Upgrade Java version to 11 (#144)

* Upgrade Spring Framework to v5.0.0

Add javax.jms-api dependency
Remove Log4jConfigListener

* Upgrade Spring Framework to v5.2.20

Fix remote code execution vulnerability

* Upgrade Java version to 11

Add javax.annotation-api dependency
Retrieve URLs from classpath without casting to URLClassLoader
Configure all workflows to use Java 11
Configure all pom.xml files to use Java 11
Update utils.sh

* Update test suite for Java 11

Add selenium-http-jdk-client dependency
Remove netty-codec dependency
Use Java 11+ HTTP client for Selenium
Update InstallerTest

* Update Java distribution for all workflows

Ignore SecurityTest

* Update Java distribution for all workflows

* Update Java distribution for all workflows

Add maven-compiler-plugin dependency to cws-test pom.xml

* Upload cws.log for debugging

Update camunda.yml

* Upload cws.log for debugging

Update camunda.yml

* Explicitly declare JKS as keystore type

Update camunda.yml
Enable SecurityTest.java

* Retrieve URLs from classpath through reflection

Update CodeService.java

* Upload cws.log for debugging

Update camunda.yml

* Update camunda.yml

.github/workflows/camunda.yml

@@ -33,10 +33,10 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
-      - name: Set up JDK 8
+      - name: Set up JDK 11
         uses: actions/setup-java@v3
         with:
-          java-version: '8'
+          java-version: '11'
           distribution: 'temurin'
           cache: maven
 
@@ -156,10 +156,10 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
-      - name: Set up JDK 8
+      - name: Set up JDK 11
         uses: actions/setup-java@v3
         with:
-          java-version: '8'
+          java-version: '11'
           distribution: 'temurin'
           cache: maven
 
@@ -257,10 +257,10 @@ jobs:
       - name: Check out the repo
         uses: actions/checkout@v3
 
-      - name: Set up JDK 8
+      - name: Set up JDK 11
         uses: actions/setup-java@v3
         with:
-          java-version: '8'
+          java-version: '11'
           distribution: 'temurin'
           cache: maven
 

.github/workflows/ldap.yml

@@ -33,10 +33,10 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
-      - name: Set up JDK 8
+      - name: Set up JDK 11
         uses: actions/setup-java@v3
         with:
-          java-version: '8'
+          java-version: '11'
           distribution: 'temurin'
           cache: maven
 

cws-adaptation-engine/pom.xml

@@ -155,8 +155,7 @@
 				<artifactId>maven-compiler-plugin</artifactId>
 				<version>${maven-compiler-plugin.version}</version>
 				<configuration>
-					<source>${java.version}</source>
-					<target>${java.version}</target>
+					<release>${java.version}</release>
 				</configuration>
 			</plugin>
 		</plugins>

cws-adaptation/pom.xml

@@ -51,8 +51,7 @@
 				<artifactId>maven-compiler-plugin</artifactId>
 				<version>${maven-compiler-plugin.version}</version>
 				<configuration>
-					<source>${java.version}</source>
-					<target>${java.version}</target>
+					<release>${java.version}</release>
 				</configuration>
 			</plugin>
 			<plugin>

cws-certs/generate-certs.sh

@@ -3,13 +3,13 @@
 # the following bash script creates open-source certs required to access CWS
 
 # create private key and self-signed certificate within a keystore
-keytool -genkey -keyalg RSA -dname "cn=cws, ou=cws, o=cws, l=cws, s=FL, c=US" -alias cws -keypass changeit -keystore .keystore -storepass changeit -validity 360 -keysize 2048
+keytool -genkey -keyalg RSA -dname "cn=cws, ou=cws, o=cws, l=cws, s=FL, c=US" -alias cws -keypass changeit -keystore .keystore -storepass changeit -storetype JKS -validity 360 -keysize 2048
 
 # extract self-signed certificate from keystore
 keytool -export -alias cws -file cws.crt -keystore .keystore -storepass changeit
 
 # insert self-signed certificate into truststore
-keytool -import -alias cws -file cws.crt -keypass changeit -noprompt -keystore cws_truststore.jks -storepass changeit
+keytool -import -alias cws -file cws.crt -keypass changeit -noprompt -keystore cws_truststore.jks -storepass changeit -storetype JKS
 
 # place open-source certs in appropriate directories
 cp .keystore ../install

cws-core/pom.xml

@@ -169,8 +169,7 @@
 				<artifactId>maven-compiler-plugin</artifactId>
 				<version>${maven-compiler-plugin.version}</version>
 				<configuration>
-					<source>${java.version}</source>
-					<target>${java.version}</target>
+					<release>${java.version}</release>
 				</configuration>
 			</plugin>
 			<plugin>

cws-core/src/main/java/jpl/cws/core/code/CodeService.java

@@ -3,13 +3,11 @@
 import java.io.File;
 import java.io.IOException;
 import java.io.PrintWriter;
+import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.net.URL;
 import java.net.URLClassLoader;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
-import java.util.Map;
+import java.util.*;
 
 import javax.tools.Diagnostic;
 import javax.tools.DiagnosticCollector;
@@ -60,19 +58,23 @@ public void afterPropertiesSet() throws Exception {
 		// Construct the set of URLs
 		File outputDir = new File(TEMP_DIR_PATH);
 
