Skip to content

switch to basic auth for API access #1545

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Aug 21, 2024
Merged

switch to basic auth for API access #1545

merged 6 commits into from
Aug 21, 2024

Conversation

@goekay
Copy link
Member

@goekay goekay commented Aug 17, 2024

No description provided.

@goekay goekay linked an issue Aug 17, 2024 that may be closed by this pull request
Store Web API key in database -> Switch to basic auth #1540
Closed
3 tasks
goekay
goekay commented Aug 17, 2024
View reviewed changes
@goekay goekay mentioned this pull request Aug 17, 2024
Closed
3 tasks
juherr
juherr approved these changes Aug 17, 2024
View reviewed changes
Copy link
Contributor

@juherr juherr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM from a technical pov.
But why do you prefer basic auth instead of dedicated header or bearer token for api auth?

@goekay
Copy link
Member Author

goekay commented Aug 17, 2024

But why do you prefer basic auth instead of dedicated header or bearer token for api auth?

pls see #1540 (comment)

juherr
juherr reviewed Aug 18, 2024
View reviewed changes
src/main/java/de/rwth/idsg/steve/config/ApiAuthenticationManager.java Outdated
response.getWriter().print(jacksonObjectMapper.writeValueAsString(apiResponse));
}

private UserDetails getFromCacheOrDatabase(String username) {
Copy link
Contributor

@juherr juherr Aug 18, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do you set the cache logic here instead of webUserService.loadUserByUsernameForApi?

I don't know if it is a choice to not use it but Spring has its own way of doing caches: https://spring.io/guides/gs/caching
And you can still use guava under to wood if you want it: https://docs.spring.io/spring-framework/docs/4.2.x/javadoc-api/org/springframework/cache/guava/GuavaCacheManager.html

Copy link
Contributor

@juherr juherr Aug 20, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@goekay Just for my technical knowledge because I didn't use them before: why do you use guava directly and not hidden behind spring cache?

Copy link
Member Author

@goekay goekay Aug 20, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a combination of multiple reasons actually (disclaimer: i have been using both of them for a long time)

  • stylistic preference if it is just about a localized cache usage, instead of something big or application-wide
  • tighter control i can have with guava. this does not matter when using GuavaCacheManager, since the same can be done with that... but then, if you control guava like this, why introduce spring magic? which brings me to my next point.
  • absence of multiple spring layers, abstractions, which can lead to weird misbehaviour and gotchas
  • to be consistent with the codebase: steve has this direct usage of Guava at some other places, there is no usage of Spring cache

Copy link
Contributor

@juherr juherr Aug 20, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the answer! 👍

why introduce spring magic?

That could be true for almost every spring import ;)

@goekay goekay marked this pull request as ready for review August 18, 2024 14:57
@goekay
Copy link
Member Author

goekay commented Aug 20, 2024

@juherr if you have no objections or no more comments, i want to merge this.

juherr
juherr approved these changes Aug 21, 2024
View reviewed changes
Copy link
Contributor

@juherr juherr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@goekay goekay merged commit 4b63474 into master Aug 21, 2024
@goekay goekay deleted the 1540-store-web-api-key-in-database branch August 21, 2024 06:56
@faculoyarte
Copy link

faculoyarte commented Aug 27, 2024
edited
Loading

Sorry guys, but I'm having trouble figuring out how to create an api_password on a user or set up admin users in the SteVe web UI. I had the API working previously using webapi.key = STEVE-API-KEY and webapi.value, but now I'm getting a 401 error. Could someone guide me on how to resolve this?"
image

@goekay
Copy link
Member Author

goekay commented Aug 27, 2024

hey @faculoyarte, the user you are showing on the screenshot is the end user, i.e. the customer that has an EV and RFID card and wants to use the stations.

the user we added in this PR is the web user, i.e. the operations person that manages stations, someone that belongs to a CPO maybe. this is the person that has access to steve's web ui to do things. the web user gets an api_password with this PR.

therefore, these two things are disconnected. there is another PR that will make it available to update/change properties of a web user. therefore, currently the only way to do is to directly modify database tables.

@faculoyarte
Copy link

faculoyarte commented Aug 27, 2024

Perfect, thanks. @goekay

faculoyarte pushed a commit to faculoyarte/steve that referenced this pull request Sep 4, 2024
@goekay @faculoyarte
switch to basic auth for API access (steve-community#1545)
c6418a2 
* switch to basic auth for API access

* PR feedback

* add cache for API users

* PR feedback

* start setting/updating api_password

* refactor: undo moveApiTokenFromConfigToDatabase prep
dakai-wei-of-shizen added a commit to shizen-connect/steve-forked that referenced this pull request Nov 5, 2024
@dakai-wei-of-shizen @juherr
@fnkbsi @dependabot @goekay @bibz0r
merge Steve community master 20241105 (#5)
62d8d73 
* Extract tag authorization in a dedicated service

* Provide location for tag status

* adding DB migration Baselinescript

* Baseline-script: insert default data into settings table

* main.yml: remove right "mysql -h 127.0.0.1 -P 3306 -uroot -proot -e "GRANT SELECT ON mysql.proc TO 'steve'@'%';" -v || true"

* B1_0_5_stevedb.sql: removed auto_increment values

* B1_0_5_stevedb.sql: change to maysqldump script

* Baseline-script: insert default data into settings table

* Baseline-script: removed unnecessary save, set and reset of DB-settings (executable comments); removed temporary tabels/views, because of that changed creation order of views transaction and ocpp_activity

* Baseline-script: because Steve supports only mysql and mariadb the executable comments are changed to commands. except "/*!999999\- enable the sandbox mode */ "

* Baseline-script: adding some comments

* Baseline-script: formating the view creation code

* Bump org.apache.maven.plugins:maven-dependency-plugin

Bumps [org.apache.maven.plugins:maven-dependency-plugin](https://github.com/apache/maven-dependency-plugin) from 3.7.0 to 3.7.1.
- [Release notes](https://github.com/apache/maven-dependency-plugin/releases)
- [Commits](https://github.com/apache/maven-dependency-plugin/compare/maven-dependency-plugin-3.7.0...maven-dependency-plugin-3.7.1)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-dependency-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump org.apache.maven.plugins:maven-jar-plugin from 3.4.1 to 3.4.2

