Fixing PMD and some Version update

package-lock.json

@@ -11,13 +11,13 @@
       "license": "UNLICENSED",
       "dependencies": {
         "@angular/animations": "13.1.3",
-        "@angular/cdk": "^13.1.3",
+        "@angular/cdk": "^13.3.9",
         "@angular/common": "13.1.3",
         "@angular/compiler": "13.1.3",
         "@angular/core": "13.1.3",
         "@angular/forms": "13.1.3",
         "@angular/localize": "13.1.3",
-        "@angular/material": "^13.1.3",
+        "@angular/material": "^13.3.9",
         "@angular/platform-browser": "13.1.3",
         "@angular/platform-browser-dynamic": "13.1.3",
         "@angular/router": "13.1.3",
@@ -1341,9 +1341,9 @@
       }
     },
     "node_modules/@angular/cdk": {
-      "version": "13.2.2",
-      "resolved": "https://registry.npmjs.org/@angular/cdk/-/cdk-13.2.2.tgz",
-      "integrity": "sha512-cT5DIaz+NI9IGb3X61Wh26+L6zdRcOXT1BP37iRbK2Qa2qM8/0VNeK6hrBBIblyoHKR/WUmRlS8XYf6mmArpZw==",
+      "version": "13.3.9",
+      "resolved": "https://registry.npmjs.org/@angular/cdk/-/cdk-13.3.9.tgz",
+      "integrity": "sha512-XCuCbeuxWFyo3EYrgEYx7eHzwl76vaWcxtWXl00ka8d+WAOtMQ6Tf1D98ybYT5uwF9889fFpXAPw98mVnlo3MA==",
       "dependencies": {
         "tslib": "^2.3.0"
       },
@@ -1636,15 +1636,15 @@
       }
     },
     "node_modules/@angular/material": {
-      "version": "13.2.2",
-      "resolved": "https://registry.npmjs.org/@angular/material/-/material-13.2.2.tgz",
-      "integrity": "sha512-YAjPp2+/wuEOPfkAxdRVdbWHiK4P3DgMZa9qP/NizN2lTXNrftEfD09ZlPIFMZRnnExezJ2LnO7eyELpc1VSKg==",
+      "version": "13.3.9",
+      "resolved": "https://registry.npmjs.org/@angular/material/-/material-13.3.9.tgz",
+      "integrity": "sha512-FU8lcMgo+AL8ckd27B4V097ZPoIZNRHiCe3wpgkImT1qC0YwcyXZVn0MqQTTFSdC9a/aI8wPm3AbTClJEVw5Vw==",
       "dependencies": {
         "tslib": "^2.3.0"
       },
       "peerDependencies": {
         "@angular/animations": "^13.0.0 || ^14.0.0-0",
-        "@angular/cdk": "13.2.2",
+        "@angular/cdk": "13.3.9",
         "@angular/common": "^13.0.0 || ^14.0.0-0",
         "@angular/core": "^13.0.0 || ^14.0.0-0",
         "@angular/forms": "^13.0.0 || ^14.0.0-0",
@@ -26782,9 +26782,9 @@
       }
     },
     "@angular/cdk": {
-      "version": "13.2.2",
-      "resolved": "https://registry.npmjs.org/@angular/cdk/-/cdk-13.2.2.tgz",
-      "integrity": "sha512-cT5DIaz+NI9IGb3X61Wh26+L6zdRcOXT1BP37iRbK2Qa2qM8/0VNeK6hrBBIblyoHKR/WUmRlS8XYf6mmArpZw==",
+      "version": "13.3.9",
+      "resolved": "https://registry.npmjs.org/@angular/cdk/-/cdk-13.3.9.tgz",
+      "integrity": "sha512-XCuCbeuxWFyo3EYrgEYx7eHzwl76vaWcxtWXl00ka8d+WAOtMQ6Tf1D98ybYT5uwF9889fFpXAPw98mVnlo3MA==",
       "requires": {
         "parse5": "^5.0.0",
         "tslib": "^2.3.0"
@@ -26980,9 +26980,9 @@
       }
     },
     "@angular/material": {
-      "version": "13.2.2",
-      "resolved": "https://registry.npmjs.org/@angular/material/-/material-13.2.2.tgz",
-      "integrity": "sha512-YAjPp2+/wuEOPfkAxdRVdbWHiK4P3DgMZa9qP/NizN2lTXNrftEfD09ZlPIFMZRnnExezJ2LnO7eyELpc1VSKg==",
+      "version": "13.3.9",
+      "resolved": "https://registry.npmjs.org/@angular/material/-/material-13.3.9.tgz",
+      "integrity": "sha512-FU8lcMgo+AL8ckd27B4V097ZPoIZNRHiCe3wpgkImT1qC0YwcyXZVn0MqQTTFSdC9a/aI8wPm3AbTClJEVw5Vw==",
       "requires": {
         "tslib": "^2.3.0"
       }

