Fix #1039: Make client certificate mapper support Spring Boot 3

anthonydahanne · anthonydahanne · commit 3bf69ddcaac6 · 2023-11-09T22:59:11.000-05:00
* let it choose v2 of the jar when SB3 is detected
* otherwise, continue as before with default v1
diff --git a/config/client_certificate_mapper.yml b/config/client_certificate_mapper.yml
@@ -16,4 +16,7 @@
 # Container security provider configuration
 ---
 version: 1.+
-repository_root: "{default.repository.root}/client-certificate-mapper"
+version_lines:
+  - 2.+
+repository_root: "https://anthonydahanne.github.io/java-buildpack-client-certificate-mapper"
+javax_forced: false
diff --git a/docs/framework-client_certificate_mapper.md b/docs/framework-client_certificate_mapper.md
@@ -1,6 +1,11 @@
 # Client Certificate Mapper
-The Client Certificate Mapper Framework adds a Servlet Filter to applications that will that maps the `X-Forwarded-Client-Cert` to the `javax.servlet.request.X509Certificate` Servlet attribute.
+The Client Certificate Mapper Framework adds a Servlet Filter to applications that will that maps the `X-Forwarded-Client-Cert` to the `javax|jakarta.servlet.request.X509Certificate` Servlet attribute.
 
+The Client Certificate Mapper Framework will download a helper library, [java-buildpack-client-certificate-mapper][library repository], that will enrich Spring Boot applications classpath.
+
+If the app you're deploying is using Spring Boot 2 or earlier, the latest 1.x version (`javax` support) from [the listing][this listing] will be downloaded.
+
+If the app you're deploying is using Spring Boot 3, the latest 2.x version (`jakarta` support) from [the listing][this listing] will be downloaded.
 <table>
   <tr>
     <td><strong>Detection Criterion</strong></td>
@@ -18,10 +23,11 @@ For general information on configuring the buildpack, including how to specify c
 
 The framework can be configured by modifying the [`config/client_certificate_mapper.yml`][] file in the buildpack fork.  The framework uses the [`Repository` utility support][repositories] and so it supports the [version syntax][] defined there.
 
-| Name | Description
-| ---- | -----------
+| Name              | Description
+|-------------------| -----------
 | `repository_root` | The URL of the Container Customizer repository index ([details][repositories]).
-| `version` | The version of Container Customizer to use. Candidate versions can be found in [this listing][].
+| `version`         | The version of Container Customizer to use. Candidate versions can be found in [this listing][].
+| `javax_forced`    | You can force the download of the v1.x version of the [library][library repository] which is based on `javax` naming.
 
 ## Servlet Filter
 The [Servlet Filter][] added by this framework maps the `X-Forwarded-Client-Cert` to the `javax.servlet.request.X509Certificate` Servlet attribute for each request.  The `X-Forwarded-Client-Cert` header is contributed by the Cloud Foundry Router and contains the any TLS certificate presented by a client for mututal TLS authentication.  This certificate can then be used by any standard Java security framework to establish authentication and authorization for a request.
@@ -32,3 +38,4 @@ The [Servlet Filter][] added by this framework maps the `X-Forwarded-Client-Cert
 [Servlet Filter]: https://github.com/cloudfoundry/java-buildpack-client-certificate-mapper
 [this listing]: http://download.pivotal.io.s3.amazonaws.com/container-security-provider/index.yml
 [version syntax]: extending-repositories.md#version-syntax-and-ordering
+[library repository]: https://github.com:cloudfoundry/java-buildpack-client-certificate-mapper.git
diff --git a/lib/java_buildpack/framework/client_certificate_mapper.rb b/lib/java_buildpack/framework/client_certificate_mapper.rb
@@ -17,15 +17,28 @@
 
 require 'java_buildpack/component/versioned_dependency_component'
 require 'java_buildpack/framework'
+require 'java_buildpack/util/spring_boot_utils'
 
 module JavaBuildpack
   module Framework
 
     # Encapsulates the functionality for contributing an mTLS client certificate mapper to the application.
     class ClientCertificateMapper < JavaBuildpack::Component::VersionedDependencyComponent
+      include JavaBuildpack::Util
+
+      def initialize(context)
+        @spring_boot_utils = JavaBuildpack::Util::SpringBootUtils.new
+        @configuration = context[:configuration]
+        super(context)
+      end
 
       # (see JavaBuildpack::Component::BaseComponent#compile)
       def compile
+        if spring_boot_3? && !@configuration['javax_forced']
+          spring_boot_3_configuration = @configuration
+          spring_boot_3_configuration['version'] = '2.+'
+          @version, @uri = JavaBuildpack::Repository::ConfiguredItem.find_item(@component_name, spring_boot_3_configuration)
+        end
         download_jar
         @droplet.additional_libraries << (@droplet.sandbox + jar_name)
       end
@@ -42,6 +55,14 @@ def supports?
         true
       end
 
+      private
+
+      def spring_boot_3?
+        # print '@application.details: ' + @application.details.to_s
+        @spring_boot_utils.is?(@application) && Gem::Version.new((@spring_boot_utils.version @application)).release >=
+          Gem::Version.new('3.0.0')
+      end
+
     end
 
   end
diff --git a/spec/java_buildpack/framework/client_certificate_mapper_spec.rb b/spec/java_buildpack/framework/client_certificate_mapper_spec.rb
@@ -33,6 +33,36 @@
 
     expect(sandbox + "client_certificate_mapper-#{version}.jar").to exist
     expect(additional_libraries).to include(sandbox + "client_certificate_mapper-#{version}.jar")
+    # version was not patched by the compile step
+    expect(configuration).to eq({})
+  end
+
+
+  it 'configures client certificate mapper to download version 2.+ during compile of spring boot 3 app',
+     app_fixture: 'framework_java_cf_boot_3',
+     cache_fixture: 'stub-client-certificate-mapper.jar' do
+
+    component.compile
+
+    expect(sandbox + "client_certificate_mapper-#{version}.jar").to exist
+    expect(additional_libraries).to include(sandbox + "client_certificate_mapper-#{version}.jar")
+    # version of the dep. was forced to 2.+ by the compile step, because Spring Boot 3 was found
+    expect(configuration).to eq({ 'version' => '2.+' })
+  end
+
+  context 'user forced javax to be used' do
+    let(:configuration) { { 'javax_forced' => true } }
+    it 'configures client certificate mapper to download version 1 during compile of spring boot 3 app ',
+       app_fixture: 'framework_java_cf_boot_3',
+       cache_fixture: 'stub-client-certificate-mapper.jar' do
+
+      component.compile
+
+      expect(sandbox + "client_certificate_mapper-#{version}.jar").to exist
+      expect(additional_libraries).to include(sandbox + "client_certificate_mapper-#{version}.jar")
+      # user prevented version 2.+, forcing javax
+      expect(configuration).to eq({ 'javax_forced' => true })
+    end
   end
 
   it 'adds the jar to the additional libraries during release',
