[SECOPS-14788] (#190)

* Fix build.gradle

* Upgrade

* remove unused and deprecaded war

* Fixes

* Latest fixes :corssed_fingers:

* Latest versions (dependabot)

* Revert not needed changes

* Use SQLDialiect form hibernate

* Spring new version manages servlet

* Update WebSecurityConfig.java

* Update README.md

Author: lopenchi

.github/workflows/gradle.yml

@@ -20,10 +20,10 @@ jobs:
 
     steps:
     - uses: actions/checkout@v2
-    - name: Set up JDK 11
+    - name: Set up JDK 17
       uses: actions/setup-java@v1
       with:
-        java-version: 11.0
+        java-version: 17.0
     - name: Grant execute permission for gradlew
       run: chmod +x gradlew
     - name: Build with Gradle

Makefile

@@ -4,4 +4,4 @@ install:
 	./gradlew build
 
 serve:
-	./gradlew appRun
+	./gradlew bootRun

README.md

@@ -41,7 +41,7 @@ Implementations in other languages:
 
 ### Requirements
 
-- [Java Development Kit](https://adoptopenjdk.net/) version 11 or later.
+- [Java Development Kit](https://adoptopenjdk.net/) version 17 or later.
 - A Twilio account - [sign up](https://www.twilio.com/try-twilio)
 
 ### Twilio Account Settings

build.gradle

@@ -1,49 +1,53 @@
 plugins {
     id 'java'
-    id 'org.gretty' version '3.0.4'
+    id 'io.spring.dependency-management' version '1.1.7'
+    id 'org.springframework.boot' version '3.3.11'
     id 'idea'
-    id 'war'
     id 'groovy'
-    id 'com.github.joselion.pretty-jupiter' version '1.3.4'
+    id 'io.github.joselion.pretty-jupiter' version '3.5.0'
 }
 
-sourceCompatibility = 1.8
-targetCompatibility = 1.8
-ext['springBootVer'] = '2.2.6.RELEASE'
-
-
-repositories {
-    jcenter()
+java {
+    toolchain {
+        languageVersion = JavaLanguageVersion.of(17)
+    }
+    sourceCompatibility = JavaVersion.VERSION_17
+    targetCompatibility = JavaVersion.VERSION_17
 }
 
-gretty {
-    springBootVersion = '2.2.6.RELEASE'
-    springBoot = true
-    servletContainer = 'jetty9.4'
-    contextPath = ''
+repositories {
+    mavenCentral()
 }
 
 configurations {
     providedRuntime
 }
 
 dependencies {
-    implementation(group: 'javax.xml.bind', name: 'jaxb-api', version: '2.3.1')
-    implementation(group: 'javax.el', name:'javax.el-api', version:'3.0.0')
+    implementation(group: 'jakarta.xml.bind', name: 'jakarta.xml.bind-api', version: '4.0.2')
+    providedRuntime(group: 'jakarta.servlet', name:'jakarta.servlet-api', version:'6.1.0')
 
     // Spring
-    implementation(group:'org.springframework.boot', name:'spring-boot-starter-data-jpa', version:"${springBootVer}")
-    implementation(group:'org.springframework.boot', name:'spring-boot-starter-security', version:"${springBootVer}")
+    implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
+    implementation 'org.springframework.boot:spring-boot-starter-security'
+    implementation 'org.springframework.boot:spring-boot-starter-validation'
+    implementation 'org.springframework.boot:spring-boot-starter-web'
+
     implementation(group:'net.rakugakibox.spring.boot', name:'logback-access-spring-boot-starter', version:'2.11.0')
 
+    implementation group: 'org.hibernate.orm', name: 'hibernate-community-dialects', version: '6.6.13.Final'
+
     implementation(group:'com.authy', name:'authy-java', version:'1.5.1')
-    implementation(group:'com.twilio.sdk', name:'twilio', version:'8.31.1')
-    implementation(group:'org.xerial', name:'sqlite-jdbc', version:'3.41.2.2')
+    implementation(group:'com.twilio.sdk', name:'twilio', version:'10.8.0')
+    implementation(group:'org.xerial', name:'sqlite-jdbc', version:'3.49.1.0')
+    implementation 'org.springframework.boot:spring-boot-starter-actuator'
 
     testImplementation(group: 'junit', name:'junit', version:'4.13.2')
-    testImplementation(group:'org.springframework.boot', name:'spring-boot-starter-test', version:"${springBootVer}")
+    testImplementation 'org.springframework.boot:spring-boot-starter-test'
+    testImplementation 'org.springframework.security:spring-security-test'
+
     // Groovy
-    testImplementation (group: 'org.apache.groovy', name: 'groovy-all', version: '4.0.15', ext: 'pom')
+    testImplementation (group: 'org.apache.groovy', name: 'groovy-all', version: '4.0.26', ext: 'pom')
 
