Update to Java 25, Spring Boot 4, Vaadin 25 (#112)

* Update to Java 25, Spring Boot 4, Vaadin 25

* Fix workflow to use Java 25

.github/workflows/maven.yml

@@ -12,10 +12,10 @@ jobs:
 
     steps:
       - uses: actions/checkout@v6
-      - name: Set up JDK 17
+      - name: Set up JDK 25
         uses: actions/setup-java@v5
         with:
-          java-version: '17'
+          java-version: '25'
           distribution: 'temurin'
           cache: maven
       - name: Build with Maven

pom.xml

@@ -11,15 +11,15 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>3.5.7</version>
+        <version>4.0.3</version>
         <relativePath/> <!-- lookup parent from repository -->
     </parent>
 
     <properties>
-        <maven.compiler.source>23</maven.compiler.source>
-        <maven.compiler.target>23</maven.compiler.target>
+        <maven.compiler.source>25</maven.compiler.source>
+        <maven.compiler.target>25</maven.compiler.target>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <vaadin.version>24.9.4</vaadin.version>
+        <vaadin.version>25.0.5</vaadin.version>
         <spring.profiles.active>test</spring.profiles.active>
     </properties>
 
@@ -38,6 +38,11 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-data-jpa</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-data-jpa-test</artifactId>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
@@ -46,6 +51,11 @@
             <groupId>com.vaadin</groupId>
             <artifactId>vaadin-spring-boot-starter</artifactId>
         </dependency>
+        <dependency>
+            <groupId>com.vaadin</groupId>
+            <artifactId>vaadin-dev</artifactId>
+            <optional>true</optional>
+        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-oauth2-client</artifactId>

src/main/frontend/themes/my-theme/styles.css

@@ -4,6 +4,8 @@
    Visit https://vaadin.com/docs/styling/application-theme/ for more information.
 */
 
+@import url("@vaadin/lumo-styles/lumo.css");
+
 /* Example: CSS class name to center align the content . */
 .centered-content {
   margin: 0 auto;

src/main/frontend/themes/my-theme/theme.json

@@ -1,3 +0,0 @@
-{
-  "lumoImports" : [ "typography", "color", "spacing", "badge", "utility" ]
-}

src/main/java/org/kickerelo/kickerelo/KickerEloApplication.java

@@ -1,19 +1,20 @@
 package org.kickerelo.kickerelo;
 
+import com.vaadin.flow.component.dependency.StyleSheet;
+import com.vaadin.flow.theme.lumo.Lumo;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
-import org.springframework.boot.autoconfigure.domain.EntityScan;
+import org.springframework.boot.persistence.autoconfigure.EntityScan;
 import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
 
 import com.vaadin.flow.component.page.AppShellConfigurator;
 import com.vaadin.flow.server.PWA;
-import com.vaadin.flow.theme.Theme;
 
 
 @SpringBootApplication
 @EntityScan(basePackages = "org.kickerelo.kickerelo.data")
 @EnableJpaRepositories
-@Theme("my-theme")
+@StyleSheet(Lumo.UTILITY_STYLESHEET)
 @PWA(name = "Tischkicker-Elo", shortName = "KickerElo",
         description = "Erlaubt Hinzufügen von Spielständen und Tracking der Spieler Elos für 1 vs 1 und 2 vs 2")
 public class KickerEloApplication implements AppShellConfigurator {

src/main/java/org/kickerelo/kickerelo/config/SecurityConfiguration.java

@@ -1,18 +1,28 @@
 package org.kickerelo.kickerelo.config;
 
+import com.vaadin.flow.spring.security.VaadinSecurityConfigurer;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
 import org.springframework.jdbc.core.JdbcTemplate;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
 import org.springframework.security.oauth2.client.*;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
 import org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager;
 import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
+import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority;
 import org.springframework.security.web.SecurityFilterChain;
 
+import java.util.HashSet;
+import java.util.Set;
+
 @Profile("prod")
+@EnableWebSecurity
 @Configuration
 class SecurityConfiguration {
     @Bean
@@ -36,13 +46,10 @@ class SecurityConfiguration {
     }
 