package.json

@@ -86,13 +86,13 @@
   },
   "dependencies": {
     "@angular/animations": "13.1.3",
-    "@angular/cdk": "^13.1.3",
+    "@angular/cdk": "^13.3.9",
     "@angular/common": "13.1.3",
     "@angular/compiler": "13.1.3",
     "@angular/core": "13.1.3",
     "@angular/forms": "13.1.3",
     "@angular/localize": "13.1.3",
-    "@angular/material": "^13.1.3",
+    "@angular/material": "^13.3.9",
     "@angular/platform-browser": "13.1.3",
     "@angular/platform-browser-dynamic": "13.1.3",
     "@angular/router": "13.1.3",

src/main/java/at/ac/uibk/gitsearch/config/SecurityConfiguration.java

@@ -2,27 +2,18 @@ package at.ac.uibk.gitsearch.config;
 
 import static org.springframework.http.MediaType.APPLICATION_FORM_URLENCODED_VALUE;
 
-import at.ac.uibk.gitsearch.security.AuthoritiesConstants;
-import at.ac.uibk.gitsearch.security.jwt.JWTConfigurer;
-import at.ac.uibk.gitsearch.security.jwt.TokenProvider;
-import at.ac.uibk.gitsearch.security.oauth2.GitSearchOAuth2AuthenticationToken;
-import at.ac.uibk.gitsearch.security.oauth2.GitSearchOAuth2AuthorizationRequestRepository;
-import at.ac.uibk.gitsearch.security.oauth2.SavedRequestAwareAuthenticationSuccessHandlerWithJWTSupport;
-import at.ac.uibk.gitsearch.security.oauth2.UserDetailsFetcher;
-import at.ac.uibk.gitsearch.service.UserService;
-import at.ac.uibk.gitsearch.service.dto.AdminUserDTO;
-import at.ac.uibk.gitsearch.service.mapper.UserMapper;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.net.URI;
-import java.util.Collection;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Optional;
 import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
+
 import javax.servlet.DispatcherType;
+
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.springframework.beans.factory.annotation.Value;
@@ -39,7 +30,6 @@ import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.config.annotation.ObjectPostProcessor;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
-import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -72,7 +62,6 @@ import org.springframework.security.oauth2.core.endpoint.PkceParameterNames;
 import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
 import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
 import org.springframework.security.oauth2.core.oidc.user.OidcUser;
-import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.security.oauth2.jwt.JwtDecoder;
 import org.springframework.security.oauth2.jwt.JwtDecoders;
 import org.springframework.security.oauth2.jwt.JwtValidators;
@@ -92,9 +81,21 @@ import org.springframework.web.filter.ForwardedHeaderFilter;
 import org.springframework.web.util.UriComponentsBuilder;
 import org.zalando.problem.spring.web.advice.security.SecurityProblemSupport;
 
+import at.ac.uibk.gitsearch.security.AuthoritiesConstants;
+import at.ac.uibk.gitsearch.security.jwt.JWTConfigurer;
+import at.ac.uibk.gitsearch.security.jwt.TokenProvider;
+import at.ac.uibk.gitsearch.security.oauth2.GitSearchOAuth2AuthenticationToken;
+import at.ac.uibk.gitsearch.security.oauth2.GitSearchOAuth2AuthorizationRequestRepository;
+import at.ac.uibk.gitsearch.security.oauth2.SavedRequestAwareAuthenticationSuccessHandlerWithJWTSupport;
+import at.ac.uibk.gitsearch.security.oauth2.UserDetailsFetcher;
+import at.ac.uibk.gitsearch.service.UserService;
+import at.ac.uibk.gitsearch.service.dto.AdminUserDTO;
+import at.ac.uibk.gitsearch.service.mapper.UserMapper;
+
 @EnableWebSecurity
 @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
 @Import(SecurityProblemSupport.class)
+@java.lang.SuppressWarnings("PMD")
 public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
 
