Upgrade dependencies and fix JWK caching and thread-pool initialization

.github/workflows/sonar.yml

@@ -13,10 +13,10 @@ jobs:
       - uses: actions/checkout@v2
         with:
           fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
-      - name: Set up JDK 11
+      - name: Set up JDK 17
         uses: actions/setup-java@v1
         with:
-          java-version: 11
+          java-version: 17
       - name: Cache SonarCloud packages
         uses: actions/cache@v1
         with:
@@ -33,4 +33,4 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        run: mvn -s maven/cnaf-mirror-settings.xml -B -U install org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=italiangrid_storm-webdav
+        run: mvn -s maven/cnaf-mirror-settings.xml -B -U install org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=italiangrid_storm-webdav

CHANGELOG.md

@@ -1,36 +1,65 @@
 # Changelog
 
+## 1.4.2 (2023-06-27)
+
+## Description
+
+This release:
+
+* upgrades significant dependencies (spring-boot, canl, bouncycastle, jQuery)
+* removes the support for TRACE method
+* tunes some default values (default TPC timeout, default heap size, etc.)
+* and fixes other minor bugs/issues.
+
+### fixes
+
+* [[STOR-1396](https://issues.infn.it/jira/browse/STOR-1396)] - Ensure adler32 checksums are always 8 chars long
+* [[STOR-1450](https://issues.infn.it/jira/browse/STOR-1450)] - Increase default timeout for TPC to 30 seconds
+* [[STOR-1500](https://issues.infn.it/jira/browse/STOR-1500)] - When redis is disabled the health indicator for redis should be disabled
+* [[STOR-1574](https://issues.infn.it/jira/browse/STOR-1574)] - Old java/canl creates problems with encoding of subject/issuer names in self-signed certificates
+* [[STOR-1440](https://issues.infn.it/jira/browse/STOR-1440)] - StoRM WebDAV should configure a bigger heap by default
+* [[STOR-1497](https://issues.infn.it/jira/browse/STOR-1497)] - Upgrade canl-java to v2.6.0
+* [[STOR-1515](https://issues.infn.it/jira/browse/STOR-1515)] - StoRM WebDAV metrics on TPC.pull/push.throughput
+* [[STOR-1555](https://issues.infn.it/jira/browse/STOR-1555)] - Upgrade jQuery version
+* [[STOR-1556](https://issues.infn.it/jira/browse/STOR-1556)] - Remove TRACE from allowed methods
+* [[STOR-1557](https://issues.infn.it/jira/browse/STOR-1557)] - Upgrade Spring Boot version to the latest
+* [[STOR-1558](https://issues.infn.it/jira/browse/STOR-1558)] - Update bouncycastle version to 1.67
+* [[STOR-1576](https://issues.infn.it/jira/browse/STOR-1576)] - Add .well-known endpoint for StoRM WebDAV to point to the Tape REST endpoint
+
+
+## 1.4.1 (2021-05-12)
+
+This release fixes the failed state shown on stop/restart of the service due to a misunderstood exit code meaning.
+
+### Fixed
+
+- [[STOR-1400](https://issues.infn.it/jira/browse/STOR-1400)] - StoRM WebDAV service enters failed state when stopped
+
 ## 1.4.0 (2021-04-01)
 
 ### Added
 
-- [Add support for externalized session management](https://issues.infn.it/jira/browse/STOR-1336)
+- [[STOR-1336](https://issues.infn.it/jira/browse/STOR-1336)] - Add support for externalized session management
 
 ### Fixed
 
-- [Login with OIDC button not shown for error
-  pages](https://issues.infn.it/jira/browse/STOR-1335) 
-- [StoRM WebDAV: Login with OIDC button displayed only on storage area index
-  page]( https://issues.infn.it/jira/browse/STOR-1332)
-- [StoRM WebDAV rpm doesn't set the proper ownership on
-  /var/log/storm](https://issues.infn.it/jira/browse/STOR-1298)
-- [StoRM WebDAV package should install Java
-  11](https://issues.infn.it/jira/browse/STOR-1358)
+- [[STOR-1335](https://issues.infn.it/jira/browse/STOR-1335)] - Login with OIDC button not shown for error
+  pages
+- [[STOR-1332](https://issues.infn.it/jira/browse/STOR-1332)] - Login with OIDC button displayed only on storage area index page
+- [[STOR-1298](https://issues.infn.it/jira/browse/STOR-1298)] - StoRM WebDAV RPM doesn't set the proper ownership on `/var/log/storm`
+- [[STOR-1358](https://issues.infn.it/jira/browse/STOR-1358)] - StoRM WebDAV package should install Java 11
 
