eclipse-hawkbit · avgustinmm · Dec 8, 2025
diff --git a/hawkbit-artifact/hawkbit-artifact-api/pom.xml b/hawkbit-artifact/hawkbit-artifact-api/pom.xml
@@ -27,26 +27,5 @@
             <artifactId>hawkbit-core</artifactId>
             <version>${project.version}</version>
         </dependency>
-
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.springframework.security</groupId>
-            <artifactId>spring-security-config</artifactId>
-        </dependency>
-
-        <dependency>
-            <groupId>jakarta.validation</groupId>
-            <artifactId>jakarta.validation-api</artifactId>
-        </dependency>
-
-        <!-- TEST -->
-        <dependency>
-            <groupId>io.github.classgraph</groupId>
-            <artifactId>classgraph</artifactId>
-            <scope>test</scope>
-        </dependency>
     </dependencies>
 </project>
diff --git a/hawkbit-artifact/hawkbit-artifact-fs/pom.xml b/hawkbit-artifact/hawkbit-artifact-fs/pom.xml
@@ -27,18 +27,5 @@
             <artifactId>hawkbit-artifact-api</artifactId>
             <version>${project.version}</version>
         </dependency>
-
-        <dependency>
-            <groupId>org.springframework</groupId>
-            <artifactId>spring-core</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-autoconfigure</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>commons-io</groupId>
-            <artifactId>commons-io</artifactId>
-        </dependency>
     </dependencies>
 </project>
diff --git a/...awkbit-artifact-fs/src/main/java/org/eclipse/hawkbit/artifact/fs/FileArtifactStorage.java b/...awkbit-artifact-fs/src/main/java/org/eclipse/hawkbit/artifact/fs/FileArtifactStorage.java
@@ -19,7 +19,6 @@
 import java.nio.file.Path;
 import java.nio.file.Paths;
 
-import org.apache.commons.io.FileUtils;
 import org.eclipse.hawkbit.artifact.AbstractArtifactStorage;
 import org.eclipse.hawkbit.artifact.ArtifactStorage;
 import org.eclipse.hawkbit.artifact.exception.ArtifactBinaryNotFoundException;
@@ -47,7 +46,7 @@ public FileArtifactStorage(final FileArtifactProperties artifactResourceProperti
 
     @Override
     public void deleteBySha1(final String tenant, final String sha1) {
-        FileUtils.deleteQuietly(getFile(tenant, sha1));
+        deleteSilent(getFile(tenant, sha1));
     }
 
     @Override
@@ -65,7 +64,7 @@ public InputStream getBySha1(final String tenant, final String sha1) {
 
     @Override
     public void deleteByTenant(final String tenant) {
-        FileUtils.deleteQuietly(Paths.get(artifactResourceProperties.getPath(), sanitizeTenant(tenant)).toFile());
+        deleteSilent(Paths.get(artifactResourceProperties.getPath(), sanitizeTenant(tenant)).toFile());
     }
 
     @Override
@@ -78,7 +77,7 @@ protected void store(final String tenant, final ArtifactHashes base16Hashes, fin
             throws IOException {
         final File fileSHA1Naming = getFile(tenant, base16Hashes.sha1());
         if (fileSHA1Naming.exists()) {
-            FileUtils.deleteQuietly(tempFile);
+            deleteSilent(tempFile);
         } else {
             Files.move(tempFile.toPath(), fileSHA1Naming.toPath());
         }
@@ -107,4 +106,24 @@ private Path getSha1DirectoryPath(final String tenant, final String sha1) {
         final String folder2 = sha1.substring(length - 2, length);
         return Paths.get(artifactResourceProperties.getPath(), sanitizeTenant(tenant), folder1, folder2);
     }
+
+    @SuppressWarnings({ "java:S899", "java:S4042" }) // just ignore the result - silent
+    private static void deleteSilent(final File file) {
+        if (file.exists()) {
+            if (file.isDirectory()) {
+                // delete children
+                final File[] children = file.listFiles();
+                if (children != null) {
+                    for (final File child : children) {
+                        deleteSilent(child);
+                    }
+                }
+            }
+            try {
+                file.delete(); // silent
+            } catch (final Exception ignored) {
+                // ignore
+            }
+        }
+    }
 }
diff --git a/...it-artifact-fs/src/test/java/org/eclipse/hawkbit/artifact/fs/FileArtifactStorageTest.java b/...it-artifact-fs/src/test/java/org/eclipse/hawkbit/artifact/fs/FileArtifactStorageTest.java
@@ -15,11 +15,11 @@
 import java.io.ByteArrayInputStream;
 import java.io.File;
 import java.io.IOException;
+import java.io.InputStream;
+import java.nio.file.Files;
 import java.util.Random;
 
 import lombok.extern.slf4j.Slf4j;
-import org.apache.commons.io.FileUtils;
-import org.apache.commons.io.IOUtils;
 import org.assertj.core.api.Assertions;
 import org.eclipse.hawkbit.artifact.AbstractArtifactStorage;
 import org.eclipse.hawkbit.artifact.exception.ArtifactBinaryNotFoundException;
@@ -54,7 +54,7 @@ static void setup() {
     static void afterClass() {
         if (new File(artifactResourceProperties.getPath()).exists()) {
             try {
-                FileUtils.deleteDirectory(new File(artifactResourceProperties.getPath()));
+                delete(new File(artifactResourceProperties.getPath()));
             } catch (final IOException | IllegalArgumentException e) {
                 log.warn("Cannot delete file-directory", e);
             }
@@ -69,9 +69,10 @@ void storeSuccessfully() throws IOException {
         final byte[] fileContent = randomBytes();
         final StoredArtifactInfo artifact = storeRandomArtifact(fileContent);
 
