From 46de7c9516c48641646f80fa6a3f6c8aadb4e9c1 Mon Sep 17 00:00:00 2001 From: Alessandro Ricchiuti Date: Wed, 21 Jan 2026 16:49:53 +0100 Subject: [PATCH 01/17] openrewrite --- binary/tomcat/conf/web.xml | 4 +-- java/services/pom.xml | 11 +++++--- .../controllers/BaseConfigController.java | 4 +-- .../controllers/BaseMapStoreController.java | 2 +- .../extensions/ExtensionsController.java | 4 +-- .../rest/config/LoadAssetsController.java | 4 +-- .../rest/config/SetParamsController.java | 28 +++++++++---------- .../rest/config/UploadPluginController.java | 24 ++++++++-------- .../mapstore/filters/NoCacheFilter.java | 4 +-- .../mapstore/utils/ResourceUtils.java | 2 +- .../mapstore/ConfigControllerTest.java | 2 +- .../mapstore/ExtensionsControllerTest.java | 2 +- .../mapstore/LoadAssetControllerTest.java | 2 +- .../mapstore/UploadPluginControllerTest.java | 2 +- .../rest/config/SetParamsControllerTest.java | 2 +- .../mapstore/filters/NoCacheFilterTest.java | 10 +++---- .../mapstore/utils/ResourceUtilsTest.java | 2 +- java/web/pom.xml | 11 +++++--- java/web/src/main/webapp/WEB-INF/web.xml | 2 +- openrewrite.sh | 14 ++++++++++ pom.xml | 26 ++++++++--------- .../web/src/main/webapp/WEB-INF/web.xml | 2 +- 22 files changed, 91 insertions(+), 73 deletions(-) create mode 100644 openrewrite.sh diff --git a/binary/tomcat/conf/web.xml b/binary/tomcat/conf/web.xml index b4fc5b61da..6caf5b60a1 100644 --- a/binary/tomcat/conf/web.xml +++ b/binary/tomcat/conf/web.xml @@ -15,11 +15,11 @@ See the License for the specific language governing permissions and limitations under the License. --> - + version="6.0"> diff --git a/java/services/pom.xml b/java/services/pom.xml index 5eae8354eb..c766adc2ce 100644 --- a/java/services/pom.xml +++ b/java/services/pom.xml @@ -88,8 +88,9 @@ - javax.servlet - javax.servlet-api + jakarta.servlet + jakarta.servlet-api + 5.0.0 @@ -99,8 +100,9 @@ - com.fasterxml.jackson.core + tools.jackson.core jackson-core + 3.0.3 @@ -109,8 +111,9 @@ - com.fasterxml.jackson.core + tools.jackson.core jackson-databind + 3.0.3 diff --git a/java/services/src/main/java/it/geosolutions/mapstore/controllers/BaseConfigController.java b/java/services/src/main/java/it/geosolutions/mapstore/controllers/BaseConfigController.java index 82c28c806f..d1692e69b7 100644 --- a/java/services/src/main/java/it/geosolutions/mapstore/controllers/BaseConfigController.java +++ b/java/services/src/main/java/it/geosolutions/mapstore/controllers/BaseConfigController.java @@ -28,8 +28,8 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.ResponseStatus; -import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.ObjectMapper; +import tools.jackson.databind.JsonNode; +import tools.jackson.databind.ObjectMapper; import com.github.fge.jsonpatch.JsonPatch; import com.github.fge.jsonpatch.JsonPatchException; diff --git a/java/services/src/main/java/it/geosolutions/mapstore/controllers/BaseMapStoreController.java b/java/services/src/main/java/it/geosolutions/mapstore/controllers/BaseMapStoreController.java index 638023dc92..c6bc4538fd 100644 --- a/java/services/src/main/java/it/geosolutions/mapstore/controllers/BaseMapStoreController.java +++ b/java/services/src/main/java/it/geosolutions/mapstore/controllers/BaseMapStoreController.java @@ -1,6 +1,6 @@ package it.geosolutions.mapstore.controllers; -import javax.servlet.ServletContext; +import jakarta.servlet.ServletContext; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; diff --git a/java/services/src/main/java/it/geosolutions/mapstore/controllers/extensions/ExtensionsController.java b/java/services/src/main/java/it/geosolutions/mapstore/controllers/extensions/ExtensionsController.java index 001b3a9bb2..9da6b9eb33 100644 --- a/java/services/src/main/java/it/geosolutions/mapstore/controllers/extensions/ExtensionsController.java +++ b/java/services/src/main/java/it/geosolutions/mapstore/controllers/extensions/ExtensionsController.java @@ -10,8 +10,8 @@ import java.io.IOException; import java.nio.file.Paths; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import org.apache.commons.io.IOUtils; import org.springframework.stereotype.Controller; diff --git a/java/services/src/main/java/it/geosolutions/mapstore/controllers/rest/config/LoadAssetsController.java b/java/services/src/main/java/it/geosolutions/mapstore/controllers/rest/config/LoadAssetsController.java index 165011840e..fd13071c72 100644 --- a/java/services/src/main/java/it/geosolutions/mapstore/controllers/rest/config/LoadAssetsController.java +++ b/java/services/src/main/java/it/geosolutions/mapstore/controllers/rest/config/LoadAssetsController.java @@ -12,8 +12,8 @@ import java.util.function.Predicate; import java.util.stream.Stream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import org.apache.commons.io.IOUtils; import org.springframework.beans.factory.annotation.Value; diff --git a/java/services/src/main/java/it/geosolutions/mapstore/controllers/rest/config/SetParamsController.java b/java/services/src/main/java/it/geosolutions/mapstore/controllers/rest/config/SetParamsController.java index b5128c6943..1bad3704a5 100644 --- a/java/services/src/main/java/it/geosolutions/mapstore/controllers/rest/config/SetParamsController.java +++ b/java/services/src/main/java/it/geosolutions/mapstore/controllers/rest/config/SetParamsController.java @@ -7,14 +7,12 @@ */ package it.geosolutions.mapstore.controllers.rest.config; -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.databind.node.JsonNodeFactory; -import com.fasterxml.jackson.databind.node.NullNode; -import com.fasterxml.jackson.databind.node.ObjectNode; -import com.fasterxml.jackson.databind.node.TextNode; -import com.fasterxml.jackson.databind.node.ValueNode; +import tools.jackson.databind.JsonNode; +import tools.jackson.databind.ObjectMapper; +import tools.jackson.databind.node.JsonNodeFactory; +import tools.jackson.databind.node.NullNode; +import tools.jackson.databind.node.ObjectNode; +import tools.jackson.databind.node.ValueNode; import it.geosolutions.mapstore.controllers.BaseConfigController; import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.StringUtils; @@ -28,10 +26,10 @@ import org.springframework.web.bind.annotation.RequestHeader; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; - - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; +import tools.jackson.core.JacksonException; +import tools.jackson.databind.node.StringNode; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import java.io.IOException; import java.io.InputStream; import java.net.URI; @@ -121,8 +119,8 @@ private String getPage(JsonNode node){ throw new UnsupportedOperationException(error); } - if (pageNode instanceof TextNode){ - pageStr=pageNode.asText(); + if (pageNode instanceof StringNode){ + pageStr=pageNode.asString(); } } if (pageStr==null) pageStr=DEF_PAGE; @@ -148,7 +146,7 @@ private ObjectNode mapToJSONObject(Map map){ try { JsonNode node=mapper.readTree(val); resultJSON.set(k,node); - }catch (JsonProcessingException e){ + }catch (JacksonException e){ resultJSON.set(k,factory.textNode(val)); } } diff --git a/java/services/src/main/java/it/geosolutions/mapstore/controllers/rest/config/UploadPluginController.java b/java/services/src/main/java/it/geosolutions/mapstore/controllers/rest/config/UploadPluginController.java index a708ceb316..aa48f755c5 100644 --- a/java/services/src/main/java/it/geosolutions/mapstore/controllers/rest/config/UploadPluginController.java +++ b/java/services/src/main/java/it/geosolutions/mapstore/controllers/rest/config/UploadPluginController.java @@ -7,11 +7,11 @@ */ package it.geosolutions.mapstore.controllers.rest.config; -import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.databind.node.ArrayNode; -import com.fasterxml.jackson.databind.node.JsonNodeFactory; -import com.fasterxml.jackson.databind.node.ObjectNode; +import tools.jackson.databind.JsonNode; +import tools.jackson.databind.ObjectMapper; +import tools.jackson.databind.node.ArrayNode; +import tools.jackson.databind.node.JsonNodeFactory; +import tools.jackson.databind.node.ObjectNode; import it.geosolutions.mapstore.controllers.BaseMapStoreController; import it.geosolutions.mapstore.utils.ResourceUtils; import org.apache.commons.io.FileUtils; @@ -24,7 +24,7 @@ import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.ResponseBody; -import javax.servlet.ServletContext; +import jakarta.servlet.ServletContext; import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; @@ -99,7 +99,7 @@ public class UploadPluginController extends BaseMapStoreController { plugin = plugins.get(0); ((ObjectNode) plugin).put("extension", true); - pluginName = plugin.get("name").asText(); + pluginName = plugin.get("name").asString(); validatePluginName(pluginName); // SECURITY: ensure folder-safe name if (shouldStorePluginsConfigAsPatch()) { @@ -226,7 +226,7 @@ private boolean canUseDataDir() { ObjectNode configObj = getExtensionConfig(); if (configObj.has(pluginName)) { JsonNode pluginConfig = configObj.get(pluginName); - String pluginBundle = pluginConfig.get("bundle").asText(); + String pluginBundle = pluginConfig.get("bundle").asString(); String pluginFolder = pluginBundle.substring(0, pluginBundle.lastIndexOf("/")); // Compute the folder to remove relative to extensions root @@ -249,8 +249,8 @@ private boolean canUseDataDir() { int toRemove = -1; for (int i = 0; i < plugins.size(); i++) { JsonNode plugin = plugins.get(i); - String name = plugin.has("name") ? plugin.get("name").asText() - : plugin.get("value").get("name").asText(); + String name = plugin.has("name") ? plugin.get("name").asString() + : plugin.get("value").get("name").asString(); if (name.contentEquals(pluginName)) { toRemove = i; } @@ -371,7 +371,7 @@ private void addPluginConfiguration(JsonNode json) throws IOException { int remove = -1; for (int count = 0; count < plugins.size(); count++) { JsonNode node = plugins.get(count); - if (json.get("name").asText().equals(node.get("name").asText())) { + if (json.get("name").asString().equals(node.get("name").asString())) { remove = count; } } @@ -401,7 +401,7 @@ private void addPluginConfigurationAsPatch(JsonNode json) throws IOException { int remove = -1; for (int count = 0; count < config.size(); count++) { JsonNode node = config.get(count); - if (json.get("name").asText().equals(node.get("value").get("name").asText())) { + if (json.get("name").asString().equals(node.get("value").get("name").asString())) { remove = count; } } diff --git a/java/services/src/main/java/it/geosolutions/mapstore/filters/NoCacheFilter.java b/java/services/src/main/java/it/geosolutions/mapstore/filters/NoCacheFilter.java index d59f85e34a..5f0645bd8b 100644 --- a/java/services/src/main/java/it/geosolutions/mapstore/filters/NoCacheFilter.java +++ b/java/services/src/main/java/it/geosolutions/mapstore/filters/NoCacheFilter.java @@ -1,6 +1,6 @@ package it.geosolutions.mapstore.filters; -import javax.servlet.*; -import javax.servlet.http.HttpServletResponse; +import jakarta.servlet.*; +import jakarta.servlet.http.HttpServletResponse; import java.io.IOException; public class NoCacheFilter implements Filter { diff --git a/java/services/src/main/java/it/geosolutions/mapstore/utils/ResourceUtils.java b/java/services/src/main/java/it/geosolutions/mapstore/utils/ResourceUtils.java index 6b2c9fcd57..9231347fbb 100644 --- a/java/services/src/main/java/it/geosolutions/mapstore/utils/ResourceUtils.java +++ b/java/services/src/main/java/it/geosolutions/mapstore/utils/ResourceUtils.java @@ -18,7 +18,7 @@ import java.util.function.Predicate; import java.util.stream.Stream; -import javax.servlet.ServletContext; +import jakarta.servlet.ServletContext; public class ResourceUtils { diff --git a/java/services/src/test/java/it/geosolutions/mapstore/ConfigControllerTest.java b/java/services/src/test/java/it/geosolutions/mapstore/ConfigControllerTest.java index 636874cb4c..cf90f58068 100644 --- a/java/services/src/test/java/it/geosolutions/mapstore/ConfigControllerTest.java +++ b/java/services/src/test/java/it/geosolutions/mapstore/ConfigControllerTest.java @@ -12,7 +12,7 @@ import java.io.File; import java.io.IOException; -import javax.servlet.ServletContext; +import jakarta.servlet.ServletContext; import org.junit.Before; import org.junit.Test; diff --git a/java/services/src/test/java/it/geosolutions/mapstore/ExtensionsControllerTest.java b/java/services/src/test/java/it/geosolutions/mapstore/ExtensionsControllerTest.java index c9d4b7ef7d..c80ae54f48 100644 --- a/java/services/src/test/java/it/geosolutions/mapstore/ExtensionsControllerTest.java +++ b/java/services/src/test/java/it/geosolutions/mapstore/ExtensionsControllerTest.java @@ -13,7 +13,7 @@ import java.io.File; import java.io.IOException; -import javax.servlet.ServletContext; +import jakarta.servlet.ServletContext; import org.apache.commons.io.FileUtils; import org.junit.Before; diff --git a/java/services/src/test/java/it/geosolutions/mapstore/LoadAssetControllerTest.java b/java/services/src/test/java/it/geosolutions/mapstore/LoadAssetControllerTest.java index c5340ce194..4fa69bdc0a 100644 --- a/java/services/src/test/java/it/geosolutions/mapstore/LoadAssetControllerTest.java +++ b/java/services/src/test/java/it/geosolutions/mapstore/LoadAssetControllerTest.java @@ -14,7 +14,7 @@ import java.io.File; import java.io.IOException; -import javax.servlet.ServletContext; +import jakarta.servlet.ServletContext; import org.apache.commons.io.FileUtils; import org.junit.Before; diff --git a/java/services/src/test/java/it/geosolutions/mapstore/UploadPluginControllerTest.java b/java/services/src/test/java/it/geosolutions/mapstore/UploadPluginControllerTest.java index f9acd31110..b9940eb659 100644 --- a/java/services/src/test/java/it/geosolutions/mapstore/UploadPluginControllerTest.java +++ b/java/services/src/test/java/it/geosolutions/mapstore/UploadPluginControllerTest.java @@ -13,7 +13,7 @@ import org.mockito.Mockito; import org.mockito.stubbing.Answer; -import javax.servlet.ServletContext; +import jakarta.servlet.ServletContext; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.File; diff --git a/java/services/src/test/java/it/geosolutions/mapstore/controllers/rest/config/SetParamsControllerTest.java b/java/services/src/test/java/it/geosolutions/mapstore/controllers/rest/config/SetParamsControllerTest.java index e4f538c6b5..09b1463c33 100644 --- a/java/services/src/test/java/it/geosolutions/mapstore/controllers/rest/config/SetParamsControllerTest.java +++ b/java/services/src/test/java/it/geosolutions/mapstore/controllers/rest/config/SetParamsControllerTest.java @@ -7,7 +7,7 @@ */ package it.geosolutions.mapstore.controllers.rest.config; -import com.fasterxml.jackson.databind.ObjectMapper; +import tools.jackson.databind.ObjectMapper; import org.apache.commons.text.StringEscapeUtils; import org.junit.Test; import org.springframework.http.MediaType; diff --git a/java/services/src/test/java/it/geosolutions/mapstore/filters/NoCacheFilterTest.java b/java/services/src/test/java/it/geosolutions/mapstore/filters/NoCacheFilterTest.java index 6807524b1b..5d2012d65d 100644 --- a/java/services/src/test/java/it/geosolutions/mapstore/filters/NoCacheFilterTest.java +++ b/java/services/src/test/java/it/geosolutions/mapstore/filters/NoCacheFilterTest.java @@ -3,11 +3,11 @@ import org.junit.Test; import java.io.IOException; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.FilterChain; -import javax.servlet.http.HttpServletResponse; +import jakarta.servlet.ServletException; +import jakarta.servlet.ServletRequest; +import jakarta.servlet.ServletResponse; +import jakarta.servlet.FilterChain; +import jakarta.servlet.http.HttpServletResponse; import static org.mockito.Mockito.*; diff --git a/java/services/src/test/java/it/geosolutions/mapstore/utils/ResourceUtilsTest.java b/java/services/src/test/java/it/geosolutions/mapstore/utils/ResourceUtilsTest.java index 3c683b2f49..b15e3f310e 100644 --- a/java/services/src/test/java/it/geosolutions/mapstore/utils/ResourceUtilsTest.java +++ b/java/services/src/test/java/it/geosolutions/mapstore/utils/ResourceUtilsTest.java @@ -15,7 +15,7 @@ import java.io.IOException; import java.util.Optional; -import javax.servlet.ServletContext; +import jakarta.servlet.ServletContext; import org.junit.Before; import org.junit.Test; diff --git a/java/web/pom.xml b/java/web/pom.xml index a8adc7748b..a910b2c71c 100644 --- a/java/web/pom.xml +++ b/java/web/pom.xml @@ -50,8 +50,9 @@ - javax.servlet - javax.servlet-api + jakarta.servlet + jakarta.servlet-api + 5.0.0 @@ -64,8 +65,10 @@ commons-pool - javax.xml.ws - jaxws-api + jakarta.xml.ws + jakarta.xml.ws-api + 3.0.1 + provided diff --git a/java/web/src/main/webapp/WEB-INF/web.xml b/java/web/src/main/webapp/WEB-INF/web.xml index 5da51060fc..dd6e7d461f 100644 --- a/java/web/src/main/webapp/WEB-INF/web.xml +++ b/java/web/src/main/webapp/WEB-INF/web.xml @@ -1,5 +1,5 @@ - diff --git a/openrewrite.sh b/openrewrite.sh new file mode 100644 index 0000000000..f5fe10f66c --- /dev/null +++ b/openrewrite.