kstateome · japshvincent · Sep 26, 2024 · Apr 25, 2022 · Apr 25, 2022 · Apr 25, 2022
diff --git a/Jenkinsfile b/Jenkinsfile
@@ -0,0 +1,9 @@
+@Library('jenkins-shared-libs') _
+def config = [ appName: 'lti-launch',
+               podName: 'java-11-maven-3.5.2.yaml',
+               containerName: 'jdk-11-maven',
+               runUnitTests: false,
+               runIntegrationTests: true,
+               runSonar: true
+             ]
+javaPipeline(config)
diff --git a/pom.xml b/pom.xml
@@ -12,7 +12,7 @@
   <description>Java framework for authenticating LTI launch requests from the Canvas LMS</description>
   <url>https://github.com/kstateome/lti-launch</url>
 
-   <licenses>
+  <licenses>
     <license>
       <name>GNU Lesser General Public License (LGPL), Version 3</name>
       <url>http://www.fsf.org/licensing/licenses/lgpl.txt</url>
@@ -52,7 +52,12 @@
   </distributionManagement>
 
   <properties>
-      <log4j2.version>2.17.1</log4j2.version>
+    <log4j2.version>2.17.1</log4j2.version>
+    <maven.surefire.version>2.22.2</maven.surefire.version>
+    <spring.version>5.3.14</spring.version>
+    <spring-security.version>5.8.14</spring-security.version>
+    <!-- Skip integration tests by default. They are enabled by an integration test specific profile -->
+    <skipITs>true</skipITs>
   </properties>
 
   <build>
@@ -85,6 +90,11 @@
           </execution>
         </executions>
       </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-site-plugin</artifactId>
+        <version>3.9.1</version>
+      </plugin>
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-release-plugin</artifactId>
@@ -96,7 +106,28 @@
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-surefire-plugin</artifactId>
-        <version>2.19.1</version>
+        <version>${maven.surefire.version}</version>
+        <configuration>
+          <includes>**/*UTest*.java</includes>
+        </configuration>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-failsafe-plugin</artifactId>
+        <version>${maven.surefire.version}</version>
+        <executions>
+          <execution>
+            <phase>integration-test</phase>
+            <goals>
+              <goal>integration-test</goal>
+            </goals>
+            <configuration>
+              <includes>
+                <include>**/*ITest.java</include>
+              </includes>
+            </configuration>
+          </execution>
+        </executions>
       </plugin>
     </plugins>
   </build>
@@ -215,24 +246,65 @@
         </dependency>
       </dependencies>
     </profile>
+    <profile>
+      <id>integration</id>
+      <properties>
+        <skipITs>false</skipITs>
+      </properties>
+      <build>
+        <plugins>
+          <plugin>
+            <artifactId>maven-surefire-plugin</artifactId>
+            <configuration>
+              <skipTests>true</skipTests>
+            </configuration>
+          </plugin>
+        </plugins>
+      </build>
+    </profile>
   </profiles>
 
   <dependencyManagement>
     <dependencies>
       <dependency>
         <groupId>org.springframework</groupId>
         <artifactId>spring-web</artifactId>
-        <version>4.1.6.RELEASE</version>
+        <version>${spring.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.springframework</groupId>
+        <artifactId>spring-context</artifactId>
+        <version>${spring.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.springframework</groupId>
+        <artifactId>spring-aop</artifactId>
+        <version>${spring.version}</version>
       </dependency>
       <dependency>
         <groupId>org.springframework.security.oauth</groupId>
         <artifactId>spring-security-oauth</artifactId>
         <version>2.0.17.RELEASE</version>
       </dependency>
+      <dependency>
+        <groupId>org.springframework.security</groupId>
+        <artifactId>spring-security-core</artifactId>
+        <version>${spring-security.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.springframework.security</groupId>
+        <artifactId>spring-security-web</artifactId>
+        <version>${spring-security.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.springframework.security</groupId>
+        <artifactId>spring-security-config</artifactId>
+        <version>${spring-security.version}</version>
+      </dependency>
       <dependency>
         <groupId>org.springframework</groupId>
         <artifactId>spring-webmvc</artifactId>
-        <version>4.1.6.RELEASE</version>
+        <version>${spring.version}</version>
       </dependency>
       <dependency>
         <groupId>org.apache.commons</groupId>
@@ -267,7 +339,7 @@
       <dependency>
         <groupId>org.springframework</groupId>
         <artifactId>spring-test</artifactId>
-        <version>4.1.6.RELEASE</version>
+        <version>${spring.version}</version>
       </dependency>
       <dependency>
         <groupId>org.powermock</groupId>

diff --git a/src/main/java/edu/ksu/lti/launch/spring/config/LtiLaunchSecurityConfig.java b/src/main/java/edu/ksu/lti/launch/spring/config/LtiLaunchSecurityConfig.java
@@ -4,8 +4,8 @@
 import edu.ksu.lti.launch.oauth.LtiOAuthAuthenticationHandler;
 import edu.ksu.lti.launch.service.ConfigService;
 import org.apache.commons.lang3.StringUtils;
-import org.apache.logging.log4j.Logger;
 import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -69,11 +69,14 @@ protected void configure(HttpSecurity http) throws Exception {
             if (StringUtils.isBlank(canvasUrl)) {
                 throw new RuntimeException("Missing canvas_url config value");
             }
-            http.requestMatchers()
-                .antMatchers("/launch").and()
+            http.securityMatchers()
+                .requestMatchers("/launch").and()
                 .addFilterBefore(configureProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
-                .authorizeRequests().anyRequest().authenticated().and().csrf().disable()
-                .headers().addHeaderWriter(new XFrameOptionsHeaderWriter(new StaticAllowFromStrategy(new URI(canvasUrl))))
+                .authorizeHttpRequests().anyRequest().authenticated().and().csrf().disable()
+                .headers()
+                .frameOptions()
+                .disable()
+                .addHeaderWriter(new XFrameOptionsHeaderWriter(new StaticAllowFromStrategy(new URI(canvasUrl))))
                 .addHeaderWriter(new StaticHeadersWriter("Content-Security-Policy",
                         "default-src 'self' https://s.ksucloud.net https://*.instructure.com; " +
                         "font-src 'self' https://s.ksucloud.net https://*.instructure.com; " +