Merge branch 'release/12.0.1'

Author: cdanger

CHANGELOG.md

@@ -4,6 +4,15 @@ All notable changes to this project are documented in this file following the [K
 Issues reported on [GitHub](https://github.com/authzforce/server/issues) are referenced in the form of `[GH-N]`, where N is the issue number. Issues reported on [OW2](https://jira.ow2.org/browse/AUTHZFORCE/) are mentioned in the form of `[OW2-N]`, where N is the issue number.
 
 
+## 12.0.1
+### Fixed
+- Fixed Docker image (Dockerfile) and Debian package: change of Tomcat version (9->10) and JRE version (11->17)
+- Fixed class not found error when starting the webapp and missing CXF library for logging HTTP requests/responses: 
+  - Added dependencies:
+    - cxf-rt-features-logging: 4.0.3 
+    - jakarta.xml.ws-api: 3.0.1
+
+
 ## 12.0.0
 ### Changed
 - Upgraded parent project authzforce-ce-parent: 9.1.0

README.md

@@ -202,7 +202,7 @@ Every release is packaged in various types of distribution and the installation
 
 -   Ubuntu/Debian package (recommended option): `.deb`. Use your usual Ubuntu/Debian APT to install the package;
 -   Other Linux distributions: `.tar.gz` for any Linux distribution. More info in the [documentation](#documentation);
--   Docker image, installed/deployed with the usual docker container commands.
+-   Docker image, installed/deployed with the usual docker container commands. See [dist/src/docker/README.md](dist/src/docker/README.md) for more info.
 
 For download links, please go to the specific
 [release page](https://github.com/authzforce/server/releases).
@@ -330,7 +330,8 @@ $ mvn -Dhttps.proxyHost=proxyhostname -Dhttps.proxyPort=8080 jgitflow:release-st
    ```shell
      $ git checkout master
      $ mvn clean package
-     $ cd dist/target/classes/docker
+     $ cd dist/target
+     $ chmod +x release-docker.sh
      $ ./release.sh
    ```
 10. Update the versions in badges at the top of this file.