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +git reset --hard master + +mvn -U org.openrewrite.maven:rewrite-maven-plugin:run \ +-Drewrite.recipeArtifactCoordinates=\ +org.openrewrite.recipe:rewrite-migrate-java:RELEASE,\ +org.openrewrite.recipe:rewrite-spring:RELEASE \ +-Drewrite.activeRecipes=\ +org.openrewrite.java.migrate.jakarta.UpdateJakartaPlatform11,\ +org.openrewrite.java.migrate.jakarta.JakartaEE11,\ +org.openrewrite.java.spring.framework.UpgradeSpringFramework_7_0,\ +org.openrewrite.java.spring.security7.UpgradeSpringSecurity_7_0 \ +-Drewrite.exportDatatables=true \ No newline at end of file diff --git a/pom.xml b/pom.xml index f0383e3ea3..94bf920f79 100644 --- a/pom.xml +++ b/pom.xml @@ -14,7 +14,7 @@ 8080 9.0.116 - 2.16.1 + 3.0.3 31.3 4.2.12 32.0.0-jre @@ -22,8 +22,8 @@ 3.4.0 - 5.3.39 - 5.7.13 + 7.0.6 + 7.0.5 3.2.2 @@ -31,9 +31,9 @@ 1.2 1.5.4 2.0.4 - 4.5.13 - 3.0.1 - 2.3.1 + 4.5.14 + 5.0.0 + 3.0.1 2.4.2-geoserver 1.13 4.13.2 @@ -79,7 +79,7 @@ - com.fasterxml.jackson + tools.jackson jackson-bom ${jackson.version} pom @@ -160,8 +160,8 @@ test - javax.servlet - javax.servlet-api + jakarta.servlet + jakarta.servlet-api ${javax.servlet-api.version} @@ -203,8 +203,8 @@ - javax.xml.ws - jaxws-api + jakarta.xml.ws + jakarta.xml.ws-api ${jaxws-api.version} @@ -234,7 +234,7 @@ - com.fasterxml.jackson.core + tools.jackson.core jackson-core ${jackson.version} @@ -244,7 +244,7 @@ ${jackson.version} - com.fasterxml.jackson.core + tools.jackson.core jackson-databind ${jackson.version} diff --git a/project/standard/templates/web/src/main/webapp/WEB-INF/web.xml b/project/standard/templates/web/src/main/webapp/WEB-INF/web.xml index 03b4a380c0..ec4d4c9f70 100644 --- a/project/standard/templates/web/src/main/webapp/WEB-INF/web.xml +++ b/project/standard/templates/web/src/main/webapp/WEB-INF/web.xml @@ -1,5 +1,5 @@ - From 394bcee9ae21acf5caee5a24ac7ff6d9bdccdf12 Mon Sep 17 00:00:00 2001 From: Alessandro Ricchiuti Date: Wed, 6 May 2026 18:10:11 +0200 Subject: [PATCH 02/17] not yet ready for jackson3 --- java/services/pom.xml | 8 ++----- .../controllers/BaseConfigController.java | 4 ++-- .../rest/config/SetParamsController.java | 22 +++++++++---------- .../rest/config/UploadPluginController.java | 22 +++++++++---------- .../rest/config/SetParamsControllerTest.java | 2 +- java/web/pom.xml | 3 --- pom.xml | 8 +++---- 7 files changed, 31 insertions(+), 38 deletions(-) diff --git a/java/services/pom.xml b/java/services/pom.xml index c766adc2ce..32519f0e00 100644 --- a/java/services/pom.xml +++ b/java/services/pom.xml @@ -86,11 +86,9 @@ - jakarta.servlet jakarta.servlet-api - 5.0.0 @@ -100,9 +98,8 @@ - tools.jackson.core + com.fasterxml.jackson.core jackson-core - 3.0.3 @@ -111,9 +108,8 @@ - tools.jackson.core + com.fasterxml.jackson.core jackson-databind - 3.0.3 diff --git a/java/services/src/main/java/it/geosolutions/mapstore/controllers/BaseConfigController.java b/java/services/src/main/java/it/geosolutions/mapstore/controllers/BaseConfigController.java index d1692e69b7..82c28c806f 100644 --- a/java/services/src/main/java/it/geosolutions/mapstore/controllers/BaseConfigController.java +++ b/java/services/src/main/java/it/geosolutions/mapstore/controllers/BaseConfigController.java @@ -28,8 +28,8 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.ResponseStatus; -import tools.jackson.databind.JsonNode; -import tools.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; import com.github.fge.jsonpatch.JsonPatch; import com.github.fge.jsonpatch.JsonPatchException; diff --git a/java/services/src/main/java/it/geosolutions/mapstore/controllers/rest/config/SetParamsController.java b/java/services/src/main/java/it/geosolutions/mapstore/controllers/rest/config/SetParamsController.java index 1bad3704a5..29848633cc 100644 --- a/java/services/src/main/java/it/geosolutions/mapstore/controllers/rest/config/SetParamsController.java +++ b/java/services/src/main/java/it/geosolutions/mapstore/controllers/rest/config/SetParamsController.java @@ -7,12 +7,14 @@ */ package it.geosolutions.mapstore.controllers.rest.config; -import tools.jackson.databind.JsonNode; -import tools.jackson.databind.ObjectMapper; -import tools.jackson.databind.node.JsonNodeFactory; -import tools.jackson.databind.node.NullNode; -import tools.jackson.databind.node.ObjectNode; -import tools.jackson.databind.node.ValueNode; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.node.JsonNodeFactory; +import com.fasterxml.jackson.databind.node.NullNode; +import com.fasterxml.jackson.databind.node.ObjectNode; +import com.fasterxml.jackson.databind.node.TextNode; +import com.fasterxml.jackson.databind.node.ValueNode; import it.geosolutions.mapstore.controllers.BaseConfigController; import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.StringUtils; @@ -26,8 +28,6 @@ import org.springframework.web.bind.annotation.RequestHeader; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; -import tools.jackson.core.JacksonException; -import tools.jackson.databind.node.StringNode; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import java.io.IOException; @@ -119,8 +119,8 @@ private String getPage(JsonNode node){ throw new UnsupportedOperationException(error); } - if (pageNode instanceof StringNode){ - pageStr=pageNode.asString(); + if (pageNode instanceof TextNode){ + pageStr=pageNode.asText(); } } if (pageStr==null) pageStr=DEF_PAGE; @@ -146,7 +146,7 @@ private ObjectNode mapToJSONObject(Map map){ try { JsonNode node=mapper.readTree(val); resultJSON.set(k,node); - }catch (JacksonException e){ + }catch (JsonProcessingException e){ resultJSON.set(k,factory.textNode(val)); } } diff --git a/java/services/src/main/java/it/geosolutions/mapstore/controllers/rest/config/UploadPluginController.java b/java/services/src/main/java/it/geosolutions/mapstore/controllers/rest/config/UploadPluginController.java index aa48f755c5..e2361cc8ca 100644 --- a/java/services/src/main/java/it/geosolutions/mapstore/controllers/rest/config/UploadPluginController.java +++ b/java/services/src/main/java/it/geosolutions/mapstore/controllers/rest/config/UploadPluginController.java @@ -7,11 +7,11 @@ */ package it.geosolutions.mapstore.controllers.rest.config; -import tools.jackson.databind.JsonNode; -import tools.jackson.databind.ObjectMapper; -import tools.jackson.databind.node.ArrayNode; -import tools.jackson.databind.node.JsonNodeFactory; -import tools.jackson.databind.node.ObjectNode; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.node.ArrayNode; +import com.fasterxml.jackson.databind.node.JsonNodeFactory; +import com.fasterxml.jackson.databind.node.ObjectNode; import it.geosolutions.mapstore.controllers.BaseMapStoreController; import it.geosolutions.mapstore.utils.ResourceUtils; import org.apache.commons.io.FileUtils; @@ -99,7 +99,7 @@ public class UploadPluginController extends BaseMapStoreController { plugin = plugins.get(0); ((ObjectNode) plugin).put("extension", true); - pluginName = plugin.get("name").asString(); + pluginName = plugin.get("name").asText(); validatePluginName(pluginName); // SECURITY: ensure folder-safe name if (shouldStorePluginsConfigAsPatch()) { @@ -226,7 +226,7 @@ private boolean canUseDataDir() { ObjectNode configObj = getExtensionConfig(); if (configObj.has(pluginName)) { JsonNode pluginConfig = configObj.get(pluginName); - String pluginBundle = pluginConfig.get("bundle").asString(); + String pluginBundle = pluginConfig.get("bundle").asText(); String pluginFolder = pluginBundle.substring(0, pluginBundle.lastIndexOf("/")); // Compute the folder to remove relative to extensions root @@ -249,8 +249,8 @@ private boolean canUseDataDir() { int toRemove = -1; for (int i = 0; i < plugins.size(); i++) { JsonNode plugin = plugins.get(i); - String name = plugin.has("name") ? plugin.get("name").asString() - : plugin.get("value").get("name").asString(); + String name = plugin.has("name") ? plugin.get("name").asText() + : plugin.get("value").get("name").asText(); if (name.contentEquals(pluginName)) { toRemove = i; } @@ -371,7 +371,7 @@ private void addPluginConfiguration(JsonNode json) throws IOException { int remove = -1; for (int count = 0; count < plugins.size(); count++) { JsonNode node = plugins.get(count); - if (json.get("name").asString().equals(node.get("name").asString())) { + if (json.get("name").asText().equals(node.get("name").asText())) { remove = count; } } @@ -401,7 +401,7 @@ private void addPluginConfigurationAsPatch(JsonNode json) throws IOException { int remove = -1; for (int count = 0; count < config.size(); count++) { JsonNode node = config.get(count); - if (json.get("name").asString().equals(node.get("value").get("name").asString())) { + if (json.get("name").asText().equals(node.get("value").get("name").asText())) { remove = count; } } diff --git a/java/services/src/test/java/it/geosolutions/mapstore/controllers/rest/config/SetParamsControllerTest.java b/java/services/src/test/java/it/geosolutions/mapstore/controllers/rest/config/SetParamsControllerTest.java index 09b1463c33..e4f538c6b5 100644 --- a/java/services/src/test/java/it/geosolutions/mapstore/controllers/rest/config/SetParamsControllerTest.java +++ b/java/services/src/test/java/it/geosolutions/mapstore/controllers/rest/config/SetParamsControllerTest.java @@ -7,7 +7,7 @@ */ package it.geosolutions.mapstore.controllers.rest.config; -import tools.