Merge branch 'release/12.0.1'

CHANGELOG.md

@@ -4,6 +4,15 @@ All notable changes to this project are documented in this file following the [K
 Issues reported on [GitHub](https://github.com/authzforce/server/issues) are referenced in the form of `[GH-N]`, where N is the issue number. Issues reported on [OW2](https://jira.ow2.org/browse/AUTHZFORCE/) are mentioned in the form of `[OW2-N]`, where N is the issue number.
 
 
+## 12.0.1
+### Fixed
+- Fixed Docker image (Dockerfile) and Debian package: change of Tomcat version (9->10) and JRE version (11->17)
+- Fixed class not found error when starting the webapp and missing CXF library for logging HTTP requests/responses: 
+  - Added dependencies:
+    - cxf-rt-features-logging: 4.0.3 
+    - jakarta.xml.ws-api: 3.0.1
+
+
 ## 12.0.0
 ### Changed
 - Upgraded parent project authzforce-ce-parent: 9.1.0

README.md

@@ -202,7 +202,7 @@ Every release is packaged in various types of distribution and the installation
 
 -   Ubuntu/Debian package (recommended option): `.deb`. Use your usual Ubuntu/Debian APT to install the package;
 -   Other Linux distributions: `.tar.gz` for any Linux distribution. More info in the [documentation](#documentation);
--   Docker image, installed/deployed with the usual docker container commands.
+-   Docker image, installed/deployed with the usual docker container commands. See [dist/src/docker/README.md](dist/src/docker/README.md) for more info.
 
 For download links, please go to the specific
 [release page](https://github.com/authzforce/server/releases).
@@ -330,7 +330,8 @@ $ mvn -Dhttps.proxyHost=proxyhostname -Dhttps.proxyPort=8080 jgitflow:release-st
    ```shell
      $ git checkout master
      $ mvn clean package
-     $ cd dist/target/classes/docker
+     $ cd dist/target
+     $ chmod +x release-docker.sh
      $ ./release.sh
    ```
 10. Update the versions in badges at the top of this file.