Bumps [org.apache.maven.plugins:maven-jar-plugin](https://github.com/apache/maven-jar-plugin) from 3.4.1 to 3.4.2.
- [Release notes](https://github.com/apache/maven-jar-plugin/releases)
- [Commits](https://github.com/apache/maven-jar-plugin/compare/maven-jar-plugin-3.4.1...maven-jar-plugin-3.4.2)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-jar-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* remove pmd github action

* main.yml: remove Grant Super priviliges; B1_0_5__stevedb.sql: remove definer statements in views

* adapt docs after #1439

SUPER is not needed anymore

* Bump org.junit:junit-bom from 5.10.2 to 5.10.3

Bumps [org.junit:junit-bom](https://github.com/junit-team/junit5) from 5.10.2 to 5.10.3.
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.10.2...r5.10.3)

---
updated-dependencies:
- dependency-name: org.junit:junit-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump com.github.spotbugs:spotbugs-maven-plugin from 4.8.5.0 to 4.8.6.2

Bumps [com.github.spotbugs:spotbugs-maven-plugin](https://github.com/spotbugs/spotbugs-maven-plugin) from 4.8.5.0 to 4.8.6.2.
- [Release notes](https://github.com/spotbugs/spotbugs-maven-plugin/releases)
- [Commits](https://github.com/spotbugs/spotbugs-maven-plugin/compare/spotbugs-maven-plugin-4.8.5.0...spotbugs-maven-plugin-4.8.6.2)

---
updated-dependencies:
- dependency-name: com.github.spotbugs:spotbugs-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump jackson.version from 2.17.1 to 2.17.2

Bumps `jackson.version` from 2.17.1 to 2.17.2.

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.17.1 to 2.17.2
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.fasterxml.jackson.module:jackson-module-jaxb-annotations` from 2.17.1 to 2.17.2
- [Commits](https://github.com/FasterXML/jackson-modules-base/compare/jackson-modules-base-2.17.1...jackson-modules-base-2.17.2)

Updates `com.fasterxml.jackson.core:jackson-annotations` from 2.17.1 to 2.17.2
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.fasterxml.jackson.datatype:jackson-datatype-joda` from 2.17.1 to 2.17.2
- [Commits](https://github.com/FasterXML/jackson-datatype-joda/compare/jackson-datatype-joda-2.17.1...jackson-datatype-joda-2.17.2)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson.core:jackson-databind
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: com.fasterxml.jackson.module:jackson-module-jaxb-annotations
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: com.fasterxml.jackson.core:jackson-annotations
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: com.fasterxml.jackson.datatype:jackson-datatype-joda
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump io.github.git-commit-id:git-commit-id-maven-plugin

Bumps [io.github.git-commit-id:git-commit-id-maven-plugin](https://github.com/git-commit-id/git-commit-id-maven-plugin) from 9.0.0 to 9.0.1.
- [Release notes](https://github.com/git-commit-id/git-commit-id-maven-plugin/releases)
- [Commits](https://github.com/git-commit-id/git-commit-id-maven-plugin/compare/v9.0.0...v9.0.1)

---
updated-dependencies:
- dependency-name: io.github.git-commit-id:git-commit-id-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump flyway.version from 10.15.0 to 10.15.2

Bumps `flyway.version` from 10.15.0 to 10.15.2.

Updates `org.flywaydb:flyway-mysql` from 10.15.0 to 10.15.2

Updates `org.flywaydb:flyway-maven-plugin` from 10.15.0 to 10.15.2
- [Release notes](https://github.com/flyway/flyway/releases)
- [Commits](https://github.com/flyway/flyway/compare/flyway-10.15.0...flyway-10.15.2)

---
updated-dependencies:
- dependency-name: org.flywaydb:flyway-mysql
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.flywaydb:flyway-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Update docker-compose.yml to add restart policies

Added 'unless-stopped' restart policies to both the 'db' and 'app' services in docker-compose.yml to ensure they automatically restart unless explicitly stopped by the user.

* Bump org.apache.maven.plugins:maven-surefire-plugin from 3.3.0 to 3.3.1

Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.3.0 to 3.3.1.
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.3.0...surefire-3.3.1)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump net.bytebuddy:byte-buddy from 1.14.17 to 1.14.18

Bumps [net.bytebuddy:byte-buddy](https://github.com/raphw/byte-buddy) from 1.14.17 to 1.14.18.
- [Release notes](https://github.com/raphw/byte-buddy/releases)
- [Changelog](https://github.com/raphw/byte-buddy/blob/master/release-notes.md)
- [Commits](https://github.com/raphw/byte-buddy/compare/byte-buddy-1.14.17...byte-buddy-1.14.18)

---
updated-dependencies:
- dependency-name: net.bytebuddy:byte-buddy
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* refactor: move OcppTagRepository into AuthTagService

* better msg if logs are unavailable (closes #1503)

* Bump org.projectlombok:lombok from 1.18.32 to 1.18.34

Bumps [org.projectlombok:lombok](https://github.com/projectlombok/lombok) from 1.18.32 to 1.18.34.
- [Changelog](https://github.com/projectlombok/lombok/blob/master/doc/changelog.markdown)
- [Commits](https://github.com/projectlombok/lombok/compare/v1.18.32...v1.18.34)

---
updated-dependencies:
- dependency-name: org.projectlombok:lombok
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* nits and style changes

* add license header where missing

* extract interface

reason: allow multiple implementations of the same interface to exist.
therefore, another impl (for calling external EMSP service) and bean
can exist with @Primary annotation which can take precedence

* transaction detail page shows only energy meter values (#1514)

* Bump flyway.version from 10.15.2 to 10.16.0

Bumps `flyway.version` from 10.15.2 to 10.16.0.

