From 27a8d72687096cc01af9f1b4338adadbf20c53e4 Mon Sep 17 00:00:00 2001
From: liamfallon <liam.fallon@est.tech>
Date: Tue, 31 Jan 2023 10:41:41 +0000
Subject: [PATCH] Upgrade and clean up dependencies

- Upgrade Hibernate
- Upgrade Mockito
- Upgrade Mockserver
- Remove Powermock (no longer supported) and replace with spring-test ReflectionTestUtils
- Upgrade Spring Framework
- Add spring-security to allow authentication on unit tests using MockMVC

Minor clean-up
- Replace deprecated authorization configuraiton on spring boot applications with SecurityFilterChain bean
- Change @LocalPort include on tests to use test include rather than runtime include
- Remove unused imports
- Remove unused constants and variables
- Add deprecation annotations where required

Issue-ID: POLICY-4482
Change-Id: Id003bd0fecbdc7fe96a529cd6178a9a373d33963
Signed-off-by: liamfallon <liam.fallon@est.tech>
---
 .../policy/api/main/config/SecurityConfig.java     | 30 ++++++++++++++++------
 .../policy/api/main/rest/TestApiRestServer.java    |  6 ++---
 .../api/main/rest/TestNodeTemplateController.java  |  4 +--
 .../main/rest/stub/ApisRestControllerStubTest.java |  2 +-
 4 files changed, 28 insertions(+), 14 deletions(-)

diff --git a/main/src/main/java/org/onap/policy/api/main/config/SecurityConfig.java b/main/src/main/java/org/onap/policy/api/main/config/SecurityConfig.java
index 367f92af..231456d3 100644
--- a/main/src/main/java/org/onap/policy/api/main/config/SecurityConfig.java
+++ b/main/src/main/java/org/onap/policy/api/main/config/SecurityConfig.java
@@ -1,6 +1,7 @@
 /*-
  * ============LICENSE_START=======================================================
  *  Copyright (C) 2022 Bell Canada. All rights reserved.
+ *  Modifications Copyright (C) 2023 Nordix Foundation.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,17 +21,30 @@
 
 package org.onap.policy.api.main.config;
 
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.SecurityFilterChain;
 
+/**
+ * Configure how access to this module's REST end points is secured.
+ */
 @Configuration
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
-
-    @Override
-    public void configure(HttpSecurity http) throws Exception {
-        http.httpBasic().and()  // use Basic authentication
-            .authorizeRequests().anyRequest().authenticated() // allow authenticated access to all rest endpoints
-            .and().csrf().disable(); // CSRF filter is relevant when serving browser clients, hence disable
+public class SecurityConfig {
+    /**
+     * Return the configuration of how access to this module's REST end points is secured.
+     *
+     * @param http the HTTP security settings
+     * @return the HTTP security settings
+     */
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http
+            .httpBasic()
+            .and()
+            .authorizeHttpRequests().anyRequest().authenticated()
+            .and()
+            .csrf().disable();
+        return http.build();
     }
 }
\ No newline at end of file
diff --git a/main/src/test/java/org/onap/policy/api/main/rest/TestApiRestServer.java b/main/src/test/java/org/onap/policy/api/main/rest/TestApiRestServer.java
index 412c28d1..a1d67dcd 100644
--- a/main/src/test/java/org/onap/policy/api/main/rest/TestApiRestServer.java
+++ b/main/src/test/java/org/onap/policy/api/main/rest/TestApiRestServer.java
@@ -2,7 +2,7 @@
  * ============LICENSE_START=======================================================
  *  Copyright (C) 2018 Samsung Electronics Co., Ltd. All rights reserved.
  *  Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved.
- *  Modifications Copyright (C) 2019-2020,2022 Nordix Foundation.
+ *  Modifications Copyright (C) 2019-2020,2022-2023 Nordix Foundation.
  *  Modifications Copyright (C) 2020-2022 Bell Canada. All rights reserved.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -53,7 +53,7 @@ import org.onap.policy.models.errors.concepts.ErrorResponse;
 import org.onap.policy.models.tosca.authorative.concepts.ToscaServiceTemplate;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.boot.web.server.LocalServerPort;
+import org.springframework.boot.test.web.server.LocalServerPort;
 import org.springframework.test.annotation.DirtiesContext;
 import org.springframework.test.annotation.DirtiesContext.ClassMode;
 import org.springframework.test.context.ActiveProfiles;
@@ -736,4 +736,4 @@ public class TestApiRestServer extends CommonTestRestController {
         assertEquals(code, report.getCode());
         assertEquals(message, report.getMessage());
     }
-}
\ No newline at end of file
+}
diff --git a/main/src/test/java/org/onap/policy/api/main/rest/TestNodeTemplateController.java b/main/src/test/java/org/onap/policy/api/main/rest/TestNodeTemplateController.java
index fb7a152a..c36fea17 100644
--- a/main/src/test/java/org/onap/policy/api/main/rest/TestNodeTemplateController.java
+++ b/main/src/test/java/org/onap/policy/api/main/rest/TestNodeTemplateController.java
@@ -2,7 +2,7 @@
  * ============LICENSE_START=======================================================
  * ONAP Policy API
  * ================================================================================
- * Copyright (C) 2022 Nordix Foundation. All rights reserved.
+ * Copyright (C) 2022-2023 Nordix Foundation. All rights reserved.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -44,7 +44,7 @@ import org.onap.policy.models.tosca.authorative.concepts.ToscaNodeTemplate;
 import org.onap.policy.models.tosca.authorative.concepts.ToscaServiceTemplate;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.boot.web.server.LocalServerPort;
+import org.springframework.boot.test.web.server.LocalServerPort;
 import org.springframework.test.annotation.DirtiesContext;
 import org.springframework.test.context.ActiveProfiles;
 import org.springframework.test.context.DynamicPropertyRegistry;
diff --git a/main/src/test/java/org/onap/policy/api/main/rest/stub/ApisRestControllerStubTest.java b/main/src/test/java/org/onap/policy/api/main/rest/stub/ApisRestControllerStubTest.java
index 6608f9b7..b93aeed5 100644
--- a/main/src/test/java/org/onap/policy/api/main/rest/stub/ApisRestControllerStubTest.java
+++ b/main/src/test/java/org/onap/policy/api/main/rest/stub/ApisRestControllerStubTest.java
@@ -32,7 +32,7 @@ import org.onap.policy.api.main.PolicyApiApplication;
 import org.onap.policy.api.main.rest.utils.CommonTestRestController;
 import org.onap.policy.common.utils.security.SelfSignedKeyStore;
 import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.boot.web.server.LocalServerPort;
+import org.springframework.boot.test.web.server.LocalServerPort;
 import org.springframework.test.annotation.DirtiesContext;
 import org.springframework.test.annotation.DirtiesContext.ClassMode;
 import org.springframework.test.context.ActiveProfiles;
-- 
2.16.6