Feature 797 upgrade to spring boot 3 (#2752)

- Upgrade to Spring Boot 3.2.4 #797
- move to Jakarta #581
- replaced Hibernate @type annotations with @JdbcTypeCode
-upgraded to Gradle 8.5
- moved to Apache Commons Fileupload2 (jakarta)
- removed old "ROLE_" data from role constants. We only use now the role itself. Means "ROLE_USER" becomes 
  "USER" etc. #3085
- removed unnecessary code
- Avoid logback status info logs at application start
- some renamings
- removed illegal (and unnecessary) header part from test rest helper
- enhanced Test API + fixed flaky integration test
- documented dependagen usage + Spring boot version update handling #3086
- Spring profile documentation generator adopted to Spring Boot 3 as well
- dropped some todos and created issues for them at github

build.gradle

@@ -33,16 +33,16 @@ plugins {
     id 'org.openapi.generator' version '6.5.0'
 
     // spring
-    id 'org.springframework.boot' version '2.7.11' apply false
+    id 'org.springframework.boot' version '3.2.2' apply false
 
     // spotless code formatter
     // (see https://github.com/diffplug/spotless)
-    id 'com.diffplug.spotless' version '6.22.0'
+    id 'com.diffplug.spotless' version '6.23.3'
 
     // versions plugin for checking new available library versions etc. 
     // (see https://github.com/ben-manes/gradle-versions-plugin)
-    id 'com.github.ben-manes.versions' version '0.46.0'
-
+    id 'com.github.ben-manes.versions' version '0.50.0'
+       
     // Details about every gradle plugin can be found at 
     // https://plugins.gradle.org/plugin/${pluginId}
 }

deprecated-sechub-adapter-nessus/src/main/java/com/mercedesbenz/sechub/adapter/nessus/NessusAdapterV1.java

@@ -14,6 +14,8 @@
 import org.springframework.context.annotation.Profile;
 import org.springframework.http.HttpEntity;
 import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.HttpStatusCode;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Component;
 import org.springframework.util.LinkedMultiValueMap;
@@ -109,7 +111,7 @@ private void startExport(NessusContext context) throws AdapterException {
 
         ResponseEntity<String> response = context.getRestOperations().postForEntity(apiUrl, request, String.class);
         if (!OK.equals(response.getStatusCode())) {
-            throw new NessusRESTFailureException(response.getStatusCode(), response.getBody());
+            throw new NessusRESTFailureException(converToHttpStatus(response.getStatusCode()), response.getBody());
         }
         String fileId = context.json().fetch("file", response).asText();
         context.setExportFileId(fileId);
@@ -133,7 +135,8 @@ private String resolveHistoryId(NessusAdapterContext context) throws AdapterExce
         String apiUrl = createGetHistoryIdsApiURL(context);
         ResponseEntity<String> response = context.getRestOperations().getForEntity(apiUrl, String.class);
         if (!OK.equals(response.getStatusCode())) {
-            throw new NessusRESTFailureException(response.getStatusCode(), response.getBody());
+
+            throw new NessusRESTFailureException(converToHttpStatus(response.getStatusCode()), response.getBody());
         }
         String content = response.getBody();
         String historyId = resolveHistoryIdByUUID(content, context);
@@ -142,6 +145,10 @@ private String resolveHistoryId(NessusAdapterContext context) throws AdapterExce
         return historyId;
     }
 
+    private HttpStatus converToHttpStatus(HttpStatusCode code) {
+        return HttpStatus.valueOf(code.value());
+    }
+
     private void launchScan(NessusAdapterContext context) throws AdapterException {
         NessusAdapterConfig config = context.getConfig();
 
@@ -391,7 +398,7 @@ protected String getCurrentState(NessusAdapterContext context) throws Exception
 
             ResponseEntity<String> response = context.getRestOperations().exchange(apiUrl, HttpMethod.GET, entity, String.class);
             if (!OK.equals(response.getStatusCode())) {
-                throw new NessusRESTFailureException(response.getStatusCode(), response.getBody());
+                throw new NessusRESTFailureException(converToHttpStatus(response.getStatusCode()), response.getBody());
             }
             String status = context.json().fetch("info", response).fetch("status").asText();
             LOG.debug("{} found status {}", adapterLogId, status);
@@ -416,7 +423,7 @@ protected void handleNoLongerWaitingState(String state, NessusAdapterContext con
 
             ResponseEntity<String> response = context.getRestOperations().getForEntity(apiUrl, String.class);
             if (!OK.equals(response.getStatusCode())) {
-                throw new NessusRESTFailureException(response.getStatusCode(), response.getBody());
+                throw new NessusRESTFailureException(converToHttpStatus(response.getStatusCode()), response.getBody());
             }
 
             String result = response.getBody();
@@ -431,7 +438,7 @@ protected String getCurrentState(NessusAdapterContext context) throws Exception
 
             ResponseEntity<String> response = context.getRestOperations().getForEntity(apiUrl, String.class);
             if (!OK.equals(response.getStatusCode())) {
-                throw new NessusRESTFailureException(response.getStatusCode(), response.getBody());
+                throw new NessusRESTFailureException(converToHttpStatus(response.getStatusCode()), response.getBody());
             }
 
