diff --git a/.config/pmd/java/ruleset.xml b/.config/pmd/java/ruleset.xml
index 88a7b5ae..ebdbd83a 100644
--- a/.config/pmd/java/ruleset.xml
+++ b/.config/pmd/java/ruleset.xml
@@ -194,4 +194,117 @@
+
+
+
+ Calling setters of java.lang.System usually indicates bad design and likely causes unexpected behavior.
+ For example, it may break when multiple Threads are setting the value.
+ It may also overwrite user defined options or properties.
+
+ Try to pass the value only to the place where it's really needed and use it there accordingly.
+
+ 3
+
+
+
+
+
+
+
+
+
+
+
+ Using a `@PostConstruct` method is usually only done when field injection is used and initialization needs to be performed after that.
+
+ It's better to do this directly in the constructor with constructor injection, so that all logic will be encapsulated there.
+ This also makes using the bean in environments where JavaEE is not present - for example in tests - a lot easier, as forgetting to call the `@PostConstruct` method is no longer possible.
+
+ 3
+
+
+
+
+
+
+
+
+
+
+
+ `@PreDestroy` should be replaced by implementing `AutoCloseable` and overwriting the `close` method instead.
+
+ This also makes using the bean in environments where JavaEE is not present - for example in tests - a lot easier, as forgetting to call the `@PreDestroy` method is no much more difficult.
+
+ 3
+
+
+
+
+
+
+
+
+
+
+
+ Trying to manually manage threads usually gets quickly out of control and may result in various problems like uncontrollable spawning of threads.
+ Threads can also not be cancelled properly.
+
+ Use managed Thread services like `ExecutorService` and `CompletableFuture` instead.
+
+ 3
+
+
+
+
+
+
+
+
+
+
+
+ Nearly every known usage of (Java) Object Deserialization has resulted in [a security vulnerability](https://cloud.google.com/blog/topics/threat-intelligence/hunting-deserialization-exploits?hl=en).
+ Vulnerabilities are so common that there are [dedicated projects for exploit payload generation](https://github.com/frohoff/ysoserial).
+
+ Java Object Serialization may also fail to deserialize when the underlying classes are changed.
+
+ Use proven data interchange formats like JSON instead.
+
+ 2
+
+
+
+
+
+
+
+
diff --git a/.github/workflows/broken-links.yml b/.github/workflows/broken-links.yml
index d5095397..5921f76c 100644
--- a/.github/workflows/broken-links.yml
+++ b/.github/workflows/broken-links.yml
@@ -13,13 +13,13 @@ jobs:
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- - uses: actions/checkout@v4
+ - uses: actions/checkout@v5
- run: mv .github/.lycheeignore .lycheeignore
- name: Link Checker
id: lychee
- uses: lycheeverse/lychee-action@5c4ee84814c983aa7164eaee476f014e53ff3963 # v2
+ uses: lycheeverse/lychee-action@885c65f3dc543b57c898c8099f4e08c8afd178a2 # v2
with:
fail: false # Don't fail on broken links, create an issue instead
@@ -29,7 +29,7 @@ jobs:
echo "number=$(gh issue list -l 'bug' -l 'automated' -L 1 -S 'in:title \"Link Checker Report\"' -s 'open' --json 'number' --jq '.[].number')" >> $GITHUB_OUTPUT
env:
GH_TOKEN: ${{ github.token }}
-
+
- name: Close issue if everything is fine
if: steps.lychee.outputs.exit_code == 0 && steps.find-issue.outputs.number != ''
run: gh issue close -r 'not planned' ${{ steps.find-issue.outputs.number }}
diff --git a/.github/workflows/check-build.yml b/.github/workflows/check-build.yml
index 1403b418..020077fc 100644
--- a/.github/workflows/check-build.yml
+++ b/.github/workflows/check-build.yml
@@ -23,25 +23,30 @@ jobs:
build:
runs-on: ubuntu-latest
timeout-minutes: 30
-
strategy:
matrix:
java: [17, 21]
distribution: [temurin]
-
steps:
- - uses: actions/checkout@v4
-
+ - uses: actions/checkout@v5
+
- name: Set up JDK
- uses: actions/setup-java@v4
+ uses: actions/setup-java@v5
with:
distribution: ${{ matrix.distribution }}
java-version: ${{ matrix.java }}
- cache: 'maven'
-
+
+ - name: Cache Maven
+ uses: actions/cache@v4
+ with:
+ path: ~/.m2/repository
+ key: ${{ runner.os }}-mvn-build-${{ hashFiles('**/pom.xml') }}
+ restore-keys: |
+ ${{ runner.os }}-mvn-build-
+
- name: Build with Maven
run: ./mvnw -B clean package
-
+
- name: Check for uncommited changes
run: |
if [[ "$(git status --porcelain)" != "" ]]; then
@@ -64,21 +69,34 @@ jobs:
runs-on: ubuntu-latest
if: ${{ github.event_name != 'pull_request' || !startsWith(github.head_ref, 'renovate/') }}
timeout-minutes: 15
-
strategy:
matrix:
java: [17]
distribution: [temurin]
-
steps:
- - uses: actions/checkout@v4
-
+ - uses: actions/checkout@v5
+
- name: Set up JDK
- uses: actions/setup-java@v4
+ uses: actions/setup-java@v5
with:
distribution: ${{ matrix.distribution }}
java-version: ${{ matrix.java }}
- cache: 'maven'
+
+ - name: Cache Maven
+ uses: actions/cache@v4
+ with:
+ path: ~/.m2/repository
+ key: ${{ runner.os }}-mvn-checkstyle-${{ hashFiles('**/pom.xml') }}
+ restore-keys: |
+ ${{ runner.os }}-mvn-checkstyle-
+
+ - name: CheckStyle Cache
+ uses: actions/cache@v4
+ with:
+ path: '**/target/checkstyle-cachefile'
+ key: ${{ runner.os }}-checkstyle-${{ hashFiles('**/pom.xml') }}
+ restore-keys: |
+ ${{ runner.os }}-checkstyle-
- name: Run Checkstyle
run: ./mvnw -B checkstyle:check -P checkstyle -T2C
@@ -87,21 +105,34 @@ jobs:
runs-on: ubuntu-latest
if: ${{ github.event_name != 'pull_request' || !startsWith(github.head_ref, 'renovate/') }}
timeout-minutes: 15
-
strategy:
matrix:
java: [17]
distribution: [temurin]
-
steps:
- - uses: actions/checkout@v4
+ - uses: actions/checkout@v5
- name: Set up JDK
- uses: actions/setup-java@v4
+ uses: actions/setup-java@v5
with:
distribution: ${{ matrix.distribution }}
java-version: ${{ matrix.java }}
- cache: 'maven'
+
+ - name: Cache Maven
+ uses: actions/cache@v4
+ with:
+ path: ~/.m2/repository
+ key: ${{ runner.os }}-mvn-pmd-${{ hashFiles('**/pom.xml') }}
+ restore-keys: |
+ ${{ runner.os }}-mvn-pmd-
+
+ - name: PMD Cache
+ uses: actions/cache@v4
+ with:
+ path: '**/target/pmd/pmd.cache'
+ key: ${{ runner.os }}-pmd-${{ hashFiles('**/pom.xml') }}
+ restore-keys: |
+ ${{ runner.os }}-pmd-
- name: Run PMD
run: ./mvnw -B test pmd:aggregate-pmd-no-fork pmd:check -P pmd -DskipTests -T2C
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 8d47830b..6af8b550 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -8,20 +8,30 @@ permissions:
contents: write
pull-requests: write
+# DO NOT RESTORE CACHE for critical release steps to prevent a (extremely unlikely) scenario
+# where a supply chain attack could be achieved due to poisoned cache
jobs:
check-code:
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- - uses: actions/checkout@v4
-
+ - uses: actions/checkout@v5
+
- name: Set up JDK
- uses: actions/setup-java@v4
+ uses: actions/setup-java@v5
with:
java-version: '17'
distribution: 'temurin'
- cache: 'maven'
-
+
+ # Try to reuse existing cache from check-build
+ - name: Try restore Maven Cache
+ uses: actions/cache/restore@v4
+ with:
+ path: ~/.m2/repository
+ key: ${{ runner.os }}-mvn-build-${{ hashFiles('**/pom.xml') }}
+ restore-keys: |
+ ${{ runner.os }}-mvn-build-
+
- name: Build with Maven
run: ./mvnw -B clean package -T2C
@@ -50,31 +60,31 @@ jobs:
outputs:
upload_url: ${{ steps.create-release.outputs.upload_url }}