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.ObjectMapper; import org.apache.commons.text.StringEscapeUtils; import org.junit.Test; import org.springframework.http.MediaType; diff --git a/java/web/pom.xml b/java/web/pom.xml index a910b2c71c..d7023f0611 100644 --- a/java/web/pom.xml +++ b/java/web/pom.xml @@ -52,7 +52,6 @@ jakarta.servlet jakarta.servlet-api - 5.0.0 @@ -67,8 +66,6 @@ jakarta.xml.ws jakarta.xml.ws-api - 3.0.1 - provided diff --git a/pom.xml b/pom.xml index 94bf920f79..ea99a3e54a 100644 --- a/pom.xml +++ b/pom.xml @@ -14,7 +14,7 @@ 8080 9.0.116 - 3.0.3 + 2.16.1 31.3 4.2.12 32.0.0-jre @@ -79,7 +79,7 @@ - tools.jackson + com.fasterxml.jackson jackson-bom ${jackson.version} pom @@ -234,7 +234,7 @@ - tools.jackson.core + com.fasterxml.jackson.core jackson-core ${jackson.version} @@ -244,7 +244,7 @@ ${jackson.version} - tools.jackson.core + com.fasterxml.jackson.core jackson-databind ${jackson.version} From bc1705c52657f977669aec166a346c03f44f2065 Mon Sep 17 00:00:00 2001 From: Alessandro Ricchiuti Date: Wed, 6 May 2026 18:41:46 +0200 Subject: [PATCH 03/17] jakarta --- binary/tomcat/conf/web.xml | 3 +- java/web/src/main/webapp/WEB-INF/web.xml | 2 +- pom.xml | 63 ++++++++++++++----- .../web/src/main/webapp/WEB-INF/web.xml | 2 +- 4 files changed, 50 insertions(+), 20 deletions(-) diff --git a/binary/tomcat/conf/web.xml b/binary/tomcat/conf/web.xml index 6caf5b60a1..09d0d44fc4 100644 --- a/binary/tomcat/conf/web.xml +++ b/binary/tomcat/conf/web.xml @@ -17,8 +17,7 @@ --> diff --git a/java/web/src/main/webapp/WEB-INF/web.xml b/java/web/src/main/webapp/WEB-INF/web.xml index dd6e7d461f..009e42843d 100644 --- a/java/web/src/main/webapp/WEB-INF/web.xml +++ b/java/web/src/main/webapp/WEB-INF/web.xml @@ -1,7 +1,7 @@ + xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/web-app_6_0.xsd"> diff --git a/pom.xml b/pom.xml index ea99a3e54a..33117b7227 100644 --- a/pom.xml +++ b/pom.xml @@ -22,7 +22,7 @@ 3.4.0 - 7.0.6 + 7.0.7 7.0.5 @@ -32,8 +32,8 @@ 1.5.4 2.0.4 4.5.14 - 5.0.0 - 3.0.1 + 6.1.0 + 4.0.3 2.4.2-geoserver 1.13 4.13.2 @@ -223,6 +223,22 @@ javax.annotation javax.annotation-api + + jakarta.activation + jakarta.activation-api + + + jakarta.annotation + jakarta.annotation-api + + + jakarta.xml.bind + jakarta.xml.bind-api + + + jakarta.xml.soap + jakarta.xml.soap-api + @@ -359,6 +375,10 @@ org.apache.httpcomponents httpcore + + jakarta.xml.bind + jakarta.xml.bind-api + @@ -458,6 +478,30 @@ binary + + owasp + + + owasp + + + + + + org.owasp + dependency-check-maven + 12.2.2 + + + + check + + + + + + + @@ -498,19 +542,6 @@ - - org.owasp - dependency-check-maven - 9.0.9 - - true - - - - check - - - diff --git a/project/standard/templates/web/src/main/webapp/WEB-INF/web.xml b/project/standard/templates/web/src/main/webapp/WEB-INF/web.xml index ec4d4c9f70..8424664743 100644 --- a/project/standard/templates/web/src/main/webapp/WEB-INF/web.xml +++ b/project/standard/templates/web/src/main/webapp/WEB-INF/web.xml @@ -1,7 +1,7 @@ + xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/web-app_6_0.xsd"> From db43ba02aa4a7960fdf4782b1a246c13fccf5762 Mon Sep 17 00:00:00 2001 From: Alessandro Ricchiuti Date: Tue, 12 May 2026 18:39:47 +0200 Subject: [PATCH 04/17] spring security filters --- .../main/webapp/WEB-INF/configs-servlet.xml | 2 +- .../webapp/WEB-INF/extensions-servlet.xml | 2 +- .../webapp/WEB-INF/loadAssets-servlet.xml | 2 +- .../config/db/geostore-spring-security-db.xml | 52 ++++++++++++------- .../ldap/geostore-spring-security-ldap.xml | 22 ++++---- .../main/webapp/WEB-INF/configs-servlet.xml | 2 +- .../webapp/WEB-INF/extensions-servlet.xml | 2 +- .../webapp/WEB-INF/loadAssets-servlet.xml | 2 +- .../config/db/geostore-spring-security-db.xml | 51 ++++++++++++------ .../ldap/geostore-spring-security-ldap.xml | 30 ++++++----- 10 files changed, 107 insertions(+), 60 deletions(-) diff --git a/java/web/src/main/webapp/WEB-INF/configs-servlet.xml b/java/web/src/main/webapp/WEB-INF/configs-servlet.xml index 247b9626c2..dceda537f3 100644 --- a/java/web/src/main/webapp/WEB-INF/configs-servlet.xml +++ b/java/web/src/main/webapp/WEB-INF/configs-servlet.xml @@ -13,7 +13,7 @@ http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd"> - + diff --git a/java/web/src/main/webapp/WEB-INF/extensions-servlet.xml b/java/web/src/main/webapp/WEB-INF/extensions-servlet.xml index ab32ad3d73..b53c78d8c9 100644 --- a/java/web/src/main/webapp/WEB-INF/extensions-servlet.xml +++ b/java/web/src/main/webapp/WEB-INF/extensions-servlet.xml @@ -13,7 +13,7 @@ http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd"> - + diff --git a/java/web/src/main/webapp/WEB-INF/loadAssets-servlet.xml b/java/web/src/main/webapp/WEB-INF/loadAssets-servlet.xml index c1c1ab9387..a6e59eb1f1 100644 --- a/java/web/src/main/webapp/WEB-INF/loadAssets-servlet.xml +++ b/java/web/src/main/webapp/WEB-INF/loadAssets-servlet.xml @@ -13,7 +13,7 @@ http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd"> - + diff --git a/product/config/db/geostore-spring-security-db.xml b/product/config/db/geostore-spring-security-db.xml index 1b7a90bc60..1afed45c1e 100644 --- a/product/config/db/geostore-spring-security-db.xml +++ b/product/config/db/geostore-spring-security-db.xml @@ -15,58 +15,74 @@ - + - + - - - + + + + + + + + + - + - + - + - + - - + - - + + - - + + - + - + - + diff --git a/product/config/ldap/geostore-spring-security-ldap.xml b/product/config/ldap/geostore-spring-security-ldap.xml index 98487d1245..982718308d 100644 --- a/product/config/ldap/geostore-spring-security-ldap.xml +++ b/product/config/ldap/geostore-spring-security-ldap.xml @@ -18,16 +18,16 @@ - - - + + + @@ -38,13 +38,17 @@ class="it.geosolutions.geostore.services.rest.security.UserServiceAuthenticationProvider"> - - + + - - + + diff --git a/project/standard/templates/web/src/main/webapp/WEB-INF/configs-servlet.xml b/project/standard/templates/web/src/main/webapp/WEB-INF/configs-servlet.xml index 9eddc99811..9cf39d6c41 100644 --- a/project/standard/templates/web/src/main/webapp/WEB-INF/configs-servlet.xml +++ b/project/standard/templates/web/src/main/webapp/WEB-INF/configs-servlet.xml @@ -12,7 +12,7 @@ http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd"> - + diff --git a/project/standard/templates/web/src/main/webapp/WEB-INF/extensions-servlet.xml b/project/standard/templates/web/src/main/webapp/WEB-INF/extensions-servlet.xml index 206c71b8f4..25d0d06bf9 100644 --- a/project/standard/templates/web/src/main/webapp/WEB-INF/extensions-servlet.xml +++ b/project/standard/templates/web/src/main/webapp/WEB-INF/extensions-servlet.xml @@ -12,7 +12,7 @@ http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd"> - + diff --git a/project/standard/templates/web/src/main/webapp/WEB-INF/loadAssets-servlet.xml b/project/standard/templates/web/src/main/webapp/WEB-INF/loadAssets-servlet.xml index 28d407bae1..220ee5b9e5 100644 --- a/project/standard/templates/web/src/main/webapp/WEB-INF/loadAssets-servlet.xml +++ b/project/standard/templates/web/src/main/webapp/WEB-INF/loadAssets-servlet.xml @@ -12,7 +12,7 @@ http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd"> - + diff --git a/web/src/config/db/geostore-spring-security-db.xml b/web/src/config/db/geostore-spring-security-db.xml index 7c0c068795..5f8fe60612 100644 --- a/web/src/config/db/geostore-spring-security-db.xml +++ b/web/src/config/db/geostore-spring-security-db.xml @@ -15,53 +15,74 @@ - + - + - - + + + + + + + + + - + - + - + - + - + - + + + + - + + - + - + - + - diff --git a/web/src/config/ldap/geostore-spring-security-ldap.xml b/web/src/config/ldap/geostore-spring-security-ldap.xml index 067ce5a79c..8553bb7d15 100644 --- a/web/src/config/ldap/geostore-spring-security-ldap.xml +++ b/web/src/config/ldap/geostore-spring-security-ldap.xml @@ -18,16 +18,17 @@ - + - - + + + @@ -38,13 +39,17 @@ class="it.geosolutions.geostore.services.rest.security.UserServiceAuthenticationProvider"> - - + + - - + + @@ -109,9 +114,9 @@ - - - + + + + From 25f2650fa7ab8775de46045638c48812c34ed3ec Mon Sep 17 00:00:00 2001 From: Alessandro Ricchiuti Date: Tue, 12 May 2026 18:40:50 +0200 Subject: [PATCH 05/17] removed gzip compression filter due to incompatibility. --- java/web/pom.xml | 5 ----- java/web/src/main/webapp/WEB-INF/web.xml | 17 ----------------- pom.xml | 6 ------ project/standard/templates/pom.xml | 1 - project/standard/templates/web/pom.xml | 12 ------------ .../web/src/main/webapp/WEB-INF/web.xml | 18 ------------------ 6 files changed, 59 deletions(-) diff --git a/java/web/pom.xml b/java/web/pom.xml index d7023f0611..e77e5665a8 100644 --- a/java/web/pom.xml +++ b/java/web/pom.xml @@ -53,11 +53,6 @@ jakarta.servlet jakarta.servlet-api - - - net.sf.ehcache - ehcache-web - commons-pool diff --git a/java/web/src/main/webapp/WEB-INF/web.xml b/java/web/src/main/webapp/WEB-INF/web.xml index 009e42843d..b1b3ca7040 100644 --- a/java/web/src/main/webapp/WEB-INF/web.xml +++ b/java/web/src/main/webapp/WEB-INF/web.xml @@ -54,23 +54,6 @@ /rest/* - - - CompressionFilter - net.sf.ehcache.constructs.web.filter.GzipFilter - - - CompressionFilter - *.css - - - CompressionFilter - *.html - - - CompressionFilter - *.js - noCacheFilter diff --git a/pom.xml b/pom.xml index 33117b7227..b19882c476 100644 --- a/pom.xml +++ b/pom.xml @@ -30,7 +30,6 @@ 2.14.0 1.2 1.5.4 - 2.0.4 4.5.14 6.1.0 4.0.3 @@ -164,11 +163,6 @@ jakarta.servlet-api ${javax.servlet-api.version} - - net.sf.ehcache - ehcache-web - ${ehcache-web.version} - commons-pool commons-pool diff --git a/project/standard/templates/pom.xml b/project/standard/templates/pom.xml index 550e183e56..9de14aad84 100644 --- a/project/standard/templates/pom.xml +++ b/project/standard/templates/pom.xml @@ -21,7 +21,6 @@ 5.3.39 1.5.4 - 2.0.4 4.5.13 3.0.1 2.3.1 diff --git a/project/standard/templates/web/pom.xml b/project/standard/templates/web/pom.xml index 18b238fd7f..4449e45d1d 100644 --- a/project/standard/templates/web/pom.xml +++ b/project/standard/templates/web/pom.xml @@ -63,12 +63,6 @@ javax.servlet-api ${javax.servlet-api.version} - - - net.sf.ehcache - ehcache-web - ${ehcache-web.version} - commons-pool @@ -496,12 +490,6 @@ javax.servlet-api ${javax.servlet-api.version} - - - net.sf.ehcache - ehcache-web - ${ehcache-web.version} - commons-pool diff --git a/project/standard/templates/web/src/main/webapp/WEB-INF/web.xml b/project/standard/templates/web/src/main/webapp/WEB-INF/web.xml index 8424664743..869be321bf 100644 --- a/project/standard/templates/web/src/main/webapp/WEB-INF/web.xml +++ b/project/standard/templates/web/src/main/webapp/WEB-INF/web.xml @@ -54,24 +54,6 @@ /rest/* - - - CompressionFilter - net.sf.ehcache.constructs.web.filter.GzipFilter - - - CompressionFilter - *.css - - - CompressionFilter - *.html - - - CompressionFilter - *.js - - noCacheFilter From 7eaafc8e55d3868ee9d114fad61bb098ad91ccfe Mon Sep 17 00:00:00 2001 From: Alessandro Ricchiuti Date: Tue, 12 May 2026 18:41:26 +0200 Subject: [PATCH 06/17] tomcat 10 --- binary/bin-war/pom.xml | 2 +- binary/pom.xml | 2 +- pom.xml | 2 +- product/pom.xml | 2 +- project/standard/templates/pom.xml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/binary/bin-war/pom.xml b/binary/bin-war/pom.xml index 72c10bbe1a..690461565a 100644 --- a/binary/bin-war/pom.xml +++ b/binary/bin-war/pom.xml @@ -14,7 +14,7 @@ http://www.geo-solutions.it UTF-8 - 9.0.116 + 10.1.54 ${mapstore2.version} diff --git a/binary/pom.xml b/binary/pom.xml index 25531bf046..354e9ef8f1 100644 --- a/binary/pom.xml +++ b/binary/pom.xml @@ -13,7 +13,7 @@ http://www.geo-solutions.it UTF-8 - 9.0.116 + 10.1.54 ${mapstore2.version} diff --git a/pom.xml b/pom.xml index b19882c476..b44584af31 100644 --- a/pom.xml +++ b/pom.xml @@ -13,7 +13,7 @@ 8080 - 9.0.116 + 10.1.54 2.16.1 31.3 4.2.12 diff --git a/product/pom.xml b/product/pom.xml index c2b79945cc..c664beff7d 100644 --- a/product/pom.xml +++ b/product/pom.xml @@ -276,7 +276,7 @@ ${cargo.version} - tomcat9x + tomcat10x ${datadir.location} ${security.integration} diff --git a/project/standard/templates/pom.xml b/project/standard/templates/pom.xml index 9de14aad84..3e3609ab57 100644 --- a/project/standard/templates/pom.xml +++ b/project/standard/templates/pom.xml @@ -12,7 +12,7 @@ UTF-8 8080 - 9.0.116 + 10.1.54 2.16.1 2.6 3.4.0 From 43a721bd6a414ee15257bef3a88eb2ff63c73178 Mon Sep 17 00:00:00 2001 From: Alessandro Ricchiuti Date: Wed, 13 May 2026 18:30:26 +0200 Subject: [PATCH 07/17] cargo upgrade and logging settings. --- pom.xml | 2 +- product/cargo/logging.properties | 79 ++++++++++++++++++++++++++++++++ product/pom.xml | 1 + 3 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 product/cargo/logging.properties diff --git a/pom.xml b/pom.xml index b44584af31..9b6412015b 100644 --- a/pom.xml +++ b/pom.xml @@ -40,7 +40,7 @@ 2.1.3 4.0.0 1.7.25 - 1.10.2 + 1.10.27 2.5-SNAPSHOT diff --git a/product/cargo/logging.properties b/product/cargo/logging.properties new file mode 100644 index 0000000000..0bee6b30e0 --- /dev/null +++ b/product/cargo/logging.properties @@ -0,0 +1,79 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +handlers = 1catalina.org.apache.juli.AsyncFileHandler, 2localhost.org.apache.juli.AsyncFileHandler, 3manager.org.apache.juli.AsyncFileHandler, 4host-manager.org.apache.juli.AsyncFileHandler, java.util.logging.ConsoleHandler + +.handlers = 1catalina.org.apache.juli.AsyncFileHandler, java.util.logging.ConsoleHandler + +############################################################ +# Handler specific properties. +# Describes specific configuration info for Handlers. +############################################################ + +1catalina.org.apache.juli.AsyncFileHandler.level = ALL +1catalina.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs +1catalina.org.apache.juli.AsyncFileHandler.prefix = catalina. +1catalina.org.apache.juli.AsyncFileHandler.maxDays = 90 +1catalina.org.apache.juli.AsyncFileHandler.encoding = UTF-8 + +2localhost.org.apache.juli.AsyncFileHandler.level = ALL +2localhost.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs +2localhost.org.apache.juli.AsyncFileHandler.prefix = localhost. +2localhost.org.apache.juli.AsyncFileHandler.maxDays = 90 +2localhost.org.apache.juli.AsyncFileHandler.encoding = UTF-8 + +3manager.org.apache.juli.AsyncFileHandler.level = ALL +3manager.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs +3manager.org.apache.juli.AsyncFileHandler.prefix = manager. +3manager.org.apache.juli.AsyncFileHandler.maxDays = 90 +3manager.org.apache.juli.AsyncFileHandler.encoding = UTF-8 + +4host-manager.org.apache.juli.AsyncFileHandler.level = ALL +4host-manager.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs +4host-manager.org.apache.juli.AsyncFileHandler.prefix = host-manager. +4host-manager.org.apache.juli.AsyncFileHandler.maxDays = 90 +4host-manager.org.apache.juli.AsyncFileHandler.encoding = UTF-8 + +java.util.logging.ConsoleHandler.level = ALL +java.util.logging.ConsoleHandler.formatter = org.apache.juli.OneLineFormatter +java.util.logging.ConsoleHandler.encoding = UTF-8 + + +############################################################ +# Facility specific properties. +# Provides extra control for each logger. +############################################################ + +org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = INFO +org.apache.catalina.core.ContainerBase.[Catalina].[localhost].handlers = 2localhost.org.apache.juli.AsyncFileHandler + +org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].level = INFO +org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].handlers = 3manager.org.apache.juli.AsyncFileHandler + +org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].level = INFO +org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].handlers = 4host-manager.org.apache.juli.AsyncFileHandler + +# For example, set the org.apache.catalina.util.LifecycleBase logger to log +# each component that extends LifecycleBase changing state: +#org.apache.catalina.util.LifecycleBase.level = FINE + +# To see debug messages for HTTP/2 handling, uncomment the following line: +#org.apache.coyote.http2.level = FINE + +# To see debug messages for WebSocket handling, uncomment the following line: +#org.apache.tomcat.websocket.level = FINE + +# MapStore debugging +#org.apache.catalina.core.StandardContext.level = FINE diff --git a/product/pom.xml b/product/pom.xml index c664beff7d..2c2fdb6c1e 100644 --- a/product/pom.xml +++ b/product/pom.xml @@ -297,6 +297,7 @@ ${backend.debug.args} --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED + -Djava.util.logging.config.file=${project.basedir}/cargo/logging.properties ${tomcat.port} low From d19e7fcf5a7b3043883d666c2c127079d71db62e Mon Sep 17 00:00:00 2001 From: Alessandro Ricchiuti Date: Mon, 18 May 2026 16:48:16 +0200 Subject: [PATCH 08/17] jakarta servlet 6 and tomcat 11 --- binary/bin-war/pom.xml | 2 +- binary/pom.xml | 2 +- java/web/pom.xml | 5 ---- pom.xml | 35 ++++++-------------------- product/pom.xml | 2 +- project/standard/templates/pom.xml | 6 ++--- project/standard/templates/web/pom.xml | 4 +-- 7 files changed, 15 insertions(+), 41 deletions(-) diff --git a/binary/bin-war/pom.xml b/binary/bin-war/pom.xml index 690461565a..792ce108f2 100644 --- a/binary/bin-war/pom.xml +++ b/binary/bin-war/pom.xml @@ -14,7 +14,7 @@ http://www.geo-solutions.it UTF-8 - 10.1.54 + 11.0.22 ${mapstore2.version} diff --git a/binary/pom.xml