Conversation
…rative Services Migrate all JWT token authentication and security management components from Felix Dependency Manager annotations to OSGi Declarative Services annotations. This brings the security subsystem in line with the rest of the GOSS codebase and resolves runtime issues where JWT security components were not properly initializing. Core component migrations: - SecurityConfigImpl: Changed from @component to @component with configurationPid, added @activate and @Modified lifecycle methods, fixed getUseToken() to return the actual useToken field instead of hardcoded false - RoleManagerImpl: Migrated to DS annotations, improved configuration property filtering to skip OSGi metadata properties - UnauthTokenBasedRealm: Migrated to DS with @reference for service dependencies, simplified configuration handling - UserRepositoryImpl: Migrated to DS, moved start() logic to activate() method, improved configuration property parsing - SystemBasedRealm: Migrated to DS annotations with proper lifecycle management Dependency management improvements: - Added nimbus-jose-jwt 9.31 and json-smart 2.4.11 dependencies to central.maven - Created nimbus-jose-jwt-buildpath and nimbus-jose-jwt-runpath in libraries.bnd - Added nimbus-jose-jwt to pnnl.goss.core/bnd.bnd buildpath - Updated integration tests (bnd.bnd) to include nimbus-jose-jwt-runpath - Added nimbus-jose-jwt-runpath to both goss-core.bndrun and goss-core-ssl.bndrun Bug fixes: - Fixed SecurityConfigImpl.parseToken() to use payload.toString() instead of toJSONObject().toJSONString() which was causing JSON parsing errors - Fixed SecurityConfigImpl.getUseToken() to return the actual useToken field - Fixed boolean parsing in SecurityConfigImpl to check useTokenString instead of secret - Added null username check in PropertyBasedRealm to prevent NPE when clients attempt token-based auth against servers without token support - Improved logging throughout security components for better debugging Configuration updates: - Updated security-jwt.bnd bundle version from 1.0.150 to 12.1.0 - Added PROP_TOKEN_QUEUE constant to GossCoreContants for consistency This migration enables JWT token-based authentication to function correctly in GridAPPS-D deployments, allowing clients to authenticate using tokens instead of sending credentials with every request.
… support - Removed old user authentication mechanism and replaced it with a property-based realm for username/password authentication. - Implemented a new TokenRealm for JWT token-based authentication. - Added a token request handler to manage JWT token creation and validation. - Updated the broker configuration to include Shiro security and token support. - Cleaned up the .gitignore files across multiple modules to ensure consistency. - Added integration tests for STOMP token authentication in the itests module. - Updated dependencies in build.gradle to use ActiveMQ 6.x and added Nimbus JOSE JWT for token handling.
…and improve build process
…ering for semver versions
- Updated SHA checksum for index.xml - Added new JAR files for version 13.0.0 of the following components: - pnnl.goss.core.core-api - pnnl.goss.core.goss-client - pnnl.goss.core.goss-core-commands - pnnl.goss.core.goss-core-exceptions - pnnl.goss.core.goss-core-security - pnnl.goss.core.goss-core-server-api - pnnl.goss.core.goss-core-server-registry - pnnl.goss.core.goss-core-server-web - pnnl.goss.core.goss-core-server - pnnl.goss.core.itests - pnnl.goss.core.runner - pnnl.goss.core.security-jwt - pnnl.goss.core.security-ldap - pnnl.goss.core.security-propertyfile - pnnl.goss.core.security-system - pnnl.goss.core.testutil
- Updated the Bundle-Version from 13.0.0-SNAPSHOT to 13.0.0 in multiple bnd files across the project. - Updated the SHA checksum for index.xml.sha. - Updated various JAR files in the releaserepo, indicating changes in the binary files for core components.
- Removed OSGi and STOMP integration tests from CI configuration. - Introduced a unified integration test job for Java external server tests. - Updated Makefile to reflect new integration test commands. - Added GossExternalServerTest for external server integration testing. - Enhanced Python STOMP token authentication tests for better coverage. - Configured GossSimpleRunner to allow customizable ports via system properties.
…pdate index checksum - Added new JAR files for the following components: - pnnl.goss.core.core-api - pnnl.goss.core.goss-client - pnnl.goss.core.goss-core-commands - pnnl.goss.core.goss-core-exceptions - pnnl.goss.core.goss-core-security - pnnl.goss.core.goss-core-server-api - pnnl.goss.core.goss-core-server-registry - pnnl.goss.core.goss-core-server-web - pnnl.goss.core.goss-core-server - pnnl.goss.core.itests - pnnl.goss.core.runner - pnnl.goss.core.security-jwt - pnnl.goss.core.security-ldap - pnnl.goss.core.security-propertyfile - pnnl.goss.core.security-system - pnnl.goss.core.testutil - Updated index.xml checksum to reflect new additions.