Updates `org.flywaydb:flyway-mysql` from 10.15.2 to 10.16.0

Updates `org.flywaydb:flyway-maven-plugin` from 10.15.2 to 10.16.0
- [Release notes](https://github.com/flyway/flyway/releases)
- [Commits](https://github.com/flyway/flyway/compare/flyway-10.15.2...flyway-10.16.0)

---
updated-dependencies:
- dependency-name: org.flywaydb:flyway-mysql
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.flywaydb:flyway-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump org.apache.maven.plugins:maven-pmd-plugin from 3.23.0 to 3.24.0

Bumps [org.apache.maven.plugins:maven-pmd-plugin](https://github.com/apache/maven-pmd-plugin) from 3.23.0 to 3.24.0.
- [Release notes](https://github.com/apache/maven-pmd-plugin/releases)
- [Commits](https://github.com/apache/maven-pmd-plugin/compare/maven-pmd-plugin-3.23.0...maven-pmd-plugin-3.24.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-pmd-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* migrate to jakarta and upgrade spring, jetty, cxf

* fix SecurityConfiguration

* fix http client in GithubReleaseCheckService

* fix test classes

* fix dependencies

* upgrade jetty from 11 to 12

* update ocpp-jaxb

* fix jsp world

* fix spring security

signin page was causing too many redirects to itself.

https://github.com/spring-projects/spring-security/issues/13285

* switch to openapi v3

plus: start offering swagger ui

* version bump [ci skip]

* version bump for snapshot [ci skip]

* use ocpp-jaxb tag version

* jooq: make DateTime operations through field's converter (#1520)

* validate chargeBoxId for WS connections (#1526)

* tighten regex of valid chargeBoxId definition (#1526)

* switch logic to use blacklist of chars (#1526)

* add flexibility to override default chargeBoxId validation regex (#1526)

* add error logging for violating the pattern (#1526)

* put chargeBoxId through html encoder in unknownList (#1526)

* refactor

* Encode values properly when rendering HTML pages (#1533)

* use html encoder on page: chagepointDetails (#1532)

* use html encoder on page: transactions (#1532)

* use html encoder on page: transactionDetails (#1532)

* use html encoder on page: ocppTags (#1532)

* use html encoder on page: connectorStatus (#1532)

* use html encoder on page: GetConfigurationResponse (#1532)

* use html encoder on page: taskResult (#1532)

* Bump org.hamcrest:hamcrest from 2.2 to 3.0 (#1530)

Bumps [org.hamcrest:hamcrest](https://github.com/hamcrest/JavaHamcrest) from 2.2 to 3.0.
- [Release notes](https://github.com/hamcrest/JavaHamcrest/releases)
- [Changelog](https://github.com/hamcrest/JavaHamcrest/blob/master/CHANGES.md)
- [Commits](https://github.com/hamcrest/JavaHamcrest/compare/v2.2...v3.0)

---
updated-dependencies:
- dependency-name: org.hamcrest:hamcrest
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump flyway.version from 10.16.0 to 10.17.0 (#1529)

Bumps `flyway.version` from 10.16.0 to 10.17.0.

Updates `org.flywaydb:flyway-mysql` from 10.16.0 to 10.17.0

Updates `org.flywaydb:flyway-maven-plugin` from 10.16.0 to 10.17.0
- [Release notes](https://github.com/flyway/flyway/releases)
- [Commits](https://github.com/flyway/flyway/compare/flyway-10.16.0...flyway-10.17.0)

---
updated-dependencies:
- dependency-name: org.flywaydb:flyway-mysql
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.flywaydb:flyway-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump jetty.version from 12.0.11 to 12.0.12 (#1528)

Bumps `jetty.version` from 12.0.11 to 12.0.12.

Updates `org.eclipse.jetty:jetty-server` from 12.0.11 to 12.0.12

Updates `org.eclipse.jetty.ee10:jetty-ee10-webapp` from 12.0.11 to 12.0.12

Updates `org.eclipse.jetty.ee10:jetty-ee10-annotations` from 12.0.11 to 12.0.12

Updates `org.eclipse.jetty.ee10:jetty-ee10-apache-jsp` from 12.0.11 to 12.0.12

Updates `org.eclipse.jetty:jetty-rewrite` from 12.0.11 to 12.0.12

Updates `org.eclipse.jetty.ee10.websocket:jetty-ee10-websocket-jetty-server` from 12.0.11 to 12.0.12

Updates `org.eclipse.jetty.websocket:jetty-websocket-jetty-client` from 12.0.11 to 12.0.12

Updates `org.eclipse.jetty.ee10:jetty-ee10-jspc-maven-plugin` from 12.0.11 to 12.0.12

---
updated-dependencies:
- dependency-name: org.eclipse.jetty:jetty-server
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.eclipse.jetty.ee10:jetty-ee10-webapp
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.eclipse.jetty.ee10:jetty-ee10-annotations
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.eclipse.jetty.ee10:jetty-ee10-apache-jsp
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.eclipse.jetty:jetty-rewrite
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.eclipse.jetty.ee10.websocket:jetty-ee10-websocket-jetty-server
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.eclipse.jetty.websocket:jetty-websocket-jetty-client
  dependency-type: direct:development
  update-type: version-update:semver-patch
- dependency-name: org.eclipse.jetty.ee10:jetty-ee10-jspc-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix ObjectMapper used for API endpoint errors

reason: warnings like the following

[WARN ] 2024-08-08 23:34:20,844 org.eclipse.jetty.ee10.servlet.ServletChannel (qtp739264372-28) - handleException /steve/api/v1/transactions com.fasterxml.jackson.databind.exc.InvalidDefinitionException: Joda date/time type `org.joda.time.DateTime` not supported by default: add Module "com.fasterxml.jackson.datatype:jackson-datatype-joda" to enable handling (through reference chain: de.rwth.idsg.steve.web.api.ApiControllerAdvice$ApiErrorResponse["timestamp"])

ApiDocsConfiguration activates JacksonAutoConfiguration which creates a default/primary ObjectMapper
that is different from our ObjectMapper. this came with the spring 6.x migration since OpenApi integration
was massively refactored with that as well.

* add authorization support to open-api and swagger-ui (#1043)

* refactor

instead of creating a 2nd ObjectMapper with a custom qualifier,
override the default that comes from JacksonAutoConfiguration.

* Bump org.slf4j:slf4j-bom from 2.0.13 to 2.0.16

Bumps [org.slf4j:slf4j-bom](https://github.com/qos-ch/slf4j) from 2.0.13 to 2.0.16.
- [Commits](https://github.com/qos-ch/slf4j/compare/v_2.0.13...v_2.0.16)

---
updated-dependencies:
- dependency-name: org.slf4j:slf4j-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Update mysql-connector-j (#1537)

* pom: adapted changes in mysql-connector dependency location: mysql --> com.mysql; mysql-connector-java -> mysql-connector-j, version update to 8.4.0

* pom: mysql.jdbc.version update to 9.0.0

---------

Co-authored-by: brosi <[email protected]>

* exclude websocket paths from spring security (#1523)

* disable CSRF for SOAP endpoints

* enable spring security for all profiles

reason: so far, spring security was enabled only for prod profile. the tests were running
with test profile. therefore, any security-related issue/regression was not detected.

