Replace SpringFox with SpringDoc + update dependencies + clean-up owa…

…sp-suppress.xml
europeana · Nov 23, 2022 · 478e09c · 478e09c
1 parent 41fec11
commit 478e09c
Show file tree

Hide file tree

Showing 7 changed files with 78 additions and 246 deletions.
diff --git a/owasp-suppress.xml b/owasp-suppress.xml
@@ -3,162 +3,10 @@
 
   <suppress>
     <notes><![CDATA[
-   file name: spring-core-5.3.15.jar
-   ]]></notes>
-    <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-core@.*$</packageUrl>
-    <cve>CVE-2022-22965</cve>
-  </suppress>
-
-  <suppress>
-    <notes><![CDATA[
-   file name: spring-core-5.3.21.jar
-   ]]></notes>
-    <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-core@.*$</packageUrl>
-    <cve>CVE-2016-1000027</cve>
-  </suppress>
-
-  <suppress>
-    <notes><![CDATA[
-   file name: spring-plugin-core-1.2.0.RELEASE.jar
-   ]]></notes>
-    <packageUrl regex="true">^pkg:maven/org\.springframework\.plugin/spring\-plugin\-core@.*$</packageUrl>
-    <cve>CVE-2016-1000027</cve>
-  </suppress>
-
-  <suppress>
-    <notes><![CDATA[
-   file name: spring-plugin-core-1.2.0.RELEASE.jar
-   ]]></notes>
-    <packageUrl regex="true">^pkg:maven/org\.springframework\.plugin/spring\-plugin\-core@.*$</packageUrl>
-    <cve>CVE-2022-22965</cve>
-  </suppress>
-
-  <suppress>
-    <notes><![CDATA[
-   file name: spring-aop-5.3.21.jar
-   ]]></notes>
-    <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-aop@.*$</packageUrl>
-    <cve>CVE-2016-1000027</cve>
-  </suppress>
-
-  <suppress>
-    <notes><![CDATA[
-   file name: spring-aop-5.3.15.jar
-   ]]></notes>
-    <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-aop@.*$</packageUrl>
-    <cve>CVE-2022-22965</cve>
-  </suppress>
-
-  <suppress>
-    <notes><![CDATA[
-   file name: spring-plugin-metadata-1.2.0.RELEASE.jar
-   ]]></notes>
-    <packageUrl regex="true">^pkg:maven/org\.springframework\.plugin/spring\-plugin\-metadata@.*$</packageUrl>
-    <cve>CVE-2016-1000027</cve>
-  </suppress>
-
-  <suppress>
-    <notes><![CDATA[
-   file name: spring-plugin-metadata-1.2.0.RELEASE.jar
-   ]]></notes>
-    <packageUrl regex="true">^pkg:maven/org\.springframework\.plugin/spring\-plugin\-metadata@.*$</packageUrl>
-    <cve>CVE-2022-22965</cve>
-  </suppress>
-
-  <suppress>
-    <notes><![CDATA[
-   file name: spring-jcl-5.3.21.jar
-   ]]></notes>
-    <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-jcl@.*$</packageUrl>
-    <cve>CVE-2016-1000027</cve>
-  </suppress>
-
-  <suppress>
-    <notes><![CDATA[
-   file name: spring-jcl-5.3.15.jar
-   ]]></notes>
-    <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-jcl@.*$</packageUrl>
-    <cve>CVE-2022-22965</cve>
-  </suppress>
-
-  <suppress>
-    <notes><![CDATA[
-   file name: spring-web-5.3.21.jar
+   file name: spring-web-5.3.23.jar
    ]]></notes>
     <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-web@.*$</packageUrl>
     <cve>CVE-2016-1000027</cve>
   </suppress>
 
