Merge branch 'release/12.0.0'

CHANGELOG.md

@@ -4,9 +4,49 @@ All notable changes to this project are documented in this file following the [K
 Issues reported on [GitHub](https://github.com/authzforce/server/issues) are referenced in the form of `[GH-N]`, where N is the issue number. Issues reported on [OW2](https://jira.ow2.org/browse/AUTHZFORCE/) are mentioned in the form of `[OW2-N]`, where N is the issue number.
 
 
+## 12.0.0
+### Changed
+- Upgraded parent project authzforce-ce-parent: 9.1.0
+  - **Migrated to Java 17 (as the minimum required JRE version from now on), JAXB 4.0 (javax.xml.bind.\* imports replaced with jakarta.xml.bind.\*) and JAX-RS 3.0.0 (javax.ws.\* imports replaced with jakarta.ws.\*)**
+
+- Upgraded dependencies: 
+  - authzforce-ce-rest-api-model: 7.0.0 
+    - authzforce-ce-atom-model: 9.1.0
+	-  authzforce-ce-xacml-model: 9.1.0
+	-  authzforce-ce-pdp-ext-model: 9.1.0 
+    - Jakarta REST API: javax.ws.rs-api replaced with **jakarta.ws.rs-api: 3.0.0**
+    - org.json:json: 20231013
+  - authzforce-ce-jaxrs-utils: 3.0.0
+    - authzforce-ce-xacml-json-model: 4.1.0
+      - everit-json-schema: 1.14.3 
+  - authzforce-ce-core-pap-dao-flat-file: 15.0.0
+    - authzforce-ce-core-pap-api: 13.0.0
+    - authzforce-ce-core-pdp-engine: 21.0.1:
+	  - Fixed [GH-69](https://github.com/authzforce/core/issues/69): Support for XACML <StatusDetail> / <MissingAttributeDetail>s, returned when missing named Attribute(s) in AttributeDesignator/AttributeSelector expressions, and may be returned by custom PDP extensions as well.
+	  - Fixed [GH-73](https://github.com/authzforce/core/issues/73): (Rule's Condition that always returns False was considered invalid).
+	  - Fixed [GH-83](https://github.com/authzforce/core/issues/83): `NoSuchElementException` thrown when the rule combining algorithm is permit-unless-deny and there is no Deny rule but at least one Permit rule with Obligation/Advice.
+	  - Fixed [GH-92](https://github.com/authzforce/core/issues/92) Deny-overrides rule combining algorithm - Missing obligations in case of multiple Permit Rules and no Deny Rule (only the Obligations from the first Permit Rule were returned).
+    - authzforce-ce-core-pdp-io-xacml-json: 21.0.1
+    - java-uuid-generator: 4.2.0
+  - Servlet API: javax.servlet-api replaced with **jakarta.servlet-api: 5.0**.
+  - jettison: 1.5.4
+  - FastInfoset: 2.1.1
+  - spring-context, spring-web, spring-core, spring-beans: 6.1.3
+  - cxf-rt-*: 4.0.3
+  - Logback: 1.4.14
+
+- Upgraded Tomcat used in integration tests: 10.1.18
+
+### Added
+- Added support for GeoXACML content mime types on the REST API (WADL)
+
+### Removed
+- Removed dependency: logback-ext-spring
+
+
 ## 11.0.1
 ### Fixed
-- [GH-22]: replaced vulnerable Tomcat base image with latest official (tomcat:9-jre11-temurin-focal) for Docker.
+- Fixed Docker image: replaced vulnerable Tomcat base image with latest official (tomcat:9-jre11-temurin-focal) for Docker. [More info](https://github.com/authzforce/fiware/issues/22).
 
 
 ## 11.0.0

README.md

@@ -285,10 +285,7 @@ quicker resolution:
 
 ## Security - Vulnerability reporting
 
-If you want to report a vulnerability, you must do so on the
-[OW2 Issue Tracker](https://jira.ow2.org/browse/AUTHZFORCE/) with _Security
-Level_ set to **Private**. Then, if the AuthzForce team can confirm it, they
-will change it to **Public** and set a fix version.
+If you want to report a vulnerability, you can do so on this Github repository by following the process: [Privately reporting a security vulnerability](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability).
 