* Implement database-based multi user system for Web UI (#1539)

* add UserDetailsService impl using Jooq

* improve impl such that it is in a working condition

* refactor: make github action checks happy

* force data type JSON in Jooq for web_user.authorities

reason: our build matrix fails for mysql, but succeeds for mariadb.
Jooq infers data type org.jooq.JSON for web_user.authorities for mysql.
on the other hand, it is String for mariadb.

example: https://github.com/steve-community/steve/actions/runs/10339451112

* tighten json logic

* add check for validating that "authorities" is an array
* store a sorted set of authorities without duplicates

* add method to delete web user by database id

reason: to be used by web pages. a better way than doing with username,
and is consistent with other delete operations we do.

* PR feedback: skip default admin user creation, if "any" admin already exists

* refactor: PR feedback

* prepare database for #1540

* PR feedback

* add license header where missing

* Bump jooq.version from 3.19.10 to 3.19.11 (#1552)

Bumps `jooq.version` from 3.19.10 to 3.19.11.

Updates `org.jooq:jooq-meta` from 3.19.10 to 3.19.11

Updates `org.jooq:jooq-codegen` from 3.19.10 to 3.19.11

Updates `org.jooq:jooq` from 3.19.10 to 3.19.11

Updates `org.jooq:jooq-codegen-maven` from 3.19.10 to 3.19.11

---
updated-dependencies:
- dependency-name: org.jooq:jooq-meta
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.jooq:jooq-codegen
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.jooq:jooq
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.jooq:jooq-codegen-maven
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump com.google.guava:guava from 33.2.1-jre to 33.3.0-jre (#1551)

Bumps [com.google.guava:guava](https://github.com/google/guava) from 33.2.1-jre to 33.3.0-jre.
- [Release notes](https://github.com/google/guava/releases)
- [Commits](https://github.com/google/guava/commits)

---
updated-dependencies:
- dependency-name: com.google.guava:guava
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api (#1550)

Bumps [jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api](https://github.com/eclipse-ee4j/jstl-api) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/eclipse-ee4j/jstl-api/releases)
- [Commits](https://github.com/eclipse-ee4j/jstl-api/commits)

---
updated-dependencies:
- dependency-name: jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump org.junit:junit-bom from 5.10.3 to 5.11.0 (#1549)

Bumps [org.junit:junit-bom](https://github.com/junit-team/junit5) from 5.10.3 to 5.11.0.
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.10.3...r5.11.0)

---
updated-dependencies:
- dependency-name: org.junit:junit-bom
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump net.bytebuddy:byte-buddy from 1.14.18 to 1.14.19 (#1548)

Bumps [net.bytebuddy:byte-buddy](https://github.com/raphw/byte-buddy) from 1.14.18 to 1.14.19.
- [Release notes](https://github.com/raphw/byte-buddy/releases)
- [Changelog](https://github.com/raphw/byte-buddy/blob/master/release-notes.md)
- [Commits](https://github.com/raphw/byte-buddy/compare/byte-buddy-1.14.18...byte-buddy-1.14.19)

---
updated-dependencies:
- dependency-name: net.bytebuddy:byte-buddy
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump flyway.version from 10.17.0 to 10.17.1 (#1547)

Bumps `flyway.version` from 10.17.0 to 10.17.1.

Updates `org.flywaydb:flyway-mysql` from 10.17.0 to 10.17.1

Updates `org.flywaydb:flyway-maven-plugin` from 10.17.0 to 10.17.1
- [Release notes](https://github.com/flyway/flyway/releases)
- [Commits](https://github.com/flyway/flyway/compare/flyway-10.17.0...flyway-10.17.1)

---
updated-dependencies:
- dependency-name: org.flywaydb:flyway-mysql
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.flywaydb:flyway-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* switch to basic auth for API access (#1545)

* switch to basic auth for API access

* PR feedback

* add cache for API users

* PR feedback

* start setting/updating api_password

* refactor: undo moveApiTokenFromConfigToDatabase prep

* switch open-api spec to basic auth (#1540)

* refactor DataSource

* make DataSource a spring bean
* move checkJavaAndMySQLOffsets() into GenericRepository
* necessary consequential changes

* Bump org.owasp.encoder:encoder-jakarta-jsp from 1.3.0 to 1.3.1

Bumps [org.owasp.encoder:encoder-jakarta-jsp](https://github.com/owasp/owasp-java-encoder) from 1.3.0 to 1.3.1.
- [Release notes](https://github.com/owasp/owasp-java-encoder/releases)
- [Commits](https://github.com/owasp/owasp-java-encoder/compare/v1.3.0...v1.3.1)

---
updated-dependencies:
- dependency-name: org.owasp.encoder:encoder-jakarta-jsp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump flyway.version from 10.17.1 to 10.17.2

Bumps `flyway.version` from 10.17.1 to 10.17.2.

Updates `org.flywaydb:flyway-mysql` from 10.17.1 to 10.17.2

Updates `org.flywaydb:flyway-maven-plugin` from 10.17.1 to 10.17.2
- [Release notes](https://github.com/flyway/flyway/releases)
- [Commits](https://github.com/flyway/flyway/compare/flyway-10.17.1...flyway-10.17.2)

---
updated-dependencies:
- dependency-name: org.flywaydb:flyway-mysql
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.flywaydb:flyway-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump org.apache.maven.plugins:maven-dependency-plugin

Bumps [org.apache.maven.plugins:maven-dependency-plugin](https://github.com/apache/maven-dependency-plugin) from 3.7.1 to 3.8.0.
- [Release notes](https://github.com/apache/maven-dependency-plugin/releases)
- [Commits](https://github.com/apache/maven-dependency-plugin/compare/maven-dependency-plugin-3.7.1...maven-dependency-plugin-3.8.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-dependency-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump net.bytebuddy:byte-buddy from 1.14.19 to 1.15.0

Bumps [net.bytebuddy:byte-buddy](https://github.com/raphw/byte-buddy) from 1.14.19 to 1.15.0.
- [Release notes](https://github.com/raphw/byte-buddy/releases)
- [Changelog](https://github.com/raphw/byte-buddy/blob/master/release-notes.md)
- [Commits](https://github.com/raphw/byte-buddy/compare/byte-buddy-1.14.19...byte-buddy-1.15.0)

---
updated-dependencies:
- dependency-name: net.bytebuddy:byte-buddy
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump spring.security.version from 6.3.1 to 6.3.3

Bumps `spring.security.version` from 6.3.1 to 6.3.3.

