Merge pull request #141 from wultra/issues/merge-upstream

Merge upstream

.github/workflows/codeql-analysis.yml

@@ -4,9 +4,6 @@ on:
   workflow_dispatch:
   push:
     branches: [ 'develop', 'main', 'releases/**' ]
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ 'develop', 'main', 'releases/**' ]
   schedule:
     - cron: '0 2 * * 4'
 

docs/Configuration-Properties.md

@@ -68,8 +68,10 @@ logging.pattern.console=%clr(%d{${LOG_DATEFORMAT_PATTERN:yyyy-MM-dd HH:mm:ss.SSS
 
 
 ## Monitoring and Observability
+
 | Property                                  | Default | Note                                                                                                                                                                        |
 |-------------------------------------------|---------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `management.tracing.sampling.probability` | `1.0`   | Specifies the proportion of requests that are sampled for tracing. A value of 1.0 means that 100% of requests are sampled, while a value of 0 effectively disables tracing. |
+
 The WAR file includes the `micrometer-registry-prometheus` dependency.
 Discuss its configuration with the [Spring Boot documentation](https://docs.spring.io/spring-boot/docs/3.1.x/reference/html/actuator.html#actuator.metrics).

docs/Deploying-Wildfly.md

@@ -6,18 +6,13 @@ Enrollment Server contains the following configuration in `jboss-deployment-stru
 
 ```
 <?xml version="1.0"?>
-<jboss-deployment-structure xmlns="urn:jboss:deployment-structure:1.2">
+<jboss-deployment-structure xmlns="urn:jboss:deployment-structure:1.3">
 	<deployment>
 		<exclude-subsystems>
 			<!-- disable the logging subsystem because the application manages its own logging independently -->
 			<subsystem name="logging" />
 		</exclude-subsystems>
 
-		<resources>
-			<!-- use WAR provided Bouncy Castle -->
-			<resource-root path="WEB-INF/lib/bcprov-jdk18on-${BC_VERSION}.jar" use-physical-code-source="true"/>
-		</resources>
-
 		<dependencies>
 			<module name="com.wultra.powerauth.enrollment-server.conf" />
 		</dependencies>
@@ -85,15 +80,18 @@ Use the `logback.xml` file to configure logging, for example:
 
 The `application-ext.properties` file is used to override default configuration properties, for example:
 ```
+# Database Configuration
+spring.datasource.jndi-name=java:/jdbc/powerauth
+
 # PowerAuth Client configuration
 powerauth.service.url=https://[host]:[port]/powerauth-java-server/rest
 
 # PowerAuth Push Server configuration
 powerauth.push.service.url=https://[host]:[port]/powerauth-push-server
 ```
 
-Enrollment Server Spring application uses the `ext` Spring profile which activates overriding of default properties by `application-ext.properties`.
+Mind that you should specify `spring.datasource.jndi-name` to use the application server datasource (its declaration is out of the scope of this guideline).
+When configure `spring.datasource.url`, the hikari connection pool is used.
+Spring Boot running on WildFly or JBoos initializes [JtaTransactionManager](https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/transaction/jta/JtaTransactionManager.html).
 
-### Bouncy Castle Installation
-
-Since Enrollment Server in version `1.1.x`, installing the Bouncy Castle into Wildfy Server is no longer required. The latest version is bundled with the app and cryptographic primitives should work out of the box.
+Enrollment Server Spring application uses the `ext` Spring profile which activates overriding of default properties by `application-ext.properties`.

docs/_Sidebar.md

@@ -17,5 +17,5 @@
 
 **Implementation Tutorials**
 
-- [Authentication in Mobile Banking Apps (SCA)](https://developers.wultra.com/products/mobile-security-suite/develop/tutorials/Authentication-in-Mobile-Apps)
-- [Verifying PowerAuth Signatures On The Server](https://developers.wultra.com/products/mobile-security-suite/develop/tutorials/Manual-Signature-Verification)
+- [Authentication in Mobile Banking Apps (SCA)](https://developers.wultra.com/tutorials/posts/Mobile-First-Authentication/)
+- [Verifying PowerAuth Signatures On The Server](https://developers.wultra.com/tutorials/posts/Manual-Signature-Verification/)

docs/onboarding/Configuration-Properties.md

@@ -169,8 +169,10 @@ logging.pattern.console=%clr(%d{${LOG_DATEFORMAT_PATTERN:yyyy-MM-dd HH:mm:ss.SSS
 
 
 ## Monitoring and Observability
+
 | Property                                  | Default | Note                                                                                                                                                                        |
 |-------------------------------------------|---------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `management.tracing.sampling.probability` | `1.0`   | Specifies the proportion of requests that are sampled for tracing. A value of 1.0 means that 100% of requests are sampled, while a value of 0 effectively disables tracing. |
+
 The WAR file includes the `micrometer-registry-prometheus` dependency.
 Discuss its configuration with the [Spring Boot documentation](https://docs.spring.io/spring-boot/docs/3.1.x/reference/html/actuator.html#actuator.metrics).

docs/onboarding/Deploying-Wildfly.md

@@ -6,18 +6,13 @@ Enrollment Server contains the following configuration in `jboss-deployment-stru
 