 ## Contributing
 

dist/pom.xml

@@ -3,7 +3,7 @@
    <parent>
       <groupId>org.ow2.authzforce</groupId>
       <artifactId>authzforce-ce-server</artifactId>
-      <version>11.0.1</version>
+      <version>12.0.0</version>
       <relativePath>../pom.xml</relativePath>
    </parent>
    <artifactId>authzforce-ce-server-dist</artifactId>

pom.xml

@@ -4,21 +4,21 @@
    <parent>
       <groupId>org.ow2.authzforce</groupId>
       <artifactId>authzforce-ce-parent</artifactId>
-      <version>8.2.1</version>
+      <version>9.1.0</version>
    </parent>
    <artifactId>authzforce-ce-server</artifactId>
    <!-- FIWARE Versioning + Version must be equal or higher than 'authzforce-ce-rest-api-model' dependency in 'rest-service' module -->
-   <version>11.0.1</version>
+   <version>12.0.0</version>
    <packaging>pom</packaging>
    <name>${project.groupId}:${project.artifactId}</name>
    <description>AuthzForce CE Server</description>
    <url>${project.url}</url>
    <properties>
       <git.url.base>https://github.com/authzforce/server</git.url.base>
-      <authzforce-ce-core.version>20.1.0</authzforce-ce-core.version>
-      <authzforce-ce-core-pap-api.version>12.0.0</authzforce-ce-core-pap-api.version>
+      <authzforce-ce-core.version>21.0.1</authzforce-ce-core.version>
+      <authzforce-ce-core-pap-api.version>13.0.0</authzforce-ce-core-pap-api.version>
       <!-- Version must be compatible with authzforce-ce-core and authzforce-ce-core-pap-api versions above. -->
-      <authzforce-ce-pap-dao-flat-file.version>14.0.0</authzforce-ce-pap-dao-flat-file.version>
+      <authzforce-ce-pap-dao-flat-file.version>15.0.0</authzforce-ce-pap-dao-flat-file.version>
       <productId>authzforce-ce-server</productId>
       <productName>AuthzForce CE Server</productName>
       <productMaintainer>THALES</productMaintainer>

rest-service/pom.xml

@@ -4,7 +4,7 @@
       <groupId>org.ow2.authzforce</groupId>
       <artifactId>authzforce-ce-server</artifactId>
       <!-- Version must be equal or higher than authzforce-ce-rest-api-model dependency -->
-      <version>11.0.1</version>
+      <version>12.0.0</version>
       <relativePath>../pom.xml</relativePath>
    </parent>
    <artifactId>authzforce-ce-server-rest-service</artifactId>
@@ -19,8 +19,8 @@
    </scm>
    <dependencies>
       <dependency>
-         <groupId>javax.servlet</groupId>
-         <artifactId>javax.servlet-api</artifactId>
+         <groupId>jakarta.servlet</groupId>
+         <artifactId>jakarta.servlet-api</artifactId>
          <scope>provided</scope>
       </dependency>
       <dependency>
@@ -30,7 +30,7 @@
       <dependency>
          <groupId>${project.groupId}</groupId>
          <artifactId>${artifactId.prefix}-rest-api-model</artifactId>
-         <version>6.0.0</version>
+         <version>7.0.0</version>
       </dependency>
       <dependency>
          <groupId>${project.groupId}</groupId>
@@ -39,7 +39,7 @@
       <dependency>
          <groupId>org.ow2.authzforce</groupId>
          <artifactId>authzforce-ce-jaxrs-utils</artifactId>
-         <version>2.0.3</version>
+         <version>3.0.0</version>
       </dependency>
       <dependency>
          <groupId>com.github.spotbugs</groupId>

rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/DomainResourceImpl.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012-2022 THALES.
+ * Copyright (C) 2012-2024 THALES.
  *
  * This file is part of AuthzForce CE.
  *
@@ -36,8 +36,8 @@
 import org.w3._2005.atom.Link;
 import org.w3._2005.atom.Relation;
 