-		URLClassLoader cl = ((URLClassLoader) (Thread.currentThread().getContextClassLoader()));
-		URLClassLoader parent = cl;
+		ClassLoader cl = Thread.currentThread().getContextClassLoader();
+		ClassLoader parent = cl;
 
 		while (parent != null) {
-			for (URL url : parent.getURLs()) {
-				urls.add(url);
-				log.trace("CC ["+parent+"] URL: " + url);
+			if (parent.getClass().getName().equals("java.net.URLClassLoader")) {
+				try {
+					Method getURLsMethod = parent.getClass().getMethod("getURLs");
+					URL[] urlsArray = (URL[]) getURLsMethod.invoke(parent);
+					for (URL url : urlsArray) {
+						urls.add(url);
+						log.trace("CC ["+parent+"] URL: " + url);
+					}
+				} catch (NoSuchMethodException | IllegalAccessException | InvocationTargetException e) {
+					log.error("Error accessing getURLs() method on classloader: " + parent, e);
+				}
 			}
-			parent = (URLClassLoader) parent.getParent(); // traverse up chain..
-		}
-
-		if (cl != null) {
-			cl.close();
+			parent = parent.getParent(); // traverse up the chain
 		}
 
 		urls.add(outputDir.toURI().toURL());
@@ -329,5 +331,5 @@ public void persistInProgressCode(String code) {
 	public String getTempDirPath() {
 		return TEMP_DIR_PATH;
 	}
-	
+
 }

cws-engine-service/pom.xml

@@ -227,8 +227,7 @@
 				<artifactId>maven-compiler-plugin</artifactId>
 				<version>${maven-compiler-plugin.version}</version>
 				<configuration>
-					<source>${java.version}</source>
-					<target>${java.version}</target>
+					<release>${java.version}</release>
 				</configuration>
 			</plugin>
 			<plugin>

cws-engine/pom.xml

@@ -36,8 +36,7 @@
 				<artifactId>maven-compiler-plugin</artifactId>
 				<version>${maven-compiler-plugin.version}</version>
 				<configuration>
-					<source>${java.version}</source>
-					<target>${java.version}</target>
+					<release>${java.version}</release>
 				</configuration>
 			</plugin>
 		</plugins>

cws-installer/pom.xml

@@ -82,8 +82,7 @@
 				<artifactId>maven-compiler-plugin</artifactId>
 				<version>${maven-compiler-plugin.version}</version>
 				<configuration>
-					<source>${java.version}</source>
-					<target>${java.version}</target>
+					<release>${java.version}</release>
 				</configuration>
 			</plugin>
 			<plugin>

cws-service/pom.xml

@@ -54,6 +54,11 @@
 					<artifactId>javax.servlet-api</artifactId>
 				</dependency>
 
+				<dependency>
+					<groupId>javax.annotation</groupId>
+					<artifactId>javax.annotation-api</artifactId>
+				</dependency>
+
 				<dependency>
 					<groupId>org.tuckey</groupId>
 					<artifactId>urlrewritefilter</artifactId>
@@ -262,8 +267,7 @@
 				<artifactId>maven-compiler-plugin</artifactId>
 				<version>${maven-compiler-plugin.version}</version>
 				<configuration>
-					<source>${java.version}</source>
-					<target>${java.version}</target>
+					<release>${java.version}</release>
 				</configuration>
 			</plugin>
 		</plugins>

cws-tasks/pom.xml

@@ -107,8 +107,7 @@
 				<artifactId>maven-compiler-plugin</artifactId>
 				<version>${maven-compiler-plugin.version}</version>
 				<configuration>
-					<source>${java.version}</source>
-					<target>${java.version}</target>
+					<release>${java.version}</release>
 				</configuration>
 			</plugin>
 

cws-test/pom.xml

@@ -78,6 +78,10 @@
 			<groupId>org.seleniumhq.selenium</groupId>
 			<artifactId>selenium-chrome-driver</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.seleniumhq.selenium</groupId>
+			<artifactId>selenium-http-jdk-client</artifactId>
+		</dependency>
 
 		<dependency>
 			<groupId>junit</groupId>
@@ -115,6 +119,13 @@
 
 	<build>
 		<plugins>
+			<plugin>
+				<artifactId>maven-compiler-plugin</artifactId>
+				<version>${maven-compiler-plugin.version}</version>
+				<configuration>
+					<release>${java.version}</release>
+				</configuration>
+			</plugin>
 			<plugin>
 				<groupId>org.jacoco</groupId>
 				<artifactId>jacoco-maven-plugin</artifactId>

cws-test/src/test/java/jpl/cws/test/WebTestUtil.java

@@ -112,9 +112,11 @@ public void quitDriver() {
 
 	protected void initChromeDriver() {
 
+		// indicate that Java 11+ HTTP client needs to be used
+		System.setProperty("webdriver.http.factory", "jdk-http-client");
 		ChromeOptions chromeOptions = new ChromeOptions();
 
