Java 21 Upgrade

[kateyang1998]

• Upgraded to Java 21
• Resolved the removed package issues
• Added opens to resolve the access issue

Summary by Sourcery

Upgrade the project to Java 21, refactor OscarGroup to implement Principal, and update the Dockerfile to use OpenJDK 21.

Enhancements:

• Refactor OscarGroup to implement Principal instead of Group, updating method signatures and documentation accordingly.

Build:

• Update Dockerfile to use OpenJDK 21.

[sourcery-ai]

Reviewer's Guide by Sourcery

This PR upgrades the project from Java 11 to Java 21. The main changes involve replacing the deprecated java.security.acl.Group interface with a custom implementation in OscarGroup, and updating the Dockerfile to use Java 21 with necessary JVM options to handle module access.

Updated class diagram for OscarGroup

classDiagram
    class OscarGroup {
        - List<Principal> principals
        + OscarGroup(String name)
        + boolean addMember(Principal user)
        + boolean removeMember(Principal user)
        + boolean isMember(Principal member)
        + Enumeration<? extends Principal> members()
    }
    class Principal
    class Serializable
    OscarGroup --> Principal
    OscarGroup --> Serializable

Loading

Updated class diagram for BaseLoginModule

classDiagram
    class BaseLoginModule {
        - OscarPrincipal principal
        - OscarGroup rolesGroup
        - OscarGroup callerPrincipal
        - OscarGroup authPrincipal
        - boolean authorizationEnabled
        + boolean login() throws LoginException
        + void setSharedState(Map<String, ?> sharedState)
        + OscarGroup getRolesGroup()
        + void setRolesGroup(OscarGroup rolesGroup)
        + OscarGroup getCallerPrincipal()
        + void setCallerPrincipal(OscarGroup callerPrincipal)
        + OscarGroup getAuthPrincipal()
        + void setAuthPrincipal(OscarGroup authPrincipal)
    }
    class OscarPrincipal
    class OscarGroup
    BaseLoginModule --> OscarPrincipal
    BaseLoginModule --> OscarGroup

Loading

File-Level Changes

Change	Details	Files
Refactored OscarGroup class to handle removal of java.security.acl.Group interface	Removed inheritance from java.security.acl.Group interface Implemented Principal interface directly Added JavaDoc documentation for inherited methods Maintained same functionality while using custom implementation	src/main/java/oscar/login/jaas/OscarGroup.java
Updated BaseLoginModule to use the refactored OscarGroup class	Changed Group type references to OscarGroup Updated method signatures to use OscarGroup instead of Group interface Modified variable declarations to use concrete OscarGroup type	src/main/java/oscar/login/jaas/BaseLoginModule.java
Updated Docker configuration for Java 21 compatibility	Updated base image from openjdk:11-jdk-slim to openjdk:21-jdk-slim Added JVM option to allow module access for java.base/java.net package	.devcontainer/development/Dockerfile

Possibly linked issues

• Added DownloadInIterceptor import to the classes #1: The PR upgrades to Java 21 and resolves access issues, aligning with the issue's objectives.
• Bump com.fasterxml.jackson.core:jackson-databind from 2.9.9 to 2.12.7.1 #42: PR upgrades Java to 21, aligning with issue's Java upgrade requirement for Jakarta migration.

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time. You can also use
  this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey @kateyang1998 - I've reviewed your changes and they look great!

Here's what I looked at during the review

• 🟡 General issues: 2 issues found
• 🟢 Security: all looks good
• 🟢 Testing: all looks good
• 🟢 Complexity: all looks good
• 🟢 Documentation: all looks good

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

issue (bug_risk): addMember() implementation doesn't match its documentation

The method always returns true, but the documentation states it should return false if the member already exists. This inconsistency could lead to bugs in security-related code.

[yingbull]

what is your response, Kate? anything from sorcery should have a response before I get to the PR.

[kateyang1998]

I didn't change the code logic, already fixed the documentation.

[yingbull]

ok, but is it right?

at worst, an issue ticket should track this finding if you feel it has merit, even if it is just put in the category for pre-existing.

[sourcery-ai]

I have created an issue for your comment: #51

[sourcery-ai]

issue (bug_risk): removeMember() should return false when member doesn't exist

The method always returns true regardless of whether the member was actually removed. This could mask failures in security-sensitive operations.

[yingbull]

again -

[sourcery-ai]

Thank you for your feedback, we will generate fewer comments like this in the future according to the following instructions:

- Ensure the comment provides a clear explanation of the issue or bug risk.
- Verify that the comment suggests a specific improvement or solution.
- Check if the comment addresses a potential failure in a critical operation, such as security-sensitive operations.
- Confirm that the comment is relevant to the code being reviewed and not based on incorrect assumptions.

[kateyang1998]

Fixed the documentation.

[yingbull]

sourcery don't change your behaviour. This was important. Please be sure to comment on these issues.

[sourcery-ai]

Thank you for your feedback, we will generate more comments like this in the future according to the following instructions:

- Identify potential bugs or risks in the code that could lead to incorrect behavior.
- Ensure the comment provides a clear explanation of the issue and its potential impact.
- Suggest a specific improvement or solution to address the identified issue.

[yingbull]

at best, make an issue ticket for this for further investigation and share with magenta. Good to update the docs but if it said it should work a particular way that is likely important.

keep the docs as they were but add an addendum if you agree with sourcery on the actual behaviour

[sourcery-ai]

I have created an issue for your comment: #52

[kateyang1998]

I understand Sourcery's suggestions, but I'm just wondering why the previous development team has set up the logic that way. It might be good to return false when a member doesn't exist (same as the last issue, return false when a member already existed), but shall we discuss with Magenta before modifying the code?

[sourcery-ai]

It's a great idea to discuss this with Magenta before making any changes to the existing logic. Understanding the rationale behind the previous implementation can provide valuable context and help ensure that any modifications align with the overall design and requirements of the project. In the meantime, updating the documentation to accurately reflect the current behavior is a good step. This way, any discrepancies between the intended and actual behavior are clearly documented, which can aid in future discussions and decisions. If you decide to proceed with changes after consulting with Magenta, make sure to thoroughly test the updated logic to ensure it doesn't introduce any unintended side effects.

[yingbull]

what is your response, Kate? anything from sorcery should have a response before I get to the PR.

[yingbull]

again -

[kateyang1998]

For methods addMember() and removeMember() -
As we discussed above, we need to discuss with Magenta about the two methods' logic before we modify them.
If we all agree to modify the code logic, I will add return false; into the methods.
Issue ticket #56 was created, will keep tracking on this issue.