steps:
- - uses: actions/checkout@v4
-
+ - uses: actions/checkout@v5
+
- name: Configure Git
run: |
git config --global user.email "actions@github.com"
git config --global user.name "GitHub Actions"
-
+
- name: Un-SNAP
run: ./mvnw -B versions:set -DremoveSnapshot -DprocessAllModules -DgenerateBackupPoms=false
-
+
- name: Get version
id: version
run: |
version=$(./mvnw help:evaluate -Dexpression=project.version -q -DforceStdout)
echo "release=$version" >> $GITHUB_OUTPUT
echo "releasenumber=${version//[!0-9]/}" >> $GITHUB_OUTPUT
-
- - name: Commit and Push
+
+ - name: Commit and Push
run: |
git add -A
git commit -m "Release ${{ steps.version.outputs.release }}"
git push origin
git tag v${{ steps.version.outputs.release }}
git push origin --tags
-
+
- name: Create Release
id: create-release
uses: shogo82148/actions-create-release@4661dc54f7b4b564074e9fbf73884d960de569a3 # v1
@@ -103,8 +113,8 @@ jobs:
needs: [prepare-release]
timeout-minutes: 60
steps:
- - uses: actions/checkout@v4
-
+ - uses: actions/checkout@v5
+
- name: Init Git and pull
run: |
git config --global user.email "actions@github.com"
@@ -112,7 +122,7 @@ jobs:
git pull
- name: Set up JDK
- uses: actions/setup-java@v4
+ uses: actions/setup-java@v5
with: # running setup-java overwrites the settings.xml
distribution: 'temurin'
java-version: '17'
@@ -120,7 +130,7 @@ jobs:
server-password: PACKAGES_CENTRAL_TOKEN
gpg-passphrase: MAVEN_GPG_PASSPHRASE
gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Only import once
-
+
- name: Publish to GitHub Packages Central
run: |
modules=("bom")
@@ -134,7 +144,7 @@ jobs:
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
- name: Set up JDK
- uses: actions/setup-java@v4
+ uses: actions/setup-java@v5
with: # running setup-java again overwrites the settings.xml
distribution: 'temurin'
java-version: '17'
@@ -161,8 +171,8 @@ jobs:
needs: [prepare-release]
timeout-minutes: 15
steps:
- - uses: actions/checkout@v4
-
+ - uses: actions/checkout@v5
+
- name: Init Git and pull
run: |
git config --global user.email "actions@github.com"
@@ -170,11 +180,19 @@ jobs:
git pull
- name: Setup - Java
- uses: actions/setup-java@v4
+ uses: actions/setup-java@v5
with:
java-version: '17'
distribution: 'temurin'
- cache: 'maven'
+
+ # Try to reuse existing cache from check-build
+ - name: Try restore Maven Cache
+ uses: actions/cache/restore@v4
+ with:
+ path: ~/.m2/repository
+ key: ${{ runner.os }}-mvn-build-${{ hashFiles('**/pom.xml') }}
+ restore-keys: |
+ ${{ runner.os }}-mvn-build-
- name: Build site
run: ./mvnw -B compile site -DskipTests -T2C
@@ -200,8 +218,8 @@ jobs:
needs: [publish-maven]
timeout-minutes: 10
steps:
- - uses: actions/checkout@v4
-
+ - uses: actions/checkout@v5
+
- name: Init Git and pull
run: |
git config --global user.email "actions@github.com"
@@ -216,7 +234,7 @@ jobs:
git add -A
git commit -m "Preparing for next development iteration"
git push origin
-
+
- name: pull-request
env:
GH_TOKEN: ${{ github.token }}
diff --git a/.github/workflows/run-integration-tests.yml b/.github/workflows/run-integration-tests.yml
index a067cfdc..1df8b971 100644
--- a/.github/workflows/run-integration-tests.yml
+++ b/.github/workflows/run-integration-tests.yml
@@ -35,10 +35,10 @@ jobs:
runs-on: ubuntu-latest
if: ${{ !(github.event_name == 'pull_request' && startsWith(github.head_ref, 'renovate/')) }}
steps:
- - uses: actions/checkout@v4
+ - uses: actions/checkout@v5
- name: Set up JDK
- uses: actions/setup-java@v4
+ uses: actions/setup-java@v5
with:
distribution: temurin
java-version: ${{ matrix.java }}
diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml
index dc672877..f6c50a17 100644
--- a/.github/workflows/sync-labels.yml
+++ b/.github/workflows/sync-labels.yml
@@ -16,7 +16,7 @@ jobs:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- - uses: actions/checkout@v4
+ - uses: actions/checkout@v5
with:
sparse-checkout: .github/labels.yml
diff --git a/.github/workflows/test-deploy.yml b/.github/workflows/test-deploy.yml
index ad246c24..0d333a2d 100644
--- a/.github/workflows/test-deploy.yml
+++ b/.github/workflows/test-deploy.yml
@@ -8,10 +8,10 @@ jobs:
runs-on: ubuntu-latest
timeout-minutes: 60
steps:
- - uses: actions/checkout@v4
+ - uses: actions/checkout@v5
- name: Set up JDK
- uses: actions/setup-java@v4
+ uses: actions/setup-java@v5
with: # running setup-java overwrites the settings.xml
distribution: 'temurin'
java-version: '17'
@@ -19,7 +19,7 @@ jobs:
server-password: PACKAGES_CENTRAL_TOKEN
gpg-passphrase: MAVEN_GPG_PASSPHRASE
gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Only import once
-
+
- name: Publish to GitHub Packages Central
run: |
modules=("bom")
@@ -31,9 +31,9 @@ jobs:
env:
PACKAGES_CENTRAL_TOKEN: ${{ secrets.PACKAGES_CENTRAL_TOKEN }}
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
-
+
- name: Set up JDK
- uses: actions/setup-java@v4
+ uses: actions/setup-java@v5
with: # running setup-java again overwrites the settings.xml
distribution: 'temurin'
java-version: '17'
diff --git a/.github/workflows/update-from-template.yml b/.github/workflows/update-from-template.yml
index 65f56b0d..1088171f 100644
--- a/.github/workflows/update-from-template.yml
+++ b/.github/workflows/update-from-template.yml
@@ -36,14 +36,14 @@ jobs:
update_branch_merged_commit: ${{ steps.manage-branches.outputs.update_branch_merged_commit }}
create_update_branch_merged_pr: ${{ steps.manage-branches.outputs.create_update_branch_merged_pr }}
steps:
- - uses: actions/checkout@v4
+ - uses: actions/checkout@v5
with:
# Required because otherwise there are always changes detected when executing diff/rev-list
fetch-depth: 0
# If no PAT is used the following error occurs on a push:
# refusing to allow a GitHub App to create or update workflow `.github/workflows/xxx.yml` without `workflows` permission
token: ${{ secrets.UPDATE_FROM_TEMPLATE_PAT }}
-
+
- name: Init Git
run: |
git config --global user.email "111048771+xdev-gh-bot@users.noreply.github.com"
@@ -183,14 +183,14 @@ jobs:
runs-on: ubuntu-latest
timeout-minutes: 60
steps:
- - uses: actions/checkout@v4
+ - uses: actions/checkout@v5
with:
# Required because otherwise there are always changes detected when executing diff/rev-list
fetch-depth: 0
# If no PAT is used the following error occurs on a push:
# refusing to allow a GitHub App to create or update workflow `.github/workflows/xxx.yml` without `workflows` permission
token: ${{ secrets.UPDATE_FROM_TEMPLATE_PAT }}
-
+
- name: Init Git
run: |
git config --global user.email "111048771+xdev-gh-bot@users.noreply.github.com"
diff --git a/.gitignore b/.gitignore
index 83ed3fec..450c2fe7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -67,6 +67,7 @@ vite.generated.ts
!.idea/saveactions_settings.xml
!.idea/checkstyle-idea.xml
!.idea/externalDependencies.xml
+!.idea/PMDPlugin.xml
!.idea/inspectionProfiles/
.idea/inspectionProfiles/*
diff --git a/.idea/PMDPlugin.xml b/.idea/PMDPlugin.xml
new file mode 100644
index 00000000..0936e518
--- /dev/null
+++ b/.idea/PMDPlugin.xml
@@ -0,0 +1,16 @@
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/checkstyle-idea.xml b/.idea/checkstyle-idea.xml
index d43641c1..ec555b58 100644