     @Bean
-    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http.authorizeHttpRequests(auth -> auth
-                        .requestMatchers("/app/admin/**", "/app/admin", "/app/app/admin/**", "/app/app/admin").hasAuthority("Kicker Admin")
-                        .anyRequest().permitAll())
-                .oauth2Login(org.springframework.security.config.Customizer.withDefaults())
-                .logout(logout -> logout.logoutSuccessUrl("/"))
-                .csrf(csrf -> csrf.disable());
+    public SecurityFilterChain filterChain(HttpSecurity http) {
+        http.with(VaadinSecurityConfigurer.vaadin(),
+                configurer -> configurer.oauth2LoginPage("/oauth2/authorization/oidc"));
+        http.logout(logout -> logout.logoutSuccessUrl("/app/"));
 
         return http.build();
     }
@@ -53,4 +60,27 @@ class SecurityConfiguration {
             ClientRegistrationRepository clientRegistrationRepository) {
         return new JdbcOAuth2AuthorizedClientService(jdbcTemplate, clientRegistrationRepository);
     }
+
+    @Bean
+    public GrantedAuthoritiesMapper userAuthoritiesMapper() {
+        return authorities -> {
+            Set<GrantedAuthority> mappedAuthorities = new HashSet<>();
+
+            authorities.forEach(authority -> {
+                if (authority instanceof OidcUserAuthority oidcAuth) {
+                    var roles = oidcAuth.getIdToken().getClaimAsStringList("groups");
+
+                    if (roles != null) {
+                        roles.forEach(role -> {
+                            // Add the ROLE_ prefix so @RolesAllowed works
+                            mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_" + role));
+                        });
+                    }
+                }
+                mappedAuthorities.add(authority);
+            });
+
+            return mappedAuthorities;
+        };
+    }
 }

src/main/java/org/kickerelo/kickerelo/config/TestSecurityConfiguration.java

@@ -0,0 +1,32 @@
+package org.kickerelo.kickerelo.config;
+
+import com.vaadin.flow.spring.security.NavigationAccessControlConfigurer;
+import com.vaadin.flow.spring.security.VaadinSecurityConfigurer;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Profile("test")
+@EnableWebSecurity
+@Configuration
+public class TestSecurityConfiguration {
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) {
+        http.with(VaadinSecurityConfigurer.vaadin(),
+                configurer -> configurer.anyRequest(AuthorizeHttpRequestsConfigurer.AuthorizedUrl::permitAll));
+
+        http.csrf(AbstractHttpConfigurer::disable);
+
+        return http.build();
+    }
+
+    @Bean
+    public static NavigationAccessControlConfigurer navigationAccessControlConfigurer() {
+        return new NavigationAccessControlConfigurer().disabled();
+    }
+}

src/main/java/org/kickerelo/kickerelo/layout/KickerAppLayout.java

@@ -2,6 +2,7 @@ package org.kickerelo.kickerelo.layout;
 
 import com.vaadin.flow.component.applayout.AppLayout;
 import com.vaadin.flow.component.applayout.DrawerToggle;
+import com.vaadin.flow.component.button.Button;
 import com.vaadin.flow.component.dependency.JsModule;
 import com.vaadin.flow.component.html.Anchor;
 import com.vaadin.flow.component.html.Div;
@@ -12,21 +13,21 @@ import com.vaadin.flow.component.sidenav.SideNav;
 import com.vaadin.flow.component.sidenav.SideNavItem;
 import com.vaadin.flow.dom.Style;
 import com.vaadin.flow.router.Layout;
+import com.vaadin.flow.server.auth.AnonymousAllowed;
+import com.vaadin.flow.spring.security.AuthenticationContext;
 import org.kickerelo.kickerelo.util.AccessControlService;
 import org.kickerelo.kickerelo.views.*;
 
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.authentication.AnonymousAuthenticationToken;
-
-
 @Layout
 @JsModule("./prefers-color-scheme.js")
+@AnonymousAllowed
 public class KickerAppLayout extends AppLayout {
     AccessControlService accessControlService;
+    AuthenticationContext authenticationContext;
 
-    public KickerAppLayout(AccessControlService accessControlService) {
+    public KickerAppLayout(AccessControlService accessControlService, AuthenticationContext authenticationContext) {
         this.accessControlService = accessControlService;
+        this.authenticationContext = authenticationContext;
         DrawerToggle drawerToggle = new DrawerToggle();
 
         H1 title = new H1("Kicker-ELO");
@@ -36,8 +37,7 @@ public class KickerAppLayout extends AppLayout {
 