             String state = context.json().fetch("status", response).asText();

deprecated-sechub-adapter-netsparker/src/main/java/com/mercedesbenz/sechub/adapter/netsparker/NetsparkerAdapterV1.java

@@ -10,6 +10,8 @@
 import org.slf4j.LoggerFactory;
 import org.springframework.context.annotation.Profile;
 import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.HttpStatusCode;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Component;
 import org.springframework.util.LinkedMultiValueMap;
@@ -98,7 +100,7 @@ void createWebsite(NetsparkerContext context) throws AdapterException {
         try {
             ResponseEntity<String> response = context.getRestOperations().postForEntity(apiUrl, request, String.class);
             if (!CREATED.equals(response.getStatusCode())) {
-                throw new NetsparkerRESTFailureException(response.getStatusCode(), response.getBody());
+                throw new NetsparkerRESTFailureException(converToHttpStatus(response.getStatusCode()), response.getBody());
             }
         } catch (HttpClientErrorException e) {
             LOG.error(e.getResponseBodyAsString());
@@ -113,7 +115,7 @@ void fetchReport(NetsparkerAdapterContext context) {
         String apiUrl = createAPIURL(APICALL_GET_SCAN_REPORT + context.getProductContextId() + "?Type=Vulnerabilities&Format=Xml", context.getConfig());
         ResponseEntity<String> response = context.getRestOperations().getForEntity(apiUrl, String.class);
         if (!OK.equals(response.getStatusCode())) {
-            throw new NetsparkerRESTFailureException(response.getStatusCode(), response.getBody());
+            throw new NetsparkerRESTFailureException(converToHttpStatus(response.getStatusCode()), response.getBody());
         }
         String body = response.getBody();
         context.setResult(body);
@@ -188,13 +190,13 @@ private void createNewScanAndFetchId(NetsparkerContext context) throws AdapterEx
             LOG.debug("{} calling api url '{}'", traceID, apiUrl);
             ResponseEntity<String> response = context.getRestOperations().postForEntity(apiUrl, request, String.class);
             if (!CREATED.equals(response.getStatusCode())) {
-                throw new NetsparkerRESTFailureException(response.getStatusCode(), response.getBody());
+                throw new NetsparkerRESTFailureException(converToHttpStatus(response.getStatusCode()), response.getBody());
             }
             context.setProductContextId(extractIDFromScanResult(response.getBody(), context));
             LOG.debug("{} created new scan and got netsparker ID '{}'", traceID, context.getProductContextId());
 
         } catch (HttpClientErrorException e) {
-            throw new NetsparkerRESTFailureException(e.getStatusCode(), e.getResponseBodyAsString());
+            throw new NetsparkerRESTFailureException(converToHttpStatus(e.getStatusCode()), e.getResponseBodyAsString());
         }
 
     }
@@ -274,11 +276,15 @@ protected String getCurrentState(NetsparkerAdapterContext context) throws Adapte
 
             ResponseEntity<String> response = context.getRestOperations().getForEntity(apiUrl, String.class);
             if (!OK.equals(response.getStatusCode())) {
-                throw new NetsparkerRESTFailureException(response.getStatusCode(), response.getBody());
+                throw new NetsparkerRESTFailureException(converToHttpStatus(response.getStatusCode()), response.getBody());
             }
             String state = context.json().fetch("State", response).asText();
             LOG.debug("{} state is '{}'", traceID, state);
             return state;
         }
     }
+
+    private HttpStatus converToHttpStatus(HttpStatusCode code) {
+        return HttpStatus.valueOf(code.value());
+    }
 }

gradle/build-spring.gradle

@@ -10,8 +10,6 @@ subprojects {
              mavenBom "$springBootMavenBomCoordinates"
          }
     }
-
-    ext['junit-jupiter.version'] = '5.8.2'
 
     logger.info("found spring boot relevant project:$project")
 

gradle/libraries.gradle

@@ -30,49 +30,56 @@ ext {
        * management is defined here:
        */                                     
       dom4j:                                   "2.1.4",
-      jsoup:                                   "1.15.4",
+      jsoup:                                   "1.17.2",
       re2j:                                    "1.7",
       logstash_logback_encoder:                "7.3",
-      aws_java_sdk_s3:                         "1.12.453",
-      postgresql:                              "42.6.0",
+      aws_java_sdk_s3:                         "1.12.629",
+      postgresql:                              "42.7.1",
 
       /* JDK > 9 needs these ones: */         
       jaxb_api:                                "2.3.1",
       activation:                              "1.1.1",
       xml_bind:                                "2.2.0",
 
       /* apache http components*/             
-      apache_httpcomponents_client:            "4.5.14",
+      apache_httpcomponents_client:            "5.2.1",
 
