generator-jhipster 7.2.0 → 7.4.1

package/generators/server/templates/pom.xml.ejs

@@ -28,6 +28,7 @@
     <version>0.0.1-SNAPSHOT</version>
     <packaging>jar</packaging>
     <name><%= humanizedBaseName %></name>
+    <description><%= projectDescription %></description>
 
     <repositories>
 <%_ if (SPRING_BOOT_VERSION.indexOf('M') > -1 || SPRING_BOOT_VERSION.indexOf('RC') > -1) { _%>
@@ -104,7 +105,7 @@
         https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-dependencies/${spring-boot.version} -->
         <liquibase.version><%= LIQUIBASE_VERSION %></liquibase.version>
   <%_ if (!reactive) { _%>
-        <liquibase-hibernate5.version>4.4.3</liquibase-hibernate5.version>
+        <liquibase-hibernate5.version><%= LIQUIBASE_VERSION %></liquibase-hibernate5.version>
   <%_ } _%>
   <%_ if (devDatabaseTypeH2Disk) { _%>
         <h2.version>1.4.200</h2.version>
@@ -125,13 +126,13 @@
         https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-dependencies/${spring-boot.version} -->
         <cassandra-driver.version>4.11.3</cassandra-driver.version>
 <%_ } _%>
-        <archunit-junit5.version>0.21.0</archunit-junit5.version>
+        <archunit-junit5.version>0.22.0</archunit-junit5.version>
         <mapstruct.version>1.4.2.Final</mapstruct.version>
 <%_ if (enableSwaggerCodegen) { _%>
         <jackson-databind-nullable.version><%= JACKSON_DATABIND_NULLABLE_VERSION %></jackson-databind-nullable.version>
 <%_ } _%>
 <%_ if (cacheProviderCaffeine) { _%>
-        <caffeine.version>3.0.3</caffeine.version>
+        <caffeine.version>3.0.4</caffeine.version>
         <typesafe.version>1.4.1</typesafe.version>
 <%_ } _%>
 <%_ if (databaseTypeNeo4j) { _%>
@@ -150,10 +151,10 @@
         <maven-idea-plugin.version>2.2.1</maven-idea-plugin.version>
         <maven-resources-plugin.version>3.2.0</maven-resources-plugin.version>
         <maven-surefire-plugin.version>3.0.0-M5</maven-surefire-plugin.version>
-        <maven-war-plugin.version>3.3.1</maven-war-plugin.version>
+        <maven-war-plugin.version>3.3.2</maven-war-plugin.version>
         <maven-checkstyle-plugin.version>3.1.2</maven-checkstyle-plugin.version>
-        <checkstyle.version>9.0</checkstyle.version>
-        <nohttp-checkstyle.version>0.0.9</nohttp-checkstyle.version>
+        <checkstyle.version>9.1</checkstyle.version>
+        <nohttp-checkstyle.version>0.0.10</nohttp-checkstyle.version>
 <%_ if (!skipClient) { _%>
         <frontend-maven-plugin.version>1.12.0</frontend-maven-plugin.version>
         <checksum-maven-plugin.version>1.11</checksum-maven-plugin.version>
@@ -170,7 +171,7 @@
         <openapi-generator-maven-plugin.version>5.2.1</openapi-generator-maven-plugin.version>
 <%_ } _%>
         <properties-maven-plugin.version>1.0.0</properties-maven-plugin.version>
-        <sonar-maven-plugin.version>3.9.0.2155</sonar-maven-plugin.version>
+        <sonar-maven-plugin.version>3.9.1.2184</sonar-maven-plugin.version>
         <!-- jhipster-needle-maven-property -->
     </properties>
 
