fix injected class

remove SyncingJwtAuthenticationProvider

README.md

@@ -41,7 +41,8 @@ This extension requires the [`multiext-activiti-app-ext`](https://git.inteligr8.
 | --------------------------------------- | --------------- |
 | `keycloak-activiti-app-ext` v1.0 - v1.2 | v1.11.x         |
 | `keycloak-activiti-app-ext` v1.3 - v1.4 | v1.11.x - v2.x  |
-| `auth-activiti-app-ext` v2.0+           | v24.x+          |
+| `auth-activiti-app-ext` v2.0            | v24.x - v25.x   |
+| `auth-activiti-app-ext` v2.1+           | v26.x+          |
 
 ## Configuration
 

pom.xml

@@ -5,7 +5,7 @@
 
 	<groupId>com.inteligr8.activiti</groupId>
 	<artifactId>auth-activiti-app-ext</artifactId>
-	<version>2.1-SNAPSHOT</version>
+	<version>2.2-SNAPSHOT</version>
 
 	<name>Authentication &amp; Authorization for APS</name>
 	<description>An Alfresco Process Service App extension providing improved authentication and authorization support.</description>
@@ -41,10 +41,10 @@
 		<maven.compiler.target>17</maven.compiler.target>
 		<maven.compiler.release>17</maven.compiler.release>
 
-		<aps.version>25.1.1</aps.version>
+		<aps.version>26.1.0</aps.version>
 		
 		<!-- for RAD -->
-		<tomcat-rad.version>10-2.2</tomcat-rad.version>
+		<tomcat-rad.version>2.3-tomcat-11.0.20</tomcat-rad.version>
 		<aps.hotswap.enabled>false</aps.hotswap.enabled>
 		<aps.tomcat.opts.base>-Dspring.main.allow-circular-references=true \
 			-Dhibernate.dialect=org.hibernate.dialect.PostgreSQLDialect \
@@ -105,7 +105,7 @@
 			<plugin>
 				<groupId>io.repaint.maven</groupId>
 				<artifactId>tiles-maven-plugin</artifactId>
-				<version>2.40</version>
+				<version>2.43</version>
 				<extensions>true</extensions>
 				<configuration>
 					<tiles>
@@ -230,7 +230,7 @@
 			</build>
 		</profile>
 		<profile>
-			<id>ossrh-release</id>
+			<id>central-publish</id>
 			<properties>
 				<maven.deploy.skip>true</maven.deploy.skip>
 			</properties>
@@ -270,19 +270,20 @@
 						</executions>
 					</plugin>
 					<plugin>
-						<groupId>org.sonatype.plugins</groupId>
-						<artifactId>nexus-staging-maven-plugin</artifactId>
-						<version>1.7.0</version>
+						<groupId>org.sonatype.central</groupId>
+						<artifactId>central-publishing-maven-plugin</artifactId>
+						<version>0.8.0</version>
+						<extensions>true</extensions>
 						<configuration>
-							<serverId>ossrh</serverId>
-							<nexusUrl>https://s01.oss.sonatype.org/</nexusUrl>
-							<autoReleaseAfterClose>true</autoReleaseAfterClose>
+							<publishingServerId>central</publishingServerId>
+							<autoPublish>true</autoPublish>
 						</configuration>
+						<!-- for some reason this is required... -->
 						<executions>
 							<execution>
-								<id>ossrh-deploy</id>
+								<id>deploy</id>
 								<phase>deploy</phase>
-								<goals><goal>deploy</goal></goals>
+								<goals><goal>publish</goal></goals>
 							</execution>
 						</executions>
 					</plugin>

src/main/java/com/inteligr8/activiti/auth/oauth/IdentityServiceConfigurationOverride.java

@@ -1,7 +1,6 @@
 package com.inteligr8.activiti.auth.oauth;
 
 import static org.springframework.security.config.Customizer.withDefaults;
-import static org.springframework.security.web.util.matcher.AntPathRequestMatcher.antMatcher;
 
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
@@ -20,6 +19,7 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
 import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher;
 import org.springframework.security.web.util.matcher.AndRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher;
 
@@ -28,7 +28,7 @@ import com.activiti.security.ActivitiAppRequestHeaderService;
 import com.activiti.security.ActivitiRestAuthorizationService;
 import com.activiti.security.ProtectedPaths;
 import com.activiti.security.identity.service.config.IdentityServiceEnabledCondition;
-import com.inteligr8.activiti.auth.service.JwtAuthenticationProvider;
+import com.inteligr8.activiti.auth.service.SyncingJwtAuthenticationConverter;
 import com.nimbusds.oauth2.sdk.ParseException;
 
 /**
@@ -48,7 +48,7 @@ public class IdentityServiceConfigurationOverride {
     private ApplicationContext appContext;
 
     @Autowired
-    private JwtAuthenticationProvider jwtAuthenticationProvider;
+    private SyncingJwtAuthenticationConverter jwtAuthenticationConverter;
 
     @Autowired
     private ActivitiAppRequestHeaderService appRequestHeaderService;
@@ -103,11 +103,11 @@ public class IdentityServiceConfigurationOverride {
             .securityMatchers(matchers -> {
                 matchers.requestMatchers(
                         // same as OOTB
-                        antMatcher(ProtectedPaths.API_URL_PATH + "/**"),
+                        PathPatternRequestMatcher.pathPattern(ProtectedPaths.API_URL_PATH + "/**"),
 
