added proprietary module to base packages for scanning

clean up

Dockerfile.fat

@@ -5,6 +5,8 @@ COPY build.gradle .
 COPY settings.gradle .
 COPY gradlew .
 COPY gradle gradle/
+COPY common/build.gradle common/.
+COPY proprietary/build.gradle proprietary/.
 RUN ./gradlew build -x spotlessApply -x spotlessCheck -x test -x sonarqube || return 0
 
 # Set the working directory

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2024 Stirling Tools
+Copyright (c) 2025 Stirling PDF Inc.
 
 Portions of this software are licensed as follows:
 

build.gradle

@@ -270,8 +270,6 @@ tasks.register('jpackageMacX64') {
     }
 }
 
-//jpackage.finalizedBy(jpackageMacX64)
-
 tasks.register('downloadTempJre') {
     group = 'distribution'
     description = 'Downloads and extracts a temporary JRE'
@@ -421,20 +419,16 @@ dependencies {
     implementation("io.github.pixee:java-security-toolkit:1.2.1")
 
     // Exclude Tomcat and include Jetty
-    implementation("org.springframework.boot:spring-boot-starter-web:$springBootVersion")
+//    implementation("org.springframework.boot:spring-boot-starter-web:$springBootVersion")
     implementation "org.springframework.boot:spring-boot-starter-jetty:$springBootVersion"
-
+//    implementation "org.springframework.boot:spring-boot-starter-thymeleaf:$springBootVersion"
-    implementation "org.springframework.boot:spring-boot-starter-thymeleaf:$springBootVersion"
     implementation 'com.posthog.java:posthog:1.2.0'
     implementation 'com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer:20240325.1'
-
+    implementation 'org.snakeyaml:snakeyaml-engine:2.9'
 
     if (System.getenv("DOCKER_ENABLE_SECURITY") != "false") {
         implementation project(':proprietary')
     }
-    implementation 'org.snakeyaml:snakeyaml-engine:2.9'
-
-    testImplementation "org.springframework.boot:spring-boot-starter-test:$springBootVersion"
 
     // Batik
     implementation "org.apache.xmlgraphics:batik-all:1.19"
@@ -442,10 +436,12 @@ dependencies {
     // TwelveMonkeys
     runtimeOnly "com.twelvemonkeys.imageio:imageio-batik:$imageioVersion"
     runtimeOnly "com.twelvemonkeys.imageio:imageio-bmp:$imageioVersion"
+    runtimeOnly "com.twelvemonkeys.imageio:imageio-jpeg:$imageioVersion"
+    runtimeOnly "com.twelvemonkeys.imageio:imageio-tiff:$imageioVersion"
+    runtimeOnly "com.twelvemonkeys.imageio:imageio-webp:$imageioVersion"
     // runtimeOnly "com.twelvemonkeys.imageio:imageio-hdr:$imageioVersion"
     // runtimeOnly "com.twelvemonkeys.imageio:imageio-icns:$imageioVersion"
     // runtimeOnly "com.twelvemonkeys.imageio:imageio-iff:$imageioVersion"
-    runtimeOnly "com.twelvemonkeys.imageio:imageio-jpeg:$imageioVersion"
     // runtimeOnly "com.twelvemonkeys.imageio:imageio-pcx:$imageioVersion@
     // runtimeOnly "com.twelvemonkeys.imageio:imageio-pict:$imageioVersion"
     // runtimeOnly "com.twelvemonkeys.imageio:imageio-pnm:$imageioVersion"
@@ -453,24 +449,18 @@ dependencies {
     // runtimeOnly "com.twelvemonkeys.imageio:imageio-sgi:$imageioVersion"
     // runtimeOnly "com.twelvemonkeys.imageio:imageio-tga:$imageioVersion"
     // runtimeOnly "com.twelvemonkeys.imageio:imageio-thumbsdb:$imageioVersion"
-    runtimeOnly "com.twelvemonkeys.imageio:imageio-tiff:$imageioVersion"
-    runtimeOnly "com.twelvemonkeys.imageio:imageio-webp:$imageioVersion"
     // runtimeOnly "com.twelvemonkeys.imageio:imageio-xwd:$imageioVersion"
 