b/binary/pom.xml index 354e9ef8f1..7f055ae24a 100644 --- a/binary/pom.xml +++ b/binary/pom.xml @@ -13,7 +13,7 @@ http://www.geo-solutions.it UTF-8 - 10.1.54 + 11.0.22 ${mapstore2.version} diff --git a/java/web/pom.xml b/java/web/pom.xml index e77e5665a8..279497748c 100644 --- a/java/web/pom.xml +++ b/java/web/pom.xml @@ -53,11 +53,6 @@ jakarta.servlet jakarta.servlet-api - - - commons-pool - commons-pool - jakarta.xml.ws jakarta.xml.ws-api diff --git a/pom.xml b/pom.xml index 9b6412015b..734f705256 100644 --- a/pom.xml +++ b/pom.xml @@ -13,9 +13,8 @@ 8080 - 10.1.54 + 11.0.22 2.16.1 - 31.3 4.2.12 32.0.0-jre 2.6 @@ -29,27 +28,24 @@ 3.2.2 2.14.0 1.2 - 1.5.4 - 4.5.14 - 6.1.0 + 6.1.0 4.0.3 2.4.2-geoserver 1.13 4.13.2 - 2.19.0 + 2.26.0 2.1.3 4.0.0 1.7.25 1.10.27 - 2.5-SNAPSHOT + 2.7-SNAPSHOT 2.3.4 1.6-SNAPSHOT - 2.3 - 3.17.0 + 3.20.0 1.13.0 @@ -139,13 +135,6 @@ - - - org.apache.httpcomponents - httpclient - ${httpclient.version} - - junit junit @@ -161,17 +150,7 @@ jakarta.servlet jakarta.servlet-api - ${javax.servlet-api.version} - - - commons-pool - commons-pool - ${commons-pool.version} - - - commons-lang - commons-lang - ${commons-lang-version} + ${jakarta.servlet-api.version} org.apache.commons @@ -274,7 +253,7 @@ - + it.geosolutions.geostore geostore-webapp diff --git a/product/pom.xml b/product/pom.xml index 2c2fdb6c1e..18add31392 100644 --- a/product/pom.xml +++ b/product/pom.xml @@ -276,7 +276,7 @@ ${cargo.version} - tomcat10x + tomcat11x ${datadir.location} ${security.integration} diff --git a/project/standard/templates/pom.xml b/project/standard/templates/pom.xml index 3e3609ab57..034d200390 100644 --- a/project/standard/templates/pom.xml +++ b/project/standard/templates/pom.xml @@ -12,7 +12,7 @@ UTF-8 8080 - 10.1.54 + 11.0.22 2.16.1 2.6 3.4.0 @@ -22,14 +22,14 @@ 1.5.4 4.5.13 - 3.0.1 + 6.1.0 2.3.1 4.13.2 4.0.0 1.10.2 1.10-SNAPSHOT - 2.5-SNAPSHOT + 2.7-SNAPSHOT 1.6-SNAPSHOT 2.3.4 diff --git a/project/standard/templates/web/pom.xml b/project/standard/templates/web/pom.xml index 4449e45d1d..53135dcaa9 100644 --- a/project/standard/templates/web/pom.xml +++ b/project/standard/templates/web/pom.xml @@ -61,7 +61,7 @@ javax.servlet javax.servlet-api - ${javax.servlet-api.version} + ${jakarta.servlet-api.version} @@ -488,7 +488,7 @@ javax.servlet javax.servlet-api - ${javax.servlet-api.version} + ${jakarta.servlet-api.version} From 8e2690bbba1932b325812c8cc0550a3da65da581 Mon Sep 17 00:00:00 2001 From: Alessandro Ricchiuti Date: Mon, 18 May 2026 18:16:40 +0200 Subject: [PATCH 09/17] mapfish-print upgrade --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 734f705256..7fb40100d6 100644 --- a/pom.xml +++ b/pom.xml @@ -41,7 +41,7 @@ 2.7-SNAPSHOT - 2.3.4 + 2.5-SNAPSHOT 1.6-SNAPSHOT From c71335be450b279c8dba8fa3dde67e41909fd189 Mon Sep 17 00:00:00 2001 From: Alessandro Ricchiuti Date: Mon, 18 May 2026 18:17:06 +0200 Subject: [PATCH 10/17] pom template alignment --- project/standard/templates/pom.xml | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/project/standard/templates/pom.xml b/project/standard/templates/pom.xml index 034d200390..1273fcf3a8 100644 --- a/project/standard/templates/pom.xml +++ b/project/standard/templates/pom.xml @@ -17,21 +17,19 @@ 2.6 3.4.0 - 5.7.13 - 5.3.39 + 7.0.7 + 7.0.5 - 1.5.4 - 4.5.13 6.1.0 - 2.3.1 + 4.0.3 4.13.2 4.0.0 - 1.10.2 + 1.10.27 - 1.10-SNAPSHOT + 1.12-SNAPSHOT 2.7-SNAPSHOT 1.6-SNAPSHOT - 2.3.4 + 2.5-SNAPSHOT From 83b3ac66ff7b0979f3d57c4ba880ccc30a0b66e4 Mon Sep 17 00:00:00 2001 From: Alessandro Ricchiuti Date: Tue, 26 May 2026 11:11:07 +0200 Subject: [PATCH 11/17] moved github workflows to JDK 21. --- .github/workflows/CI.yml | 12 ++++-------- .github/workflows/build.yml | 2 +- .github/workflows/create_release.yml | 2 +- .github/workflows/post_release.yml | 4 ++-- .github/workflows/pre_release.yml | 4 ++-- 5 files changed, 10 insertions(+), 14 deletions(-) diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index da7e99a448..113f7928fd 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -78,7 +78,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - java-version: ['11.x', '17.x', '21.x'] + java-version: ['17.x', '21.x'] fail-fast: false steps: - name: "checking out" @@ -110,19 +110,15 @@ jobs: strategy: matrix: node-version: ['20.x', '22.x', '24.x'] - java-version: ['11.x', '17.x', '21.x'] + java-version: ['17.x', '21.x'] # Reduce the combinations to reduce the total number of jobs exclude: - node-version: '20.x' java-version: '17.x' - node-version: '20.x' java-version: '21.x' - - node-version: '22.x' - java-version: '11.x' - node-version: '22.x' java-version: '21.x' - - node-version: '24.x' - java-version: '11.x' - node-version: '24.x' java-version: '17.x' fail-fast: false @@ -200,14 +196,14 @@ jobs: uses: actions/setup-java@v3 with: distribution: 'temurin' - java-version: '11.x' + java-version: '21.x' ############ # Publish ########## - name: Set up Maven Central Repository uses: actions/setup-java@v3 with: - java-version: '11' + java-version: '21' distribution: 'temurin' server-id: geosolutions server-username: MAVEN_USERNAME diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4e3f2f5f5f..ca95635660 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -22,7 +22,7 @@ jobs: uses: actions/setup-java@v3 with: distribution: 'temurin' - java-version: '11.x' + java-version: '21.x' ############ # CACHING ########## diff --git a/.github/workflows/create_release.yml b/.github/workflows/create_release.yml index 09b8de786c..881f22c7ef 100644 --- a/.github/workflows/create_release.yml +++ b/.github/workflows/create_release.yml @@ -41,7 +41,7 @@ jobs: - name: "setting up Java" uses: actions/setup-java@v1 with: - java-version: '11.x' + java-version: '21.x' ############ # CACHING ########## diff --git a/.github/workflows/post_release.yml b/.github/workflows/post_release.yml index d6b564668b..d28a69063b 100644 --- a/.github/workflows/post_release.yml +++ b/.github/workflows/post_release.yml @@ -21,10 +21,10 @@ jobs: script: | core.setFailed('This workflow can not run on master branch') - uses: actions/checkout@v3 - - name: Set up JDK 11 + - name: Set up JDK 21 uses: actions/setup-java@v3 with: - java-version: '11.x' + java-version: '21.x' distribution: 'adopt' cache: maven diff --git a/.github/workflows/pre_release.yml b/.github/workflows/pre_release.yml index ca21e705e1..322eee33bc 100644 --- a/.github/workflows/pre_release.yml +++ b/.github/workflows/pre_release.yml @@ -37,10 +37,10 @@ jobs: script: | core.setFailed('This workflow can not run on master branch') - uses: actions/checkout@v3 - - name: Set up JDK 11 + - name: Set up JDK 21 uses: actions/setup-java@v3 with: - java-version: '11.x' + java-version: '21.x' distribution: 'adopt' cache: maven From 4326adeb6f30b196c9d3c41c701e861f50c4f7c0 Mon Sep 17 00:00:00 2001 From: Alessandro Ricchiuti Date: Tue, 16 Jun 2026 13:39:20 +0200 Subject: [PATCH 12/17] Bumped jackson to 2.19.4. --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 7fb40100d6..2301f9d412 100644 --- a/pom.xml +++ b/pom.xml @@ -14,7 +14,7 @@ 8080 11.0.22 - 2.16.1 + 2.19.4 4.2.12 32.0.0-jre 2.6 From dde64a73c552269e3bfe6ac0fbf90c9c21f74939 Mon Sep 17 00:00:00 2001 From: Alessandro Ricchiuti Date: Tue, 16 Jun 2026 13:46:48 +0200 Subject: [PATCH 13/17] Set JDK 17 as minimum supported version. --- .github/workflows/CI.yml | 4 ++-- .github/workflows/build.yml | 4 ++-- .github/workflows/create_release.yml | 2 +- .github/workflows/post_release.yml | 2 +- .github/workflows/pre_release.yml | 2 +- java/services/pom.xml | 4 ++-- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index 113f7928fd..1998a7fad6 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -196,14 +196,14 @@ jobs: uses: actions/setup-java@v3 with: distribution: 'temurin' - java-version: '21.x' + java-version: '17.x' ############ # Publish ########## - name: Set up Maven Central Repository uses: actions/setup-java@v3 with: - java-version: '21' + java-version: '17' distribution: 'temurin' server-id: geosolutions server-username: MAVEN_USERNAME diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ca95635660..5672816beb 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -5,7 +5,7 @@ on: - master # using filter pattern: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet - '[cC][0-9][0-9][0-9]-+**' # c123 or c123-something for custom branch - - '[0-9][0-9][0-9][0-9].[0-9][0-9].xx' # stable brances. E.g. 2021.01.xx + - '[0-9][0-9][0-9][0-9].[0-9][0-9].xx' # stable branches. E.g. 2021.01.xx - '[geonode]-[0-9].