dist/pom.xml

@@ -3,7 +3,7 @@
    <parent>
       <groupId>org.ow2.authzforce</groupId>
       <artifactId>authzforce-ce-server</artifactId>
-      <version>12.0.0</version>
+      <version>12.0.1</version>
       <relativePath>../pom.xml</relativePath>
    </parent>
    <artifactId>authzforce-ce-server-dist</artifactId>
@@ -87,8 +87,10 @@
                               <include>debian/changelog</include>
                               <include>debian/changes.jdeb.txt</include>
                               <include>tar/README.md</include>
+                              <!--
                               <include>docker/Dockerfile.tmpl</include>
                               <include>docker/release.sh.tmpl</include>
+                              -->
                            </includes>
                         </resource>
                      </resources>
@@ -102,25 +104,39 @@
             <version>1.0.1</version>
             <executions>
                <execution>
-                  <id>copy-and-rename-dockerfile</id>
+                  <id>copy-dockerfile-and-release-script</id>
                   <phase>process-resources</phase>
                   <goals>
-                     <goal>rename</goal>
+                     <goal>copy</goal>
                   </goals>
                   <configuration>
-                     <sourceFile>${project.build.outputDirectory}/docker/Dockerfile.tmpl</sourceFile>
-                     <destinationFile>${project.build.outputDirectory}/docker/Dockerfile</destinationFile>
+                     <!-- project.build.directory:  target
+                     project.build.outputDirectory: target/classes
+                     -->
+                     <fileSets>
+                        <fileSet>
+                           <!--<sourceFile>${project.build.outputDirectory}/docker/Dockerfile.tmpl</sourceFile>-->
+                           <sourceFile>src/docker/Dockerfile</sourceFile>
+                           <destinationFile>${project.build.directory}/Dockerfile</destinationFile>
+                        </fileSet>
+                        <fileSet>
+                           <!--<sourceFile>${project.build.outputDirectory}/docker/release.sh.tmpl</sourceFile>-->
+                           <sourceFile>src/docker/release.sh</sourceFile>
+                           <destinationFile>${project.build.directory}/release.sh</destinationFile>
+                        </fileSet>
+                     </fileSets>
+
                   </configuration>
                </execution>
                <execution>
-                  <id>copy-and-rename-release-script</id>
+                  <id>rename-release-script</id>
                   <phase>process-resources</phase>
                   <goals>
                      <goal>rename</goal>
                   </goals>
                   <configuration>
-                     <sourceFile>${project.build.outputDirectory}/docker/release.sh.tmpl</sourceFile>
-                     <destinationFile>${project.build.outputDirectory}/docker/release.sh</destinationFile>
+                     <sourceFile>${project.build.directory}/release.sh</sourceFile>
+                     <destinationFile>${project.build.directory}/release-docker.sh</destinationFile>
                   </configuration>
                </execution>
             </executions>
@@ -215,7 +231,7 @@
                         <data>
                            <!-- Webapp-specific context for Tomcat, after replacing 'productId' (see previous <resources> tag), therefore take it from target/classes, i.e. ${project.build.outputDirectory} -->
                            <src>${project.build.outputDirectory}/webapp-context.xml</src>
-                           <dst>/etc/tomcat9/Catalina/localhost/authzforce-ce.xml</dst>
+                           <dst>/etc/tomcat10/Catalina/localhost/authzforce-ce.xml</dst>
                            <type>file</type>
                            <conffile>true</conffile>
                         </data>
@@ -237,9 +253,9 @@
                            </mapper>
                         </data>
                         <data>
-                           <!-- Systemd config override to allow writing to other non-official Tomcat directories. More info: https://salsa.debian.org/java-team/tomcat9/blob/master/debian/README.Debian -->
-                           <src>${project.basedir}/src/debian/systemd-tomcat9-override.conf</src>
-                            <dst>/etc/systemd/system/tomcat9.service.d/override.conf</dst>
+                           <!-- Systemd config override to allow writing to other non-official Tomcat directories. More info: https://salsa.debian.org/java-team/tomcat10/blob/master/debian/README.Debian -->
+                           <src>${project.basedir}/src/debian/systemd-tomcat10-override.conf</src>
+                            <dst>/etc/systemd/system/tomcat10.service.d/override.conf</dst>
                            <type>file</type>
                            <conffile>true</conffile>
                         </data>

dist/src/debian/changelog

@@ -1,3 +1,3 @@
-authzforce-ce-server (${project.version}) xenial; urgency=low
+authzforce-ce-server (${project.version}) lunar; urgency=low
   * See https://github.com/authzforce/server/blob/release-${project.version}/CHANGELOG.md
  -- Thales <http://www.thalesgroup.com>  ${debian.changelog.timestamp}

dist/src/debian/control/control

@@ -3,7 +3,7 @@ Version: [[version]]
 Section: web
 Priority: optional
 Architecture: all
-Depends: debconf (>= 0.2.26), openjdk-11-jre | oracle-java11-installer, tomcat9
+Depends: debconf (>= 0.2.26), openjdk-17-jre | oracle-java17-installer, tomcat10
 Maintainer: [[productMaintainer]] 
 Description: AuthzForce CE Server.
  Reference Implementation of FIWARE Authorization PDP Generic Enabler

dist/src/debian/control/postinst

@@ -18,22 +18,22 @@ systemctl daemon-reload
 db_get [[productId]]/restartTomcat
 if [ "$RET" = true ]; then
         export JAVA_OPTS='"-Djava.awt.headless=true -Djavax.xml.accessExternalSchema=all -Xms1024m -Xmx1024m -server"'
-        sed -i 's|^\(JAVA_OPTS\s*=\s*\).*$|\1'"$JAVA_OPTS"'|' /etc/default/tomcat9
-        systemctl stop tomcat9
-        rm -rf /var/log/tomcat9/*
-        systemctl start tomcat9
+        sed -i 's|^\(JAVA_OPTS\s*=\s*\).*$|\1'"$JAVA_OPTS"'|' /etc/default/tomcat10
+        systemctl stop tomcat10
+        rm -rf /var/log/tomcat10/*
+        systemctl start tomcat10
 fi
 