Updates `org.springframework.security:spring-security-web` from 6.3.1 to 6.3.3
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](https://github.com/spring-projects/spring-security/compare/6.3.1...6.3.3)

Updates `org.springframework.security:spring-security-config` from 6.3.1 to 6.3.3
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](https://github.com/spring-projects/spring-security/compare/6.3.1...6.3.3)

---
updated-dependencies:
- dependency-name: org.springframework.security:spring-security-web
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.springframework.security:spring-security-config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump org.apache.maven.plugins:maven-checkstyle-plugin

Bumps [org.apache.maven.plugins:maven-checkstyle-plugin](https://github.com/apache/maven-checkstyle-plugin) from 3.4.0 to 3.5.0.
- [Commits](https://github.com/apache/maven-checkstyle-plugin/compare/maven-checkstyle-plugin-3.4.0...maven-checkstyle-plugin-3.5.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-checkstyle-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump org.apache.maven.plugins:maven-surefire-plugin from 3.3.1 to 3.4.0

Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.3.1 to 3.4.0.
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.3.1...surefire-3.4.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api

Bumps [jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api](https://github.com/eclipse-ee4j/jstl-api) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/eclipse-ee4j/jstl-api/releases)
- [Commits](https://github.com/eclipse-ee4j/jstl-api/commits)

---
updated-dependencies:
- dependency-name: jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump org.apache.maven.plugins:maven-surefire-plugin from 3.4.0 to 3.5.0

Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.4.0...surefire-3.5.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump net.bytebuddy:byte-buddy from 1.15.0 to 1.15.1

Bumps [net.bytebuddy:byte-buddy](https://github.com/raphw/byte-buddy) from 1.15.0 to 1.15.1.
- [Release notes](https://github.com/raphw/byte-buddy/releases)
- [Changelog](https://github.com/raphw/byte-buddy/blob/master/release-notes.md)
- [Commits](https://github.com/raphw/byte-buddy/compare/byte-buddy-1.15.0...byte-buddy-1.15.1)

---
updated-dependencies:
- dependency-name: net.bytebuddy:byte-buddy
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump org.apache.maven.plugins:maven-pmd-plugin from 3.24.0 to 3.25.0

Bumps [org.apache.maven.plugins:maven-pmd-plugin](https://github.com/apache/maven-pmd-plugin) from 3.24.0 to 3.25.0.
- [Release notes](https://github.com/apache/maven-pmd-plugin/releases)
- [Commits](https://github.com/apache/maven-pmd-plugin/compare/maven-pmd-plugin-3.24.0...maven-pmd-plugin-3.25.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-pmd-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump org.mockito:mockito-junit-jupiter from 5.12.0 to 5.13.0

Bumps [org.mockito:mockito-junit-jupiter](https://github.com/mockito/mockito) from 5.12.0 to 5.13.0.
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](https://github.com/mockito/mockito/compare/v5.12.0...v5.13.0)

---
updated-dependencies:
- dependency-name: org.mockito:mockito-junit-jupiter
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump jetty.version from 12.0.12 to 12.0.13

Bumps `jetty.version` from 12.0.12 to 12.0.13.

Updates `org.eclipse.jetty:jetty-server` from 12.0.12 to 12.0.13

Updates `org.eclipse.jetty.ee10:jetty-ee10-webapp` from 12.0.12 to 12.0.13

Updates `org.eclipse.jetty.ee10:jetty-ee10-annotations` from 12.0.12 to 12.0.13

Updates `org.eclipse.jetty.ee10:jetty-ee10-apache-jsp` from 12.0.12 to 12.0.13

Updates `org.eclipse.jetty:jetty-rewrite` from 12.0.12 to 12.0.13

Updates `org.eclipse.jetty.ee10.websocket:jetty-ee10-websocket-jetty-server` from 12.0.12 to 12.0.13

Updates `org.eclipse.jetty.websocket:jetty-websocket-jetty-client` from 12.0.12 to 12.0.13

Updates `org.eclipse.jetty.ee10:jetty-ee10-jspc-maven-plugin` from 12.0.12 to 12.0.13

---
updated-dependencies:
- dependency-name: org.eclipse.jetty:jetty-server
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.eclipse.jetty.ee10:jetty-ee10-webapp
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.eclipse.jetty.ee10:jetty-ee10-annotations
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.eclipse.jetty.ee10:jetty-ee10-apache-jsp
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.eclipse.jetty:jetty-rewrite
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.eclipse.jetty.ee10.websocket:jetty-ee10-websocket-jetty-server
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.eclipse.jetty.websocket:jetty-websocket-jetty-client
  dependency-type: direct:development
  update-type: version-update:semver-patch
- dependency-name: org.eclipse.jetty.ee10:jetty-ee10-jspc-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump org.apache.logging.log4j:log4j-bom from 2.23.1 to 2.24.0

Bumps [org.apache.logging.log4j:log4j-bom](https://github.com/apache/logging-log4j2) from 2.23.1 to 2.24.0.
- [Release notes](https://github.com/apache/logging-log4j2/releases)
- [Changelog](https://github.com/apache/logging-log4j2/blob/2.x/RELEASE-NOTES.adoc)
- [Commits](https://github.com/apache/logging-log4j2/compare/rel/2.23.1...rel/2.24.0)

---
updated-dependencies:
- dependency-name: org.apache.logging.log4j:log4j-bom
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump com.github.spotbugs:spotbugs-maven-plugin from 4.8.6.2 to 4.8.6.3

Bumps [com.github.spotbugs:spotbugs-maven-plugin](https://github.com/spotbugs/spotbugs-maven-plugin) from 4.8.6.2 to 4.8.6.3.
- [Release notes](https://github.com/spotbugs/spotbugs-maven-plugin/releases)
- [Commits](https://github.com/spotbugs/spotbugs-maven-plugin/compare/spotbugs-maven-plugin-4.8.6.2...spotbugs-maven-plugin-4.8.6.3)

---
updated-dependencies:
- dependency-name: com.github.spotbugs:spotbugs-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Warn about security risks

Related to #100

* Bump flyway.version from 10.17.2 to 10.18.0

Bumps `flyway.version` from 10.17.2 to 10.18.0.