-        final byte[] readContent = new byte[fileContent.length];
-        IOUtils.read(artifactFilesystemRepository.getBySha1(TENANT, artifact.getHashes().sha1()), readContent);
-        assertThat(readContent).isEqualTo(fileContent);
+        try (final InputStream is = artifactFilesystemRepository.getBySha1(TENANT, artifact.getHashes().sha1())) {
+            final byte[] readContent = is.readAllBytes();
+            assertThat(readContent).isEqualTo(fileContent);
+        }
     }
 
     /**
@@ -141,4 +142,20 @@ private StoredArtifactInfo storeRandomArtifact(final byte[] fileContent) throws
             return artifactFilesystemRepository.store(TENANT, inputStream, "filename.tmp", "application/txt", null);
         }
     }
+
+    private static void delete(final File file) throws IOException {
+        if (file.exists()) {
+            if (file.isDirectory()) {
+                // delete children
+                final File[] children = file.listFiles();
+                if (children != null) {
+                    for (final File child : children) {
+                        delete(child);
+                    }
+                }
+            }
+
+            Files.delete(file.toPath());
+        }
+    }
 }
diff --git a/hawkbit-autoconfigure/pom.xml b/hawkbit-autoconfigure/pom.xml
@@ -44,13 +44,6 @@
             <artifactId>protostuff-core</artifactId>
             <optional>true</optional>
         </dependency>
-
-        <dependency>
-            <groupId>jakarta.servlet</groupId>
-            <artifactId>jakarta.servlet-api</artifactId>
-            <scope>provided</scope>
-        </dependency>
-
         <dependency>
             <groupId>io.protostuff</groupId>
             <artifactId>protostuff-runtime</artifactId>

diff --git a/...e/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityAutoConfiguration.java b/...e/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityAutoConfiguration.java
@@ -18,8 +18,8 @@
 import org.eclipse.hawkbit.tenancy.TenantAwareUserProperties;
 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
-import org.springframework.boot.autoconfigure.security.SecurityProperties;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.boot.security.autoconfigure.SecurityProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;

diff --git a/...ava/org/eclipse/hawkbit/autoconfigure/security/StaticUserManagementAutoConfiguration.java b/...ava/org/eclipse/hawkbit/autoconfigure/security/StaticUserManagementAutoConfiguration.java
@@ -11,8 +11,8 @@
 
 import org.eclipse.hawkbit.auth.StaticAuthenticationProvider;
 import org.eclipse.hawkbit.tenancy.TenantAwareUserProperties;
-import org.springframework.boot.autoconfigure.security.SecurityProperties;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.boot.security.autoconfigure.SecurityProperties;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.Ordered;
 import org.springframework.core.annotation.Order;

diff --git a/hawkbit-core/pom.xml b/hawkbit-core/pom.xml
@@ -24,72 +24,43 @@
     <dependencies>
         <dependency>
             <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.springframework.security</groupId>
-            <artifactId>spring-security-config</artifactId>
+            <artifactId>spring-boot-starter-security</artifactId>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-actuator-autoconfigure</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.springframework</groupId>
-            <artifactId>spring-web</artifactId>
+            <artifactId>spring-boot-starter-security-oauth2-client</artifactId>
         </dependency>
         <dependency>
-            <groupId>org.springframework.data</groupId>
-            <artifactId>spring-data-commons</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.springframework</groupId>
-            <artifactId>spring-context-support</artifactId>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-cache</artifactId>
         </dependency>
         <dependency>
-            <groupId>org.springframework.security</groupId>
-            <artifactId>spring-security-oauth2-core</artifactId>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-webmvc</artifactId>
+            <optional>true</optional>
         </dependency>
         <dependency>
-            <groupId>org.springframework.security</groupId>
-            <artifactId>spring-security-aspects</artifactId>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-data-jpa</artifactId>
+            <optional>true</optional>
         </dependency>
         <dependency>
-            <groupId>org.springframework.security</groupId>
-            <artifactId>spring-security-web</artifactId>
-            <!-- needed for web MDC filter -->
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-actuator</artifactId>
             <optional>true</optional>
         </dependency>
 
