dendi-wang/thingsboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

migrated spring boot to version 2.7 due to vulnerabilities

Browse Source
This commit is contained in:
YevhenBondarenko 2022-06-11 15:05:14 +02:00
parent 98c78cd511
commit 08d5cb5e93
4 changed files with 79 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
application/src/main/java/org/thingsboard/server/config/SpringfoxHandlerProviderBeanPostProcessor.java Normal file
View File

@ -0,0 +1,61 @@
/**
* Copyright © 2016-2022 The Thingsboard Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.thingsboard.server.config;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.config.BeanPostProcessor;
import org.springframework.stereotype.Component;
import org.springframework.util.ReflectionUtils;
import org.springframework.web.servlet.mvc.method.RequestMappingInfoHandlerMapping;
import org.thingsboard.server.queue.util.TbCoreComponent;
import springfox.documentation.spring.web.plugins.WebMvcRequestHandlerProvider;
import java.lang.reflect.Field;
import java.util.List;
import java.util.stream.Collectors;
@TbCoreComponent
@Component
//TODO: remove after fixing issue https://github.com/springfox/springfox/issues/3462 or after migration from springfox to springdoc
public class SpringfoxHandlerProviderBeanPostProcessor implements BeanPostProcessor {
@Override
public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
if (bean instanceof WebMvcRequestHandlerProvider) {
customizeSpringfoxHandlerMappings(getHandlerMappings(bean));
}
return bean;
}
private <T extends RequestMappingInfoHandlerMapping> void customizeSpringfoxHandlerMappings(List<T> mappings) {
List<T> copy = mappings.stream()
.filter(mapping -> mapping.getPatternParser() == null)
.collect(Collectors.toList());
mappings.clear();
mappings.addAll(copy);
}
@SuppressWarnings("unchecked")
private List<RequestMappingInfoHandlerMapping> getHandlerMappings(Object bean) {
try {
Field field = ReflectionUtils.findField(bean.getClass(), "handlerMappings");
field.setAccessible(true);
return (List<RequestMappingInfoHandlerMapping>) field.get(bean);
} catch (IllegalArgumentException | IllegalAccessException e) {
throw new IllegalStateException(e);
}
}
}

15
application/src/main/java/org/thingsboard/server/config/ThingsboardSecurityConfiguration.java
View File

@ -181,13 +181,18 @@ public class ThingsboardSecurityConfiguration extends WebSecurityConfigurerAdapt
@Autowired @Autowired
private OAuth2AuthorizationRequestResolver oAuth2AuthorizationRequestResolver; private OAuth2AuthorizationRequestResolver oAuth2AuthorizationRequestResolver;
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/*.js","/*.css","/*.ico","/assets/**","/static/**");
}
@Override @Override
protected void configure(HttpSecurity http) throws Exception { protected void configure(HttpSecurity http) throws Exception {
http.authorizeHttpRequests((authorizeHttpRequests) -> // http.authorizeHttpRequests((authorizeHttpRequests) ->
authorizeHttpRequests // authorizeHttpRequests
.antMatchers("/*.js","/*.css","/*.ico","/assets/**","/static/**") // .antMatchers("/*.js","/*.css","/*.ico","/assets/**","/static/**")
.permitAll() // .permitAll()
); // );
http.headers().cacheControl().and().frameOptions().disable() http.headers().cacheControl().and().frameOptions().disable()
.and() .and()
.cors() .cors()

2
application/src/test/resources/application-test.properties
View File

@ -55,3 +55,5 @@ queue.rule-engine.queues[2].partitions=2
queue.rule-engine.queues[2].processing-strategy.retries=1 queue.rule-engine.queues[2].processing-strategy.retries=1
queue.rule-engine.queues[2].processing-strategy.pause-between-retries=0 queue.rule-engine.queues[2].processing-strategy.pause-between-retries=0
queue.rule-engine.queues[2].processing-strategy.max-pause-between-retries=0 queue.rule-engine.queues[2].processing-strategy.max-pause-between-retries=0
usage.stats.report.enabled=false

12
pom.xml
View File

@ -39,12 +39,12 @@
<javax-annotation.version>1.3.2</javax-annotation.version> <javax-annotation.version>1.3.2</javax-annotation.version>
<jakarta.xml.bind-api.version>2.3.2</jakarta.xml.bind-api.version> <jakarta.xml.bind-api.version>2.3.2</jakarta.xml.bind-api.version>
<jaxb-runtime.version>2.3.2</jaxb-runtime.version> <jaxb-runtime.version>2.3.2</jaxb-runtime.version>
<spring-boot.version>2.5.14</spring-boot.version> <spring-boot.version>2.7.0</spring-boot.version>
<spring-data.version>2.5.11</spring-data.version> <spring-data.version>2.7.0</spring-data.version>
<spring.version>5.3.20</spring.version> <spring.version>5.3.20</spring.version>
<spring-redis.version>5.5.12</spring-redis.version> <spring-redis.version>5.5.12</spring-redis.version>
<spring-security.version>5.6.5</spring-security.version> <spring-security.version>5.7.1</spring-security.version>
<spring-data-redis.version>2.5.11</spring-data-redis.version> <spring-data-redis.version>2.7.0</spring-data-redis.version>
<jedis.version>3.7.1</jedis.version> <jedis.version>3.7.1</jedis.version>
<jjwt.version>0.7.0</jjwt.version> <jjwt.version>0.7.0</jjwt.version>
<slf4j.version>1.7.32</slf4j.version> <slf4j.version>1.7.32</slf4j.version>
@ -112,7 +112,7 @@
<ua-parser.version>1.4.3</ua-parser.version> <ua-parser.version>1.4.3</ua-parser.version>
<commons-beanutils.version>1.9.4</commons-beanutils.version> <commons-beanutils.version>1.9.4</commons-beanutils.version>
<commons-collections.version>3.2.2</commons-collections.version> <commons-collections.version>3.2.2</commons-collections.version>
<micrometer.version>1.8.3</micrometer.version> <micrometer.version>1.9.0</micrometer.version>
<protobuf-dynamic.version>1.0.3TB</protobuf-dynamic.version> <protobuf-dynamic.version>1.0.3TB</protobuf-dynamic.version>
<wire-schema.version>3.4.0</wire-schema.version> <wire-schema.version>3.4.0</wire-schema.version>
<twilio.version>8.17.0</twilio.version> <twilio.version>8.17.0</twilio.version>
@ -127,7 +127,7 @@
<dbunit.version>2.7.2</dbunit.version> <dbunit.version>2.7.2</dbunit.version>
<hsqldb.version>2.6.1</hsqldb.version> <hsqldb.version>2.6.1</hsqldb.version>
<java-websocket.version>1.5.2</java-websocket.version> <java-websocket.version>1.5.2</java-websocket.version>
<jupiter.version>5.7.2</jupiter.version> <!-- keep the same version as spring-boot-starter-test depend on jupiter--> <jupiter.version>5.8.2</jupiter.version> <!-- keep the same version as spring-boot-starter-test depend on jupiter-->
<json-path.version>2.6.0</json-path.version> <json-path.version>2.6.0</json-path.version>
<spring-test-dbunit.version>1.3.0</spring-test-dbunit.version> <!-- 2016 --> <spring-test-dbunit.version>1.3.0</spring-test-dbunit.version> <!-- 2016 -->
<takari-cpsuite.version>1.2.7</takari-cpsuite.version> <!-- 2015 --> <takari-cpsuite.version>1.2.7</takari-cpsuite.version> <!-- 2015 -->