--- a/.idea/checkstyle-idea.xml
+++ b/.idea/checkstyle-idea.xml
@@ -1,7 +1,7 @@
- 10.26.1
+ 11.0.0
JavaOnlyWithTests
true
true
diff --git a/.idea/codeStyles/Project.xml b/.idea/codeStyles/Project.xml
index 19681faa..21e0aff9 100644
--- a/.idea/codeStyles/Project.xml
+++ b/.idea/codeStyles/Project.xml
@@ -96,4 +96,4 @@
-
+
\ No newline at end of file
diff --git a/.idea/saveactions_settings.xml b/.idea/saveactions_settings.xml
index 848c311a..12a4f040 100644
--- a/.idea/saveactions_settings.xml
+++ b/.idea/saveactions_settings.xml
@@ -5,6 +5,7 @@
+
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 514b7460..f619fc78 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,7 @@
+# 1.2.2
+* Minor code cleanup
+* Updated dependencies
+
# 1.2.1
* Added more tests
* Updated dependencies
diff --git a/client-storage/pom.xml b/client-storage/pom.xml
index 196be0f7..8cdb41b0 100644
--- a/client-storage/pom.xml
+++ b/client-storage/pom.xml
@@ -116,7 +116,7 @@
org.apache.maven.plugins
maven-javadoc-plugin
- 3.11.2
+ 3.11.3
attach-javadocs
@@ -223,7 +223,7 @@
com.puppycrawl.tools
checkstyle
- 11.0.0
+ 11.0.1
@@ -250,6 +250,7 @@
maven-pmd-plugin
3.27.0
+ true
true
true
diff --git a/codec-sha256/pom.xml b/codec-sha256/pom.xml
index 88c4df5b..7e8fe4ba 100644
--- a/codec-sha256/pom.xml
+++ b/codec-sha256/pom.xml
@@ -117,7 +117,7 @@
org.apache.maven.plugins
maven-javadoc-plugin
- 3.11.2
+ 3.11.3
attach-javadocs
@@ -230,7 +230,7 @@
com.puppycrawl.tools
checkstyle
- 11.0.0
+ 11.0.1
@@ -257,6 +257,7 @@
maven-pmd-plugin
3.27.0
+ true
true
true
diff --git a/crypto-symmetric-managed/pom.xml b/crypto-symmetric-managed/pom.xml
index 6510b8aa..42039b35 100644
--- a/crypto-symmetric-managed/pom.xml
+++ b/crypto-symmetric-managed/pom.xml
@@ -54,7 +54,7 @@
org.springframework.boot
spring-boot-dependencies
- 3.5.4
+ 3.5.5
pom
import
@@ -143,7 +143,7 @@
org.apache.maven.plugins
maven-javadoc-plugin
- 3.11.2
+ 3.11.3
attach-javadocs
@@ -250,7 +250,7 @@
com.puppycrawl.tools
checkstyle
- 11.0.0
+ 11.0.1
diff --git a/crypto-symmetric/pom.xml b/crypto-symmetric/pom.xml
index e55e27fd..fa3acf46 100644
--- a/crypto-symmetric/pom.xml
+++ b/crypto-symmetric/pom.xml
@@ -117,7 +117,7 @@
org.apache.maven.plugins
maven-javadoc-plugin
- 3.11.2
+ 3.11.3
attach-javadocs
@@ -230,7 +230,7 @@
com.puppycrawl.tools
checkstyle
- 11.0.0
+ 11.0.1
@@ -257,6 +257,7 @@
maven-pmd-plugin
3.27.0
+ true
true
true
diff --git a/csp/pom.xml b/csp/pom.xml
index 41756f8c..6df738d8 100644
--- a/csp/pom.xml
+++ b/csp/pom.xml
@@ -54,7 +54,7 @@
org.springframework.boot
spring-boot-dependencies
- 3.5.4
+ 3.5.5
pom
import
@@ -132,7 +132,7 @@
org.apache.maven.plugins
maven-javadoc-plugin
- 3.11.2
+ 3.11.3
attach-javadocs
@@ -239,7 +239,7 @@
com.puppycrawl.tools
checkstyle
- 11.0.0
+ 11.0.1
@@ -266,6 +266,7 @@
maven-pmd-plugin
3.27.0
+ true
true
true
diff --git a/demo/_dev_infra/docker-compose.yml b/demo/_dev_infra/docker-compose.yml
index b3e1068a..e0d2e999 100644
--- a/demo/_dev_infra/docker-compose.yml
+++ b/demo/_dev_infra/docker-compose.yml
@@ -1,7 +1,7 @@
services:
db:
container_name: "db"
- image: mariadb:11
+ image: mariadb:lts
env_file: db.env
ports:
- "3306:3306"
diff --git a/demo/integration-tests/pom.xml b/demo/integration-tests/pom.xml
index cc6c5ec1..27a2a117 100644
--- a/demo/integration-tests/pom.xml
+++ b/demo/integration-tests/pom.xml
@@ -62,7 +62,7 @@
org.seleniumhq.selenium
selenium-dependencies-bom
- 4.34.0
+ 4.35.0
pom
import
@@ -86,7 +86,7 @@
software.xdev
testcontainers-advanced-imagebuilder
- 2.2.0
+ 2.2.1
org.testcontainers
@@ -99,7 +99,7 @@
software.xdev.tci
bom
- 2.4.1
+ 2.6.0