         // Add login/logout button
         if (accessControlService.userAllowedForRole("")) {
-            Anchor logoutLink = new Anchor("/logout", "Logout");
-
+            Button logoutLink = new Button("Logout", e -> this.authenticationContext.logout());
             logoutLink.getElement().getStyle()
                     .set("margin-left", "auto")
                     .set("margin-right", "10px")

src/main/java/org/kickerelo/kickerelo/views/AdminView.java

@@ -1,31 +1,23 @@
 package org.kickerelo.kickerelo.views;
 
+import jakarta.annotation.security.RolesAllowed;
 import org.kickerelo.kickerelo.exception.DuplicatePlayerException;
 import org.kickerelo.kickerelo.exception.InvalidDataException;
 import org.kickerelo.kickerelo.exception.PlayerNameNotSetException;
 import org.kickerelo.kickerelo.service.KickerEloService;
-import org.kickerelo.kickerelo.util.AccessControlService;
 
 import com.vaadin.flow.component.button.Button;
-import com.vaadin.flow.component.html.Paragraph;
 import com.vaadin.flow.component.notification.Notification;
 import com.vaadin.flow.component.notification.NotificationVariant;
 import com.vaadin.flow.component.orderedlayout.VerticalLayout;
 import com.vaadin.flow.component.textfield.TextField;
-import com.vaadin.flow.router.BeforeEnterEvent;
 import com.vaadin.flow.router.Route;
 
 @Route("admin")
+@RolesAllowed("Kicker Admin")
 public class AdminView extends VerticalLayout {
 
-    public AdminView(KickerEloService service, AccessControlService accessControlService) {
-        // Deny access if user isn't part of the Kicker Admin group
-        if (!accessControlService.userAllowedForRole("Kicker Admin")) {
-            add(new Paragraph("Du bist nicht berechtigt, diese Seite zu sehen."));
-            getUI().ifPresent(ui -> ui.navigate(""));
-            return;
-        }
-
+    public AdminView(KickerEloService service) {
         TextField spielername = new TextField("Spielername");
         spielername.addClassName("bordered");
 

src/main/java/org/kickerelo/kickerelo/views/Enter1vs1View.java

@@ -1,17 +1,16 @@
 package org.kickerelo.kickerelo.views;
 
+import jakarta.annotation.security.PermitAll;
 import org.kickerelo.kickerelo.data.Spieler;
 import org.kickerelo.kickerelo.exception.DuplicatePlayerException;
 import org.kickerelo.kickerelo.exception.InvalidDataException;
 import org.kickerelo.kickerelo.exception.NoSuchPlayerException;
 import org.kickerelo.kickerelo.exception.PlayerNameNotSetException;
 import org.kickerelo.kickerelo.service.KickerEloService;
-import org.kickerelo.kickerelo.util.AccessControlService;
 
 import com.vaadin.flow.component.button.Button;
 import com.vaadin.flow.component.combobox.ComboBox;
 import com.vaadin.flow.component.html.H2;
-import com.vaadin.flow.component.html.Paragraph;
 import com.vaadin.flow.component.notification.Notification;
 import com.vaadin.flow.component.notification.NotificationVariant;
 import com.vaadin.flow.component.orderedlayout.VerticalLayout;
@@ -19,16 +18,10 @@ import com.vaadin.flow.component.textfield.IntegerField;
 import com.vaadin.flow.router.Route;
 
 @Route("enter1vs1")
+@PermitAll
 public class Enter1vs1View extends VerticalLayout {
 
-    public Enter1vs1View(KickerEloService eloService, AccessControlService accessControlService) {
-        // Deny access if user isn't part of the Kicker User group
-        if (!accessControlService.userAllowedForRole("Kicker User") && !accessControlService.userAllowedForRole("Kicker Admin")) {
-            add(new Paragraph("Du bist nicht berechtigt, diese Seite zu sehen."));
-            getUI().ifPresent(ui -> ui.navigate(""));
-            return;
-        }
-
+    public Enter1vs1View(KickerEloService eloService) {
         H2 subheading = new H2("1 vs 1 Ergebnis");
 
         ComboBox<Spieler> winnerSelect = new ComboBox<>("Gewinner");

src/main/java/org/kickerelo/kickerelo/views/Enter2vs2View.java

@@ -1,17 +1,16 @@
 package org.kickerelo.kickerelo.views;
 