-echo "If you answered 'No' to the second question, you need to set the JAVA_OPTS in '/etc/default/tomcat9' by yourself before restarting Tomcat:" 
+echo "If you answered 'No' to the second question, you need to set the JAVA_OPTS in '/etc/default/tomcat10' by yourself before restarting Tomcat:"
 echo "    JAVA_OPTS=\"-Djava.awt.headless=true -Djavax.xml.accessExternalSchema=all -Xms1024m -Xmx1024m -server\""
 echo
-echo "If Tomcat fails to restart, check for any Tomcat high-level error in Tomcat log directory: /var/log/tomcat9"
-echo "Then fix it, in particular check the settings in Tomcat init script /etc/default/tomcat9 and restart Tomcat as follows:"
-echo "    $ systemctl restart tomcat9"
+echo "If Tomcat fails to restart, check for any Tomcat high-level error in Tomcat log directory: /var/log/tomcat10"
+echo "Then fix it, in particular check the settings in Tomcat init script /etc/default/tomcat10 and restart Tomcat as follows:"
+echo "    $ systemctl restart tomcat10"
 echo
-echo "If Tomcat is started but AuthzForce webapp deployment fails, check for any webapp-specific error in file: /var/log/tomcat9/authzforce-ce/error.log"
+echo "If Tomcat is started but AuthzForce webapp deployment fails, check for any webapp-specific error in file: /var/log/tomcat10/authzforce-ce/error.log"
 echo
-echo "If Tomcat takes too long to start, especially to load the AuthzForce webapp, it is very likely caused by lack of entropy on your host for secure random number generation. Having enough entropy is critical for security reasons, especially in production. If and only if you are using this AuthzForce instance for testing only, you may speed up Tomcat startup by adding this JVM argument to the JAVA_OPTS variable in Tomcat service configuration file '/etc/default/tomcat9': '-Djava.security.egd=file:/dev/./urandom'"
+echo "If Tomcat takes too long to start, especially to load the AuthzForce webapp, it is very likely caused by lack of entropy on your host for secure random number generation. Having enough entropy is critical for security reasons, especially in production. If and only if you are using this AuthzForce instance for testing only, you may speed up Tomcat startup by adding this JVM argument to the JAVA_OPTS variable in Tomcat service configuration file '/etc/default/tomcat10': '-Djava.security.egd=file:/dev/./urandom'"
 echo
 echo "When the webapp is up and running, you should get a HTTP response with status code 200 to this HTTP request with curl tool, after replacing 8080 with the port Tomcat is listening to if different:"
 printf "$ curl --verbose --show-error --write-out '%b\\%bn' --request GET http://localhost:8080/authzforce-ce/domains\n"

dist/src/debian/copyright

@@ -2,7 +2,7 @@ Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 Upstream-Name: authzforce-ce-server-dist
 
 Files: *
-Copyright: Copyright (C) 2012-2021 Thales. All rights reserved.
+Copyright: Copyright (C) 2012-2024 Thales. All rights reserved.
 Licence: GPL-3.0
  The full text of the GNU General Public
  License version 3 can be found in the file

dist/src/docker/Dockerfile.tmpl → dist/src/docker/Dockerfile

@@ -1,4 +1,4 @@
-# Copyright (C) 2012-2021 Thales.
+# Copyright (C) 2012-2024 Thales.
 #
 # This file is part of AuthzForce CE.
 #
@@ -18,15 +18,14 @@
 # Best practices for writing Dockerfiles:
 # https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/
 
-# Tips to do an unattended installation on Debian/Ubuntu: 
-# http://www.microhowto.info/howto/perform_an_unattended_installation_of_a_debian_package.html
-
 # The alternative is to use FROM ubuntu:* then install tomcat ubuntu package and use upstart/sysctl init script but this is not the way to go:
 # https://github.com/docker/docker/issues/6800
-FROM tomcat:9-jre11-temurin-focal
-MAINTAINER AuthzForce Team
-
-ENV DEBIAN_FRONTEND noninteractive
+FROM tomcat:10-jre17-temurin-jammy
+LABEL maintainer="AuthzForce Team"
+LABEL org.label-schema.schema-version="1.0"
+# LABEL org.label-schema.vendor=""
+LABEL org.label-schema.name="AuthzForce Server"
+# LABEL org.label-schema.description=""
 
