spinnaker · j-sandy · Dec 26, 2024 · Dec 27, 2024 · Dec 27, 2024 · Jan 3, 2025
@@ -33,7 +33,7 @@ dependencies {
   implementation "com.squareup.retrofit2:converter-jackson"
   implementation "org.apache.commons:commons-lang3"
 
-  compileOnly "javax.servlet:javax.servlet-api"
+  compileOnly "jakarta.servlet:jakarta.servlet-api"
 
   implementation "com.github.ben-manes.caffeine:caffeine"
 

@@ -17,8 +17,8 @@
 package com.netflix.spinnaker.fiat.shared;
 
 import com.netflix.spinnaker.security.AuthenticatedRequest;
+import jakarta.servlet.http.HttpServletRequest;
 import java.util.List;
-import javax.servlet.http.HttpServletRequest;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.AuthorityUtils;

@@ -18,11 +18,11 @@
 
 import com.netflix.spinnaker.kork.api.exceptions.AccessDeniedDetails;
 import com.netflix.spinnaker.kork.web.exceptions.ExceptionMessageDecorator;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.util.Map;
 import java.util.StringJoiner;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.boot.web.servlet.error.DefaultErrorAttributes;

@@ -36,7 +36,7 @@
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
 import org.springframework.security.web.authentication.AuthenticationConverter;
 import retrofit2.Retrofit;
@@ -93,9 +93,19 @@ AuthenticationConverter defaultAuthenticationConverter() {
   }
 
   @Bean
-  FiatWebSecurityConfigurerAdapter fiatSecurityConfig(
-      FiatStatus fiatStatus, AuthenticationConverter authenticationConverter) {
-    return new FiatWebSecurityConfigurerAdapter(fiatStatus, authenticationConverter);
+  public SecurityFilterChain securityFilterChain(
+      HttpSecurity http, FiatStatus fiatStatus, AuthenticationConverter authenticationConverter)
+      throws Exception {
+    return http.servletApi()
+        .and()
+        .exceptionHandling()
+        .and()
+        .anonymous()
+        .and()
+        .addFilterBefore(
+            new FiatAuthenticationFilter(fiatStatus, authenticationConverter),
+            AnonymousAuthenticationFilter.class)
+        .build();
   }
 
   @Bean
@@ -104,29 +114,4 @@ FiatAccessDeniedExceptionHandler fiatAccessDeniedExceptionHandler(
       ExceptionMessageDecorator exceptionMessageDecorator) {
     return new FiatAccessDeniedExceptionHandler(exceptionMessageDecorator);
   }
-
-  private static class FiatWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
-    private final FiatStatus fiatStatus;
-    private final AuthenticationConverter authenticationConverter;
-
-    private FiatWebSecurityConfigurerAdapter(
-        FiatStatus fiatStatus, AuthenticationConverter authenticationConverter) {
-      super(true);
-      this.fiatStatus = fiatStatus;
-      this.authenticationConverter = authenticationConverter;
-    }
-
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-      http.servletApi()
-          .and()
-          .exceptionHandling()
-          .and()
-          .anonymous()
-          .and()
-          .addFilterBefore(
-              new FiatAuthenticationFilter(fiatStatus, authenticationConverter),
-              AnonymousAuthenticationFilter.class);
-    }
-  }
 }
@@ -19,8 +19,8 @@
 import com.netflix.spinnaker.fiat.model.SpinnakerAuthorities;
 import com.netflix.spinnaker.fiat.model.UserPermission;
 import com.netflix.spinnaker.kork.common.Header;
+import jakarta.servlet.http.HttpServletRequest;
 import java.util.List;
-import javax.servlet.http.HttpServletRequest;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.core.Authentication;

@@ -16,12 +16,12 @@
 
 package com.netflix.spinnaker.fiat.shared;
 
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpFilter;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpFilter;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContext;

@@ -16,10 +16,10 @@
 
 package com.netflix.spinnaker.fiat.shared;
 
+import jakarta.servlet.http.HttpServletRequest;
 import java.util.Enumeration;
 import java.util.HashMap;
 import java.util.Map;
-import javax.servlet.http.HttpServletRequest;
 
 class HeadersRedactor {
 

@@ -32,8 +32,8 @@ import spock.lang.Subject
 import org.springframework.security.access.AccessDeniedException
 import spock.lang.Unroll
 
-import javax.servlet.http.HttpServletRequest
-import javax.servlet.http.HttpServletResponse
+import jakarta.servlet.http.HttpServletRequest
+import jakarta.servlet.http.HttpServletResponse
 
 class FiatAccessDeniedExceptionHandlerSpec extends FiatSharedSpecification {
 

@@ -8,5 +8,5 @@ dependencies {
   implementation "com.squareup.retrofit2:converter-jackson"
   implementation "io.spinnaker.kork:kork-web"
   implementation "io.spinnaker.kork:kork-retrofit"
-  implementation "javax.validation:validation-api"
+  implementation "jakarta.validation:jakarta.validation-api"
 }
@@ -1,9 +1,9 @@
 package com.netflix.spinnaker.fiat.roles.github;
 