[0-9].x' # stable branches for GeoNode. E.g. geonode-4.4.x jobs: @@ -22,7 +22,7 @@ jobs: uses: actions/setup-java@v3 with: distribution: 'temurin' - java-version: '21.x' + java-version: '17.x' ############ # CACHING ########## diff --git a/.github/workflows/create_release.yml b/.github/workflows/create_release.yml index 881f22c7ef..38212a8e9a 100644 --- a/.github/workflows/create_release.yml +++ b/.github/workflows/create_release.yml @@ -41,7 +41,7 @@ jobs: - name: "setting up Java" uses: actions/setup-java@v1 with: - java-version: '21.x' + java-version: '17.x' ############ # CACHING ########## diff --git a/.github/workflows/post_release.yml b/.github/workflows/post_release.yml index d28a69063b..21f0be3c7a 100644 --- a/.github/workflows/post_release.yml +++ b/.github/workflows/post_release.yml @@ -24,7 +24,7 @@ jobs: - name: Set up JDK 21 uses: actions/setup-java@v3 with: - java-version: '21.x' + java-version: '17.x' distribution: 'adopt' cache: maven diff --git a/.github/workflows/pre_release.yml b/.github/workflows/pre_release.yml index 322eee33bc..af1229c94d 100644 --- a/.github/workflows/pre_release.yml +++ b/.github/workflows/pre_release.yml @@ -40,7 +40,7 @@ jobs: - name: Set up JDK 21 uses: actions/setup-java@v3 with: - java-version: '21.x' + java-version: '17.x' distribution: 'adopt' cache: maven diff --git a/java/services/pom.xml b/java/services/pom.xml index 32519f0e00..0007b3dcdb 100644 --- a/java/services/pom.xml +++ b/java/services/pom.xml @@ -142,8 +142,8 @@ 3.10.1 utf8 - 8 - 8 + 17 + 17 true UTF-8 8080 - 11.0.22 + 10.1.55 2.19.4 4.2.12 32.0.0-jre @@ -28,7 +28,7 @@ 3.2.2 2.14.0 1.2 - 6.1.0 + 6.0.0 4.0.3 2.4.2-geoserver 1.13 diff --git a/product/pom.xml b/product/pom.xml index 18add31392..2c2fdb6c1e 100644 --- a/product/pom.xml +++ b/product/pom.xml @@ -276,7 +276,7 @@ ${cargo.version} - tomcat11x + tomcat10x ${datadir.location} ${security.integration} From c272d2a09dde93b52aedacfeecf148f383996bd3 Mon Sep 17 00:00:00 2001 From: Alessandro Ricchiuti Date: Tue, 23 Jun 2026 15:40:00 +0200 Subject: [PATCH 15/17] Bumped spring version to latest releases. --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 1c0f8a8069..60569c9843 100644 --- a/pom.xml +++ b/pom.xml @@ -21,8 +21,8 @@ 3.4.0 - 7.0.7 - 7.0.5 + 7.0.8 + 7.1.0 3.2.2 From 3e466f8923ace853036becbb788716ffe39d16fe Mon Sep 17 00:00:00 2001 From: Alessandro Ricchiuti Date: Tue, 23 Jun 2026 16:53:26 +0200 Subject: [PATCH 16/17] Bumped http-proxy to 1.7-SNAPSHOT. --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 60569c9843..7fe32f8f12 100644 --- a/pom.xml +++ b/pom.xml @@ -42,7 +42,7 @@ 2.7-SNAPSHOT 2.5-SNAPSHOT - 1.6-SNAPSHOT + 1.7-SNAPSHOT 3.20.0 From f364fc8f30f468d9371587943c3fd9ec46ed83b1 Mon Sep 17 00:00:00 2001 From: Alessandro Ricchiuti Date: Wed, 24 Jun 2026 13:42:12 +0200 Subject: [PATCH 17/17] Fixed UploadPluginController temp files usage and simplified code. --- .../rest/config/UploadPluginController.java | 37 +++++++++---------- .../mapstore/UploadPluginControllerTest.java | 15 ++++++++ 2 files changed, 32 insertions(+), 20 deletions(-) diff --git a/java/services/src/main/java/it/geosolutions/mapstore/controllers/rest/config/UploadPluginController.java b/java/services/src/main/java/it/geosolutions/mapstore/controllers/rest/config/UploadPluginController.java index e2361cc8ca..ff7096eaed 100644 --- a/java/services/src/main/java/it/geosolutions/mapstore/controllers/rest/config/UploadPluginController.java +++ b/java/services/src/main/java/it/geosolutions/mapstore/controllers/rest/config/UploadPluginController.java @@ -16,6 +16,7 @@ import it.geosolutions.mapstore.utils.ResourceUtils; import org.apache.commons.io.FileUtils; import org.apache.commons.io.IOUtils; +import org.apache.commons.io.input.CloseShieldInputStream; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.access.annotation.Secured; import org.springframework.stereotype.Controller; @@ -25,13 +26,14 @@ import org.springframework.web.bind.annotation.ResponseBody; import jakarta.servlet.ServletContext; + import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; -import java.nio.charset.StandardCharsets; +import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; import java.util.HashMap; @@ -69,6 +71,8 @@ public class UploadPluginController extends BaseMapStoreController { @Secured({"ROLE_ADMIN"}) @RequestMapping(value = "/uploadPlugin", method = RequestMethod.POST, headers = "Accept=application/json") public @ResponseBody String uploadPlugin(InputStream dataStream) throws IOException { + File servletTempDir = (File) context.getAttribute(ServletContext.TEMPDIR); + Path tempDir = Files.createTempDirectory(servletTempDir.toPath(), "mapstore-upload-"); try (ZipInputStream zip = new ZipInputStream(dataStream)) { ZipEntry entry = zip.getNextEntry(); String pluginName = null; @@ -85,12 +89,12 @@ public class UploadPluginController extends BaseMapStoreController { if (lower.endsWith("index.js")) { bundleEntryName = normalizedEntry; - File tempBundle = File.createTempFile("mapstore-bundle", ".js"); + File tempBundle = Files.createTempFile(tempDir, "mapstore-bundle", ".js").toFile(); storeAsset(zip, tempBundle); // We'll resolve final relative target after we know pluginName tempFilesToRelativeTargets.put(tempBundle, "__BUNDLE__"); } else if (lower.equals("index.json")) { - JsonNode json = readJSON(zip); + JsonNode json = readJSON(CloseShieldInputStream.wrap(zip)); JsonNode plugins = json.get("plugins"); if (plugins == null || !plugins.isArray() || plugins.isEmpty()) { throw new IOException("Invalid bundle: index.json has no 'plugins' array"); @@ -108,13 +112,13 @@ public class UploadPluginController extends BaseMapStoreController { addPluginConfiguration(plugin); } } else if (lower.startsWith("translations/")) { - File tempAsset = File.createTempFile("mapstore-asset-translations", ".json"); + File tempAsset = Files.createTempFile(tempDir, "mapstore-asset-translations", ".json").toFile(); storeAsset(zip, tempAsset); // Target relative to extensions root: / tempFilesToRelativeTargets.put(tempAsset, PLUGIN_PATH_PREFIX + normalizedEntry); addTranslations = true; } else if (lower.startsWith("assets/")) { - File tempAsset = File.createTempFile("mapstore-asset", ".tmp"); + File tempAsset = Files.createTempFile(tempDir, "mapstore-asset", ".tmp").toFile(); storeAsset(zip, tempAsset); // Target relative to extensions root: / tempFilesToRelativeTargets.put(tempAsset, PLUGIN_PATH_PREFIX + normalizedEntry); @@ -159,6 +163,8 @@ public class UploadPluginController extends BaseMapStoreController { } return plugin.toString(); + } finally { + FileUtils.deleteDirectory(tempDir.toFile()); } } @@ -212,7 +218,7 @@ private boolean shouldStorePluginsConfigAsPatch() { private boolean canUseDataDir() { return !getDataDir().isEmpty() && Stream.of(getDataDir().split(",")) - .anyMatch(folder -> !folder.trim().isEmpty() && new File(folder).exists()); + .anyMatch(folder -> !folder.trim().isEmpty() && new File(folder).exists()); } /** @@ -250,7 +256,7 @@ private boolean canUseDataDir() { for (int i = 0; i < plugins.size(); i++) { JsonNode plugin = plugins.get(i); String name = plugin.has("name") ? plugin.get("name").asText() - : plugin.get("value").get("name").asText(); + : plugin.get("value").get("name").asText(); if (name.contentEquals(pluginName)) { toRemove = i; } @@ -445,7 +451,7 @@ private void storeJSONConfig(Object config, String configName) throws IOExceptio } private void addExtension(String pluginName, String pluginBundleRelative, String translationsRelative) - throws IOException { + throws IOException { ObjectNode config; Optional extensionsConfigFile = findResource(getExtensionsConfigPath()); if (extensionsConfigFile.isPresent()) { @@ -484,25 +490,16 @@ private ObjectNode getExtensionConfig() throws IOException { } private JsonNode readJSON(InputStream input) throws IOException { - byte[] buffer = new byte[4096]; - int read; - StringBuilder json = new StringBuilder(); - while ((read = input.read(buffer)) >= 0) { - json.append(new String(buffer, 0, read, StandardCharsets.UTF_8)); - } - return jsonMapper.readTree(json.toString()); + return jsonMapper.readTree(input); } private void storeAsset(ZipInputStream zip, File file) throws IOException { try (FileOutputStream outFile = new FileOutputStream(file)) { - byte[] buffer = new byte[8192]; - int read; - while ((read = zip.read(buffer)) >= 0) { - outFile.write(buffer, 0, read); - } + IOUtils.copy(zip, outFile); } } + @Override public void setContext(ServletContext context) { this.context = context; } diff --git a/java/services/src/test/java/it/geosolutions/mapstore/UploadPluginControllerTest.java b/java/services/src/test/java/it/geosolutions/mapstore/UploadPluginControllerTest.java index b9940eb659..297aef1bbb 100644 --- a/java/services/src/test/java/it/geosolutions/mapstore/UploadPluginControllerTest.java +++ b/java/services/src/test/java/it/geosolutions/mapstore/UploadPluginControllerTest.java @@ -58,6 +58,7 @@ public void testUninstallPluginPathNormalization() throws