 ## 1.2.0 (2019-08-??)
 
 ### Added
 
-- [Spring boot updated to 2.1.4.RELEASE][STOR-1098]
-- [Introduced support for Conscrypt JSSE provider to improve TLS
-  performace][STOR-1097]
+- [[STOR-1098](https://issues.infn.it/jira/browse/STOR-1098)] - Spring boot updated to 2.1.4.RELEASE
+- [[STOR-1097](https://issues.infn.it/jira/browse/STOR-1097)] - Introduced support for Conscrypt JSSE provider to improve TLS performance
 
 ### Fixed
 
-- [StoRM WebDAV default configuration does not depend anymore on
-  iam-test.indigo-datacloud.eu][STOR-1095]
-- [Unreachable OpenID Connect provider causes StoRM WebDAV startup
-  failure][STOR-1096]
+- [[STOR-1095](https://issues.infn.it/jira/browse/STOR-1095)] - StoRM WebDAV default configuration does not depend anymore on `iam-test.indigo-datacloud.eu`
+- [[STOR-1096](https://issues.infn.it/jira/browse/STOR-1096)] - Unreachable OpenID Connect provider causes StoRM WebDAV startup failure
 
 ## 1.1.0 (2019-02-28)
 
@@ -46,8 +75,3 @@
 
 - POST handled as GET fixed 
 
-
-[STOR-1095]: https://issues.infn.it/jira/browse/STOR-1095
-[STOR-1096]: https://issues.infn.it/jira/browse/STOR-1096
-[STOR-1097]: https://issues.infn.it/jira/browse/STOR-1097
-[STOR-1098]: https://issues.infn.it/jira/browse/STOR-1098

etc/storm-webdav/logback-access.xml

@@ -11,7 +11,7 @@
 
     <!-- Check http://logback.qos.ch/manual/layouts.html#AccessPatternLayout to get the meaning of the fields -->
     <encoder>
-      <pattern>%a %localPort "%reqAttribute{storm.remoteUser}" %date{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC} "%reqAttribute{storm.requestId}" "%m %U %H" %s %b %D</pattern>
+      <pattern>%replace(%a){'^$','-'} %localPort "%reqAttribute{storm.remoteUser}" %date{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC} "%reqAttribute{storm.requestId}" "%m %U %H" %s %b %D</pattern>
     </encoder>
   </appender>
 

etc/systemd/system/storm-webdav.service.d/storm-webdav.conf

@@ -127,3 +127,36 @@ Environment="STORM_WEBDAV_TPC_MAX_CONNECTIONS_PER_ROUTE=25"
 # Source file for the tape REST API well-known endpoint
 # Default: '/etc/storm/webdav/wlcg-tape-rest-api.json'
 # Environment="STORM_WEBDAV_TAPE_WELLKNOWN_SOURCE=/etc/storm/webdav/wlcg-tape-rest-api.json"
+
+# Buffer size for both internal and third-party copy requests.
+# This adds more efficiency than to write the whole data. Valid values are numbers >= 4096.
+# Default: 1048576
+# Environment="STORM_WEBDAV_BUFFER_FILE_BUFFER_SIZE_BYTES=1048576"
+
+# Enable checksum filter which adds checksum as an header following RFC 3230.
+# Default: true
+# Environment="STORM_WEBDAV_CHECKSUM_FILTER_ENABLED=true"
+
+# Enable Macaroon filter to process Macaroon tokens. Requires authz server enabled.
+# Default: true
+# Environment="STORM_WEBDAV_MACAROON_FILTER_ENABLED=true"
+
+# TLS protocol for non-TPC requests
+# Default: TLS
+# Environment="STORM_WEBDAV_TLS_PROTOCOL=TLS"
+
+# VOMS Trust Store directory
+# Default: /etc/grid-security/vomsdir
+# Environment="STORM_WEBDAV_VOMS_TRUST_STORE_DIR=/etc/grid-security/vomsdir"
+
+# VOMS Trust Store refresh interval
+# Default: 43200
+# Environment="STORM_WEBDAV_VOMS_TRUST_STORE_REFRESH_INTERVAL_SEC=43200"
+
+# Enable caching for VOMS certificate validation
+# Default: true
+# Environment="STORM_WEBDAV_VOMS_CACHE_ENABLE=true"
+
+# Cache entries lifetime, used if caching for VOMS certificate validation is enabled
+# Default: 300
+# Environment="STORM_WEBDAV_VOMS_CACHE_ENTRY_LIFETIME_SEC=300"