pom
import
diff --git a/demo/integration-tests/tci-db/Dockerfile b/demo/integration-tests/tci-db/Dockerfile
index afb54e8f..4ef81004 100644
--- a/demo/integration-tests/tci-db/Dockerfile
+++ b/demo/integration-tests/tci-db/Dockerfile
@@ -1,4 +1,4 @@
-FROM mariadb:11.8
+FROM mariadb:lts
SHELL ["/bin/bash", "-c"]
diff --git a/demo/integration-tests/tci-db/src/main/java/software/xdev/sse/demo/tci/db/DBTCI.java b/demo/integration-tests/tci-db/src/main/java/software/xdev/sse/demo/tci/db/DBTCI.java
index cbfb7752..974949bc 100644
--- a/demo/integration-tests/tci-db/src/main/java/software/xdev/sse/demo/tci/db/DBTCI.java
+++ b/demo/integration-tests/tci-db/src/main/java/software/xdev/sse/demo/tci/db/DBTCI.java
@@ -5,8 +5,6 @@
import javax.sql.DataSource;
-import jakarta.persistence.Entity;
-
import org.mariadb.jdbc.MariaDbDataSource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -16,7 +14,7 @@
import software.xdev.sse.demo.persistence.config.DefaultJPAConfig;
import software.xdev.sse.demo.tci.db.containers.DBContainer;
import software.xdev.tci.db.BaseDBTCI;
-import software.xdev.tci.db.persistence.classfinder.DynamicClassFinder;
+import software.xdev.tci.db.persistence.classfinder.DynamicPersistenceClassFinder;
import software.xdev.tci.db.persistence.hibernate.HibernateEntityManagerControllerFactory;
@@ -29,6 +27,9 @@ public class DBTCI extends BaseDBTCI
@SuppressWarnings("java:S2068") // This is a test calm down
public static final String DB_PASSWORD = "test";
+ private static final DynamicPersistenceClassFinder ENTITY_CLASSES_FINDER = new DynamicPersistenceClassFinder()
+ .withSearchForPersistenceClasses(DefaultJPAConfig.ENTITY_PACKAGE);
+
public DBTCI(
final DBContainer container,
final String networkAlias,
@@ -38,8 +39,7 @@ public DBTCI(
container,
networkAlias,
migrateAndInitializeEMC,
- () -> new HibernateEntityManagerControllerFactory(new DynamicClassFinder()
- .withSearchForAnnotatedClasses(DefaultJPAConfig.ENTITY_PACKAGE, Entity.class)));
+ () -> new HibernateEntityManagerControllerFactory(ENTITY_CLASSES_FINDER));
this.withDatabase(DB_DATABASE)
.withUsername(DB_USERNAME)
.withPassword(DB_PASSWORD);
diff --git a/demo/pom.xml b/demo/pom.xml
index eac30316..2e564d28 100644
--- a/demo/pom.xml
+++ b/demo/pom.xml
@@ -22,9 +22,9 @@
UTF-8
- 24.8.5
+ 24.8.8
- 3.5.4
+ 3.5.5
@@ -82,7 +82,7 @@
org.springdoc
springdoc-openapi-starter-webmvc-ui
- 2.8.9
+ 2.8.13
@@ -105,7 +105,7 @@
org.mariadb.jdbc
mariadb-java-client
- 3.5.4
+ 3.5.5
@@ -248,7 +248,7 @@
com.puppycrawl.tools
checkstyle
- 11.0.0
+ 11.0.1
@@ -275,6 +275,7 @@
maven-pmd-plugin
3.27.0
+ true
true
true
diff --git a/demo/webapp-rest/src/main/java/software/xdev/sse/demo/Application.java b/demo/webapp-rest/src/main/java/software/xdev/sse/demo/Application.java
index dc5515b1..6e8e5b66 100644
--- a/demo/webapp-rest/src/main/java/software/xdev/sse/demo/Application.java
+++ b/demo/webapp-rest/src/main/java/software/xdev/sse/demo/Application.java
@@ -12,6 +12,7 @@
@SpringBootApplication
public class Application
{
+ @SuppressWarnings("PMD.AvoidSystemSetterCall")
public static void main(final String[] args)
{
System.setProperty(
diff --git a/demo/webapp-rest/src/main/resources/application.yml b/demo/webapp-rest/src/main/resources/application.yml
index 01074d35..ada5d52a 100644
--- a/demo/webapp-rest/src/main/resources/application.yml
+++ b/demo/webapp-rest/src/main/resources/application.yml
@@ -20,20 +20,21 @@ sse:
remember-login-provider-redirect:
enabled: false
+# READ https://docs.spring.io/spring-boot/reference/actuator/endpoints.html BEFORE CHANGING ANYTHING HERE!