Updates `org.flywaydb:flyway-mysql` from 10.17.2 to 10.18.0

Updates `org.flywaydb:flyway-maven-plugin` from 10.17.2 to 10.18.0
- [Release notes](https://github.com/flyway/flyway/releases)
- [Commits](https://github.com/flyway/flyway/compare/flyway-10.17.2...flyway-10.18.0)

---
updated-dependencies:
- dependency-name: org.flywaydb:flyway-mysql
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.flywaydb:flyway-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* add APIs link to navigation header

* set ram percentage in Dockerfile

default is 25% which is too conservative.

details: https://developers.redhat.com/articles/2022/04/19/java-17-whats-new-openjdks-container-awareness#tuning_defaults_for_containers

* Bump org.apache.httpcomponents.client5:httpclient5 from 5.3.1 to 5.4

Bumps [org.apache.httpcomponents.client5:httpclient5](https://github.com/apache/httpcomponents-client) from 5.3.1 to 5.4.
- [Changelog](https://github.com/apache/httpcomponents-client/blob/master/RELEASE_NOTES.txt)
- [Commits](https://github.com/apache/httpcomponents-client/compare/rel/v5.3.1...rel/v5.4)

---
updated-dependencies:
- dependency-name: org.apache.httpcomponents.client5:httpclient5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump joda-time:joda-time from 2.12.7 to 2.13.0

Bumps [joda-time:joda-time](https://github.com/JodaOrg/joda-time) from 2.12.7 to 2.13.0.
- [Release notes](https://github.com/JodaOrg/joda-time/releases)
- [Changelog](https://github.com/JodaOrg/joda-time/blob/main/RELEASE-NOTES.txt)
- [Commits](https://github.com/JodaOrg/joda-time/compare/v2.12.7...v2.13.0)

---
updated-dependencies:
- dependency-name: joda-time:joda-time
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump com.github.spotbugs:spotbugs-maven-plugin from 4.8.6.3 to 4.8.6.4

Bumps [com.github.spotbugs:spotbugs-maven-plugin](https://github.com/spotbugs/spotbugs-maven-plugin) from 4.8.6.3 to 4.8.6.4.
- [Release notes](https://github.com/spotbugs/spotbugs-maven-plugin/releases)
- [Commits](https://github.com/spotbugs/spotbugs-maven-plugin/compare/spotbugs-maven-plugin-4.8.6.3...spotbugs-maven-plugin-4.8.6.4)

---
updated-dependencies:
- dependency-name: com.github.spotbugs:spotbugs-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump flyway.version from 10.18.0 to 10.18.2

Bumps `flyway.version` from 10.18.0 to 10.18.2.

Updates `org.flywaydb:flyway-mysql` from 10.18.0 to 10.18.2

Updates `org.flywaydb:flyway-maven-plugin` from 10.18.0 to 10.18.2
- [Release notes](https://github.com/flyway/flyway/releases)
- [Commits](https://github.com/flyway/flyway/compare/flyway-10.18.0...flyway-10.18.2)

---
updated-dependencies:
- dependency-name: org.flywaydb:flyway-mysql
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.flywaydb:flyway-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump jackson.version from 2.17.2 to 2.18.0

Bumps `jackson.version` from 2.17.2 to 2.18.0.

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.17.2 to 2.18.0
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.fasterxml.jackson.module:jackson-module-jakarta-xmlbind-annotations` from 2.17.2 to 2.18.0
- [Commits](https://github.com/FasterXML/jackson-modules-base/compare/jackson-modules-base-2.17.2...jackson-modules-base-2.18.0)

Updates `com.fasterxml.jackson.core:jackson-annotations` from 2.17.2 to 2.18.0
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.fasterxml.jackson.datatype:jackson-datatype-joda` from 2.17.2 to 2.18.0
- [Commits](https://github.com/FasterXML/jackson-datatype-joda/compare/jackson-datatype-joda-2.17.2...jackson-datatype-joda-2.18.0)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson.core:jackson-databind
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: com.fasterxml.jackson.module:jackson-module-jakarta-xmlbind-annotations
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: com.fasterxml.jackson.core:jackson-annotations
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: com.fasterxml.jackson.datatype:jackson-datatype-joda
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump com.google.guava:guava from 33.3.0-jre to 33.3.1-jre

Bumps [com.google.guava:guava](https://github.com/google/guava) from 33.3.0-jre to 33.3.1-jre.
- [Release notes](https://github.com/google/guava/releases)
- [Commits](https://github.com/google/guava/commits)

---
updated-dependencies:
- dependency-name: com.google.guava:guava
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump org.jetbrains:annotations from 24.1.0 to 25.0.0

Bumps [org.jetbrains:annotations](https://github.com/JetBrains/java-annotations) from 24.1.0 to 25.0.0.
- [Release notes](https://github.com/JetBrains/java-annotations/releases)
- [Changelog](https://github.com/JetBrains/java-annotations/blob/master/CHANGELOG.md)
- [Commits](https://github.com/JetBrains/java-annotations/compare/24.1.0...25.0.0)

---
updated-dependencies:
- dependency-name: org.jetbrains:annotations
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump org.mockito:mockito-junit-jupiter from 5.13.0 to 5.14.1

Bumps [org.mockito:mockito-junit-jupiter](https://github.com/mockito/mockito) from 5.13.0 to 5.14.1.
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](https://github.com/mockito/mockito/compare/v5.13.0...v5.14.1)

---
updated-dependencies:
- dependency-name: org.mockito:mockito-junit-jupiter
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump org.junit:junit-bom from 5.11.0 to 5.11.2

Bumps [org.junit:junit-bom](https://github.com/junit-team/junit5) from 5.11.0 to 5.11.2.
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.2)

---
updated-dependencies:
- dependency-name: org.junit:junit-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump plugin.license-maven.version from 4.5 to 4.6

Bumps `plugin.license-maven.version` from 4.5 to 4.6.