@@ -1378,8 +1379,8 @@
                                 <version>[${maven.version},)</version>
                             </requireMavenVersion>
                             <requireJavaVersion>
-                                <message>You are running an incompatible version of Java. JHipster supports JDK 8 to 16.</message>
-                                <version>[1.8,17)</version>
+                                <message>You are running an incompatible version of Java. JHipster supports JDK <%= JAVA_COMPATIBLE_VERSIONS[0] %> to <%= JAVA_COMPATIBLE_VERSIONS[JAVA_COMPATIBLE_VERSIONS.length -1] %>.</message>
+                                <version><%= JAVA_COMPATIBLE_VERSIONS.map(version => parseInt(version)).map(version => `[${version},${version +1})`).join(',') %></version>
                             </requireJavaVersion>
                         </rules>
                     </configuration>
@@ -1429,6 +1430,7 @@
                         </execution>
                     </executions>
                 </plugin>
+<%_ if (!reactive) { _%>
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-surefire-plugin</artifactId>
@@ -1472,6 +1474,7 @@
                         </execution>
                     </executions>
                 </plugin>
+<%_ } _%>
 <%_ if (enableSwaggerCodegen) { _%>
                 <plugin>
                     <!--
@@ -1998,6 +2001,122 @@
                 </pluginManagement>
             </build>
         </profile>
+<%_ } _%>
+<%_ if (reactive) { _%>
+        <profile>
+            <id>surefire-java13-</id>
+            <activation>
+                <jdk>(,13]</jdk>
+            </activation>
+            <build>
+                <pluginManagement>
+                    <plugins>
+                        <plugin>
+                            <groupId>org.apache.maven.plugins</groupId>
+                            <artifactId>maven-surefire-plugin</artifactId>
+                            <version>${maven-surefire-plugin.version}</version>
+                            <configuration>
+                                <!-- Force alphabetical order to have a reproducible build -->
+                                <runOrder>alphabetical</runOrder>
+                                <excludes>
+                                    <exclude>**/*IT*</exclude>
+                                    <exclude>**/*IntTest*</exclude>
+                                </excludes>
+                            </configuration>
+                        </plugin>
+                        <plugin>
+                            <groupId>org.apache.maven.plugins</groupId>
+                            <artifactId>maven-failsafe-plugin</artifactId>
+                            <version>${maven-failsafe-plugin.version}</version>
+                            <configuration>
+                                <!-- Due to spring-boot repackage, without adding this property test classes are not found
+                                     See https://github.com/spring-projects/spring-boot/issues/6254 -->
+                                <classesDirectory>${project.build.outputDirectory}</classesDirectory>
+                                <!-- Force alphabetical order to have a reproducible build -->
+                                <runOrder>alphabetical</runOrder>
+                                <includes>
+                                    <include>**/*IT*</include>
+                                    <include>**/*IntTest*</include>
+                                </includes>
+                            </configuration>
+                            <executions>
+                                <execution>
+                                    <id>integration-test</id>
+                                    <goals>
+                                        <goal>integration-test</goal>
+                                    </goals>
+                                </execution>
+                                <execution>
+                                    <id>verify</id>
+                                    <goals>
+                                        <goal>verify</goal>
+                                    </goals>
+                                </execution>
+                            </executions>
+                        </plugin>
+                    </plugins>
+                </pluginManagement>
+            </build>
+        </profile>
+        <profile>
+            <id>surefire-java13+</id>
+            <activation>
+                <jdk>(13,]</jdk>
+            </activation>
+            <build>
+                <pluginManagement>
+                    <plugins>
+                        <plugin>
+                            <groupId>org.apache.maven.plugins</groupId>
+                            <artifactId>maven-surefire-plugin</artifactId>
+                            <version>${maven-surefire-plugin.version}</version>
+                            <configuration>
+                                <!-- Force alphabetical order to have a reproducible build -->
+                                <runOrder>alphabetical</runOrder>
+                                <excludes>
+                                    <exclude>**/*IT*</exclude>
+                                    <exclude>**/*IntTest*</exclude>
+                                </excludes>
+                                <!-- Fix tests at java 13+ https://github.com/reactor/BlockHound/issues/33 -->
+                                <argLine>-XX:+AllowRedefinitionToAddDeleteMethods</argLine>
+                            </configuration>
+                        </plugin>
+                        <plugin>
+                            <groupId>org.apache.maven.plugins</groupId>
+                            <artifactId>maven-failsafe-plugin</artifactId>
+                            <version>${maven-failsafe-plugin.version}</version>
+                            <configuration>
+                                <!-- Due to spring-boot repackage, without adding this property test classes are not found
+                                     See https://github.com/spring-projects/spring-boot/issues/6254 -->
+                                <classesDirectory>${project.build.outputDirectory}</classesDirectory>
+                                <!-- Force alphabetical order to have a reproducible build -->
+                                <runOrder>alphabetical</runOrder>
+                                <includes>
+                                    <include>**/*IT*</include>
+                                    <include>**/*IntTest*</include>
+                                </includes>
+                                <!-- Fix tests at java 13+ https://github.com/reactor/BlockHound/issues/33 -->
+                                <argLine>-XX:+AllowRedefinitionToAddDeleteMethods</argLine>
+                            </configuration>
+                            <executions>
+                                <execution>
+                                    <id>integration-test</id>
+                                    <goals>
+                                        <goal>integration-test</goal>
+                                    </goals>
+                                </execution>
+                                <execution>
+                                    <id>verify</id>
+                                    <goals>
+                                        <goal>verify</goal>
+                                    </goals>
+                                </execution>
+                            </executions>
+                        </plugin>
+                    </plugins>
+                </pluginManagement>
+            </build>
+        </profile>
 <%_ } _%>
         <!-- jhipster-needle-maven-add-profile -->
     </profiles>