-  <suppress>
-    <notes><![CDATA[
-   file name: spring-web-5.3.15.jar
-   ]]></notes>
-    <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-web@.*$</packageUrl>
-    <cve>CVE-2022-22965</cve>
-  </suppress>
-
-  <suppress>
-    <notes><![CDATA[
-   file name: spring-beans-5.3.21.jar
-   ]]></notes>
-    <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-beans@.*$</packageUrl>
-    <cve>CVE-2016-1000027</cve>
-  </suppress>
-
-  <suppress>
-  <notes><![CDATA[
-   file name: spring-beans-5.3.15.jar
-   ]]></notes>
-  <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-beans@.*$</packageUrl>
-  <cve>CVE-2022-22965</cve>
-</suppress>
-
-  <suppress>
-    <notes><![CDATA[
-   file name: spring-webmvc-5.3.21.jar
-   ]]></notes>
-    <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-webmvc@.*$</packageUrl>
-    <cve>CVE-2016-1000027</cve>
-  </suppress>
-
-  <suppress>
-    <notes><![CDATA[
-   file name: spring-webmvc-5.3.15.jar
-   ]]></notes>
-    <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-webmvc@.*$</packageUrl>
-    <cve>CVE-2022-22965</cve>
-  </suppress>
-
-  <suppress>
-    <notes><![CDATA[
-   file name: spring-context-5.3.21.jar
-   ]]></notes>
-    <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-context@.*$</packageUrl>
-    <cve>CVE-2016-1000027</cve>
-  </suppress>
-
-  <suppress>
-    <notes><![CDATA[
-   file name: spring-context-5.3.15.jar
-   ]]></notes>
-    <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-context@.*$</packageUrl>
-    <cve>CVE-2022-22965</cve>
-  </suppress>
-
-  <suppress>
-    <notes><![CDATA[
-   file name: spring-expression-5.3.21.jar
-   ]]></notes>
-    <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-expression@.*$</packageUrl>
-    <cve>CVE-2016-1000027</cve>
-  </suppress>
-
-  <suppress>
-    <notes><![CDATA[
-   file name: spring-expression-5.3.15.jar
-   ]]></notes>
-    <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-expression@.*$</packageUrl>
-    <cve>CVE-2022-22965</cve>
-  </suppress>
-
 </suppressions>
diff --git a/pom.xml b/pom.xml
@@ -25,21 +25,19 @@
         <maven.compiler.target>${java.version}</maven.compiler.target>
 
         <metis.version>7</metis.version>
-        <fulltext-common.version>0.9.1-SNAPSHOT</fulltext-common.version>
-        <apicommons.version>0.3.17-SNAPSHOT</apicommons.version>
-        <spring-boot.version>2.5.12</spring-boot.version>
-
-        <jackson-core.version>2.13.3</jackson-core.version>
+        <fulltext-common.version>0.9.1</fulltext-common.version>
+        <apicommons.version>0.3.16</apicommons.version>
+        <!-- 3rd party -->
+        <spring-boot.version>2.6.13</spring-boot.version>
+        <springdoc.version>1.6.13</springdoc.version>
+        <jackson-core.version>2.14.1</jackson-core.version>
         <jsonpath.version>2.7.0</jsonpath.version>
         <jaxb-api.version>2.4.0-b180830.0359</jaxb-api.version>
-
         <http-client.version>4.5.13</http-client.version>
         <commons.lang3.version>3.12.0</commons.lang3.version>
-        <swagger.version>3.0.0</swagger.version>
-
+        <!-- Test -->
         <junit-jupiter.version>5.6.0</junit-jupiter.version>
         <unitils.version>3.4.6</unitils.version>
-
         <mockito.version>3.7.0</mockito.version>
         <wiremock.version>2.33.2</wiremock.version>
 
@@ -90,6 +88,12 @@
             <artifactId>spring-boot-starter-log4j2</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>org.springdoc</groupId>
+            <artifactId>springdoc-openapi-ui</artifactId>
+            <version>${springdoc.version}</version>
+        </dependency>
+
         <!-- For definitions and accept header handling -->
         <dependency>
             <groupId>eu.europeana.fulltext</groupId>
@@ -137,7 +141,7 @@
             </exclusions>
         </dependency>
 
-        <!-- we are required to import security when using commons-error but non-vulnerable version -->
+        <!-- At the moment API commons requires us to import spring security, should refactor that -->
         <dependency>
             <groupId>org.springframework.security</groupId>
             <artifactId>spring-security-core</artifactId>
@@ -203,17 +207,7 @@
             <version>${commons.lang3.version}</version>
         </dependency>
 
-        <dependency>
-            <groupId>io.springfox</groupId>
-            <artifactId>springfox-boot-starter</artifactId>
-            <version>${swagger.version}</version>
-        </dependency>
 
-        <dependency>
-            <groupId>io.springfox</groupId>
-            <artifactId>springfox-swagger-ui</artifactId>
-            <version>${swagger.version}</version>
-        </dependency>
 