     private static final Logger logger = LogManager.getLogger(SecurityConfiguration.class);
@@ -251,8 +252,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
             if (object instanceof OAuth2LoginAuthenticationFilter) {
                 OAuth2LoginAuthenticationFilter oAuthLoginFilter = (OAuth2LoginAuthenticationFilter) object;
                 oAuthLoginFilter.setAuthenticationResultConverter((OAuth2LoginAuthenticationToken authenticationResult) -> {
-                    OAuth2AuthenticationToken authToken = new GitSearchOAuth2AuthenticationToken(authenticationResult);
-                    return authToken;
+                    return new GitSearchOAuth2AuthenticationToken(authenticationResult);
                 });
             }
             return object;
@@ -267,34 +267,6 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
         return jwtAuthenticationConverter;
     }
 
-    /**
-     * this is unfortunately an hard core access to the oauth2 Login Authentication Filter.
-     * This is required in order to set the Authentication Converter, which is not available via OAuth2LoginConfigurer.
-     * If you have a better idea, you are welcome.
-     *
-     * @param c the OAuth2LoginConfigurer
-     * @return the Filter (if accessible)
-     */
-    private static final Optional<OAuth2LoginAuthenticationFilter> getOAuth2AuthenticationFilterFromConfig(
-        OAuth2LoginConfigurer<HttpSecurity> c
-    ) {
-        try {
-            final Method getFilterMethod = AbstractAuthenticationFilterConfigurer.class.getDeclaredMethod("getAuthenticationFilter");
-            getFilterMethod.setAccessible(true);
-            return Optional.ofNullable((OAuth2LoginAuthenticationFilter) getFilterMethod.invoke(c));
-        } catch (
-            NullPointerException
-            | IllegalAccessException
-            | IllegalArgumentException
-            | InvocationTargetException
-            | NoSuchMethodException
-            | SecurityException e
-        ) {
-            logger.warn("Cannot get OAuth2LoginAuthenticationFilter :-(", e);
-            return Optional.empty();
-        }
-    }
-
     private JWTConfigurer securityConfigurerAdapter() {
         return new JWTConfigurer(tokenProvider);
     }

src/main/java/at/ac/uibk/gitsearch/security/oauth2/GitSearchOAuth2AuthenticationToken.java

@@ -10,7 +10,7 @@ public class GitSearchOAuth2AuthenticationToken extends OAuth2AuthenticationToke
      */
     private static final long serialVersionUID = 1L;
 
-    private String redirectURL;
+    private final String redirectURL;
 
     public GitSearchOAuth2AuthenticationToken(OAuth2LoginAuthenticationToken authenticationResult) {
         super(
@@ -18,12 +18,12 @@ public class GitSearchOAuth2AuthenticationToken extends OAuth2AuthenticationToke
             authenticationResult.getAuthorities(),
             authenticationResult.getClientRegistration().getRegistrationId()
         );
-        redirectURL =
+        String configuredRedirectURL =
             authenticationResult
                 .getAuthorizationExchange()
                 .getAuthorizationRequest()
                 .getAttribute(GitSearchOAuth2AuthorizationRequestRepository.REFERER_ATTRIBUTE);
-        if (redirectURL == null) redirectURL = "/";
+        redirectURL = configuredRedirectURL!=null?configuredRedirectURL:"/";
     }
 
     public String getRedirectURL() {

src/main/java/at/ac/uibk/gitsearch/security/oauth2/GitSearchOAuth2AuthorizationRequestRepository.java

 package at.ac.uibk.gitsearch.security.oauth2;
 
-import java.util.HashMap;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+
 import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
@@ -49,7 +50,7 @@ public class GitSearchOAuth2AuthorizationRequestRepository implements Authorizat
         String state = authorizationRequest.getState();
         Assert.hasText(state, "authorizationRequest.state cannot be empty");
         String referer = request.getHeader(REFERER_ATTRIBUTE);
-        final Map<String, Object> requestAttributes = new HashMap<>(authorizationRequest.getAttributes());
+        final Map<String, Object> requestAttributes = new ConcurrentHashMap<>(authorizationRequest.getAttributes());
         requestAttributes.put(REFERER_ATTRIBUTE, referer);
         OAuth2AuthorizationRequest extendedAuthorizationRequest = OAuth2AuthorizationRequest
             .from(authorizationRequest)