+# Pledge of allegiance you sign when commiting this: I know that I'm responsible for security problems when I did not
+# read the docs and I will be sentenced to debug Voyager 1 memory problems (YcUycQoz0zg) or similar complex things
management:
endpoints:
web:
exposure:
include: "*"
- # Env is potentially security sensitive so better hide it
- exclude: "env"
endpoint:
+ env:
+ access: none
health:
- show-details: "when-authorized"
- health:
- # Kubernetes probes
- probes:
- enabled: true
+ show-details: when-authorized
+ heapdump:
+ access: unrestricted
server:
# https://stackoverflow.com/questions/69403837/how-to-use-tomcat-remoteipfilter-in-spring-boot
diff --git a/demo/webapp-vaadin/src/main/java/software/xdev/sse/demo/Application.java b/demo/webapp-vaadin/src/main/java/software/xdev/sse/demo/Application.java
index 7625e89e..abbc749d 100644
--- a/demo/webapp-vaadin/src/main/java/software/xdev/sse/demo/Application.java
+++ b/demo/webapp-vaadin/src/main/java/software/xdev/sse/demo/Application.java
@@ -22,6 +22,7 @@
@EnableAutoConfiguration(exclude = {ErrorMvcAutoConfiguration.class})
public class Application
{
+ @SuppressWarnings("PMD.AvoidSystemSetterCall")
public static void main(final String[] args)
{
System.setProperty(
diff --git a/metrics/pom.xml b/metrics/pom.xml
index f00695fc..be488345 100644
--- a/metrics/pom.xml
+++ b/metrics/pom.xml
@@ -54,7 +54,7 @@
org.springframework.boot
spring-boot-dependencies
- 3.5.4
+ 3.5.5
pom
import
@@ -127,7 +127,7 @@
org.apache.maven.plugins
maven-javadoc-plugin
- 3.11.2
+ 3.11.3
attach-javadocs
@@ -234,7 +234,7 @@
com.puppycrawl.tools
checkstyle
- 11.0.0
+ 11.0.1
@@ -261,6 +261,7 @@
maven-pmd-plugin
3.27.0
+ true
true
true
diff --git a/oauth2-oidc-remember-me/pom.xml b/oauth2-oidc-remember-me/pom.xml
index 3850ee9e..1ac01d73 100644
--- a/oauth2-oidc-remember-me/pom.xml
+++ b/oauth2-oidc-remember-me/pom.xml
@@ -54,7 +54,7 @@
org.springframework.boot
spring-boot-dependencies
- 3.5.4
+ 3.5.5
pom
import
@@ -151,7 +151,7 @@
org.apache.maven.plugins
maven-javadoc-plugin
- 3.11.2
+ 3.11.3
attach-javadocs
@@ -264,7 +264,7 @@
com.puppycrawl.tools
checkstyle
- 11.0.0
+ 11.0.1
@@ -291,6 +291,7 @@
maven-pmd-plugin
3.27.0
+ true
true
true
diff --git a/oauth2-oidc/pom.xml b/oauth2-oidc/pom.xml
index 0408ef1b..b2ebd07a 100644
--- a/oauth2-oidc/pom.xml
+++ b/oauth2-oidc/pom.xml
@@ -54,7 +54,7 @@
org.springframework.boot
spring-boot-dependencies
- 3.5.4
+ 3.5.5
pom
import
@@ -170,7 +170,7 @@
org.apache.maven.plugins
maven-javadoc-plugin
- 3.11.2
+ 3.11.3
attach-javadocs
@@ -283,7 +283,7 @@
com.puppycrawl.tools
checkstyle
- 11.0.0
+ 11.0.1
@@ -310,6 +310,7 @@
maven-pmd-plugin
3.27.0
+ true
true
true
diff --git a/pom.xml b/pom.xml
index def469a2..01789725 100644
--- a/pom.xml
+++ b/pom.xml
@@ -88,7 +88,7 @@
com.puppycrawl.tools
checkstyle
- 11.0.0
+ 11.0.1
@@ -115,6 +115,7 @@
maven-pmd-plugin
3.27.0
+ true
true
true
diff --git a/vaadin/pom.xml b/vaadin/pom.xml
index f45cc491..38e458a2 100644
--- a/vaadin/pom.xml
+++ b/vaadin/pom.xml
@@ -54,7 +54,7 @@
org.springframework.boot
spring-boot-dependencies
- 3.5.4
+ 3.5.5
pom
import
@@ -62,7 +62,7 @@
com.vaadin
vaadin-bom
- 24.8.5
+ 24.8.8
pom
import
@@ -173,7 +173,7 @@
org.apache.maven.plugins
maven-javadoc-plugin
- 3.11.2
+ 3.11.3
attach-javadocs
@@ -280,7 +280,7 @@
com.puppycrawl.tools
checkstyle
- 11.0.0
+ 11.0.1
@@ -307,6 +307,7 @@
maven-pmd-plugin
3.27.0
+ true
true
true
