Merge pull request #162 from companieshouse/feature/JU-89-java-21-migration

Feature/ju 89 java 21 migration

Author: foman-ch

Makefile

@@ -67,3 +67,7 @@ sonar:
 sonar-pr-analysis:
 	mvn sonar:sonar	-P sonar-pr-analysis
 
+.PHONY: security-check
+security-check:
+	mvn org.owasp:dependency-check-maven:update-only
+	mvn org.owasp:dependency-check-maven:check -DfailBuildOnCVSS=4 -DassemblyAnalyzerEnabled=false

ecs-image-build/Dockerfile

@@ -0,0 +1,7 @@
+FROM 416670754337.dkr.ecr.eu-west-2.amazonaws.com/ci-corretto-runtime-21:latest
+
+WORKDIR /opt
+COPY /app .
+COPY docker_start.sh .
+
+CMD ["./docker_start.sh"]

ecs-image-build/docker_start.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+#
+# Start script for orders.api.ch.gov.uk
+
+PORT=8080
+
+exec java -jar -Dserver.port="${PORT}" "orders.api.ch.gov.uk.jar"

ecs-image-build/version

@@ -0,0 +1 @@
+ecs-1.0

pom.xml

@@ -1,49 +1,51 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project xmlns="http://maven.apache.org/POM/4.0.0"
-  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
     <parent>
         <groupId>uk.gov.companieshouse</groupId>
         <artifactId>companies-house-parent</artifactId>
-        <version>1.3.0</version>
+        <version>2.1.5</version>
     </parent>
     <artifactId>orders.api.ch.gov.uk</artifactId>
     <version>unversioned</version>
     <name>orders.api.ch.gov.uk</name>
     <description>CH API handling CRUD operations on Ordering Service</description>
 
     <properties>
-        <kafka-models.version>1.0.26</kafka-models.version>
-        <ch-kafka.version>1.4.2</ch-kafka.version>
-        <java.version>1.8</java.version>
-        <structured-logging.version>1.9.12</structured-logging.version>
-        <commons.lang.version>2.6</commons.lang.version>
+        <maven.compiler.release>21</maven.compiler.release>
+        <ch-kafka.version>3.0.1</ch-kafka.version>
+        <kafka-models.version>3.0.7</kafka-models.version>
+        <java.version>21</java.version>
+        <structured-logging.version>3.0.3</structured-logging.version>
+        <commons.lang.version>3.14.0</commons.lang.version>
         <commons.beanutils.version>1.9.4</commons.beanutils.version>
-        <org.mapstruct.version>1.4.2.Final</org.mapstruct.version>
-        <gson.version>2.8.0</gson.version>
-        <hamcrest-all-version>1.3</hamcrest-all-version>
+        <org.mapstruct.version>1.5.5.FINAL</org.mapstruct.version>
+        <gson.version>2.10.1</gson.version>
+        <hamcrest.version>2.2</hamcrest.version>
         <!-- system-rules: 1.17.2 is the latest version that works with JUnit 5.
              See https://github.com/stefanbirkner/system-rules/issues/70 -->
         <system-rules-version>1.17.2</system-rules-version>
-        <spring-cloud-contract-wiremock-version>2.2.2.RELEASE</spring-cloud-contract-wiremock-version>
+        <spring-cloud-contract-wiremock-version>4.1.1</spring-cloud-contract-wiremock-version>
         <start-class>uk.gov.companieshouse.orders.api.OrdersApiApplication</start-class>
-        <private-api-sdk-java.version>2.0.286</private-api-sdk-java.version>
-        <api-sdk-manager-java-library.version>1.0.3</api-sdk-manager-java-library.version>
-        <api-sdk-java.version>4.3.3</api-sdk-java.version>
-        <api-helper-java.version>1.4.1</api-helper-java.version>
-        <api-security-java.version>0.3.4</api-security-java.version>
-
-        <spring-boot-dependencies.version>2.5.5</spring-boot-dependencies.version>
-        <spring-boot-maven-plugin.version>2.5.5</spring-boot-maven-plugin.version>
-
-        <maven-compiler-plugin.version>3.8.1</maven-compiler-plugin.version>
-        <maven-surefire-plugin.version>2.22.2</maven-surefire-plugin.version>
-        
-        <log4j-version>2.17.1</log4j-version>
-
+        <private-api-sdk-java.version>4.0.76</private-api-sdk-java.version>
+        <api-sdk-manager-java-library.version>3.0.5</api-sdk-manager-java-library.version>
+        <api-sdk-java.version>6.0.9</api-sdk-java.version>
+        <api-helper-java.version>3.0.1</api-helper-java.version>
+        <api-security-java.version>2.0.0</api-security-java.version>
+        <de-flapdoodle-embed-mongo.version>4.9.3</de-flapdoodle-embed-mongo.version>
+        <wiremock-standalone.version>3.4.2</wiremock-standalone.version>
+        <spring-boot-dependencies.version>3.2.4</spring-boot-dependencies.version>
+        <spring-boot-maven-plugin.version>3.2.0</spring-boot-maven-plugin.version>
+        <commons-compress.version>1.26.1</commons-compress.version>
+        <maven-compiler-plugin.version>3.12.1</maven-compiler-plugin.version>
+        <maven-surefire-plugin.version>3.2.5</maven-surefire-plugin.version>
+        <log4j-version>2.20.0</log4j-version>
+        <http2-common.version>11.0.20</http2-common.version>
+        <test-containers.version>1.19.7</test-containers.version>
         <!-- Docker -->
-        <jib-maven-plugin.version>3.1.1</jib-maven-plugin.version>
+        <jib-maven-plugin.version>3.4.1</jib-maven-plugin.version>
     </properties>
 