     // Image metadata extractor
     implementation "com.drewnoakes:metadata-extractor:2.19.0"
-
     implementation "commons-io:commons-io:2.19.0"
-    implementation "org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.8"
+//    implementation "org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.8"
-    //general PDF
 
+    // General PDF
     // https://mvnrepository.com/artifact/com.opencsv/opencsv
     implementation ("com.opencsv:opencsv:5.11")
-
+//    implementation ("org.apache.pdfbox:pdfbox:$pdfboxVersion")
-    implementation ("org.apache.pdfbox:pdfbox:$pdfboxVersion")
     implementation "org.apache.pdfbox:preflight:$pdfboxVersion"
-
-
     implementation ("org.apache.pdfbox:xmpbox:$pdfboxVersion")
 
     // https://mvnrepository.com/artifact/technology.tabula/tabula
@@ -494,7 +484,6 @@ dependencies {
     // https://mvnrepository.com/artifact/com.bucket4j/bucket4j_jdk17
     implementation "com.bucket4j:bucket4j_jdk17-core:8.14.0"
     implementation "com.fathzer:javaluator:3.0.6"
-
     implementation 'com.vladsch.flexmark:flexmark-html2md-converter:0.64.8'
 
     developmentOnly("org.springframework.boot:spring-boot-devtools:$springBootVersion")
@@ -504,6 +493,7 @@ dependencies {
     // Mockito (core)
     testImplementation 'org.mockito:mockito-core:5.18.0'
     testRuntimeOnly 'org.mockito:mockito-inline:5.2.0'
+    testImplementation "org.springframework.boot:spring-boot-starter-test:$springBootVersion"
 }
 
 tasks.withType(JavaCompile).configureEach {

common/build.gradle

@@ -30,19 +30,19 @@ dependencyManagement {
 }
 
 dependencies {
-    implementation 'org.springframework.boot:spring-boot-starter-web'
+    api 'org.springframework.boot:spring-boot-starter-web'
-    implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
+    api 'org.springframework.boot:spring-boot-starter-thymeleaf'
-    implementation 'com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer:20240325.1'
+    api 'com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer:20240325.1'
-    implementation 'com.fathzer:javaluator:3.0.6'
+    api 'com.fathzer:javaluator:3.0.6'
-    implementation 'com.posthog.java:posthog:1.2.0'
+    api 'com.posthog.java:posthog:1.2.0'
-    implementation 'io.github.pixee:java-security-toolkit:1.2.1'
+    api 'io.github.pixee:java-security-toolkit:1.2.1'
-    implementation 'org.apache.commons:commons-lang3:3.17.0'
+    api 'org.apache.commons:commons-lang3:3.17.0'
-    implementation 'com.drewnoakes:metadata-extractor:2.19.0' // Image metadata extractor
+    api 'com.drewnoakes:metadata-extractor:2.19.0' // Image metadata extractor
-    implementation 'com.vladsch.flexmark:flexmark-html2md-converter:0.64.8'
+    api 'com.vladsch.flexmark:flexmark-html2md-converter:0.64.8'
-    implementation "org.apache.pdfbox:pdfbox:$pdfboxVersion"
+    api "org.apache.pdfbox:pdfbox:$pdfboxVersion"
-    implementation 'jakarta.servlet:jakarta.servlet-api:6.1.0'
+    api 'jakarta.servlet:jakarta.servlet-api:6.1.0'
-    implementation 'org.snakeyaml:snakeyaml-engine:2.9'
+    api 'org.snakeyaml:snakeyaml-engine:2.9'
-    implementation "org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.8"
+    api "org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.8"
 
     compileOnly "org.projectlombok:lombok:$lombokVersion"
     annotationProcessor "org.projectlombok:lombok:$lombokVersion"

proprietary/LICENSE-proprietary

@@ -1,26 +1,54 @@
-Stirling PDF Enterprise Edition (EE) license (the “EE License”)
+Stirling PDF User License
 
-Copyright (c) 2025-present Stirling Tools
+Copyright (c) 2025 Stirling PDF Inc.
 
