Feature2.6.0 (#293)

* always keep default pipeline

* added a simple caller address filter

* caller Black/white list reset on reload

* reset config on reload

* fix cfgdemo issue

* call addr filter supports regex

* call addr filter supports regex precheck

* gRPC server supports caller addr filter with regex precheck

* gRPC refactoring

* gRPC refactoring

* gRPC refactoring

* gRPC refactoring

* gRPC refactoring

* gRPC refactoring

* Netty 4.2 Migration

* enable ssl.Provider option in gRPC client config in case the default option (OPENSSL) is not available

* refactoring

* enhanced RAS encryption/decryption for config file, etc.

* enhanced security

* enhanced security

* enhanced security

* enhanced security

* enhanced security

* updated README

* refactor RTO error code

* refactor RTO error code

* default master password is no longer hardcoded, it will be loaded from etc/master.password file (auto create if no exists) when -authfile <path to master.password> is not provided to launch the app; added @UniqueIgnore to mute @unique check alert for expected duplicated values

* default master password is no longer hardcoded, it will be loaded from etc/master.password file (auto create if no exists) when -authfile <path to master.password> is not provided to launch the app; added @UniqueIgnore to mute @unique check alert for expected duplicated values

* refactoring

* refactoring

* refactoring

* refactoring

* make BootErrorCode not hardcoded

* refactoring

* refactoring

* added @Log.hideJsonFields

* added @Log.hideJsonFields

* refactoring: @Log.protectDataFieldsFromLogging and its FormatterUtil.replaceDataField to protect JSON, XML, Form data

* refactoring: @Log.protectDataFieldsFromLogging and its FormatterUtil.replaceDataField to protect JSON, XML, Form data

* wip

* refactoring API rename: org.summerboot.jexpress.nio.server.domain.ServiceContext renamed to org.summerboot.jexpress.nio.server.SessionContext

* update README.md

* API rename: @ImportResource.checkImplTagUsed and loadWhenImplTagUsed

* API rename: @ImportResource.checkImplTagUsed and loadWhenImplTagUsed

* Config removed: etc/boot.ini/default.interval.ConfigChangeMonitor;Config add: etc/boot.ini/default.ConfigChangeMonitor.Throttle.Milliseconds

* Config add: cfg_nio.properties/nio.WebSocket.Compress.maxAllocation

* refactoring DB config: use jakarta to replace hibernate

* Config new in cfg_nio.properties: ping.sync.HealthStatus, ping.sync.PauseStatus and ping.sync.showRootCause

* protect header

* protect header

* added sample service file for production Java 21 + Netty 4.2.x + ZGC + OpenSSL on Linux

* added sample service file for production Java 21 + Netty 4.2.x + ZGC + OpenSSL on Linux

* wip

* refactoring

* refactoring

* API new: added @Inspector.name and @Deamon.requiredHealthChecks (value is array of @Inspector.name), this is to set Controller and/or its methods on deamon mode (accessable when pause/health failed but not for specified @Inspector.name

* API new: added @Inspector.name and @Deamon.requiredHealthChecks (array of @Inspector.names, empty/null means ignore all HealthChecks); Config new: cfg_nio.properties.ping.sync.HealthStatus.requiredHealthChecks (@Inspector.names in CSV format, empty/null means require ALL HealthChecks)

* API new: added @Inspector.name and @Deamon.requiredHealthChecks (array of @Inspector.names, empty/null means ignore all HealthChecks); Config new: cfg_nio.properties.ping.sync.HealthStatus.requiredHealthChecks (@Inspector.names in CSV format, empty/null means require ALL HealthChecks)

* replace space with _ in log file name

* refactoring

* update dependencies

* refactoring SessionContext.txt(.) and file(.)

* added app arg -debug for debug mode

* add LooseRequestTracker for NioServer and gRPCServer

* add BootRequestTracker for NioServer and gRPCServer

* add BootRequestTracker for NioServer and gRPCServer

* add BootRequestTracker for NioServer and gRPCServer

* add BootRequestTracker for NioServer and gRPCServer

* add errorDesc

* refactoring error code

* add @LimitNonNullGroup - Validation annotation to ensure that exactly a specified number of fields are non-null.

* add @LimitNonNullGroup - Validation annotation to ensure that exactly a specified number of fields are non-null.