         <dependency>
-            <groupId>jakarta.validation</groupId>
-            <artifactId>jakarta.validation-api</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>jakarta.servlet</groupId>
-            <artifactId>jakarta.servlet-api</artifactId>
+            <groupId>tools.jackson.core</groupId>
+            <artifactId>jackson-databind</artifactId>
         </dependency>
         <dependency>
-            <groupId>io.micrometer</groupId>
-            <artifactId>micrometer-core</artifactId>
+            <groupId>jakarta.validation</groupId>
+            <artifactId>jakarta.validation-api</artifactId>
         </dependency>
         <dependency>
             <groupId>com.github.ben-manes.caffeine</groupId>
             <artifactId>caffeine</artifactId>
         </dependency>
-
-        <dependency>
-            <groupId>com.fasterxml.jackson.core</groupId>
-            <artifactId>jackson-databind</artifactId>
-            <!-- needed for JSON context serialization -->
-            <optional>true</optional>
-        </dependency>
-
-        <!-- TEST -->
-        <dependency>
-            <groupId>io.github.classgraph</groupId>
-            <artifactId>classgraph</artifactId>
-            <scope>test</scope>
-        </dependency>
     </dependencies>
 </project>
diff --git a/hawkbit-core/src/main/java/org/eclipse/hawkbit/HawkbitAutoConfiguration.java b/hawkbit-core/src/main/java/org/eclipse/hawkbit/HawkbitAutoConfiguration.java
@@ -0,0 +1,26 @@
+/**
+ * Copyright (c) 2025 Contributors to the Eclipse Foundation
+ *
+ * This program and the accompanying materials are made
+ * available under the terms of the Eclipse Public License 2.0
+ * which is available at https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ */
+package org.eclipse.hawkbit;
+
+import org.springframework.boot.jackson.autoconfigure.JacksonAutoConfiguration;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
+import org.springframework.context.annotation.PropertySource;
+
+/**
+ * The {@link HawkbitAutoConfiguration} brings some default configurations needed for hawkbit. It does:
+ * <ul>
+ *     <li>Import {@link JacksonAutoConfiguration} and applies hawkbit-jackson-defaults.properties in order to configure the {@link tools.jackson.databind.json.JsonMapper}.</li>
+ * </ul>
+ */
+@Configuration
+@Import(JacksonAutoConfiguration.class)
+@PropertySource("classpath:/hawkbit-jackson-defaults.properties")
+public class HawkbitAutoConfiguration {}
diff --git a/hawkbit-core/src/main/java/org/eclipse/hawkbit/auth/StaticAuthenticationProvider.java b/hawkbit-core/src/main/java/org/eclipse/hawkbit/auth/StaticAuthenticationProvider.java
@@ -20,7 +20,7 @@
 import org.eclipse.hawkbit.tenancy.TenantAwareAuthenticationDetails;
 import org.eclipse.hawkbit.tenancy.TenantAwareUser;
 import org.eclipse.hawkbit.tenancy.TenantAwareUserProperties;
-import org.springframework.boot.autoconfigure.security.SecurityProperties;
+import org.springframework.boot.security.autoconfigure.SecurityProperties;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.core.Authentication;

diff --git a/hawkbit-core/src/main/java/org/eclipse/hawkbit/context/AccessContext.java b/hawkbit-core/src/main/java/org/eclipse/hawkbit/context/AccessContext.java
@@ -20,8 +20,6 @@
 import java.util.stream.Stream;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import lombok.AccessLevel;
 import lombok.Data;
 import lombok.NoArgsConstructor;
@@ -36,6 +34,7 @@
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.oauth2.core.oidc.user.OidcUser;
+import tools.jackson.databind.ObjectMapper;
 
 /**
  * A 'static' class providing methods related to access context:
@@ -298,11 +297,7 @@ private static String resolve(final Authentication authentication) {
     @SuppressWarnings("java:S112") // java:S112 - generic method
     private static String serialize(final SecurityContext securityContext) {
         Objects.requireNonNull(securityContext);
-        try {
-            return OBJECT_MAPPER.writeValueAsString(new SecCtxInfo(securityContext));
-        } catch (final JsonProcessingException e) {
-            throw new RuntimeException(e);
-        }
+        return OBJECT_MAPPER.writeValueAsString(new SecCtxInfo(securityContext));
     }
 
     /**
@@ -314,12 +309,7 @@ private static String serialize(final SecurityContext securityContext) {
     @SuppressWarnings("java:S112") // java:S112 - generic method
     private static SecurityContext deserialize(final String securityContextString) {
         Objects.requireNonNull(securityContextString);
-        final String securityContextTrimmed = securityContextString.trim();
-        try {
-            return OBJECT_MAPPER.readerFor(SecCtxInfo.class).<SecCtxInfo> readValue(securityContextTrimmed).toSecurityContext();
-        } catch (final JsonProcessingException e) {
-            throw new RuntimeException(e);
-        }
+        return OBJECT_MAPPER.readerFor(SecCtxInfo.class).<SecCtxInfo> readValue(securityContextString.trim()).toSecurityContext();
     }
 
     private static boolean isAuthenticationInvalid(final Authentication authentication) {