                         // want to also allow non-UI access to the the protected API
                         // we do this for anything with an `Authorization` header, as the UI uses session-based authorization
-                        new AndRequestMatcher(new RequestHeaderRequestMatcher("Authorization"), antMatcher(ProtectedPaths.APP_URL_PATH + "/rest/**"))
+                        new AndRequestMatcher(new RequestHeaderRequestMatcher("Authorization"), PathPatternRequestMatcher.pathPattern(ProtectedPaths.APP_URL_PATH + "/rest/**"))
                 );
             })
             .csrf(csrf -> {
@@ -118,24 +118,24 @@ public class IdentityServiceConfigurationOverride {
             .oauth2ResourceServer(oauth2 ->
                 oauth2.jwt(jwtConfigurer -> {
                     // here is where we are injecting a Spring extendible `JwtAuthenticationConverter`.
-                    jwtConfigurer.jwtAuthenticationConverter(this.jwtAuthenticationProvider.create());
+                    jwtConfigurer.jwtAuthenticationConverter(this.jwtAuthenticationConverter);
                 })
             )
             .authorizeHttpRequests(request ->
                 request
                     // same as OOTB
-                    .requestMatchers(antMatcher(ProtectedPaths.API_URL_PATH + "/enterprise/**"))
+                    .requestMatchers(PathPatternRequestMatcher.pathPattern(ProtectedPaths.API_URL_PATH + "/enterprise/**"))
                     .access(this.appRequestHeaderService)
-                    .requestMatchers(antMatcher(ProtectedPaths.API_URL_PATH + "/**"))
+                    .requestMatchers(PathPatternRequestMatcher.pathPattern(ProtectedPaths.API_URL_PATH + "/**"))
                     .access(this.restAuthorizationService)
                     
                     // borrowed from OOTB /app/rest security
-                    .requestMatchers(antMatcher(ProtectedPaths.APP_URL_PATH + "/rest/reporting/**"))
+                    .requestMatchers(PathPatternRequestMatcher.pathPattern(ProtectedPaths.APP_URL_PATH + "/rest/reporting/**"))
                     .hasAuthority(Capabilities.ACCESS_REPORTS)
                     
                     .requestMatchers(
-                            antMatcher(ProtectedPaths.API_URL_PATH + "/**"),
-                            antMatcher(ProtectedPaths.APP_URL_PATH + "/rest/**")
+                            PathPatternRequestMatcher.pathPattern(ProtectedPaths.API_URL_PATH + "/**"),
+                            PathPatternRequestMatcher.pathPattern(ProtectedPaths.APP_URL_PATH + "/rest/**")
                     )
                     .authenticated()
             );

src/main/java/com/inteligr8/activiti/auth/service/JwtAuthenticationProvider.java

@@ -1,11 +0,0 @@
-package com.inteligr8.activiti.auth.service;
-
-import org.springframework.core.convert.converter.Converter;
-import org.springframework.security.authentication.AbstractAuthenticationToken;
-import org.springframework.security.oauth2.jwt.Jwt;
-
-public interface JwtAuthenticationProvider {
-    
-    Converter<Jwt, AbstractAuthenticationToken> create();
-
-}

src/main/java/com/inteligr8/activiti/auth/service/SyncingJwtAuthenticationConverter.java

@@ -11,28 +11,30 @@ import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.oauth2.core.oidc.StandardClaimNames;
 import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.stereotype.Component;
 
 import com.activiti.security.identity.service.config.JwtAuthenticationToken;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
 
+@Component
 public class SyncingJwtAuthenticationConverter implements Converter<Jwt, AbstractAuthenticationToken> {
     
     private final Logger logger = LoggerFactory.getLogger(this.getClass());
-    private final UserDetailsService userDetailsService;
-    private final UserSyncService userSyncService;
-    private final GroupSyncService groupSyncService;
+    
+    @Autowired
+    private UserDetailsService userDetailsService;
+    
+    @Autowired
+    private UserSyncService userSyncService;
+    
+    @Autowired
+    private GroupSyncService groupSyncService;
     
     @Autowired
     private TokenRecaller tokenRecaller;
     
-    public SyncingJwtAuthenticationConverter(UserDetailsService userDetailsService, UserSyncService userSyncService, GroupSyncService groupSyncService) {
-        this.userDetailsService = userDetailsService;
-        this.userSyncService = userSyncService;
-        this.groupSyncService = groupSyncService;
-    }
-    
     @Override
     public AbstractAuthenticationToken convert(Jwt source) {
         if (this.logger.isTraceEnabled()) {

src/main/java/com/inteligr8/activiti/auth/service/SyncingJwtAuthenticationProvider.java

@@ -1,27 +0,0 @@
-package com.inteligr8.activiti.auth.service;
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.core.convert.converter.Converter;
-import org.springframework.security.authentication.AbstractAuthenticationToken;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.oauth2.jwt.Jwt;
-import org.springframework.stereotype.Component;
-
-@Component
-public class SyncingJwtAuthenticationProvider implements JwtAuthenticationProvider {
-    
-    @Autowired
-    private UserDetailsService userDetailsService;
-    
-    @Autowired
-    private UserSyncService userSyncService;
-    
-    @Autowired
-    private GroupSyncService groupSyncService;
-    
-    @Override
-    public Converter<Jwt, AbstractAuthenticationToken> create() {
-        return new SyncingJwtAuthenticationConverter(this.userDetailsService, this.userSyncService, this.groupSyncService);
-    }
-
-}