* refactoring log

* add ProxyAuthStrategy to HttpClientConfig

* add ProxyAuthStrategy to HttpClientConfig

* add ProxyAuthStrategy to HttpClientConfig

* add ProxyAuthStrategy to HttpClientConfig

* refactoring

* enhancement: refactoring RPCResult by supporting multiple error response types

* enhancement: Err with args

* dependencies update

* add nio.JAX-RS.toJson.showRefInServiceError in cfg_nio.properties, default false to not show ref field in JSON/XML response

* make ServiceError Deserializable

* add IdleEventMonitor and IdleEventMonitor.IdleEventListener to enable app to handle gRPC/RESTFul idel event

* add IdleEventMonitor and IdleEventMonitor.IdleEventListener to enable app to handle gRPC/RESTFul idel event

* add IdleEventMonitor and IdleEventMonitor.IdleEventListener to enable app to handle gRPC/RESTFul idel event

* dependencies update

* upgrade codeql to v3

* verify Bearer Token if provided in request header for regardless of a @controller method is role-based or not

* verify Bearer Token if provided in request header for regardless of a @controller method is role-based or not

* replace JKS with PKCS12

* added GrpcTestBase for gRPC test; Config new: etc/boot.ini section 5. Security Settings

* added GrpcTestBase for gRPC test; Config new: etc/boot.ini section 5. Security Settings

* Config new: etc/boot.ini section 5. Security Settings; added cfg_nio.properties nio.JAX-RS.fromJson.autoBeanValidation

* refactoring

* refactoring

* refactoring

* refactoring

* release 2.6.0

Author: SummerBootFramework

.github/workflows/codacy.yml

@@ -55,6 +55,6 @@ jobs:
 
       # Upload the SARIF file generated in the previous step
       - name: Upload SARIF results file
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: results.sarif

.github/workflows/codeql-analysis.yml

@@ -39,11 +39,11 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -54,7 +54,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+        uses: github/codeql-action/autobuild@v3
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -68,4 +68,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3

CHANGES

@@ -162,7 +162,7 @@ import jakarta.ws.rs.core.MediaType;
 import java.util.List;
 import org.summerboot.jexpress.boot.annotation.Controller;
 import org.summerboot.jexpress.boot.annotation.Log;
-import org.summerboot.jexpress.nio.server.domain.ServiceContext;
+import org.summerboot.jexpress.nio.server.SessionContext;
 
 @Singleton
 @Controller
@@ -188,7 +188,7 @@ public class MyController {
      * Three features:
      * <p> 1. auto validate JSON request by @Valid and @NotNull annotation
      * <p> 2. protected user credit card and privacy information from being logged by @Log annotation
-     * <p> 3. mark performance POI (point of interest) by using ServiceContext.poi(key), see section#8.3
+     * <p> 3. mark performance POI (point of interest) by using SessionContext.poi(key), see section#8.3
      *
      * @param myName
      * @param request
@@ -199,8 +199,8 @@ public class MyController {
     @Path("/hello/{name}")
     @Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})// require request header Content-Type: application/json or Content-Type: application/xml
     @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})// require request header Accept: application/json or Accept: application/xml
-    @Log(hideJsonStringFields = {"creditCardNumber", "clientPrivacy"}, hideJsonArrayFields = "secretList")
-    public ResponseDto hello_auto_validation_protected_logging_markWithPOI(@NotNull @PathParam("name") String myName, @NotNull @Valid RequestDto request, final ServiceContext context) {
+    @Log(maskDataFields = {"creditCardNumber", "clientPrivacy", "secretList"})
+    public ResponseDto hello_auto_validation_protected_logging_markWithPOI(@NotNull @PathParam("name") String myName, @NotNull @Valid RequestDto request, final SessionContext context) {
         context.poi("DB begin");// about POI, see section8.3
         // DB access and it takes time ...
         context.poi("DB end");
@@ -251,8 +251,7 @@ public class MyController {
 **}
 > Memo: n/a
 
-**Below is the log of with @Log(hideJsonStringFields = {"creditCardNumber", "clientPrivacy"}, hideJsonArrayFields = "
-secretList")**
+**Below is the log of with @Log(maskDataFields = {"creditCardNumber", "clientPrivacy", "secretList"})**
 
 > 2023-04-20T19:53:47,167 INFO org.summerboot.jexpress.nio.server.BootHttpRequestHandler.() [pool-4-thread-2]
 > request_2.caller=null
@@ -274,13 +273,13 @@ secretList")**
 
 
 
-**1.4 Sample Code: -use \<implTag\>**
+**1.4 Sample Code: -use \<AlternativeName\>**
 