-import javax.ws.rs.*;
-import javax.ws.rs.core.Response.Status;
+import jakarta.ws.rs.*;
+import jakarta.ws.rs.core.Response.Status;
 import javax.xml.datatype.DatatypeConfigurationException;
 import javax.xml.datatype.DatatypeFactory;
 import java.io.IOException;
@@ -141,7 +141,7 @@ public Domain getDomain()
 	{
 		// Links to child resources (properties, pap, pdp)
 		// domain properties link
-		final Link propsLink = new Link();
+
 		// For the link, get Path annotation of corresponding method
 		final Path propsResourcePath;
 		try
@@ -153,12 +153,9 @@ public Domain getDomain()
 			throw new InternalServerErrorException("Error getting the 'properties' resource of domain '" + domainId + "'", e);
 		}
 
-		propsLink.setHref(propsResourcePath.value());
-		propsLink.setTitle("Domain properties");
-		propsLink.setRel(Relation.ITEM);
+		final Link propsLink = new Link(Relation.ITEM, null, propsResourcePath.value(), null, "Domain properties", null, null);
 
 		// PAP link
-		final Link papLink = new Link();
 		// For the link, get Path annotation of getPap method
 		final Path papResourcePath;
 		try
@@ -170,12 +167,9 @@ public Domain getDomain()
 			throw new InternalServerErrorException("Error getting the 'pap' resource of domain '" + domainId + "'", e);
 		}
 
-		papLink.setHref(papResourcePath.value());
-		papLink.setTitle("Policy Administration Point");
-		papLink.setRel(Relation.ITEM);
+		final Link papLink = new Link(Relation.ITEM, null, papResourcePath.value(), null, "Policy Administration Point", null, null);
 
 		// PDP link
-		final Link pdpLink = new Link();
 		// For the link, get Path annotation of getPap method
 		final Path pdpResourcePath;
 		try
@@ -187,15 +181,12 @@ public Domain getDomain()
 			throw new InternalServerErrorException("Error getting the 'pdp' resource of domain '" + domainId + "'", e);
 		}
 
-		pdpLink.setHref(pdpResourcePath.value());
-		pdpLink.setTitle("Policy Decision Point");
-
 		/*
 		 * Conformance with test assertion 'urn:oasis:names:tc:xacml:3.0:profile:rest:assertion:home:pdp' of REST Profile of XACML v3.0 Version 1.0:
 		 * http://docs.oasis-open.org/xacml/xacml-rest/v1.0/cs02/xacml-rest-v1.0-cs02.html#_Toc399235433. Example:
 		 * http://docs.oasis-open.org/xacml/xacml-rest/v1.0/cs02/xacml-rest-v1.0-cs02.html#_Toc399235419
 		 */
-		pdpLink.setRel(Relation.HTTP_DOCS_OASIS_OPEN_ORG_NS_XACML_RELATION_PDP);
+		final Link pdpLink = new Link(Relation.HTTP_DOCS_OASIS_OPEN_ORG_NS_XACML_RELATION_PDP, null, pdpResourcePath.value(), null, "Policy Decision Point", null, null);
 
 		final Resources childResources = new Resources(Arrays.asList(propsLink, papLink, pdpLink));
 		final ReadableDomainProperties props;
@@ -279,7 +270,6 @@ public ResourceContent getPAP()
 		}
 
 		// Link to child resource 'pdp.properties'
-		final Link pdpPropsLink = new Link();
 		// For the link, get Path annotation of corresponding method
 		final Path pdpPropsResourcePath;
 		try
@@ -291,12 +281,9 @@ public ResourceContent getPAP()
 			throw new InternalServerErrorException("Error getting the 'pdp.properties' resource of the domain '" + domainId + "'", e);
 		}
 