 ```
 <?xml version="1.0"?>
-<jboss-deployment-structure xmlns="urn:jboss:deployment-structure:1.2">
+<jboss-deployment-structure xmlns="urn:jboss:deployment-structure:1.3">
 	<deployment>
 		<exclude-subsystems>
 			<!-- disable the logging subsystem because the application manages its own logging independently -->
 			<subsystem name="logging" />
 		</exclude-subsystems>
 
-		<resources>
-			<!-- use WAR provided Bouncy Castle -->
-			<resource-root path="WEB-INF/lib/bcprov-jdk18on-${BC_VERSION}.jar" use-physical-code-source="true"/>
-		</resources>
-
 		<dependencies>
 			<module name="com.wultra.powerauth.enrollment-server-onboarding.conf" />
 		</dependencies>
@@ -85,15 +80,18 @@ Use the `logback.xml` file to configure logging, for example:
 
 The `application-ext.properties` file is used to override default configuration properties, for example:
 ```
+# Database Configuration
+spring.datasource.jndi-name=java:/jdbc/powerauth
+
 # PowerAuth Client configuration
 powerauth.service.url=https://[host]:[port]/powerauth-java-server/rest
 
 # PowerAuth Push Server configuration
 powerauth.push.service.url=https://[host]:[port]/powerauth-push-server
 ```
 
-Onboarding Server Spring application uses the `ext` Spring profile which activates overriding of default properties by `application-ext.properties`.
+Mind that you should specify `spring.datasource.jndi-name` to use the application server datasource (its declaration is out of the scope of this guideline).
+When configure `spring.datasource.url`, the hikari connection pool is used.
+Spring Boot running on WildFly or JBoos initializes [JtaTransactionManager](https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/transaction/jta/JtaTransactionManager.html).
 
-### Bouncy Castle Installation
-
-Installing the Bouncy Castle into Wildfy Server is not required. The latest version is bundled with the app and cryptographic primitives should work out of the box.
+Onboarding Server Spring application uses the `ext` Spring profile which activates overriding of default properties by `application-ext.properties`.

enrollment-server-api-model/pom.xml

@@ -30,7 +30,7 @@
     <parent>
         <groupId>com.wultra.security</groupId>
         <artifactId>enrollment-server-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
     </parent>
 
     <dependencies>

enrollment-server-onboarding-adapter-mock/pom.xml

@@ -24,7 +24,7 @@
     <parent>
         <groupId>com.wultra.security</groupId>
         <artifactId>enrollment-server-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
     </parent>
 
     <artifactId>enrollment-server-onboarding-adapter-mock</artifactId>

enrollment-server-onboarding-api-model/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>com.wultra.security</groupId>
         <artifactId>enrollment-server-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
     </parent>
 
     <artifactId>enrollment-server-onboarding-api-model</artifactId>

enrollment-server-onboarding-api/pom.xml

@@ -25,7 +25,7 @@
     <parent>
         <groupId>com.wultra.security</groupId>
         <artifactId>enrollment-server-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
     </parent>
 
     <groupId>com.wultra.security</groupId>

enrollment-server-onboarding-common/pom.xml

@@ -24,7 +24,7 @@
     <parent>
         <groupId>com.wultra.security</groupId>
         <artifactId>enrollment-server-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
     </parent>
 
