Migration of various Groovy classes to Java

[jvz]

Broken up into several commits, I've ported over several Groovy classes to Java. Included is a small simplification to how AuthConfig works for setting up the WebSecurity builder object as that can be done via a customizer. An equivalent approach to simplifying the setup for HttpSecurity would require a much larger change as all the authentication configuration classes would need to migrate from WebSecurityConfigurerAdapter to instead define SecurityFilterChain beans which compose more easily than the existing approach (Spring Security doesn't let you use both approaches at the same time).

In the OidRolesExtractor migration, I've also simplified the use of Bouncycastle APIs slightly as they define convenience methods that do the same thing as what was done in the Groovy code but with less verbosity. I did some research into the particular OID from the test and documentation, and amusingly enough, that same OID is already used for some power management authentication standard, but we don't seem to encode role info even remotely similar to that. While there's some RFC about defining roles and such in certificates, these seem to apply to what's known as an "attribute certificate" which is separate from a normal X.509 certificate (Bouncycastle includes ASN.1 classes for that RFC). Anyways, I made the role parsing more explicit there as relying on toString() for implementation details is not ideal (not every ASN.1 class from BC implements a useful toString() here, but we do expect string data).

[jvz]

I don't know how many times I have to emphasize this, but Spring Boot offers this super useful builder class for making an ObjectMapper, and you can configure default settings in the Spring properties somewhere. Thus, I've moved the feature flags to application.properties on the classpath which Spring Boot picks up by default.

[dbyron-sf]

At least in this commit, I don't see anything moving to application.properties. In this other commit I do see read-unknown-enum-values-as-null set to true. I don't see an equivalent of .disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES) nor .registerModule(new JavaTimeModule() though.

[jvz]

Disabling fail on unknown properties is a default setting in Jackson2ObjectMapperBuilder. JavaTimeModule is one of the "standard" Jackson modules that class looks for, too. See https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/http/converter/json/Jackson2ObjectMapperBuilder.html for more info.

[jvz]

This was a duplicate bean. There's another one defined later in this file without the OkHttpClientProvider argument (which is ignored in this method anyways).

[jvz]

This is now handled in application.properties since all it was doing was reordering the spring security filter. That's a supported config property in Spring Boot, so no need to expose internal details of Spring Security!

[jvz]

While the Spinnaker docs say this needs to be a UTF-8 string, ASN.1 does support like a million other string types that Bouncycastle supports, and they all implement this interface. That is what their toString() methods delegate to, though other ASN.1 types in BC don't necessarily print out machine-parseable data.

[dbyron-sf]

@Mergifyio update

[mergify]

update

✅ Branch has been successfully updated