-		pdpPropsLink.setHref(pdpPropsResourcePath.value());
-		pdpPropsLink.setTitle("PDP properties");
-		pdpPropsLink.setRel(Relation.ITEM);
+		final Link pdpPropsLink = new Link(Relation.ITEM, null, pdpPropsResourcePath.value(), null, "PDP properties", null, null);
 
 		// Link to child resource 'prp.properties'
-		final Link prpPropsLink = new Link();
 		// For the link, get Path annotation of corresponding method
 		final Path prpPropsResourcePath;
 		try
@@ -308,12 +295,9 @@ public ResourceContent getPAP()
 			throw new InternalServerErrorException("Error getting the 'prp.properties' resource of the domain '" + domainId + "'", e);
 		}
 
-		prpPropsLink.setHref(prpPropsResourcePath.value());
-		prpPropsLink.setTitle("PRP properties");
-		prpPropsLink.setRel(Relation.ITEM);
+		final Link prpPropsLink = new Link(Relation.ITEM, null, prpPropsResourcePath.value(), null, "PRP properties", null, null);
 
 		// Link to child resource 'policies'
-		final Link policiesLink = new Link();
 		// For the link, get Path annotation of getPoliciesResource method
 		final Path policiesResourcePath;
 		try
@@ -325,12 +309,9 @@ public ResourceContent getPAP()
 			throw new InternalServerErrorException("Error getting the 'policies' resource of the domain '" + domainId + "'", e);
 		}
 
-		policiesLink.setHref(policiesResourcePath.value());
-		policiesLink.setTitle("PRP policies");
-		policiesLink.setRel(Relation.ITEM);
+		final Link policiesLink = new Link(Relation.ITEM, null, policiesResourcePath.value(), null, "PRP policies", null, null);
 
 		// Link to child resource 'attributeProviders'
-		final Link attrProvidersLink = new Link();
 		// For the link, get Path annotation of getAttributeProvidersResource
 		// method
 		final Path attrProvidersResourcePath;
@@ -343,9 +324,8 @@ public ResourceContent getPAP()
 			throw new InternalServerErrorException("Error getting the 'attributeProviders' resource of the domain '" + domainId + "'", e);
 		}
 
-		attrProvidersLink.setHref(attrProvidersResourcePath.value());
-		attrProvidersLink.setTitle("PDP Attribute Providers");
-		attrProvidersLink.setRel(Relation.ITEM);
+		final Link attrProvidersLink = new Link(Relation.ITEM, null, attrProvidersResourcePath.value(), null, "PDP Attribute Providers", null, null);
+
 
 		final Resources childResources = new Resources(Arrays.asList(pdpPropsLink, prpPropsLink, policiesLink, attrProvidersLink));
 		return new ResourceContent(null, childResources);
@@ -493,11 +473,7 @@ public Link addPolicy(final PolicySet policy)
 		// Policy ID is xs:anyURI, therefore may contain invalid characters for
 		// URL paths -> needs escaping to be used as URL path segment
 		final String policyIdUrlPathSegment = URL_PATH_SEGMENT_ESCAPER.escape(policy.getPolicySetId());
-		final Link policyResourceLink = new Link();
-		policyResourceLink.setHref(policyIdUrlPathSegment + "/" + policy.getVersion());
-		policyResourceLink.setTitle("Policy '" + policy.getPolicySetId() + "' v" + policy.getVersion());
-		policyResourceLink.setRel(Relation.ITEM);
-		return policyResourceLink;
+        return new Link(Relation.ITEM, null, policyIdUrlPathSegment + "/" + policy.getVersion(), null, "Policy '" + policy.getPolicySetId() + "' v" + policy.getVersion(), null, null);
 	}
 
 	@Override
@@ -530,18 +506,16 @@ public Resources getPolicies()
 			throw new InternalServerErrorException("Error getting policy resource IDs in domain '" + domainId + "'", e);
 		}
 