     // Constraints
     constraints {
@@ -53,18 +57,19 @@ dependencies {
     }
 
     // Spock
-    testImplementation(group:'org.spockframework', name:'spock-core', version:'2.0-M4-groovy-3.0')
-    testImplementation(group:'org.spockframework', name:'spock-spring', version:'2.0-M4-groovy-3.0')
+    testImplementation(group:'org.spockframework', name:'spock-core', version:'2.4-M6-groovy-4.0')
+    testImplementation(group:'org.spockframework', name:'spock-spring', version:'2.4-M6-groovy-4.0')
     testRuntimeOnly(group:'cglib', name:'cglib-nodep', version:'3.3.0')
+    testRuntimeOnly('org.junit.platform:junit-platform-launcher')
 }
 
 test {
     useJUnitPlatform()
     reports {
-        junitXml.enabled = false
-        html.enabled = false
+        junitXml.required = false
+        html.required = false
     }
     testLogging {
         exceptionFormat = "full"
     }
-}
+}

gradle/wrapper/gradle-wrapper.properties

@@ -1,6 +1,6 @@
-#Thu Dec 17 10:00:49 ECT 2015
+#Tue May 06 10:00:42 ECT 2025
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-6.2.2-bin.zip

src/main/java/com/twilio/accountsecurity/config/SQLiteDialect.java

@@ -6,39 +6,31 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
 
 @Configuration
 @EnableWebSecurity
-public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
-
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        http.addFilterAfter(new TwoFAFilter(), UsernamePasswordAuthenticationFilter.class)
-            .csrf().disable().authorizeRequests()
-                .antMatchers("/protected/**", "/2fa/**").authenticated()
-                .antMatchers("/", "/register/**", "/api/**", "/**.js", "/**.html").permitAll()
-                .and()
-            .logout().permitAll();
-    }
+public class WebSecurityConfig {
 
     @Autowired
     private UserDetailsServiceImpl userDetailsService;
-
     @Autowired
     private PasswordEncoder encoder;
 
-    @Override
-    protected void configure(AuthenticationManagerBuilder auth)
-            throws Exception {
-        auth.userDetailsService(userDetailsService);
-        auth.authenticationProvider(authProvider());
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http
+                .addFilterAfter(new TwoFAFilter(), UsernamePasswordAuthenticationFilter.class)
+                .authorizeRequests()
+                .requestMatchers("/protected/**", "/2fa/**").authenticated()
+                .requestMatchers("/", "/register/**", "/api/**", "/**.js", "/**.html").permitAll()
+                .and().logout().permitAll();
+        return http.build();
     }
 
     @Bean

src/main/java/com/twilio/accountsecurity/config/WebSecurityConfig.java

@@ -11,10 +11,10 @@
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RestController;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.validation.Valid;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.validation.Valid;
 import java.io.IOException;
 
 @RestController

src/main/java/com/twilio/accountsecurity/controllers/LoginController.java

@@ -11,8 +11,8 @@
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RestController;
 
-import javax.servlet.http.HttpSession;
-import javax.validation.Valid;
+import jakarta.servlet.http.HttpSession;
+import jakarta.validation.Valid;
 
 @RestController
 @RequestMapping(path = "/api/phone-verification")
@@ -26,7 +26,7 @@ public PhoneVerificationController(PhoneVerificationService phoneVerificationSer
     }
 
     @RequestMapping(path = "start", method = RequestMethod.POST,
-            consumes = MediaType.APPLICATION_JSON_UTF8_VALUE)
+            consumes = MediaType.APPLICATION_JSON_VALUE)
     public ResponseEntity<?> start(@Valid @RequestBody PhoneVerificationStartRequest requestBody) {
         return runWithCatch(() -> {
             phoneVerificationService.start(