       /* apache commons */                   
-      apache_commons_cli:                      "1.5.0",
-      apache_commons_io:                       "2.11.0",
-      apache_commons_validator:                "1.7",
-      apache_commons_fileupload:               "1.5",
-      apache_commons_compress:                 "1.24.0",
-      apache_commons_lang3:                    "3.12.0",
+      apache_commons_cli:                      "1.6.0",
+      apache_commons_io:                       "2.15.1",
+      apache_commons_validator:                "1.8.0",
+
+      // https://mvnrepository.com/artifact/org.apache.commons/commons-fileupload2-core
+      apache_commons_fileupload2_core:         "2.0.0-M2",
+      // https://mvnrepository.com/artifact/org.apache.commons/commons-fileupload2-jakarta
+      apache_commons_fileupload2_jakarta:      "2.0.0-M1",
+      apache_commons_compress:                 "1.25.0",
+      apache_commons_lang3:                    "3.14.0",
 
       /* testing */                            
       junit4:                                  "4.13.2",
-      wiremock:                                "2.27.2",
-      s3mock:                                  "2.11.0",
+      wiremock:                                "3.0.1",
+      s3mock:                                  "3.3.0",
 
       /* gradle plugins */      
-      dependency_check:                        "8.2.1",
-      grgit:                                   "5.0.0",
+      dependency_check:                        "9.0.7",
+      grgit:                                   "5.2.1",
+      cyclonedx:                               "1.8.1",
 
       /* documentation */
       asciidoctor_j:                           "2.5.2",
       asciidoctor_j_diagram:                   "2.2.1",
 
-      // openapi3-generator, releases see https://github.com/ePages-de/restdocs-api-spec/releases
-      restDocsApiSpec:                         "0.16.4",  // newest version compatible with Spring Boot 2.x
+      /* openapi3-generator, releases see https://github.com/ePages-de/restdocs-api-spec/releases */
+      // TODO de-jcup, 2024-04-18: Currently we cannot use versions > 0.17.1 because it introduces nullable and required in the spec file which causes issues
+      // There exists an issue for it at https://github.com/mercedes-benz/sechub/issues/3080
+      restDocsApiSpec:                         "0.17.1",
 
       /* Owasp Zap wrapper */
       owaspzap_client_api:                     "1.13.0",
       jcommander:                              "1.82",
 
-      thymeleaf_extras_springsecurity5:        "3.1.1.RELEASE",
+      thymeleaf_extras_springsecurity5:        "3.1.2.RELEASE",
 
       /* SARIF */
       sarif_210:                               "1.1.0",
@@ -114,7 +121,6 @@ ext {
 
 
         /* additional (2): version based on other libraries used by spring boot */      
-        mockito_inline:                        "org.mockito:mockito-inline:${spring_boot_dependency_version.mockito_core}",
         jackson_jr_all:                        "com.fasterxml.jackson.jr:jackson-jr-all:${spring_boot_dependency_version.jackson_core}",
 
 
@@ -123,12 +129,15 @@ ext {
         amazonaws_sdk:                         "com.amazonaws:aws-java-sdk-s3:${libraryVersion.aws_java_sdk_s3}",
         logstashLogbackEncoder        :        "net.logstash.logback:logstash-logback-encoder:${libraryVersion.logstash_logback_encoder}",
 
-        apache_httpcomponents_client:          "org.apache.httpcomponents:httpclient:${libraryVersion.apache_httpcomponents_client}",
+        apache_httpcomponents_client:          "org.apache.httpcomponents.client5:httpclient5:${libraryVersion.apache_httpcomponents_client}",
 
         apache_commons_validator:              "commons-validator:commons-validator:${libraryVersion.apache_commons_validator}",
         apache_commons_io:                     "commons-io:commons-io:${libraryVersion.apache_commons_io}",
         apache_commons_cli:                    "commons-cli:commons-cli:${libraryVersion.apache_commons_cli}",
-        apache_commons_fileupload:             "commons-fileupload:commons-fileupload:${libraryVersion.apache_commons_fileupload}",
+
+        apache_commons_fileupload2_core:       "org.apache.commons:commons-fileupload2-core:${libraryVersion.apache_commons_fileupload2_core}", 
+        apache_commons_fileupload2_jakarta:    "org.apache.commons:commons-fileupload2-jakarta:${libraryVersion.apache_commons_fileupload2_jakarta}",
+
         apache_commons_compress:               "org.apache.commons:commons-compress:${libraryVersion.apache_commons_compress}",
         apache_commons_lang3:                  "org.apache.commons:commons-lang3:${libraryVersion.apache_commons_lang3}",
 
@@ -142,7 +151,8 @@ ext {
         junit4:                                "junit:junit:${libraryVersion.junit4}",
         wiremock:                              "com.github.tomakehurst:wiremock-standalone:${libraryVersion.wiremock}",
         s3mock:                                "com.adobe.testing:s3mock:${libraryVersion.s3mock}",
-        s3mock_junit4:                         "com.adobe.testing:s3mock-junit4:${libraryVersion.s3mock}",
+        s3mock_junit5:                         "com.adobe.testing:s3mock-junit5:${libraryVersion.s3mock}",
+
         /*
          * RE2 is a regular expression engine that runs in time linear in the size of the input.
          * It's the default RegularExpression engine of Go