     <dependencyManagement>
@@ -59,6 +61,45 @@
     </dependencyManagement>
 
     <dependencies>
+        <dependency>
+            <groupId>org.testcontainers</groupId>
+            <artifactId>testcontainers-bom</artifactId>
+            <version>${test-containers.version}</version>
+            <type>pom</type>
+            <scope>import</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-actuator</artifactId>
+            <version>3.2.4</version>
+        </dependency>
+        <dependency>
+            <!--Overriding spring-web version to remove vulnerability-->
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-web</artifactId>
+            <version>6.1.6</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-compress</artifactId>
+            <version>${commons-compress.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.jetty.http2</groupId>
+            <artifactId>http2-common</artifactId>
+            <version>${http2-common.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>jakarta.servlet</groupId>
+            <artifactId>jakarta.servlet-api</artifactId>
+            <version>6.0.0</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>jakarta.validation</groupId>
+            <artifactId>jakarta.validation-api</artifactId>
+            <version>3.0.2</version>
+        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-validation</artifactId>
@@ -70,6 +111,26 @@
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.springframework.boot</groupId>
+                    <artifactId>spring-boot-starter-logging</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.logging.log4j</groupId>
+                    <artifactId>log4j-to-slf4j</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.springframework.boot</groupId>
+                    <artifactId>spring-boot-starter-logging</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>uk.gov.companieshouse</groupId>
@@ -89,12 +150,23 @@
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-data-mongodb</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.springframework.boot</groupId>
+                    <artifactId>spring-boot-starter-logging</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-aop</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.springframework.boot</groupId>
+                    <artifactId>spring-boot-starter-logging</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
-
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-test</artifactId>
@@ -106,48 +178,59 @@
                 </exclusion>
             </exclusions>
         </dependency>
-
         <dependency>
             <groupId>uk.gov.companieshouse</groupId>
             <artifactId>structured-logging</artifactId>
             <version>${structured-logging.version}</version>
             <scope>compile</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.slf4j</groupId>
+                    <artifactId>slf4j-simple</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
+        <!-- https://mvnrepository.com/artifact/org.apache.commons/commons-lang3 -->
         <dependency>
-            <groupId>commons-lang</groupId>
-            <artifactId>commons-lang</artifactId>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
             <version>${commons.lang.version}</version>
         </dependency>
         <dependency>
             <groupId>commons-beanutils</groupId>
             <artifactId>commons-beanutils</artifactId>
             <version>${commons.beanutils.version}</version>
         </dependency>
-
         <dependency>
             <groupId>uk.gov.companieshouse</groupId>
-            <artifactId>kafka-models</artifactId>
-            <version>${kafka-models.version}</version>
+            <artifactId>ch-kafka</artifactId>
+            <version>${ch-kafka.version}</version>
         </dependency>
         <dependency>
             <groupId>uk.gov.companieshouse</groupId>
-            <artifactId>ch-kafka</artifactId>
-            <version>${ch-kafka.version}</version>
+            <artifactId>kafka-models</artifactId>
+            <version>${kafka-models.version}</version>
         </dependency>
         <dependency>
             <groupId>org.hibernate.validator</groupId>
             <artifactId>hibernate-validator</artifactId>
         </dependency>
-
         <dependency>
             <groupId>org.springframework.kafka</groupId>
             <artifactId>spring-kafka-test</artifactId>
             <scope>test</scope>
+            <version>3.0.13</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.pcollections</groupId>
+                    <artifactId>pcollections</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.hamcrest</groupId>
-            <artifactId>hamcrest-all</artifactId>
-            <version>${hamcrest-all-version}</version>
+            <artifactId>hamcrest</artifactId>
+            <version>${hamcrest.version}</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -178,8 +261,13 @@
             <version>${api-sdk-manager-java-library.version}</version>
         </dependency>
         <dependency>
-            <groupId>de.flapdoodle.embed</groupId>
-            <artifactId>de.flapdoodle.embed.mongo</artifactId>
+            <groupId>org.testcontainers</groupId>
+            <artifactId>mongodb</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.testcontainers</groupId>
+            <artifactId>junit-jupiter</artifactId>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -204,11 +292,6 @@
             <artifactId>log4j-api</artifactId>
             <version>${log4j-version}</version>
         </dependency>
-        <dependency>
-            <groupId>org.apache.logging.log4j</groupId>
-            <artifactId>log4j-to-slf4j</artifactId>
-            <version>${log4j-version}</version>
-        </dependency>
     </dependencies>
 