 # Proxy configuration (if you are building from behind a proxy)
 # Next release of docker 1.9.0 should allow you to configure these by passing build-time arguments
@@ -39,38 +38,29 @@ ENV DEBIAN_FRONTEND noninteractive
 
 ENV JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom -Djava.awt.headless=true -Djavax.xml.accessExternalSchema=all -Xms1024m -Xmx1024m -server"
 
-# Version replaced by maven resources plugin during Maven package/install build
-ENV AUTHZFORCE_SERVER_VERSION=${project.version}
-ENV AUTHZFORCE_SERVER_DOWNLOAD_URL="https://repo1.maven.org/maven2/org/ow2/authzforce/authzforce-ce-server-dist/$AUTHZFORCE_SERVER_VERSION/authzforce-ce-server-dist-$AUTHZFORCE_SERVER_VERSION.deb"
+COPY authzforce-ce-server-*.tar.gz /opt/authzforce-ce-server.tar.gz
 
-# Download and install Authzforce Server (service starts automatically)
+# Download and install Authzforce Server
 # Where there is a command with a pipe, we need to put in between quotes and make it an argument to bash -c command
 RUN apt-get update --assume-yes -qq && \
- apt-get install --assume-yes -qq \
-        locales-all \
-        locales \
-        less \
-        apt-utils \
-        debconf-utils \
-        gdebi \
-        curl && \
+ apt-get install --assume-yes -qq locales-all locales less && \
  rm -rf /var/lib/apt/lists/* 
 
-RUN locale-gen en_US en_US.UTF-8
-RUN dpkg-reconfigure locales
+RUN locale-gen en_US en_US.UTF-8 && \
+    dpkg-reconfigure locales
 ENV LANG en_US.UTF-8 
 ENV LANGUAGE en_US:en 
 ENV LC_ALL en_US.UTF-8 
 
-RUN curl --silent --output authzforce-ce-server.deb --location $AUTHZFORCE_SERVER_DOWNLOAD_URL && \
- dpkg --extract authzforce-ce-server.deb /root/authzforce/ && \
- mv /root/authzforce/etc/tomcat9/Catalina /usr/local/tomcat/conf/ && \
- mv /root/authzforce/opt/* /opt/ && \
+RUN cd /opt && \
+ tar xvzf authzforce-ce-server.tar.gz && \
+ ln -s $(ls -d authzforce-ce-server-*) authzforce-ce-server && \
+ mkdir -p /usr/local/tomcat/conf/Catalina/localhost && \
+ cp /opt/authzforce-ce-server/conf/context.xml.sample /usr/local/tomcat/conf/Catalina/localhost/authzforce-ce.xml && \
  rm -rf /opt/authzforce-ce-server/data/domains/* && \
- rm -rf /root/authzforce && \
- rm -f authzforce-ce-server.deb
+ rm -f authzforce-ce-server.tar.gz
 
-VOLUME /opt/authzforce-ce-server/data
+VOLUME /opt/authzforce-ce-server
 VOLUME /usr/local/tomcat/conf
 
 CMD ["catalina.sh", "run"]

dist/src/docker/README.md

@@ -3,26 +3,42 @@
 This image of a minimal AuthzForce Server runtime is intended to work together with [Identity Manager - Keyrock](http://catalogue.fiware.org/enablers/identity-management-keyrock) and [PEP Proxy Wilma](http://catalogue.fiware.org/enablers/pep-proxy-wilma) generic enabler.
 
 ## Image contents
-- OpenJDK JRE 11;
-- Tomcat 9 (since AuthzForce Server v9.0.1, else Tomcat 8 for older versions);
+- OpenJDK JRE 17 (since AuthzForce Server v12.0.0);
+- Tomcat 10 (since AuthzForce Server v12.0.0);
 - AuthzForce Server CE (version matching the Docker image tag).
 