-With regard to the Stirling PDF Software:
+License Scope & Usage Rights
+
+Production use of the Stirling PDF Software is only permitted with a valid Stirling PDF User License.
+
+For purposes of this license, “the Software” refers to the Stirling PDF application and any associated documentation files
+provided by Stirling PDF Inc. You or your organization may not use the Software in production, at scale, or for business-critical
+processes unless you have agreed to, and remain in compliance with, the Stirling PDF Subscription Terms of Service
+(https://www.stirlingpdf.com/terms) or another valid agreement with Stirling PDF, and hold an active User License subscription
+covering the appropriate number of licensed users.
 
 Trial and Minimal Use
 
-You may use the Software without a subscription for purposes of trial, evaluation, or minimal use, including use by individuals,
+You may use the Software without a paid subscription for the sole purposes of internal trial, evaluation, or minimal use,
-organizations, or businesses, provided that:
+provided that:
-    * The usage is limited in scope (e.g. up to five (5) sessions or uses, or as otherwise defined within the Software);
-    * You do not modify, distribute, sublicense, or reverse-engineer the Software;
-    * Any continued use beyond the permitted trial or minimal use scope requires a valid Stirling PDF Enterprise Edition
-    subscription for the appropriate number of users.
 
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+* Use is limited to no more than five (5) named users or sessions;
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+* Use is strictly non-production, for internal testing or evaluation only;
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+* You do not copy, distribute, sublicense, reverse-engineer, or use the Software in client-facing or commercial contexts.
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
 
-For all third party components incorporated into the Stirling PDF Software, those
+Continued use beyond this scope requires a valid Stirling PDF User License.
-components are licensed under the original license provided by the owner of the
+
-applicable component.
+Modifications and Derivative Works
+
+You may modify the Software only for development or internal testing purposes. Any such modifications or derivative works:
+
+* May not be deployed in production environments without a valid User License;
+* May not be distributed or sublicensed;
+* Remain the intellectual property of Stirling PDF and/or its licensors;
+* May only be used, copied, or exploited in accordance with the terms of a valid Stirling PDF User License subscription.
+
+Prohibited Actions
+
+Unless explicitly permitted by a paid license or separate agreement, you may not:
+
+* Use the Software in production environments;
+* Copy, merge, distribute, sublicense, or sell the Software;
+* Remove or alter any licensing or copyright notices;
+* Circumvent access restrictions or licensing requirements.
+
+Third-Party Components
+
+The Stirling PDF Software may include components subject to separate open source licenses. Such components remain governed by
+their original license terms as provided by their respective owners.
+
+Disclaimer
+
+THE SOFTWARE IS PROVIDED “AS IS,” WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES, OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT, OR OTHERWISE, ARISING FROM, OUT OF, OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

proprietary/src/main/java/stirling/software/proprietary/security/configuration/DatabaseConfig.java

@@ -4,6 +4,7 @@ import javax.sql.DataSource;
 import lombok.Getter;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnBooleanProperty;
 import org.springframework.boot.autoconfigure.domain.EntityScan;
 import org.springframework.boot.jdbc.DataSourceBuilder;
 import org.springframework.boot.jdbc.DatabaseDriver;
@@ -54,14 +55,25 @@ public class DatabaseConfig {
     public DataSource dataSource() throws UnsupportedProviderException {
         DataSourceBuilder<?> dataSourceBuilder = DataSourceBuilder.create();
 
-        if (!runningProOrHigher) {
+        if (!runningProOrHigher || !datasource.isEnableCustomDatabase()) {
             return useDefaultDataSource(dataSourceBuilder);
         }
 