-		// Turn on headless mode for Bamboo
+		// Turn on headless mode for GitHub Actions
 		chromeOptions.addArguments("--headless=new");
 		chromeOptions.setAcceptInsecureCerts(true);
 		chromeOptions.addArguments("--window-size=1920,1080");

cws-test/src/test/resources/configure_with_jacoco.sh

@@ -48,13 +48,13 @@ else
 	exit 1
 fi
 
-if [[ "$java_version" > "1.8" && "$java_version" < "1.9" ]]; then
-	echo "  Java version == 1.8x      [OK]"
+if [[ "$java_version" > "11" && "$java_version" < "12" ]]; then
+	echo "  Java version == 11x      [OK]"
 else
 	echo " +-------+----------------------------------------------------"
 	echo " | ERROR |                                                    "
 	echo " +-------+                                                    "
-	echo " | Java version is less than 1.8.  Must run with java 1.8x    "
+	echo " | Java version is less than 11.  Must run with Java 11x    "
 	echo " | Aborting program...                                        "
 	echo "--------------------------------------------------------------"
 	exit 1

cws-ui/pom.xml

@@ -46,8 +46,7 @@
 				<artifactId>maven-compiler-plugin</artifactId>
 				<version>${maven-compiler-plugin.version}</version>
 				<configuration>
-					<source>${java.version}</source>
-					<target>${java.version}</target>
+					<release>${java.version}</release>
 				</configuration>
 			</plugin>
 		</plugins>

pom.xml

@@ -48,7 +48,7 @@
 		<h2.version>1.2.132</h2.version>
 		<!-- <httpclient.version>4.3</httpclient.version> -->
 		<jacoco.version>0.8.2</jacoco.version>
-		<java.version>1.8</java.version>
+		<java.version>11</java.version>
 		<javax.mail.version>1.4.7</javax.mail.version>
 		<jersey-client.version>2.6</jersey-client.version>
 		<jms.version>1.1</jms.version>
@@ -57,7 +57,7 @@
 		<jython-standalone.version>2.7.1b3</jython-standalone.version>
 		<mariadb-java-client.version>2.7.2</mariadb-java-client.version>
 
-		<maven-compiler-plugin.version>3.6.1</maven-compiler-plugin.version>
+		<maven-compiler-plugin.version>3.8.0</maven-compiler-plugin.version>
 		<maven-dependency-plugin.version>3.0.1</maven-dependency-plugin.version>
 		<maven-resources-plugin.version>3.1.0</maven-resources-plugin.version>
 		<maven-install-plugin.version>2.5.2</maven-install-plugin.version>
@@ -73,7 +73,7 @@
 		<quartz.version>2.3.2</quartz.version>
 		<selenium.version>4.8.3</selenium.version>
 		<servlet-api.version>3.1.0</servlet-api.version>
-<!--		<slf4j.version>1.7.32</slf4j.version>-->
+		<!--		<slf4j.version>1.7.32</slf4j.version>-->
 		<log4j.version>2.17.1</log4j.version>
 		<slf4j-log4j2-bind.version>2.17.1</slf4j-log4j2-bind.version>
 		<skip.integration.tests>false</skip.integration.tests>
@@ -249,6 +249,12 @@
 				<scope>provided</scope>
 			</dependency>
 
+			<dependency>
+				<groupId>javax.annotation</groupId>
+				<artifactId>javax.annotation-api</artifactId>
+				<version>1.3.2</version>
+			</dependency>
+
 			<!--  IS THIS NEEDED?? -->
 			<dependency>
 				<groupId>org.apache.tomcat</groupId>
@@ -551,11 +557,12 @@
 				<version>${selenium.version}</version>
 				<scope>test</scope>
 			</dependency>
-			<!-- Needed to resolve Netty conflict with Selenium 4 -->
+			<!-- Needed to use Java 11+ HTTP Client in Selenium 4.5.0+-->
 			<dependency>
-				<groupId>io.netty</groupId>
-				<artifactId>netty-codec</artifactId>
-				<version>4.1.91.Final</version>
+				<groupId>org.seleniumhq.selenium</groupId>
+				<artifactId>selenium-http-jdk-client</artifactId>
+				<version>${selenium.version}</version>
+				<scope>test</scope>
 			</dependency>
 			<dependency>
 				<groupId>org.jacoco</groupId>

utils.sh

@@ -152,10 +152,10 @@ function check_java_requirements () {
         exit 1
     fi
 
-    if [[ "${JAVA_PATH_VERSION}" > "1.8" && "${JAVA_PATH_VERSION}" < "1.9" ]]; then
-        print "  Java version == 1.8x     [OK]"
+    if [[ "${JAVA_PATH_VERSION}" > "11" && "${JAVA_PATH_VERSION}" < "12" ]]; then
+        print "  Java version == 11x     [OK]"
     else
-        print "  ERROR: Java version is ${JAVA_PATH_VERSION}. CWS only supports Java version 1.8x."
+        print "  ERROR: Java version is ${JAVA_PATH_VERSION}. CWS only supports Java version 11x."
         exit 1
     fi