     <artifactId>enrollment-server-onboarding-common</artifactId>

enrollment-server-onboarding-domain-model/pom.xml

@@ -30,7 +30,7 @@
     <parent>
         <groupId>com.wultra.security</groupId>
         <artifactId>enrollment-server-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
     </parent>
 
     <dependencies>
@@ -39,12 +39,6 @@
             <artifactId>powerauth-java-crypto</artifactId>
         </dependency>
 
-        <!-- Bouncy Castle -->
-        <dependency>
-            <groupId>org.bouncycastle</groupId>
-            <artifactId>bcprov-jdk18on</artifactId>
-        </dependency>
-
         <!-- Test Dependencies -->
         <dependency>
             <groupId>org.springframework.boot</groupId>

enrollment-server-onboarding-provider-innovatrics/pom.xml

@@ -25,7 +25,7 @@
     <parent>
         <groupId>com.wultra.security</groupId>
         <artifactId>enrollment-server-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
     </parent>
 
     <groupId>com.wultra.security</groupId>

enrollment-server-onboarding-provider-iproov/pom.xml

@@ -25,7 +25,7 @@
     <parent>
         <groupId>com.wultra.security</groupId>
         <artifactId>enrollment-server-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
     </parent>
 
     <groupId>com.wultra.security</groupId>

enrollment-server-onboarding-provider-zenid/pom.xml

@@ -25,7 +25,7 @@
     <parent>
         <groupId>com.wultra.security</groupId>
         <artifactId>enrollment-server-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
     </parent>
 
     <groupId>com.wultra.security</groupId>

enrollment-server-onboarding/pom.xml

@@ -29,7 +29,7 @@
     <parent>
         <groupId>com.wultra.security</groupId>
         <artifactId>enrollment-server-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
     </parent>
 
     <dependencies>
@@ -76,12 +76,6 @@
             <artifactId>http-common</artifactId>
         </dependency>
 
-        <!-- Bouncy Castle -->
-        <dependency>
-            <groupId>org.bouncycastle</groupId>
-            <artifactId>bcprov-jdk18on</artifactId>
-        </dependency>
-
         <!-- Spring Dependencies -->
         <dependency>
             <groupId>org.springframework.boot</groupId>
@@ -224,19 +218,6 @@
                     </excludes>
                 </configuration>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-war-plugin</artifactId>
-                <configuration>
-                    <webResources>
-                        <webResource>
-                            <directory>src/main/webapp/WEB-INF</directory>
-                            <targetPath>WEB-INF</targetPath>
-                            <filtering>true</filtering>
-                        </webResource>
-                    </webResources>
-                </configuration>
-            </plugin>
         </plugins>
     </build>
 

enrollment-server-onboarding/src/main/resources/application.properties

@@ -29,6 +29,7 @@ spring.datasource.url=jdbc:postgresql://localhost:5432/powerauth
 spring.datasource.username=powerauth
 spring.datasource.password=
 spring.datasource.hikari.auto-commit=false
+spring.datasource.hikari.pool-name=HikariPool-Enrollment-Server-Onboarding
 spring.jpa.properties.hibernate.connection.characterEncoding=utf8
 spring.jpa.properties.hibernate.connection.useUnicode=true
 
@@ -226,3 +227,6 @@ management.tracing.sampling.probability=1.0
 #management.endpoints.web.exposure.include=health, prometheus
 #management.endpoint.prometheus.enabled=true
 #management.prometheus.metrics.export.enabled=true
+
+spring.autoconfigure.exclude=\
+  org.springframework.boot.actuate.autoconfigure.metrics.jersey.JerseyServerMetricsAutoConfiguration

enrollment-server-onboarding/src/main/webapp/WEB-INF/jboss-deployment-structure.xml

@@ -1,16 +1,11 @@
 <?xml version="1.0"?>
-<jboss-deployment-structure xmlns="urn:jboss:deployment-structure:1.2">
+<jboss-deployment-structure xmlns="urn:jboss:deployment-structure:1.3">
 	<deployment>
 		<exclude-subsystems>
 			<!-- disable the logging subsystem because the application manages its own logging independently -->
 			<subsystem name="logging" />
 		</exclude-subsystems>
 