-        if (!datasource.isEnableCustomDatabase()) {
+        return useCustomDataSource(dataSourceBuilder);
-            return useDefaultDataSource(dataSourceBuilder);
     }
 
+    private DataSource useDefaultDataSource(DataSourceBuilder<?> dataSourceBuilder) {
+        log.info("Using default H2 database");
+
+        dataSourceBuilder.url(DATASOURCE_DEFAULT_URL)
+            .driverClassName(DatabaseDriver.H2.getDriverClassName())
+            .username(DEFAULT_USERNAME);
+
+        return dataSourceBuilder.build();
+    }
+
+    @ConditionalOnBooleanProperty(name = "premium.enabled")
+    private DataSource useCustomDataSource(DataSourceBuilder<?> dataSourceBuilder) throws UnsupportedProviderException {
         log.info("Using custom database configuration");
 
         if (!datasource.getCustomDatabaseUrl().isBlank()) {
@@ -85,16 +97,6 @@ public class DatabaseConfig {
         return dataSourceBuilder.build();
     }
 
-    private DataSource useDefaultDataSource(DataSourceBuilder<?> dataSourceBuilder) {
-        log.info("Using default H2 database");
-
-        dataSourceBuilder.url(DATASOURCE_DEFAULT_URL)
-            .driverClassName(DatabaseDriver.H2.getDriverClassName())
-            .username(DEFAULT_USERNAME);
-
-        return dataSourceBuilder.build();
-    }
-
     /**
      * Generate the URL the <code>DataSource</code> will use to connect to the database
      *

proprietary/src/main/java/stirling/software/proprietary/security/configuration/SecurityConfiguration.java

@@ -6,7 +6,6 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.DependsOn;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.security.authentication.ProviderManager;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
@@ -26,7 +25,7 @@ import org.springframework.security.web.authentication.rememberme.PersistentToke
 import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
 import org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler;
 import org.springframework.security.web.savedrequest.NullRequestCache;
-import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher;
 import stirling.software.common.configuration.AppConfig;
 import stirling.software.common.model.ApplicationProperties;
 import stirling.software.proprietary.security.CustomAuthenticationFailureHandler;
@@ -53,7 +52,6 @@ import stirling.software.proprietary.security.session.SessionPersistentRegistry;
 @Configuration
 @EnableWebSecurity
 @EnableMethodSecurity
-@DependsOn("runningProOrHigher")
 public class SecurityConfiguration {
 
     private final CustomUserDetailsService userDetailsService;
@@ -167,7 +165,7 @@ public class SecurityConfiguration {
             http.requestCache(requestCache -> requestCache.requestCache(new NullRequestCache()));
             http.logout(
                 logout ->
-                    logout.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
+                    logout.logoutRequestMatcher(PathPatternRequestMatcher.withDefaults().matcher("/logout"))
                         .logoutSuccessHandler(
                             new CustomLogoutSuccessHandler(applicationProperties, appConfig))
                         .clearAuthentication(true)

src/main/java/stirling/software/SPDF/SPDFApplication.java

@@ -35,7 +35,11 @@ import stirling.software.common.util.UrlUtils;
 @Slf4j
 @EnableScheduling
 @SpringBootApplication(
-        scanBasePackages = {"stirling.software.common", "stirling.software.SPDF"},
+        scanBasePackages = {
+            "stirling.software.common",
+            "stirling.software.SPDF",
+            "stirling.software.proprietary.security"
+        },
         exclude = {
             DataSourceAutoConfiguration.class,
             DataSourceTransactionManagerAutoConfiguration.class

src/main/resources/settings.yml.template

@@ -64,7 +64,6 @@ premium:
   key: 00000000-0000-0000-0000-000000000000
   enabled: true # Enable license key checks for pro/enterprise features
   proFeatures:
-    customDatabase: false # Enable database features todo: use only for custom DB
     SSOAutoLogin: false
     CustomMetadata:
       autoUpdateMetadata: false