-		if (policyResourceIDs.size() < 1)
+		if (policyResourceIDs.isEmpty())
 		{
 			throw new InternalServerErrorException("Missing root policy resource from DAO in domain '" + domainId + "'");
 		}
 
 		final List<Link> policyResourceLinks = new ArrayList<>(policyResourceIDs.size());
 		for (final String policyResourceId : policyResourceIDs)
 		{
-			final Link link = new Link();
+			final Link link = new Link(Relation.ITEM, null, policyResourceId, null, null, null, null);
 			policyResourceLinks.add(link);
-			link.setHref(policyResourceId);
-			link.setRel(Relation.ITEM);
 		}
 
 		return new Resources(policyResourceLinks);

rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/DomainsResourceImpl.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012-2022 THALES.
+ * Copyright (C) 2012-2024 THALES.
  *
  * This file is part of AuthzForce CE.
  *
@@ -25,11 +25,11 @@
 import java.util.List;
 import java.util.Set;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.BadRequestException;
-import javax.ws.rs.InternalServerErrorException;
-import javax.ws.rs.NotFoundException;
-import javax.ws.rs.core.Context;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.ws.rs.BadRequestException;
+import jakarta.ws.rs.InternalServerErrorException;
+import jakarta.ws.rs.NotFoundException;
+import jakarta.ws.rs.core.Context;
 
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import org.ow2.authzforce.core.pap.api.dao.DomainsDao;
@@ -112,11 +112,7 @@ public Link addDomain(final DomainProperties props)
 		}
 
 		final String encodedUrlPathSegment = DomainResourceImpl.URL_PATH_SEGMENT_ESCAPER.escape(domainId);
-		final Link link = new Link();
-		link.setHref(encodedUrlPathSegment);
-		link.setRel(Relation.ITEM);
-		link.setTitle(domainId);
-		return link;
+        return new Link(Relation.ITEM, null, encodedUrlPathSegment, null, domainId, null, null);
 	}
 
 	/*
@@ -152,10 +148,9 @@ public Resources getDomains(final String externalId)
 		}
 		else
 		{
-			if (attrVal instanceof List)
+			if (attrVal instanceof List<?> resourceIds)
 			{
-				final List<?> resourceIds = (List<?>) attrVal;
-				if (resourceIds.contains(anyResourceId))
+                if (resourceIds.contains(anyResourceId))
 				{
 					final Set<String> domainIDs;
 					try
@@ -199,10 +194,7 @@ public Resources getDomains(final String externalId)
 		for (final String domainId : authorizedDomainIDs)
 		{
 			final String encodedUrlPathSegment = DomainResourceImpl.URL_PATH_SEGMENT_ESCAPER.escape(domainId);
-			final Link link = new Link();
-			link.setHref(encodedUrlPathSegment);
-			link.setRel(Relation.ITEM);
-			link.setTitle(domainId);
+			final Link link = new Link(Relation.ITEM, null, encodedUrlPathSegment, null, domainId, null, null);
 			domainResourceLinks.add(link);
 		}
 

rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/PolicyResourceImpl.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012-2022 THALES.
+ * Copyright (C) 2012-2024 THALES.
  *
  * This file is part of AuthzForce CE.
  *
@@ -23,9 +23,9 @@
 import java.util.List;
 import java.util.NavigableSet;
 
-import javax.ws.rs.BadRequestException;
-import javax.ws.rs.InternalServerErrorException;
-import javax.ws.rs.NotFoundException;
+import jakarta.ws.rs.BadRequestException;
+import jakarta.ws.rs.InternalServerErrorException;
+import jakarta.ws.rs.NotFoundException;
 
 import org.ow2.authzforce.core.pap.api.dao.DomainDao;
 import org.ow2.authzforce.core.pap.api.dao.PolicyDaoClient;
@@ -97,10 +97,8 @@ private static Resources getVersionResources(final NavigableSet<PolicyVersion> v
 		final List<Link> policyVersionLinks = new ArrayList<>(versions.size());
 		for (final PolicyVersion v : versions)
 		{
-			final Link link = new Link();
+			final Link link = new Link(Relation.ITEM, null, v.toString(), null, null, null, null);
 			policyVersionLinks.add(link);
-			link.setHref(v.toString());
-			link.setRel(Relation.ITEM);
 		}
 
 		return new Resources(policyVersionLinks);