IOException { Mockito.when(context.getRealPath(Mockito.contains("pluginsConfig.json"))).thenReturn(tempConfig.getAbsolutePath()); File tempExtensions = TestUtils.copyToTemp(ConfigControllerTest.class, "/extensionsWithPlugin.json"); File tempDist = TestUtils.getDataDir(); + Mockito.when(context.getAttribute(ServletContext.TEMPDIR)).thenReturn(tempDist); // Mock a legitimate folder inside the base directory Mockito.when(context.getRealPath(Mockito.contains("extensions.json"))).thenReturn(tempExtensions.getAbsolutePath()); @@ -89,6 +90,7 @@ public void testUploadValidBundle() throws IOException { Mockito.when(context.getRealPath(Mockito.endsWith("pluginsConfig.json"))).thenReturn(tempConfig.getAbsolutePath()); File tempExtensions = TestUtils.copyToTemp(ConfigControllerTest.class, "/extensions.json"); File tempDist = TestUtils.getDataDir(); + Mockito.when(context.getAttribute(ServletContext.TEMPDIR)).thenReturn(tempDist); Mockito.when(context.getRealPath(Mockito.contains("extensions.json"))).thenReturn(tempExtensions.getAbsolutePath()); Mockito.when(context.getRealPath(Mockito.contains("My"))).thenAnswer( (Answer) invocation -> { @@ -112,6 +114,7 @@ public void testUploadValidBundleReplace() throws IOException { Mockito.when(context.getRealPath(Mockito.endsWith("pluginsConfig.json"))).thenReturn(tempConfig.getAbsolutePath()); File tempExtensions = TestUtils.copyToTemp(ConfigControllerTest.class, "/extensionsWithPlugin.json"); File tempDist = TestUtils.getDataDir(); + Mockito.when(context.getAttribute(ServletContext.TEMPDIR)).thenReturn(tempDist); Mockito.when(context.getRealPath(Mockito.contains("extensions.json"))).thenReturn(tempExtensions.getAbsolutePath()); Mockito.when(context.getRealPath(Mockito.contains("My"))).thenAnswer( (Answer) invocation -> { @@ -139,6 +142,7 @@ public void testUploadValidBundleUsingPatch() throws IOException { Mockito.when(context.getRealPath(Mockito.endsWith(".patch"))).thenReturn(tempDir.getAbsolutePath() + "/pluginsConfig.json.patch"); File tempExtensions = TestUtils.copyToTemp(ConfigControllerTest.class, "/extensions.json"); File tempDist = TestUtils.getDataDir(); + Mockito.when(context.getAttribute(ServletContext.TEMPDIR)).thenReturn(tempDist); Mockito.when(context.getRealPath(Mockito.contains("extensions.json"))).thenReturn(tempExtensions.getAbsolutePath()); Mockito.when(context.getRealPath(Mockito.contains("dist/extensions/"))).thenAnswer( (Answer) invocation -> { @@ -162,6 +166,7 @@ public void testCustomBundlesPath() throws IOException { Mockito.when(context.getRealPath(Mockito.endsWith("pluginsConfig.json"))).thenReturn(tempConfig.getAbsolutePath()); File tempExtensions = TestUtils.copyToTemp(ConfigControllerTest.class, "/extensions.json"); File tempDist = TestUtils.getDataDir(); + Mockito.when(context.getAttribute(ServletContext.TEMPDIR)).thenReturn(tempDist); controller.setBundlesPath("custom"); Mockito.when(context.getRealPath(Mockito.contains("extensions.json"))).thenReturn(tempExtensions.getAbsolutePath()); Mockito.when(context.getRealPath(Mockito.contains("custom/"))).thenAnswer( @@ -184,6 +189,7 @@ public void testUploadInvalidBundle() throws IOException { Mockito.when(context.getRealPath(Mockito.contains("pluginsConfig.json"))).thenReturn(tempConfig.getAbsolutePath()); File tempExtensions = TestUtils.copyToTemp(ConfigControllerTest.class, "/extensions.json"); File tempDist = TestUtils.getDataDir(); + Mockito.when(context.getAttribute(ServletContext.TEMPDIR)).thenReturn(tempDist); Mockito.when(context.getRealPath(Mockito.contains("extensions.json"))).thenReturn(tempExtensions.getAbsolutePath()); Mockito.when(context.getRealPath(Mockito.contains("/extensions/"))).thenAnswer( (Answer) invocation -> { @@ -206,6 +212,7 @@ public void testUploadValidBundleWithDataDir() throws IOException { controller.setDataDir(dataDir.getAbsolutePath()); ServletContext context = Mockito.mock(ServletContext.class); controller.setContext(context); + Mockito.when(context.getAttribute(ServletContext.TEMPDIR)).thenReturn(dataDir); File tempConfig = TestUtils.copyTo(UploadPluginControllerTest.class.getResourceAsStream("/pluginsConfig.json"), dataDir, "/configs/pluginsConfig.json"); File tempExtensions = TestUtils.copyTo(UploadPluginControllerTest.class.getResourceAsStream("/extensions.json"), dataDir, "/extensions/extensions.json"); InputStream zipStream = UploadPluginControllerTest.class.getResourceAsStream("/plugin.zip"); @@ -222,6 +229,7 @@ public void testUploadValidBundleWithMultipleDataDir() throws IOException { controller.setDataDir(dataDir1.getAbsolutePath() + "," + dataDir2.getAbsolutePath()); ServletContext context = Mockito.mock(ServletContext.class); controller.setContext(context); + Mockito.when(context.getAttribute(ServletContext.TEMPDIR)).thenReturn(dataDir1); // we load from dataDir2 (less priority) File tempConfig = TestUtils.copyTo( UploadPluginControllerTest.class.getResourceAsStream("/pluginsConfig.json"), @@ -245,6 +253,7 @@ public void testUninstallPlugin() throws IOException { Mockito.when(context.getRealPath(Mockito.contains("pluginsConfig.json"))).thenReturn(tempConfig.getAbsolutePath()); File tempExtensions = TestUtils.copyToTemp(ConfigControllerTest.class, "/extensionsWithPlugin.json"); File tempDist = TestUtils.getDataDir(); + Mockito.when(context.getAttribute(ServletContext.TEMPDIR)).thenReturn(tempDist); Mockito.when(context.getRealPath(Mockito.contains("extensions.json"))).thenReturn(tempExtensions.getAbsolutePath()); Mockito.when(context.getRealPath(Mockito.contains("My"))).thenAnswer( (Answer) invocation -> { @@ -305,6 +314,7 @@ public void testUploadBlocksZipSlip_DotDotInAssets() throws IOException { Mockito.when(context.getRealPath(Mockito.contains("extensions.json"))).thenReturn(tempExtensions.getAbsolutePath()); File tempDist = TestUtils.getDataDir(); + Mockito.when(context.getAttribute(ServletContext.TEMPDIR)).thenReturn(tempDist); Mockito.when(context.getRealPath(Mockito.contains("dist/extensions/"))).thenAnswer( (Answer) invocation -> { String path = (String) invocation.getArguments()[0]; @@ -329,6 +339,7 @@ public void testUploadBlocksZipSlip_AbsoluteUnixEntry() throws IOException { Mockito.when(context.getRealPath(Mockito.contains("extensions.json"))).thenReturn(tempExtensions.getAbsolutePath()); File tempDist = TestUtils.getDataDir(); + Mockito.when(context.getAttribute(ServletContext.TEMPDIR)).thenReturn(tempDist); Mockito.when(context.getRealPath(Mockito.contains("dist/extensions/"))).thenReturn( tempDist.getAbsolutePath() + File.separator + "ignored" ); @@ -349,6 +360,7 @@ public void testUploadBlocksZipSlip_WindowsDriveEntry() throws IOException { Mockito.when(context.getRealPath(Mockito.endsWith("pluginsConfig.json"))).thenReturn(tempConfig.getAbsolutePath()); File tempExtensions = TestUtils.copyToTemp(ConfigControllerTest.class, "/extensions.json"); Mockito.when(context.getRealPath(Mockito.contains("extensions.json"))).thenReturn(tempExtensions.getAbsolutePath()); + Mockito.when(context.getAttribute(ServletContext.TEMPDIR)).thenReturn(TestUtils.getDataDir()); Map extras = new HashMap<>(); extras.put("C:\\evil.js", "drv".getBytes(StandardCharsets.UTF_8)); @@ -368,6 +380,7 @@ public void testUploadBlocksZipSlip_BackslashTraversalInAssets() throws IOExcept Mockito.when(context.getRealPath(Mockito.contains("extensions.json"))).thenReturn(tempExtensions.getAbsolutePath()); File tempDist = TestUtils.getDataDir(); + Mockito.when(context.getAttribute(ServletContext.TEMPDIR)).thenReturn(tempDist); Mockito.when(context.getRealPath(Mockito.contains("dist/extensions/"))).thenAnswer( (Answer) invocation -> { String path = (String) invocation.getArguments()[0]; @@ -390,6 +403,7 @@ public void testUploadBlocksZipSlip_TraversalInBundleName() throws IOException { Mockito.when(context.getRealPath(Mockito.endsWith("pluginsConfig.json"))).thenReturn(tempConfig.getAbsolutePath()); File tempExtensions = TestUtils.copyToTemp(ConfigControllerTest.class, "/extensions.json"); Mockito.when(context.getRealPath(Mockito.contains("extensions.json"))).thenReturn(tempExtensions.getAbsolutePath()); + Mockito.when(context.getAttribute(ServletContext.TEMPDIR)).thenReturn(TestUtils.getDataDir()); Map extras = new HashMap<>(); // no extra assets needed; bundle name itself is malicious @@ -408,6 +422,7 @@ public void testUploadAllowsNestedAssets() throws IOException { Mockito.when(context.getRealPath(Mockito.contains("extensions.json"))).thenReturn(tempExtensions.getAbsolutePath()); final File tempDist = TestUtils.getDataDir(); + Mockito.when(context.getAttribute(ServletContext.TEMPDIR)).thenReturn(tempDist); // Cover both likely extension roots Mockito.when(context.getRealPath(Mockito.contains("dist/extensions/"))).thenAnswer(