd HH:mm:ss.SSS} [%X{id}][%X{user}][%X{method} %X{path}] [%thread] %-5level %logger{36} - %m%n"
+    file: ${logging.pattern.console}
+  logback:
+    rollingpolicy:
+      max-history: 90