Updates `com.mycila:license-maven-plugin-git` from 4.5 to 4.6
- [Release notes](https://github.com/mathieucarbou/license-maven-plugin/releases)
- [Commits](https://github.com/mathieucarbou/license-maven-plugin/compare/license-maven-plugin-4.5...license-maven-plugin-4.6)

Updates `com.mycila:license-maven-plugin` from 4.5 to 4.6
- [Release notes](https://github.com/mathieucarbou/license-maven-plugin/releases)
- [Commits](https://github.com/mathieucarbou/license-maven-plugin/compare/license-maven-plugin-4.5...license-maven-plugin-4.6)

---
updated-dependencies:
- dependency-name: com.mycila:license-maven-plugin-git
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: com.mycila:license-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump flyway.version from 10.18.2 to 10.19.0

Bumps `flyway.version` from 10.18.2 to 10.19.0.

Updates `org.flywaydb:flyway-mysql` from 10.18.2 to 10.19.0

Updates `org.flywaydb:flyway-maven-plugin` from 10.18.2 to 10.19.0
- [Release notes](https://github.com/flyway/flyway/releases)
- [Commits](https://github.com/flyway/flyway/compare/flyway-10.18.2...flyway-10.19.0)

---
updated-dependencies:
- dependency-name: org.flywaydb:flyway-mysql
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.flywaydb:flyway-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.0 to 3.5.1

Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.5.0 to 3.5.1.
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.5.0...surefire-3.5.1)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump org.apache.logging.log4j:log4j-bom from 2.24.0 to 2.24.1

Bumps [org.apache.logging.log4j:log4j-bom](https://github.com/apache/logging-log4j2) from 2.24.0 to 2.24.1.
- [Release notes](https://github.com/apache/logging-log4j2/releases)
- [Changelog](https://github.com/apache/logging-log4j2/blob/2.x/RELEASE-NOTES.adoc)
- [Commits](https://github.com/apache/logging-log4j2/compare/rel/2.24.0...rel/2.24.1)

---
updated-dependencies:
- dependency-name: org.apache.logging.log4j:log4j-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump com.zaxxer:HikariCP from 5.1.0 to 6.0.0

Bumps [com.zaxxer:HikariCP](https://github.com/brettwooldridge/HikariCP) from 5.1.0 to 6.0.0.
- [Changelog](https://github.com/brettwooldridge/HikariCP/blob/dev/CHANGES)
- [Commits](https://github.com/brettwooldridge/HikariCP/compare/HikariCP-5.1.0...HikariCP-6.0.0)

---
updated-dependencies:
- dependency-name: com.zaxxer:HikariCP
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump com.mysql:mysql-connector-j from 9.0.0 to 9.1.0

Bumps [com.mysql:mysql-connector-j](https://github.com/mysql/mysql-connector-j) from 9.0.0 to 9.1.0.
- [Changelog](https://github.com/mysql/mysql-connector-j/blob/release/9.x/CHANGES)
- [Commits](https://github.com/mysql/mysql-connector-j/compare/9.0.0...9.1.0)

---
updated-dependencies:
- dependency-name: com.mysql:mysql-connector-j
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump org.jetbrains:annotations from 25.0.0 to 26.0.1

Bumps [org.jetbrains:annotations](https://github.com/JetBrains/java-annotations) from 25.0.0 to 26.0.1.
- [Release notes](https://github.com/JetBrains/java-annotations/releases)
- [Changelog](https://github.com/JetBrains/java-annotations/blob/master/CHANGELOG.md)
- [Commits](https://github.com/JetBrains/java-annotations/compare/25.0.0...26.0.1)

---
updated-dependencies:
- dependency-name: org.jetbrains:annotations
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump net.bytebuddy:byte-buddy from 1.15.1 to 1.15.7

Bumps [net.bytebuddy:byte-buddy](https://github.com/raphw/byte-buddy) from 1.15.1 to 1.15.7.
- [Release notes](https://github.com/raphw/byte-buddy/releases)
- [Changelog](https://github.com/raphw/byte-buddy/blob/master/release-notes.md)
- [Commits](https://github.com/raphw/byte-buddy/compare/byte-buddy-1.15.1...byte-buddy-1.15.7)

---
updated-dependencies:
- dependency-name: net.bytebuddy:byte-buddy
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump jetty.version from 12.0.13 to 12.0.14

Bumps `jetty.version` from 12.0.13 to 12.0.14.

Updates `org.eclipse.jetty:jetty-server` from 12.0.13 to 12.0.14

Updates `org.eclipse.jetty.ee10:jetty-ee10-webapp` from 12.0.13 to 12.0.14

Updates `org.eclipse.jetty.ee10:jetty-ee10-annotations` from 12.0.13 to 12.0.14

Updates `org.eclipse.jetty.ee10:jetty-ee10-apache-jsp` from 12.0.13 to 12.0.14

Updates `org.eclipse.jetty:jetty-rewrite` from 12.0.13 to 12.0.14

Updates `org.eclipse.jetty.ee10.websocket:jetty-ee10-websocket-jetty-server` from 12.0.13 to 12.0.14

Updates `org.eclipse.jetty.websocket:jetty-websocket-jetty-client` from 12.0.13 to 12.0.14

Updates `org.eclipse.jetty.ee10:jetty-ee10-jspc-maven-plugin` from 12.0.13 to 12.0.14

---
updated-dependencies:
- dependency-name: org.eclipse.jetty:jetty-server
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.eclipse.jetty.ee10:jetty-ee10-webapp
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.eclipse.jetty.ee10:jetty-ee10-annotations
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.eclipse.jetty.ee10:jetty-ee10-apache-jsp
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.eclipse.jetty:jetty-rewrite
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.eclipse.jetty.ee10.websocket:jetty-ee10-websocket-jetty-server
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.eclipse.jetty.websocket:jetty-websocket-jetty-client
  dependency-type: direct:development
  update-type: version-update:semver-patch
- dependency-name: org.eclipse.jetty.ee10:jetty-ee10-jspc-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* adjust checkstyle [ci skip]

inline conditionals are fine in some cases. more compact and less verbose.