pom.xml

@@ -12,16 +12,15 @@
     <groupId>org.springframework.boot</groupId>
     <artifactId>spring-boot-starter-parent</artifactId>
     <!-- Keep this aligned with the spring.boot-version property below! -->
-    <version>2.7.10</version>
+    <version>2.7.18</version>
     <relativePath />
   </parent>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
 
-    <plugin.compiler.version>3.6.0</plugin.compiler.version>
-    <maven.compiler.release>11</maven.compiler.release>
+    <plugin.compiler.version>3.8.0</plugin.compiler.version>
 
     <plugin.jar.version>2.4</plugin.jar.version>
     <plugin.assembly.version>2.4</plugin.assembly.version>
@@ -32,14 +31,14 @@
     <java.version>11</java.version>
 
     <!-- Keep this aligned with the parent project version! -->
-    <spring-boot.version>2.7.10</spring-boot.version>
+    <spring-boot.version>2.7.18</spring-boot.version>
 
     <!-- Sonarcloud.io properties -->
     <sonar.projectKey>italiangrid_storm-webdav</sonar.projectKey>
     <sonar.organization>italiangrid</sonar.organization>
     <sonar.host.url>https://sonarcloud.io</sonar.host.url>
 
-    <jetty-utils.version>0.4.6.v20220506</jetty-utils.version>
+    <voms-api-java.version>3.3.3</voms-api-java.version>
     <milton.version>2.7.1.7</milton.version>
 
     <commons-lang.version>2.3</commons-lang.version>
@@ -50,31 +49,20 @@
     <http-core.version>4.2.2</http-core.version>
     <http-client.version>4.2.1</http-client.version>
 
-    <guava.version>31.1-jre</guava.version>
+    <guava.version>32.0.0-jre</guava.version>
 
     <owner-config.version>1.0.5.1</owner-config.version>
 
     <spring-security-oauth2.version>2.3.3.RELEASE</spring-security-oauth2.version>
     <nimbus-jose-jwt.version>6.0.2</nimbus-jose-jwt.version>
     <mock-server.version>5.5.1</mock-server.version>
-    <bouncycastle.version>1.72</bouncycastle.version>
 
   </properties>
 
   <build>
     <finalName>${project.name}</finalName>
 
     <plugins>
-
-      <plugin>
-        <groupId>org.apache.maven.plugins</groupId>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>11</source>
-          <target>11</target>
-      </configuration>
-      </plugin>
-
       <plugin>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-maven-plugin</artifactId>
@@ -99,14 +87,16 @@
           <descriptors>
             <descriptor>src/assembly/tarball.xml</descriptor>
           </descriptors>
-          <finalName>storm-webdav</finalName>
         </configuration>
         <executions>
           <execution>
             <phase>package</phase>
             <goals>
               <goal>single</goal>
             </goals>
+            <configuration>
+              <appendAssemblyId>false</appendAssemblyId>
+            </configuration>
           </execution>
         </executions>
       </plugin>
@@ -190,13 +180,6 @@
     <dependency>
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-actuator</artifactId>
-      <exclusions>
-        <!-- Exclude this to make failure reporting work -->
-        <exclusion>
-          <groupId>org.apache.logging.log4j</groupId>
-          <artifactId>log4j-api</artifactId>
-        </exclusion>
-      </exclusions>
     </dependency>
 