dist/pom.xml

@@ -3,7 +3,7 @@
    <parent>
       <groupId>org.ow2.authzforce</groupId>
       <artifactId>authzforce-ce-server</artifactId>
-      <version>12.0.0</version>
+      <version>12.0.1</version>
       <relativePath>../pom.xml</relativePath>
    </parent>
    <artifactId>authzforce-ce-server-dist</artifactId>
@@ -87,8 +87,10 @@
                               <include>debian/changelog</include>
                               <include>debian/changes.jdeb.txt</include>
                               <include>tar/README.md</include>
+                              <!--
                               <include>docker/Dockerfile.tmpl</include>
                               <include>docker/release.sh.tmpl</include>
+                              -->
                            </includes>
                         </resource>
                      </resources>
@@ -102,25 +104,39 @@
             <version>1.0.1</version>
             <executions>
                <execution>
-                  <id>copy-and-rename-dockerfile</id>
+                  <id>copy-dockerfile-and-release-script</id>
                   <phase>process-resources</phase>
                   <goals>
-                     <goal>rename</goal>
+                     <goal>copy</goal>
                   </goals>
                   <configuration>
-                     <sourceFile>${project.build.outputDirectory}/docker/Dockerfile.tmpl</sourceFile>
-                     <destinationFile>${project.build.outputDirectory}/docker/Dockerfile</destinationFile>
+                     <!-- project.build.directory:  target
+                     project.build.outputDirectory: target/classes
+                     -->
+                     <fileSets>
+                        <fileSet>
+                           <!--<sourceFile>${project.build.outputDirectory}/docker/Dockerfile.tmpl</sourceFile>-->
+                           <sourceFile>src/docker/Dockerfile</sourceFile>
+                           <destinationFile>${project.build.directory}/Dockerfile</destinationFile>
+                        </fileSet>
+                        <fileSet>
+                           <!--<sourceFile>${project.build.outputDirectory}/docker/release.sh.tmpl</sourceFile>-->
+                           <sourceFile>src/docker/release.sh</sourceFile>
+                           <destinationFile>${project.build.directory}/release.sh</destinationFile>
+                        </fileSet>
+                     </fileSets>
+
                   </configuration>
                </execution>
                <execution>
-                  <id>copy-and-rename-release-script</id>
+                  <id>rename-release-script</id>
                   <phase>process-resources</phase>
                   <goals>
                      <goal>rename</goal>
                   </goals>
                   <configuration>
-                     <sourceFile>${project.build.outputDirectory}/docker/release.sh.tmpl</sourceFile>
-                     <destinationFile>${project.build.outputDirectory}/docker/release.sh</destinationFile>
+                     <sourceFile>${project.build.directory}/release.sh</sourceFile>
+                     <destinationFile>${project.build.directory}/release-docker.sh</destinationFile>
                   </configuration>
                </execution>
             </executions>
@@ -215,7 +231,7 @@
                         <data>
                            <!-- Webapp-specific context for Tomcat, after replacing 'productId' (see previous <resources> tag), therefore take it from target/classes, i.e. ${project.build.outputDirectory} -->
                            <src>${project.build.outputDirectory}/webapp-context.xml</src>
-                           <dst>/etc/tomcat9/Catalina/localhost/authzforce-ce.xml</dst>
+                           <dst>/etc/tomcat10/Catalina/localhost/authzforce-ce.xml</dst>
                            <type>file</type>
                            <conffile>true</conffile>
                         </data>
@@ -237,9 +253,9 @@
                            </mapper>
                         </data>
                         <data>
-                           <!-- Systemd config override to allow writing to other non-official Tomcat directories. More info: https://salsa.debian.org/java-team/tomcat9/blob/master/debian/README.Debian -->
-                           <src>${project.basedir}/src/debian/systemd-tomcat9-override.conf</src>
-                            <dst>/etc/systemd/system/tomcat9.service.d/override.conf</dst>
+                           <!-- Systemd config override to allow writing to other non-official Tomcat directories. More info: https://salsa.debian.org/java-team/tomcat10/blob/master/debian/README.Debian -->
+                           <src>${project.basedir}/src/debian/systemd-tomcat10-override.conf</src>
+                            <dst>/etc/systemd/system/tomcat10.service.d/override.conf</dst>
                            <type>file</type>
                            <conffile>true</conffile>
                         </data>

dist/src/debian/changelog

@@ -1,3 +1,3 @@
-authzforce-ce-server (${project.version}) xenial; urgency=low
+authzforce-ce-server (${project.version}) lunar; urgency=low
   * See https://github.com/authzforce/server/blob/release-${project.version}/CHANGELOG.md
  -- Thales <http://www.thalesgroup.com>  ${debian.changelog.timestamp}

dist/src/debian/control/control

@@ -3,7 +3,7 @@ Version: [[version]]
 Section: web
 Priority: optional
 Architecture: all
-Depends: debconf (>= 0.2.26), openjdk-11-jre | oracle-java11-installer, tomcat9
+Depends: debconf (>= 0.2.26), openjdk-17-jre | oracle-java17-installer, tomcat10
 Maintainer: [[productMaintainer]] 
 Description: AuthzForce CE Server.
  Reference Implementation of FIWARE Authorization PDP Generic Enabler

dist/src/debian/control/postinst

@@ -18,22 +18,22 @@ systemctl daemon-reload
 db_get [[productId]]/restartTomcat
 if [ "$RET" = true ]; then
         export JAVA_OPTS='"-Djava.awt.headless=true -Djavax.xml.accessExternalSchema=all -Xms1024m -Xmx1024m -server"'
-        sed -i 's|^\(JAVA_OPTS\s*=\s*\).*$|\1'"$JAVA_OPTS"'|' /etc/default/tomcat9
-        systemctl stop tomcat9
-        rm -rf /var/log/tomcat9/*
-        systemctl start tomcat9
+        sed -i 's|^\(JAVA_OPTS\s*=\s*\).*$|\1'"$JAVA_OPTS"'|' /etc/default/tomcat10
+        systemctl stop tomcat10
+        rm -rf /var/log/tomcat10/*
+        systemctl start tomcat10
 fi
 