* migrate "header value" as "api password" to database (#1540)

* Bump org.springframework.security:spring-security-web

Bumps [org.springframework.security:spring-security-web](https://github.com/spring-projects/spring-security) from 6.3.3 to 6.3.4.
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](https://github.com/spring-projects/spring-security/compare/6.3.3...6.3.4)

---
updated-dependencies:
- dependency-name: org.springframework.security:spring-security-web
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump org.mockito:mockito-junit-jupiter from 5.14.1 to 5.14.2

Bumps [org.mockito:mockito-junit-jupiter](https://github.com/mockito/mockito) from 5.14.1 to 5.14.2.
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](https://github.com/mockito/mockito/compare/v5.14.1...v5.14.2)

---
updated-dependencies:
- dependency-name: org.mockito:mockito-junit-jupiter
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump jackson.version from 2.18.0 to 2.18.1

Bumps `jackson.version` from 2.18.0 to 2.18.1.

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.18.0 to 2.18.1
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.fasterxml.jackson.module:jackson-module-jakarta-xmlbind-annotations` from 2.18.0 to 2.18.1
- [Commits](https://github.com/FasterXML/jackson-modules-base/compare/jackson-modules-base-2.18.0...jackson-modules-base-2.18.1)

Updates `com.fasterxml.jackson.core:jackson-annotations` from 2.18.0 to 2.18.1
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.fasterxml.jackson.datatype:jackson-datatype-joda` from 2.18.0 to 2.18.1
- [Commits](https://github.com/FasterXML/jackson-datatype-joda/compare/jackson-datatype-joda-2.18.0...jackson-datatype-joda-2.18.1)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson.core:jackson-databind
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: com.fasterxml.jackson.module:jackson-module-jakarta-xmlbind-annotations
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: com.fasterxml.jackson.core:jackson-annotations
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: com.fasterxml.jackson.datatype:jackson-datatype-joda
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump com.github.spotbugs:spotbugs-maven-plugin from 4.8.6.4 to 4.8.6.5

Bumps [com.github.spotbugs:spotbugs-maven-plugin](https://github.com/spotbugs/spotbugs-maven-plugin) from 4.8.6.4 to 4.8.6.5.
- [Release notes](https://github.com/spotbugs/spotbugs-maven-plugin/releases)
- [Commits](https://github.com/spotbugs/spotbugs-maven-plugin/compare/spotbugs-maven-plugin-4.8.6.4...spotbugs-maven-plugin-4.8.6.5)

---
updated-dependencies:
- dependency-name: com.github.spotbugs:spotbugs-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump flyway.version from 10.19.0 to 10.20.1

Bumps `flyway.version` from 10.19.0 to 10.20.1.

Updates `org.flywaydb:flyway-mysql` from 10.19.0 to 10.20.1

Updates `org.flywaydb:flyway-maven-plugin` from 10.19.0 to 10.20.1
- [Release notes](https://github.com/flyway/flyway/releases)
- [Commits](https://github.com/flyway/flyway/compare/flyway-10.19.0...flyway-10.20.1)

---
updated-dependencies:
- dependency-name: org.flywaydb:flyway-mysql
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.flywaydb:flyway-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump org.apache.maven.plugins:maven-dependency-plugin

Bumps [org.apache.maven.plugins:maven-dependency-plugin](https://github.com/apache/maven-dependency-plugin) from 3.8.0 to 3.8.1.
- [Release notes](https://github.com/apache/maven-dependency-plugin/releases)
- [Commits](https://github.com/apache/maven-dependency-plugin/compare/maven-dependency-plugin-3.8.0...maven-dependency-plugin-3.8.1)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-dependency-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump org.apache.httpcomponents.client5:httpclient5 from 5.4 to 5.4.1

Bumps [org.apache.httpcomponents.client5:httpclient5](https://github.com/apache/httpcomponents-client) from 5.4 to 5.4.1.
- [Changelog](https://github.com/apache/httpcomponents-client/blob/rel/v5.4.1/RELEASE_NOTES.txt)
- [Commits](https://github.com/apache/httpcomponents-client/compare/rel/v5.4...rel/v5.4.1)

---
updated-dependencies:
- dependency-name: org.apache.httpcomponents.client5:httpclient5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump net.bytebuddy:byte-buddy from 1.15.7 to 1.15.9

Bumps [net.bytebuddy:byte-buddy](https://github.com/raphw/byte-buddy) from 1.15.7 to 1.15.9.
- [Release notes](https://github.com/raphw/byte-buddy/releases)
- [Changelog](https://github.com/raphw/byte-buddy/blob/master/release-notes.md)
- [Commits](https://github.com/raphw/byte-buddy/compare/byte-buddy-1.15.7...byte-buddy-1.15.9)

---
updated-dependencies:
- dependency-name: net.bytebuddy:byte-buddy
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump org.apache.maven.plugins:maven-checkstyle-plugin

Bumps [org.apache.maven.plugins:maven-checkstyle-plugin](https://github.com/apache/maven-checkstyle-plugin) from 3.5.0 to 3.6.0.
- [Commits](https://github.com/apache/maven-checkstyle-plugin/compare/maven-checkstyle-plugin-3.5.0...maven-checkstyle-plugin-3.6.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-checkstyle-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump org.apache.maven.plugins:maven-pmd-plugin from 3.25.0 to 3.26.0

Bumps [org.apache.maven.plugins:maven-pmd-plugin](https://github.com/apache/maven-pmd-plugin) from 3.25.0 to 3.26.0.
- [Release notes](https://github.com/apache/maven-pmd-plugin/releases)
- [Commits](https://github.com/apache/maven-pmd-plugin/compare/maven-pmd-plugin-3.25.0...maven-pmd-plugin-3.26.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-pmd-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump org.junit:junit-bom from 5.11.2 to 5.11.3

Bumps [org.junit:junit-bom](https://github.com/junit-team/junit5) from 5.11.2 to 5.11.3.
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.11.2...r5.11.3)

---
updated-dependencies:
- dependency-name: org.junit:junit-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: Julien Herr <[email protected]>
Co-authored-by: fnkbsi <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sevket Gökay <[email protected]>
Co-authored-by: Andrei <[email protected]>
Co-authored-by: Julien Herr <[email protected]>
Co-authored-by: brosi <[email protected]>
Co-authored-by: Julien Herr <[email protected]>
@fnkbsi fnkbsi mentioned this pull request Nov 8, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@juherr juherr juherr approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Store Web API key in database -> Switch to basic auth

4 participants

@goekay @faculoyarte @juherr