-Use @Controller.**implTag** field as below, this controller class will only be available with -**use RoleBased**
+Use @Controller.**AlternativeName** field as below, this controller class will only be available with -**use RoleBased**
 parameter to launch the application, see *<u>section#9</u>*
 
 ```
-@Controller(implTag="RoleBased")
+@Controller(AlternativeName="RoleBased")
 ```
 
 **1.5 Sample Code: PING** see *section#5*
@@ -375,7 +374,7 @@ import io.netty.handler.codec.http.HttpHeaders;
 import javax.naming.NamingException;
 import org.summerboot.jexpress.boot.annotation.Service;
 import org.summerboot.jexpress.nio.server.RequestProcessor;
-import org.summerboot.jexpress.nio.server.domain.ServiceContext;
+import org.summerboot.jexpress.nio.server.SessionContext;
 import org.summerboot.jexpress.security.auth.Authenticator;
 import org.summerboot.jexpress.security.auth.AuthenticatorListener;
 import org.summerboot.jexpress.security.auth.BootAuthenticator;
@@ -387,7 +386,7 @@ import org.summerboot.jexpress.security.auth.User;
 public class MyAuthenticator extends BootAuthenticator<Long> {
 
     @Override
-    protected Caller authenticate(String usename, String password, Long metaData, AuthenticatorListener listener, ServiceContext context) throws NamingException {
+    protected Caller authenticate(String usename, String password, Long metaData, AuthenticatorListener listener, SessionContext context) throws NamingException {
         // verify username and password against LDAP
         if ("wrongpwd".equals(password)) {
             return null;
@@ -403,7 +402,7 @@ public class MyAuthenticator extends BootAuthenticator<Long> {
     }
 
     @Override
-    public boolean customizedAuthorizationCheck(RequestProcessor processor, HttpHeaders httpRequestHeaders, String httpRequestPath, ServiceContext context) throws Exception {
+    public boolean customizedAuthorizationCheck(RequestProcessor processor, HttpHeaders httpRequestHeaders, String httpRequestPath, SessionContext context) throws Exception {
         return true;
     }
 
@@ -592,10 +591,10 @@ my.key.name=DEC(plain password)
 
       Your application launched as system service controlled by root admin, and runs with
 
-      > “-cfgdir <path to config folder> -authfile <path to root password file>”
+      > “-authfile <path to root password file>”
 
       ```
-      java -jar my-service.jar -cfgdir dev/configuration -authfile /etc/security/my-service.root_pwd
+      java -jar jExpressApp.jar -authfile /etc/security/my-service-name.root_pwd
       ```
 
       Your root password is stored in file /etc/security/my-service.root_pwd, and has the following format:
@@ -876,10 +875,10 @@ configuration change event, TPS, etc.), below is a sample:
 
 **9.3 Sample Code**
 
-Use @Service annotation with implTag attribute
+Use @Service annotation with AlternativeName attribute
 
 ```
-@Service(implTag="myTag")
+@Service(AlternativeName="myImpl")
 ```
 
 Full version:
@@ -890,12 +889,12 @@ public class MyServiceImpl implements MyServcie {
 	...
 }
 
-@Service(implTag="impl1")
+@Service(AlternativeName="impl1")
 public class MyServiceImpl_1 implements MyServcie {
 	...
 }
 
-@Service(implTag="impl2")
+@Service(AlternativeName="impl2")
 public class MyServiceImpl_2 implements MyServcie {
 	...
 }
@@ -991,20 +990,31 @@ java -jar my-service.jar -unique POI
 
 ## 11. Plugin - run with external jar files in plugin foler
 
-**10.1 Intent**
+**11.1 Intent**
 
 - Once the application is on production, need a way to add new features or override existing logic without changing the
   exiting code
 
-**10.2 Motivation**
+**11.2 Motivation**
 
 - Make the application focus on interface, and its implements could be developed as external jar files
 - Make the visitor pattern available at the application level
 - You can even put all your logic in one or multiple external jar files developed by different teams as plugins
 
-**10.3 Supported types**
+**11.3 Supported types**
 
 - Web Controllers @Controller
 - Service implementations with @service
 - JExpressConfig configurations implementations with @ImportResource
 - Classes with @Unique
+
+## 12. White/Black list protected HTTP and gRPC server
+
+**12.1 Intent**
+
+- Have the ability to not to open the dorr to everyone from outside to your service
+
+**12.2 Motivation**
+
+- Some testing processes require the service only availbe to limited caller and tell others not to send request to this service to make it easy for trouble shooting
+- In production, it may requires to mmake service (HTTP or gRPC) availb to caller from centain IP range