 
         <!-- Test stuff -->

diff --git a/src/main/java/eu/europeana/iiif/config/SpringDocConfig.java b/src/main/java/eu/europeana/iiif/config/SpringDocConfig.java
@@ -0,0 +1,37 @@
+package eu.europeana.iiif.config;
+
+import io.swagger.v3.oas.models.ExternalDocumentation;
+import io.swagger.v3.oas.models.OpenAPI;
+import io.swagger.v3.oas.models.info.Contact;
+import io.swagger.v3.oas.models.info.Info;
+import io.swagger.v3.oas.models.info.License;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+public class SpringDocConfig {
+
+    private final BuildInfo buildInfo;
+
+    /**
+     * Initialize SpringDoc with API build information
+     * @param buildInfo object for retrieving build information
+     */
+    public SpringDocConfig(BuildInfo buildInfo) {
+        this.buildInfo = buildInfo;
+    }
+
+    @Bean
+    public OpenAPI userServiceOpenAPI() {
+        return new OpenAPI().info(new Info().title(buildInfo.getAppName())
+                        .description(buildInfo.getAppDescription())
+                        .version(buildInfo.getAppVersion() + " (build " + buildInfo.getBuildNumber() + ")")
+                        .contact(new Contact().name("API team").url("https://api.europeana.eu").email("[email protected]"))
+                        .termsOfService("https://www.europeana.eu/en/rights/api-terms-of-use")
+                        .license(new License().name("EUPL 1.2").url("https://www.eupl.eu")))
+                .externalDocs(new ExternalDocumentation()
+                        .description("Documentation")
+                        .url("https://pro.europeana.eu/page/intro#general"));
+    }
+
+}
diff --git a/src/main/java/eu/europeana/iiif/config/SwaggerConfig.java b/src/main/java/eu/europeana/iiif/config/SwaggerConfig.java
diff --git a/src/main/java/eu/europeana/iiif/web/ManifestController.java b/src/main/java/eu/europeana/iiif/web/ManifestController.java
@@ -64,8 +64,7 @@ public ResponseEntity<String> manifestRequestJson(
             @RequestParam(value = "recordApi", required = false) URL recordApi,
             @RequestParam(value = "fullText", required = false, defaultValue = "true") Boolean addFullText,
             @RequestParam(value = "fullTextApi", required = false) URL fullTextApi,
-            HttpServletRequest request,
-            HttpServletResponse response) throws EuropeanaApiException {
+            HttpServletRequest request) throws EuropeanaApiException {
         return handleRequest(collectionId, recordId, wskey, version, recordApi, addFullText, fullTextApi, true, request);
     }
 
@@ -75,18 +74,17 @@ public void testError() throws InvalidIIIFVersionException {
     }
 
 
-    @GetMapping(value = "/{collectionId}/{recordId}/manifest", headers = ACCEPT_JSONLD)
+    @GetMapping(value = "/{colId}/{recordId}/manifest", headers = ACCEPT_JSONLD)
     public ResponseEntity<String> manifestRequestJsonLd(
-            @PathVariable String collectionId,
+            @PathVariable String colId,
             @PathVariable String recordId,
             @RequestParam(value = "wskey", required = true) String wskey,
             @RequestParam(value = "format", required = false) String version,
             @RequestParam(value = "recordApi", required = false) URL recordApi,
             @RequestParam(value = "fullText", required = false, defaultValue = "true") Boolean addFullText,
             @RequestParam(value = "fullTextApi", required = false) URL fullTextApi,
-            HttpServletRequest request,
-            HttpServletResponse response) throws EuropeanaApiException {
-        return handleRequest(collectionId, recordId, wskey, version, recordApi, addFullText, fullTextApi, false, request);
+            HttpServletRequest request) throws EuropeanaApiException {
+        return handleRequest(colId, recordId, wskey, version, recordApi, addFullText, fullTextApi, false, request);
     }
 
     private ResponseEntity<String> handleRequest( String collectionId,

diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
@@ -29,4 +29,11 @@ management:
 
   info:
     env:
-      enabled: true
+      enabled: true
+
+# Creates a redirect from /console to /swagger-ui/index.html
+springdoc:
+  swagger-ui:
+    path: /console
+  # Don't include Error controller in API commons
+  paths-to-exclude: /error