-echo "If you answered 'No' to the second question, you need to set the JAVA_OPTS in '/etc/default/tomcat9' by yourself before restarting Tomcat:" 
+echo "If you answered 'No' to the second question, you need to set the JAVA_OPTS in '/etc/default/tomcat10' by yourself before restarting Tomcat:"
 echo "    JAVA_OPTS=\"-Djava.awt.headless=true -Djavax.xml.accessExternalSchema=all -Xms1024m -Xmx1024m -server\""
 echo
-echo "If Tomcat fails to restart, check for any Tomcat high-level error in Tomcat log directory: /var/log/tomcat9"
-echo "Then fix it, in particular check the settings in Tomcat init script /etc/default/tomcat9 and restart Tomcat as follows:"
-echo "    $ systemctl restart tomcat9"
+echo "If Tomcat fails to restart, check for any Tomcat high-level error in Tomcat log directory: /var/log/tomcat10"
+echo "Then fix it, in particular check the settings in Tomcat init script /etc/default/tomcat10 and restart Tomcat as follows:"
+echo "    $ systemctl restart tomcat10"
 echo
-echo "If Tomcat is started but AuthzForce webapp deployment fails, check for any webapp-specific error in file: /var/log/tomcat9/authzforce-ce/error.log"
+echo "If Tomcat is started but AuthzForce webapp deployment fails, check for any webapp-specific error in file: /var/log/tomcat10/authzforce-ce/error.log"
 echo
-echo "If Tomcat takes too long to start, especially to load the AuthzForce webapp, it is very likely caused by lack of entropy on your host for secure random number generation. Having enough entropy is critical for security reasons, especially in production. If and only if you are using this AuthzForce instance for testing only, you may speed up Tomcat startup by adding this JVM argument to the JAVA_OPTS variable in Tomcat service configuration file '/etc/default/tomcat9': '-Djava.security.egd=file:/dev/./urandom'"
+echo "If Tomcat takes too long to start, especially to load the AuthzForce webapp, it is very likely caused by lack of entropy on your host for secure random number generation. Having enough entropy is critical for security reasons, especially in production. If and only if you are using this AuthzForce instance for testing only, you may speed up Tomcat startup by adding this JVM argument to the JAVA_OPTS variable in Tomcat service configuration file '/etc/default/tomcat10': '-Djava.security.egd=file:/dev/./urandom'"
 echo
 echo "When the webapp is up and running, you should get a HTTP response with status code 200 to this HTTP request with curl tool, after replacing 8080 with the port Tomcat is listening to if different:"
 printf "$ curl --verbose --show-error --write-out '%b\\%bn' --request GET http://localhost:8080/authzforce-ce/domains\n"

dist/src/debian/copyright

@@ -2,7 +2,7 @@ Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 Upstream-Name: authzforce-ce-server-dist
 
 Files: *
-Copyright: Copyright (C) 2012-2021 Thales. All rights reserved.
+Copyright: Copyright (C) 2012-2024 Thales. All rights reserved.
 Licence: GPL-3.0
  The full text of the GNU General Public
  License version 3 can be found in the file

…src/debian/systemd-tomcat9-override.conf …rc/debian/systemd-tomcat10-override.confdist/src/debian/systemd-tomcat9-override.conf renamed to dist/src/debian/systemd-tomcat10-override.conf dist/src/debian/systemd-tomcat9-override.conf renamed to dist/src/debian/systemd-tomcat10-override.conf

@@ -1,4 +1,4 @@
-# Copyright (C) 2012-2021 Thales.
+# Copyright (C) 2012-2024 Thales.
 #
 # This file is part of AuthzForce CE.
 #
@@ -18,15 +18,14 @@
 # Best practices for writing Dockerfiles:
 # https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/
 