…istener and ServerListener
…iles and add bare reply-to token request tests
- Updated the SHA checksum for index.xml. - Added new JAR files for the following components: - pnnl.goss.core.core-api - pnnl.goss.core.goss-client - pnnl.goss.core.goss-core-commands - pnnl.goss.core.goss-core-exceptions - pnnl.goss.core.goss-core-security - pnnl.goss.core.goss-core-server-api - pnnl.goss.core.goss-core-server-registry - pnnl.goss.core.goss-core-server-web - pnnl.goss.core.goss-core-server - pnnl.goss.core.itests - pnnl.goss.core.runner - pnnl.goss.core.security-jwt - pnnl.goss.core.security-ldap - pnnl.goss.core.security-propertyfile - pnnl.goss.core.security-system - pnnl.goss.core.testutil
- Updated SHA for index.xml to reflect new release. - Added new JAR files for pnnl.goss.core.core-api, pnnl.goss.core.goss-client, pnnl.goss.core.goss-core-commands, pnnl.goss.core.goss-core-exceptions, pnnl.goss.core.goss-core-security, pnnl.goss.core.goss-core-server-api, pnnl.goss.core.goss-core-server-registry, pnnl.goss.core.goss-core-server-web, pnnl.goss.core.goss-core-server, pnnl.goss.core.itests, pnnl.goss.core.runner, pnnl.goss.core.security-jwt, pnnl.goss.core.security-ldap, pnnl.goss.core.security-propertyfile, and pnnl.goss.core.security-system. - Updated bundle versions in bnd files to 15.0.1 across various components. - Refactored reply destination handling in DefaultClientListener and ServerListener to improve message processing and ensure compatibility with STOMP clients.
… to support OSGi classloader
…accept all ActiveMQ destination types
- Updated SHA for index.xml to reflect new release. - Added new JAR files for the following components: - pnnl.goss.core.core-api - pnnl.goss.core.goss-client - pnnl.goss.core.goss-core-commands - pnnl.goss.core.goss-core-exceptions - pnnl.goss.core.goss-core-security - pnnl.goss.core.goss-core-server-api - pnnl.goss.core.goss-core-server-registry - pnnl.goss.core.goss-core-server-web - pnnl.goss.core.goss-core-server - pnnl.goss.core.itests - pnnl.goss.core.runner - pnnl.goss.core.security-jwt - pnnl.goss.core.security-ldap - pnnl.goss.core.security-propertyfile - pnnl.goss.core.security-system - pnnl.goss.core.testutil - Updated bundle versions in various bnd files from 15.0.1 to 15.0.2.
Contributor
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
pnnl.goss.core/src/pnnl/goss/core/security/jwt/UnauthTokenBasedRealm.java
Fixed
Show fixed
Hide fixed
pnnl.goss.core.runner/src/main/java/pnnl/goss/core/runner/GossSimpleRunner.java
Fixed
Show fixed
Hide fixed
…nformation into log files Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
…nformation into log files Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
…FormatException Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
|
❌ Code formatting check failed! Please run |
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
|
❌ Code formatting check failed! Please run |
1 similar comment
|
❌ Code formatting check failed! Please run |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request makes significant improvements to the CI/CD workflows, build automation, and configuration files for the project. The main focus is on modernizing GitHub Actions usage, improving integration testing, simplifying build steps, and cleaning up security analysis configuration. These changes help streamline development, testing, and release processes, reduce maintenance overhead, and ensure compatibility with the latest GitHub Actions and tools.
CI/CD workflow modernization and improvements:
actions/checkout@v6,actions/setup-java@v5,actions/cache@v5,actions/upload-artifact@v6, etc.), enhancing performance and security across all workflows (ci.yml,code-quality.yml,codeql.yml,format-check.yml,release.yml,test.yml). [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17]./gradlew buildto./gradlew assemblein several workflows, which compiles the code without running unnecessary tasks, leading to faster builds (ci.yml,codeql.yml,release.yml,test.yml). [1] [2] [3] [4]Integration testing enhancements:
osgi-integration-teststointegration-tests, added steps to build and launch the SimpleRunner JAR, installed Pixi for Python-based tests, started GOSS broker, and included new STOMP and WebSocket token authentication tests. Improved log collection and cleanup for integration tests (ci.yml).ci.yml,test.yml). [1] [2] [3]Security and code quality configuration cleanup:
.github/codeql/codeql-config.ymlby removing unnecessary paths and disabling custom query packs, focusing CodeQL analysis on main source code and reducing false positives. [1] [2]Build and release workflow improvements:
release.yml).test.ymlworkflow to prevent overlapping runs and ensure only the latest run is active, reducing wasted CI resources (test.yml).Makefile enhancements:
.PHONYtargets in theMakefileto cover new commands for integration testing, running, stopping, and logging, supporting improved developer automation and workflow integration.