Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Extract env/system/context config logic into LyoConfigUtil #220

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

feat: Extract env/system/context config logic into LyoConfigUtil #220

wants to merge 4 commits into from

Conversation

berezovskyi
Copy link
Contributor

@berezovskyi berezovskyi commented Dec 11, 2021
edited
Loading

Description

As you know, https://blog.sonatype.com/a-new-0-day-log4j-vulnerability-discovered-in-the-wild is a big problem for the ecosystem. We are not using v2 of Log4j and are not affected but I wanted to take a bit of time to fully remove remnants of Log4j use in Lyo. As you know, Lyo uses SLF4J API in all SDK libraries and SLF4J + SimpleLogger in the webapps we ship.

Another thing this PR does is introduce the org.eclipse.lyo.core.utils.marshallers.LyoConfigUtil class with helper methods to scan the environment for a property. For example, if you are looking for the port property in the org.eclipse.lyo.oslc4j.core.servlet.ServletListener instance, we want to check these places in the order of priority:

  1. LYO_PORT environment variable. This is the new override mechanism for containerized environments.
  2. org.eclipse.lyo.oslc4j.core.servlet System (JVM) property. This is the old override mechanism for multitenant application server environments.
  3. org.eclipse.lyo.oslc4j.core.servlet Servlet Context parameter. This is the default configuration mechanism for Lyo.

org.eclipse.lyo.core.utils.marshallers.LyoConfigUtil#getOslcConfigProperty does exactly that, while org.eclipse.lyo.core.utils.marshallers.LyoConfigUtil#getOslcConfigPropertyNoContext represents a fallback mechanism only looking in (1) and (2) in case it must be invoked from a place where a ServletContext reference is not available.

However, after getting the oslc4j-registry app to run, I realized it only contains a CF only on a ServiceProvider level. My old impression was that it allows to run a single registry where mutliple SP Catalogs can be registered with the "registry" SP Catalog. In light of this discovery, I propose to mark oslc4j-registry for removal in Lyo 5.0. In current form, it's not much more than a demo app and a default output from Lyo Designer has more user-friendly look and features out of the box.

Finally, oslc4j-wink seems to have only 2 useful things:

  • OslcResourceShapeResource for reuse by Wink-based OSLC Servers. We don't support Wink any more and Lyo Designer supports much more feature-rich shape resource support (e.g. Shape HTML tables like in the OSLC specs, even for custom resources).
  • org.eclipse.lyo.oslc4j.client.OslcRestClient. This client was long replaced by the (now obsolete) org.eclipse.lyo.client.oslc.OslcClient. Modern apps should use one of the new clients via the org.eclipse.lyo.client.IOslcClient interface.

With this in mind, I propose to mark the org.eclipse.lyo.oslc4j.client.OslcRestClient deprecated immediately (done in this PR) and also schedule oslc4j-wink for full removal from Lyo in 5.0.

Checklist

  • This PR adds an entry to the CHANGELOG. See https://keepachangelog.com/en/1.0.0/ for instructions. Minor edits are exempt.
  • This PR was tested on at least one Lyo OSLC server or adds unit/integration tests.
  • This PR does NOT break the API
  • maven enforcer rule added to <exclude>log4j:log4j</exclude>

@berezovskyi
Copy link
Contributor Author

Discussed with Jad. Andrew will

  • move the config code to org.eclipse.lyo.oslc4j.core.OSLC4JUtils
  • remove the registry and wink modules

@berezovskyi berezovskyi changed the title Get it of Log4j and extract env/system/context config logic into LyoConfigUtil Extract env/system/context config logic into LyoConfigUtil Feb 15, 2022
@berezovskyi berezovskyi force-pushed the b-registry branch 2 times, most recently from 4d6ec16 to efbc772 Compare April 9, 2022 16:38
@sonarcloud
Copy link

sonarcloud bot commented May 5, 2022

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 7 Code Smells

0.0% 0.0% Coverage
0.0% 0.0% Duplication

@berezovskyi berezovskyi added this to the 5.1 milestone May 9, 2022
@berezovskyi
Copy link
Contributor Author

Fails due to #284, we should instead move this code to a new module, e.g. org.eclipse.lyo:lyo-server-utils because we don't want core utils to bring back the Servlet dependency.

@github-actions github-actions bot force-pushed the b-registry branch 3 times, most recently from b4956bb to 25e6482 Compare April 27, 2023 20:53
@berezovskyi berezovskyi modified the milestones: 5.1, 5.2 Jun 30, 2023
@berezovskyi berezovskyi changed the title Extract env/system/context config logic into LyoConfigUtil feat: Extract env/system/context config logic into LyoConfigUtil Jun 30, 2023
@github-actions github-actions bot force-pushed the b-registry branch 2 times, most recently from 70ed956 to 1aab254 Compare July 14, 2023 07:43
@github-actions github-actions bot force-pushed the b-registry branch 2 times, most recently from 3e802c4 to 8454ba0 Compare August 5, 2023 07:43
@berezovskyi berezovskyi modified the milestones: 5.2, 6.0 Aug 11, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jadelkhoury jadelkhoury Awaiting requested review from jadelkhoury

@jamsden jamsden Awaiting requested review from jamsden

Assignees
No one assigned
Labels
Component: Core Component: Tools/Misc Priority: High Status: Changes Requested Type: Feature Type: Maintenance
Projects
None yet
Milestone
6.0
Development

Successfully merging this pull request may close these issues.
1 participant
@berezovskyi