     <build>
@@ -261,6 +344,9 @@
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-plugin</artifactId>
                 <version>${maven-surefire-plugin.version}</version>
+                <configuration>
+                    <argLine>--add-opens=java.base/java.util=ALL-UNNAMED</argLine>
+                </configuration>
             </plugin>
             <plugin>
                 <groupId>com.google.cloud.tools</groupId>
@@ -270,6 +356,12 @@
                     <container>
                         <expandClasspathDependencies>true</expandClasspathDependencies>
                     </container>
+                    <from>
+                        <image>416670754337.dkr.ecr.eu-west-2.amazonaws.com/ci-corretto-build-21:latest</image>
+                    </from>
+                    <to>//Once the pipeline is moved to shared services need to update this to image reference from shared services
+                    <image>169942020521.dkr.ecr.eu-west-1.amazonaws.com/local/orders.api.ch.gov.uk:latest</image>
+                    </to>
                 </configuration>
             </plugin>
         </plugins>

src/main/java/uk/gov/companieshouse/orders/api/config/ApplicationConfig.java

@@ -2,7 +2,6 @@
 
 import static uk.gov.companieshouse.orders.api.controller.BasketController.APPEND_ITEM_URI;
 import static uk.gov.companieshouse.orders.api.controller.BasketController.PATCH_PAYMENT_DETAILS_URI;
-import static uk.gov.companieshouse.orders.api.controller.HealthcheckController.HEALTHCHECK_URI;
 import static uk.gov.companieshouse.orders.api.controller.OrderController.CHECKOUTS_SEARCH_URI;
 
 import org.springframework.beans.factory.annotation.Value;
@@ -34,7 +33,6 @@ public class ApplicationConfig implements WebMvcConfigurer {
     private final UserAuthorisationInterceptor authorisationInterceptor;
     private final OrdersSearchEndpointFeatureToggle ordersSearchEndpointFeatureToggle;
     private final BasketEnrollmentFeatureToggle basketEnrollmentFeatureToggle;
-    private final String healthcheckUri;
     private final String paymentDetailsUri;
     private final String ordersSearchUri;
     private final String appendItemUri;
@@ -44,7 +42,6 @@ public ApplicationConfig(final LoggingInterceptor loggingInterceptor,
                              final UserAuthorisationInterceptor authorisationInterceptor,
                              final OrdersSearchEndpointFeatureToggle ordersSearchEndpointFeatureToggle,
                              final BasketEnrollmentFeatureToggle basketEnrollmentFeatureToggle,
-                             @Value(HEALTHCHECK_URI) final String healthcheckUri,
                              @Value(PATCH_PAYMENT_DETAILS_URI) final String paymentDetailsUri,
                              @Value(CHECKOUTS_SEARCH_URI) final String ordersSearchUri,
                              @Value(APPEND_ITEM_URI) final String appendItemUri) {
@@ -53,7 +50,6 @@ public ApplicationConfig(final LoggingInterceptor loggingInterceptor,
         this.authorisationInterceptor = authorisationInterceptor;
         this.ordersSearchEndpointFeatureToggle = ordersSearchEndpointFeatureToggle;
         this.basketEnrollmentFeatureToggle = basketEnrollmentFeatureToggle;
-        this.healthcheckUri = healthcheckUri;
         this.paymentDetailsUri = paymentDetailsUri;
         this.ordersSearchUri = ordersSearchUri;
         this.appendItemUri = appendItemUri;
@@ -64,9 +60,9 @@ public void addInterceptors(final InterceptorRegistry registry) {
         registry.addInterceptor(loggingInterceptor);
         registry.addInterceptor(basketEnrollmentFeatureToggle).addPathPatterns(appendItemUri);
         registry.addInterceptor(ordersSearchEndpointFeatureToggle).addPathPatterns(ordersSearchUri);
-        registry.addInterceptor(authenticationInterceptor).excludePathPatterns(healthcheckUri);
-        registry.addInterceptor(authorisationInterceptor).excludePathPatterns(healthcheckUri);
-        registry.addInterceptor(crudPermissionInterceptor()).excludePathPatterns(paymentDetailsUri, healthcheckUri);
+        registry.addInterceptor(authenticationInterceptor);
+        registry.addInterceptor(authorisationInterceptor);
+        registry.addInterceptor(crudPermissionInterceptor()).excludePathPatterns(paymentDetailsUri);
         // Different interceptor for payment details as API key traffic needs to be allowed:
         // - PATCH is always ignored since oauth2 is blocked for this function
         // - GET ignores API key requests to allow payments api to get costs but if oauth2 is used it still checks token permissions