diff --git a/web-sidecar-actuator/pom.xml b/web-sidecar-actuator/pom.xml
index 2ef4efb9..8b000ef9 100644
--- a/web-sidecar-actuator/pom.xml
+++ b/web-sidecar-actuator/pom.xml
@@ -54,7 +54,7 @@
org.springframework.boot
spring-boot-dependencies
- 3.5.4
+ 3.5.5
pom
import
@@ -154,7 +154,7 @@
org.apache.maven.plugins
maven-javadoc-plugin
- 3.11.2
+ 3.11.3
attach-javadocs
@@ -267,7 +267,7 @@
com.puppycrawl.tools
checkstyle
- 11.0.0
+ 11.0.1
@@ -294,6 +294,7 @@
maven-pmd-plugin
3.27.0
+ true
true
true
diff --git a/web-sidecar-common/pom.xml b/web-sidecar-common/pom.xml
index c84e0f70..f81bdf00 100644
--- a/web-sidecar-common/pom.xml
+++ b/web-sidecar-common/pom.xml
@@ -54,7 +54,7 @@
org.springframework.boot
spring-boot-dependencies
- 3.5.4
+ 3.5.5
pom
import
@@ -137,7 +137,7 @@
org.apache.maven.plugins
maven-javadoc-plugin
- 3.11.2
+ 3.11.3
attach-javadocs
@@ -244,7 +244,7 @@
com.puppycrawl.tools
checkstyle
- 11.0.0
+ 11.0.1
@@ -271,6 +271,7 @@
maven-pmd-plugin
3.27.0
+ true
true
true
diff --git a/web/pom.xml b/web/pom.xml
index 0aa3e192..c67a309c 100644
--- a/web/pom.xml
+++ b/web/pom.xml
@@ -54,7 +54,7 @@
org.springframework.boot
spring-boot-dependencies
- 3.5.4
+ 3.5.5
pom
import
@@ -127,7 +127,7 @@
org.apache.maven.plugins
maven-javadoc-plugin
- 3.11.2
+ 3.11.3
attach-javadocs
@@ -234,7 +234,7 @@
com.puppycrawl.tools
checkstyle
- 11.0.0
+ 11.0.1
@@ -261,6 +261,7 @@
maven-pmd-plugin
3.27.0
+ true
true
true
diff --git a/web/src/main/java/software/xdev/sse/web/cookie/DefaultCookieSecureService.java b/web/src/main/java/software/xdev/sse/web/cookie/DefaultCookieSecureService.java
index 559bb2bd..d175be00 100644
--- a/web/src/main/java/software/xdev/sse/web/cookie/DefaultCookieSecureService.java
+++ b/web/src/main/java/software/xdev/sse/web/cookie/DefaultCookieSecureService.java
@@ -15,11 +15,8 @@
*/
package software.xdev.sse.web.cookie;
-import jakarta.annotation.PostConstruct;
-
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Value;
public class DefaultCookieSecureService implements CookieSecureService
@@ -33,12 +30,11 @@ public class DefaultCookieSecureService implements CookieSecureService
* https://www.baeldung.com/spring-security-session
*
*/
- @Value("${server.servlet.session.cookie.secure:true}")
- private boolean secure;
+ private final boolean secure;
- @PostConstruct
- protected void postConstruct()
+ public DefaultCookieSecureService(final boolean secure)
{
+ this.secure = secure;
if(!this.secure)
{
LOG.info("Cookies will NOT be secured (as defined in 'server.servlet.session.cookie.secure')");
diff --git a/web/src/main/java/software/xdev/sse/web/cookie/auto/CookieAutoConfig.java b/web/src/main/java/software/xdev/sse/web/cookie/auto/CookieAutoConfig.java
index fca611a0..7b1371f8 100644
--- a/web/src/main/java/software/xdev/sse/web/cookie/auto/CookieAutoConfig.java
+++ b/web/src/main/java/software/xdev/sse/web/cookie/auto/CookieAutoConfig.java
@@ -15,6 +15,7 @@
*/
package software.xdev.sse.web.cookie.auto;
+import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
@@ -31,9 +32,10 @@ public class CookieAutoConfig
{
@ConditionalOnMissingBean
@Bean
- public CookieSecureService cookieSecureService()
+ public CookieSecureService cookieSecureService(
+ @Value("${server.servlet.session.cookie.secure:true}") final boolean secure)
{
- return new DefaultCookieSecureService();
+ return new DefaultCookieSecureService(secure);
}
@ConditionalOnMissingBean