+import jakarta.annotation.security.PermitAll;
 import org.kickerelo.kickerelo.data.Spieler;
 import org.kickerelo.kickerelo.exception.DuplicatePlayerException;
 import org.kickerelo.kickerelo.exception.InvalidDataException;
 import org.kickerelo.kickerelo.exception.NoSuchPlayerException;
 import org.kickerelo.kickerelo.exception.PlayerNameNotSetException;
 import org.kickerelo.kickerelo.service.KickerEloService;
-import org.kickerelo.kickerelo.util.AccessControlService;
 
 import com.vaadin.flow.component.button.Button;
 import com.vaadin.flow.component.combobox.ComboBox;
 import com.vaadin.flow.component.html.H2;
-import com.vaadin.flow.component.html.Paragraph;
 import com.vaadin.flow.component.notification.Notification;
 import com.vaadin.flow.component.notification.NotificationVariant;
 import com.vaadin.flow.component.orderedlayout.VerticalLayout;
@@ -19,15 +18,9 @@ import com.vaadin.flow.component.textfield.IntegerField;
 import com.vaadin.flow.router.Route;
 
 @Route("enter2vs2")
+@PermitAll
 public class Enter2vs2View extends VerticalLayout {
-    public Enter2vs2View(KickerEloService eloService, AccessControlService accessControlService) {
-        // Deny access if user isn't part of the Kicker User group
-        if (!accessControlService.userAllowedForRole("Kicker User") && !accessControlService.userAllowedForRole("Kicker Admin")) {
-            add(new Paragraph("Du bist nicht berechtigt, diese Seite zu sehen."));
-            getUI().ifPresent(ui -> ui.navigate(""));
-            return;
-        }
-
+    public Enter2vs2View(KickerEloService eloService) {
         H2 subheading = new H2("2 vs 2 Ergebnis");
 
         ComboBox<Spieler> winnerFrontSelect = new ComboBox<>("Gewinner vorne");

src/main/java/org/kickerelo/kickerelo/views/Graph1vs1View.java

@@ -4,6 +4,7 @@ import com.vaadin.flow.component.checkbox.Checkbox;
 import com.vaadin.flow.component.html.H2;
 import com.vaadin.flow.component.orderedlayout.VerticalLayout;
 import com.vaadin.flow.router.Route;
+import com.vaadin.flow.server.auth.AnonymousAllowed;
 import org.kickerelo.kickerelo.data.Spieler;
 import org.kickerelo.kickerelo.repository.SpielerRepository;
 
@@ -12,6 +13,7 @@ import java.util.ArrayList;
 import java.util.List;
 
 @Route("graph1vs1")
+@AnonymousAllowed
 public class Graph1vs1View extends VerticalLayout {
     private final SpielerRepository spielerRepository;
     private Chart chart;

src/main/java/org/kickerelo/kickerelo/views/Graph2vs2View.java

@@ -4,6 +4,7 @@ import com.vaadin.flow.component.checkbox.Checkbox;
 import com.vaadin.flow.component.html.H2;
 import com.vaadin.flow.component.orderedlayout.VerticalLayout;
 import com.vaadin.flow.router.Route;
+import com.vaadin.flow.server.auth.AnonymousAllowed;
 import org.kickerelo.kickerelo.data.Spieler;
 import org.kickerelo.kickerelo.repository.SpielerRepository;
 
@@ -12,6 +13,7 @@ import java.util.ArrayList;
 import java.util.List;
 
 @Route("graph2vs2")
+@AnonymousAllowed
 public class Graph2vs2View extends VerticalLayout {
     private final SpielerRepository spielerRepository;
     private Chart chart;

src/main/java/org/kickerelo/kickerelo/views/History1vs1View.java

@@ -2,6 +2,7 @@ package org.kickerelo.kickerelo.views;
 
 import java.util.List;
 
+import com.vaadin.flow.server.auth.AnonymousAllowed;
 import org.kickerelo.kickerelo.data.Ergebnis1vs1;
 import org.kickerelo.kickerelo.repository.Ergebnis1vs1Repository;
 
@@ -20,6 +21,7 @@ import com.vaadin.flow.data.value.ValueChangeMode;
 import com.vaadin.flow.router.Route;
 