-import javax.validation.constraints.Max;
-import javax.validation.constraints.Min;
-import javax.validation.constraints.NotEmpty;
-import javax.validation.constraints.NotNull;
+import jakarta.validation.constraints.Max;
+import jakarta.validation.constraints.Min;
+import jakarta.validation.constraints.NotEmpty;
+import jakarta.validation.constraints.NotNull;
 import lombok.Data;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.context.properties.ConfigurationProperties;

@@ -43,7 +43,7 @@
 import lombok.extern.slf4j.Slf4j;
 import net.jpountz.lz4.*;
 import redis.clients.jedis.*;
-import redis.clients.jedis.commands.BinaryJedisCommands;
+import redis.clients.jedis.commands.JedisBinaryCommands;
 import redis.clients.jedis.util.SafeEncoder;
 
 /**
@@ -324,7 +324,7 @@ private byte[] getUserResourceBytesFromRedis(String id, ResourceType resourceTyp
     byte[] key = userKey(id, resourceType);
 
     byte[] compressedData =
-        redisRead(timeoutContext, (ThrowingFunction<BinaryJedisCommands, byte[]>) c -> c.get(key));
+        redisRead(timeoutContext, (ThrowingFunction<JedisBinaryCommands, byte[]>) c -> c.get(key));
 
     if (compressedData == null || compressedData.length == 0) {
       return null;
@@ -577,7 +577,7 @@ Duration getTimeout() {
     }
   }
 
-  private <T> T redisRead(TimeoutContext timeoutContext, Function<BinaryJedisCommands, T> fn) {
+  private <T> T redisRead(TimeoutContext timeoutContext, Function<JedisBinaryCommands, T> fn) {
     return retryRegistry
         .retry(REDIS_READ_RETRY)
         .executeSupplier(

@@ -32,6 +32,7 @@ dependencies {
 
     implementation "io.strikt:strikt-core"
     implementation "io.github.resilience4j:resilience4j-retry"
+    implementation "io.github.resilience4j:resilience4j-vavr"
 
     implementation "org.jetbrains.kotlinx:kotlinx-coroutines-core"
     implementation "org.jetbrains.kotlinx:kotlinx-coroutines-slf4j"

@@ -46,7 +46,7 @@ import java.time.Clock
 import java.time.Duration
 import java.util.*
 import java.util.concurrent.atomic.AtomicReference
-import javax.annotation.PreDestroy
+import jakarta.annotation.PreDestroy
 import kotlin.contracts.ExperimentalContracts
 import kotlin.contracts.contract
 import kotlin.coroutines.CoroutineContext

@@ -40,12 +40,12 @@
 import org.springframework.scheduling.concurrent.ThreadPoolTaskScheduler;
 import org.springframework.web.servlet.config.annotation.ContentNegotiationConfigurer;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
-import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 @Configuration
 @Import({RetrofitConfig.class, PluginsAutoConfiguration.class})
 @EnableConfigurationProperties(FiatServerConfigurationProperties.class)
-public class FiatConfig extends WebMvcConfigurerAdapter {
+public class FiatConfig implements WebMvcConfigurer {
 
   @Autowired private Registry registry;
 
@@ -60,7 +60,6 @@ public void addInterceptors(InterceptorRegistry registry) {
 
   @Override
   public void configureContentNegotiation(ContentNegotiationConfigurer configurer) {
-    super.configureContentNegotiation(configurer);
     configurer.favorPathExtension(false).defaultContentType(MediaType.APPLICATION_JSON);
   }
 

@@ -31,12 +31,12 @@
 import com.netflix.spinnaker.kork.web.exceptions.NotFoundException;
 import com.netflix.spinnaker.security.AuthenticatedRequest;
 import io.swagger.v3.oas.annotations.Operation;
+import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.util.*;
 import java.util.function.Supplier;
 import java.util.stream.Collectors;
 import javax.annotation.Nonnull;
-import javax.servlet.http.HttpServletResponse;
 import lombok.extern.slf4j.Slf4j;
 import lombok.val;
 import org.springframework.beans.factory.annotation.Autowired;

@@ -23,10 +23,10 @@
 import com.netflix.spinnaker.fiat.permissions.PermissionsRepository;
 import com.netflix.spinnaker.fiat.permissions.PermissionsResolver;
 import com.netflix.spinnaker.fiat.roles.UserRolesSyncer;
+import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.util.List;
 import java.util.stream.Collectors;
-import javax.servlet.http.HttpServletResponse;
 import lombok.NonNull;
 import lombok.Setter;
 import lombok.extern.slf4j.Slf4j;

@@ -49,7 +49,7 @@ import spock.lang.Shared
 import spock.lang.Specification
 import spock.lang.Unroll
 
-import javax.servlet.http.HttpServletResponse
+import jakarta.servlet.http.HttpServletResponse
 
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content
@@ -164,7 +164,7 @@ class AuthorizeControllerSpec extends Specification {
 
 
     then:
-    mockMvc.perform(get("/authorize/")).andExpect(status().is4xxClientError())
+    mockMvc.perform(get("/authorize")).andExpect(status().is4xxClientError())
 
     when:
     fiatServerConfigurationProperties.setGetAllEnabled(true)
@@ -176,7 +176,7 @@ class AuthorizeControllerSpec extends Specification {
                                                 roleAroleBUser.view])
 
     then:
-    mockMvc.perform(get("/authorize/"))
+    mockMvc.perform(get("/authorize"))
            .andExpect(status().isOk())
            .andExpect(content().json(expected))
   }