     <dependency>
@@ -256,6 +239,12 @@
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-test</artifactId>
       <scope>test</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>com.vaadin.external.google</groupId>
+          <artifactId>android-json</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
 
     <dependency>
@@ -326,11 +315,6 @@
       <artifactId>metrics-core</artifactId>
     </dependency>
 
-    <dependency>
-      <groupId>io.dropwizard.metrics</groupId>
-      <artifactId>metrics-jvm</artifactId>
-    </dependency>
-
     <dependency>
       <groupId>io.dropwizard.metrics</groupId>
       <artifactId>metrics-jetty9</artifactId>
@@ -348,45 +332,30 @@
     </dependency>
 
     <dependency>
-      <groupId>org.italiangrid</groupId>
-      <artifactId>jetty-utils</artifactId>
-      <version>${jetty-utils.version}</version>
-      <exclusions>
-        <exclusion>
-          <groupId>javax.activation</groupId>
-          <artifactId>activation</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>javax.mail</groupId>
-          <artifactId>mail</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>org.eclipse.jetty.aggregate</groupId>
-          <artifactId>jetty-all</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>ch.qos.logback</groupId>
-          <artifactId>logback-core</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>ch.qos.logback</groupId>
-          <artifactId>logback-classic</artifactId>
-        </exclusion>
-      </exclusions>
+      <groupId>org.eclipse.jetty.http2</groupId>
+      <artifactId>http2-server</artifactId>
+    </dependency>
+
+    <dependency>
+      <groupId>org.eclipse.jetty</groupId>
+      <artifactId>jetty-alpn-conscrypt-server</artifactId>
     </dependency>
 
     <dependency>
-      <groupId>org.bouncycastle</groupId>
-      <artifactId>bcpkix-jdk18on</artifactId>
-      <version>${bouncycastle.version}</version>
+      <groupId>org.slf4j</groupId>
+      <artifactId>slf4j-api</artifactId>
     </dependency>
 
     <dependency>
-      <groupId>org.bouncycastle</groupId>
-      <artifactId>bcprov-jdk18on</artifactId>
-      <version>${bouncycastle.version}</version>
+      <groupId>org.slf4j</groupId>
+      <artifactId>log4j-over-slf4j</artifactId>
     </dependency>
 
+    <dependency>
+      <groupId>org.italiangrid</groupId>
+      <artifactId>voms-api-java</artifactId>
+      <version>${voms-api-java.version}</version>
+    </dependency>
 
     <dependency>
       <groupId>ch.qos.logback</groupId>

src/main/java/org/italiangrid/storm/webdav/config/OAuthProperties.java

@@ -96,6 +96,9 @@ public boolean isEnforceAudienceChecks() {
   @Min(value = 1, message = "The refresh period must be a positive integer")
   int refreshPeriodMinutes = 60;
 
+  @Min(value = 1, message = "The refresh timeout must be a positive integer")
+  int refreshTimeoutSeconds = 30;
+
   public List<AuthorizationServer> getIssuers() {
     return issuers;
   }
@@ -112,6 +115,14 @@ public void setRefreshPeriodMinutes(int refreshPeriodMinutes) {
     this.refreshPeriodMinutes = refreshPeriodMinutes;
   }
 
+  public int getRefreshTimeoutSeconds() {
+    return refreshTimeoutSeconds;
+  }
+
+  public void setRefreshTimeoutSeconds(int refreshTimeoutSeconds) {
+    this.refreshTimeoutSeconds = refreshTimeoutSeconds;
+  }
+
   public void setEnableOidc(boolean enableOidc) {
     this.enableOidc = enableOidc;
   }

src/main/java/org/italiangrid/storm/webdav/config/ServiceConfiguration.java

@@ -33,10 +33,14 @@ public interface ServiceConfiguration {
 
   public long getTrustAnchorsRefreshIntervalInSeconds();
 
+  public int getMinConnections();
+
   public int getMaxConnections();
 
   public int getMaxQueueSize();
 
+  public int getThreadPoolMaxIdleTimeInMsec();
+
   public int getConnectorMaxIdleTimeInMsec();
 
   public String getSAConfigDir();