-		<resources>
-			<!-- use WAR provided Bouncy Castle -->
-			<resource-root path="WEB-INF/lib/bcprov-jdk18on-${bcprov-jdk18on.version}.jar" use-physical-code-source="true"/>
-		</resources>
-
 		<dependencies>
 			<module name="com.wultra.powerauth.enrollment-server-onboarding.conf" />
 		</dependencies>

enrollment-server/pom.xml

@@ -30,7 +30,7 @@
     <parent>
         <groupId>com.wultra.security</groupId>
         <artifactId>enrollment-server-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
     </parent>
 
     <dependencies>
@@ -75,12 +75,6 @@
             <artifactId>http-common</artifactId>
         </dependency>
 
-        <!-- Bouncy Castle -->
-        <dependency>
-            <groupId>org.bouncycastle</groupId>
-            <artifactId>bcprov-jdk18on</artifactId>
-        </dependency>
-
         <!-- Spring Dependencies -->
         <dependency>
             <groupId>org.springframework.boot</groupId>
@@ -207,19 +201,6 @@
                     </excludes>
                 </configuration>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-war-plugin</artifactId>
-                <configuration>
-                    <webResources>
-                        <webResource>
-                            <directory>src/main/webapp/WEB-INF</directory>
-                            <targetPath>WEB-INF</targetPath>
-                            <filtering>true</filtering>
-                        </webResource>
-                    </webResources>
-                </configuration>
-            </plugin>
         </plugins>
     </build>
 

enrollment-server/src/main/java/com/wultra/app/enrollmentserver/impl/service/converter/MobileTokenConverter.java

@@ -103,6 +103,7 @@ public Operation convert(OperationDetailResponse operationDetail, OperationTempl
             operation.setOperationCreated(operationDetail.getTimestampCreated());
             operation.setOperationExpires(operationDetail.getTimestampExpires());
             operation.setStatus(operationDetail.getStatus().name());
+            operation.setStatusReason(operationDetail.getStatusReason());
             operation.setUi(uiExtensions);
             operation.setFormData(formData);
 

enrollment-server/src/main/resources/application.properties

@@ -29,6 +29,7 @@ spring.datasource.url=jdbc:postgresql://localhost:5432/powerauth
 spring.datasource.username=powerauth
 spring.datasource.password=
 spring.datasource.hikari.auto-commit=false
+spring.datasource.hikari.pool-name=HikariPool-Enrollment-Server
 spring.jpa.properties.hibernate.connection.characterEncoding=utf8
 spring.jpa.properties.hibernate.connection.useUnicode=true
 
@@ -104,4 +105,6 @@ management.tracing.sampling.probability=1.0
 #management.endpoint.prometheus.enabled=true
 #management.prometheus.metrics.export.enabled=true
 
-spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration
+spring.autoconfigure.exclude=\
+  org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration,\
+  org.springframework.boot.actuate.autoconfigure.metrics.jersey.JerseyServerMetricsAutoConfiguration

enrollment-server/src/main/webapp/WEB-INF/jboss-deployment-structure.xml

@@ -1,16 +1,11 @@
 <?xml version="1.0"?>
-<jboss-deployment-structure xmlns="urn:jboss:deployment-structure:1.2">
+<jboss-deployment-structure xmlns="urn:jboss:deployment-structure:1.3">
 	<deployment>
 		<exclude-subsystems>
 			<!-- disable the logging subsystem because the application manages its own logging independently -->
 			<subsystem name="logging" />
 		</exclude-subsystems>
 
-		<resources>
-			<!-- use WAR provided Bouncy Castle -->
-			<resource-root path="WEB-INF/lib/bcprov-jdk18on-${bcprov-jdk18on.version}.jar" use-physical-code-source="true"/>
-		</resources>
-
 		<dependencies>
 			<module name="com.wultra.powerauth.enrollment-server.conf" />
 		</dependencies>

mtoken-model/pom.xml

@@ -26,7 +26,7 @@
     <parent>
         <groupId>com.wultra.security</groupId>
         <artifactId>enrollment-server-parent</artifactId>
-        <version>1.7.0-SNAPSHOT</version>
+        <version>1.8.0-SNAPSHOT</version>
     </parent>
 
     <dependencies>