 @Route("history1vs1")
+@AnonymousAllowed
 public class History1vs1View extends HistoryView {
 
     private final Ergebnis1vs1Repository repo;

src/main/java/org/kickerelo/kickerelo/views/History2vs2View.java

@@ -2,6 +2,7 @@ package org.kickerelo.kickerelo.views;
 
 import java.util.List;
 
+import com.vaadin.flow.server.auth.AnonymousAllowed;
 import org.kickerelo.kickerelo.data.Ergebnis2vs2;
 import org.kickerelo.kickerelo.repository.Ergebnis2vs2Repository;
 
@@ -22,6 +23,7 @@ import com.vaadin.flow.router.Route;
 
 
 @Route("history2vs2")
+@AnonymousAllowed
 public class History2vs2View extends HistoryView {
 
     private final Ergebnis2vs2Repository repo;

src/main/java/org/kickerelo/kickerelo/views/PlayerListView.java

@@ -2,6 +2,7 @@ package org.kickerelo.kickerelo.views;
 
 import java.util.List;
 
+import com.vaadin.flow.server.auth.AnonymousAllowed;
 import org.kickerelo.kickerelo.data.Spieler;
 import org.kickerelo.kickerelo.service.KickerEloService;
 
@@ -13,6 +14,7 @@ import com.vaadin.flow.data.provider.SortDirection;
 import com.vaadin.flow.router.Route;
 
 @Route("/")
+@AnonymousAllowed
 public class PlayerListView extends VerticalLayout {
     public PlayerListView(KickerEloService eloService) {
         setSizeFull();

src/main/java/org/kickerelo/kickerelo/views/Stat2vs2View.java

@@ -1,5 +1,6 @@
 package org.kickerelo.kickerelo.views;
 
+import com.vaadin.flow.server.auth.AnonymousAllowed;
 import org.kickerelo.kickerelo.data.Spieler;
 import org.kickerelo.kickerelo.repository.Ergebnis2vs2Repository;
 import org.kickerelo.kickerelo.service.KickerEloService;
@@ -16,6 +17,7 @@ import com.vaadin.flow.component.progressbar.ProgressBarVariant;
 import com.vaadin.flow.router.Route;
 
 @Route("stat2vs2")
+@AnonymousAllowed
 public class Stat2vs2View extends VerticalLayout {
     Stat2vs2Service stat2vs2Service;
     KickerEloService kickerEloService;

src/main/resources/application-test.properties

@@ -9,7 +9,4 @@ spring.datasource.password=
 spring.jpa.hibernate.ddl-auto=update
 spring.jpa.show-sql=true
 
-# == OIDC Configuration ==
-spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration
-
 vaadin.urlMapping=/app/*

src/main/resources/schema.sql

@@ -6,23 +6,23 @@ CREATE SEQUENCE spieler_seq INCREMENT BY 50 START WITH 1;
 
 CREATE TABLE ergebnis1vs1
 (
-    id             BIGINT   NOT NULL,
-    gewinner       INT      NOT NULL,
-    verlierer      INT      NOT NULL,
-    tore_verlierer SMALLINT NOT NULL,
-    zeitpunkt      datetime NULL,
+    id             BIGINT    NOT NULL,
+    gewinner       INT       NOT NULL,
+    verlierer      INT       NOT NULL,
+    tore_verlierer SMALLINT  NOT NULL,
+    zeitpunkt      TIMESTAMP NULL,
     CONSTRAINT pk_ergebnis1vs1 PRIMARY KEY (id)
 );
 
 CREATE TABLE ergebnis2vs2
 (
-    id               BIGINT   NOT NULL,
-    gewinner_vorn    INT      NOT NULL,
-    gewinner_hinten  INT      NOT NULL,
-    verlierer_vorn   INT      NOT NULL,
-    verlierer_hinten INT      NOT NULL,
-    tore_verlierer   SMALLINT NOT NULL,
-    zeitpunkt        datetime NOT NULL,
+    id               BIGINT    NOT NULL,
+    gewinner_vorn    INT       NOT NULL,
+    gewinner_hinten  INT       NOT NULL,
+    verlierer_vorn   INT       NOT NULL,
+    verlierer_hinten INT       NOT NULL,
+    tore_verlierer   SMALLINT  NOT NULL,
+    zeitpunkt        TIMESTAMP NOT NULL,
     CONSTRAINT pk_ergebnis2vs2 PRIMARY KEY (id)
 );