 ## Usage
 
 This image gives you a minimal installation for testing purposes. The AuthzForce Installation and Administration guide on [readthedocs.org](https://readthedocs.org/projects/authzforce-ce-fiware/versions/) (select the version matching the Docker image tag, then **AuthzForce - Installation and Administration Guide**) provides you a better approach for using it in a production environment. This installation guide also gives instructions to install from .deb package (instead of Docker), which is the recommended way for Ubuntu hosts.
 
-Create a container using `authzforce/server` image by doing (replace the first *8080* after *-p* with whatever network port you want to use on the host to access the AuthzForce Server, e.g. 80; and *release-9.0.1* with the current Docker image tag that you are using):
+Create a container using `authzforce/server` image by doing (replace the first *8080* after *-p* with whatever network port you want to use on the host to access the AuthzForce Server, e.g. 80; and *release-12.0.1* with the current Docker image tag that you are using):
 
 ```
 docker run -d -p 8080:8080 --name <container-name> authzforce/server
 ```
 
 As stands in the AuthzForce Installation and administration guide on [readthedocs.org](https://readthedocs.org/projects/authzforce-ce-fiware/versions/) (select the version matching the Docker image tag, then **AuthzForce - Installation and Administration Guide**) you can:
 
+* **Get the API description (WADL)**
+
+This is good way to test the app is up and running.
+
+```shell
+$ curl --verbose http://<authzforce-container-ip>:8080/authzforce-ce/?_wadl
+```
+
+* **List domains**
+
+Should return an empty list initially.
+
+```shell
+$ curl --verbose --show-error --write-out '\n' http://<authzforce-container-ip>:8080/authzforce-ce/domains
+```
+
 * **Create a domain**
 
 ```
-curl -s --request POST \
+$ curl --request POST \
 --header "Accept: application/xml" \
 --header "Content-Type: application/xml;charset=UTF-8" \
 --data '<?xml version="1.0" encoding="UTF-8"?><taz:domainProperties xmlns:taz="http://authzforce.github.io/rest-api-model/xmlns/authz/5" />' \
@@ -32,13 +48,13 @@ curl -s --request POST \
 * **Retrieve the domain ID**
 
 ```
-curl -s --request GET http://<authzforce-container-ip>:8080/authzforce-ce/domains
+$ curl -s --request GET http://<authzforce-container-ip>:8080/authzforce-ce/domains
 ```
 
 * **Domain removal**
 
 ```
-curl --verbose --request DELETE \
+$ curl --verbose --request DELETE \
 --header "Content-Type: application/xml;charset=UTF-8" \
 --header "Accept: application/xml" \
 http://<authzforce-container-ip>:8080/authzforce-ce/domains/<domain-id>
@@ -48,11 +64,9 @@ http://<authzforce-container-ip>:8080/authzforce-ce/domains/<domain-id>
 
 These tasks are now delegated to the [Identity Manager - Keyrock](http://catalogue.fiware.org/enablers/identity-management-keyrock) enabler. Here you can find how to use the interface for that purpose: [How to manage AuthzForce in Fiware](https://www.fiware.org/devguides/handling-authorization-and-access-control-to-apis/how-to-manage-access-control-in-fiware/).
 
-## User feedback
-
-### Documentation
+* **Other operations**
 
-All the information regarding the Dockerfile is hosted publicly on [Github](https://github.com/authzforce/server/tree/master/src/docker).
+For other operations, see the Administration, and User and Programmers guides on [readthedocs.org](https://readthedocs.org/projects/authzforce-ce-fiware/versions/) (select the version matching the Docker image tag, then **AuthzForce - Installation and Administration Guide** or **User and Programmers Guide**).
 
 ### Issues
 

dist/src/docker/release.sh

@@ -0,0 +1,9 @@
+set -ex
+
+# project.version to be replaced with Maven project version during Maven build (package goal)
+BUILD_TAR_GZ=$(ls *.tar.gz)
+BUILD_VERSION=${BUILD_TAR_GZ:21:-7}
+[ -z "$BUILD_VERSION" ] && { echo "Invalid tar.gz filename, version not found"; exit 1; }
+docker build --tag=authzforce/server:${BUILD_VERSION} .
+docker login
+docker push authzforce/server:${BUILD_VERSION}