-# Tips to do an unattended installation on Debian/Ubuntu: 
-# http://www.microhowto.info/howto/perform_an_unattended_installation_of_a_debian_package.html
-
 # The alternative is to use FROM ubuntu:* then install tomcat ubuntu package and use upstart/sysctl init script but this is not the way to go:
 # https://github.com/docker/docker/issues/6800
-FROM tomcat:9-jre11-temurin-focal
-MAINTAINER AuthzForce Team
-
-ENV DEBIAN_FRONTEND noninteractive
+FROM tomcat:10-jre17-temurin-jammy
+LABEL maintainer="AuthzForce Team"
+LABEL org.label-schema.schema-version="1.0"
+# LABEL org.label-schema.vendor=""
+LABEL org.label-schema.name="AuthzForce Server"
+# LABEL org.label-schema.description=""
 
 # Proxy configuration (if you are building from behind a proxy)
 # Next release of docker 1.9.0 should allow you to configure these by passing build-time arguments
@@ -39,38 +38,29 @@ ENV DEBIAN_FRONTEND noninteractive
 
 ENV JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom -Djava.awt.headless=true -Djavax.xml.accessExternalSchema=all -Xms1024m -Xmx1024m -server"
 
-# Version replaced by maven resources plugin during Maven package/install build
-ENV AUTHZFORCE_SERVER_VERSION=${project.version}
-ENV AUTHZFORCE_SERVER_DOWNLOAD_URL="https://repo1.maven.org/maven2/org/ow2/authzforce/authzforce-ce-server-dist/$AUTHZFORCE_SERVER_VERSION/authzforce-ce-server-dist-$AUTHZFORCE_SERVER_VERSION.deb"
+COPY authzforce-ce-server-*.tar.gz /opt/authzforce-ce-server.tar.gz
 
-# Download and install Authzforce Server (service starts automatically)
+# Download and install Authzforce Server
 # Where there is a command with a pipe, we need to put in between quotes and make it an argument to bash -c command
 RUN apt-get update --assume-yes -qq && \
- apt-get install --assume-yes -qq \
-        locales-all \
-        locales \
-        less \
-        apt-utils \
-        debconf-utils \
-        gdebi \
-        curl && \
+ apt-get install --assume-yes -qq locales-all locales less && \
  rm -rf /var/lib/apt/lists/* 
 
-RUN locale-gen en_US en_US.UTF-8
-RUN dpkg-reconfigure locales
+RUN locale-gen en_US en_US.UTF-8 && \
+    dpkg-reconfigure locales
 ENV LANG en_US.UTF-8 
 ENV LANGUAGE en_US:en 
 ENV LC_ALL en_US.UTF-8 
 
-RUN curl --silent --output authzforce-ce-server.deb --location $AUTHZFORCE_SERVER_DOWNLOAD_URL && \
- dpkg --extract authzforce-ce-server.deb /root/authzforce/ && \
- mv /root/authzforce/etc/tomcat9/Catalina /usr/local/tomcat/conf/ && \
- mv /root/authzforce/opt/* /opt/ && \
+RUN cd /opt && \
+ tar xvzf authzforce-ce-server.tar.gz && \
+ ln -s $(ls -d authzforce-ce-server-*) authzforce-ce-server && \
+ mkdir -p /usr/local/tomcat/conf/Catalina/localhost && \
+ cp /opt/authzforce-ce-server/conf/context.xml.sample /usr/local/tomcat/conf/Catalina/localhost/authzforce-ce.xml && \
  rm -rf /opt/authzforce-ce-server/data/domains/* && \
- rm -rf /root/authzforce && \
- rm -f authzforce-ce-server.deb
+ rm -f authzforce-ce-server.tar.gz
 
-VOLUME /opt/authzforce-ce-server/data
+VOLUME /opt/authzforce-ce-server
 VOLUME /usr/local/tomcat/conf
 
 CMD ["catalina.sh", "run"]