package/generators/server/templates/settings.gradle.ejs

@@ -61,5 +61,14 @@ gradleEnterprise {
         publishAlways()
     }
 }
+
+buildCache {
+    local { enabled = true }
+    remote(HttpBuildCache) {
+        push = true
+        enabled = false // Disabled as this might not always desired
+        url = '<%= gradleEnterpriseHost %>/cache/' // note the trailing slash!
+    }
+}
 <%_ } _%>  
 rootProject.name = "<%= dasherizedBaseName %>"

package/generators/server/templates/sql/reactive/src/main/java/package/repository/UserSqlHelper.java.ejs

@@ -0,0 +1,48 @@
+<%#
+ Copyright 2013-2021 the original author or authors from the JHipster project.
+
+ This file is part of the JHipster project, see https://www.jhipster.tech/
+ for more information.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+      https://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-%>
+package <%= packageName %>.repository;
+
+import java.util.ArrayList;
+import java.util.List;
+import org.springframework.data.relational.core.sql.Column;
+import org.springframework.data.relational.core.sql.Expression;
+import org.springframework.data.relational.core.sql.Table;
+
+public class UserSqlHelper {
+    public static List<Expression> getColumns(Table table, String columnPrefix) {
+        List<Expression> columns = new ArrayList<>();
+        columns.add(Column.aliased("id", table, columnPrefix + "_id"));
+        columns.add(Column.aliased("login", table, columnPrefix + "_login"));
+  <%_ if (!authenticationTypeOauth2) { _%>
+        columns.add(Column.aliased("password_hash", table, columnPrefix + "_password"));
+  <%_ } _%>
+        columns.add(Column.aliased("first_name", table, columnPrefix + "_first_name"));
+        columns.add(Column.aliased("last_name", table, columnPrefix + "_last_name"));
+        columns.add(Column.aliased("email", table, columnPrefix + "_email"));
+        columns.add(Column.aliased("activated", table, columnPrefix + "_activated"));
+        columns.add(Column.aliased("lang_key", table, columnPrefix + "_lang_key"));
+        columns.add(Column.aliased("image_url", table, columnPrefix + "_image_url"));
+  <%_ if (!authenticationTypeOauth2) { _%>
+        columns.add(Column.aliased("activation_key", table, columnPrefix + "_activation_key"));
+        columns.add(Column.aliased("reset_key", table, columnPrefix + "_reset_key"));
+        columns.add(Column.aliased("reset_date", table, columnPrefix + "_reset_date"));
+  <%_ } _%>
+        return columns;
+    }
+}

package/generators/server/templates/src/main/docker/app.yml.ejs

@@ -52,7 +52,7 @@ _%>
 <%_ } _%>
 <%_ if (databaseTypeCouchbase) { _%>
       - SPRING_COUCHBASE_CONNECTION_STRING=<%= baseName.toLowerCase() %>-couchbase
-      - JHIPSTER_COUCHBASE_BUCKET_NAME=<%= baseName %>
+      - JHIPSTER_DATABASE_COUCHBASE_BUCKET_NAME=<%= baseName %>
 <%_ } _%>
 <%_ if (cacheProviderMemcached) { _%>
       - JHIPSTER_CACHE_MEMCACHED_SERVERS=<%= baseName.toLowerCase() %>-memcached:11211
@@ -294,6 +294,7 @@ _%>
     # When run with the "prod" Spring profile, it will read the configuration from a Git repository
     # See https://www.jhipster.tech/jhipster-registry/#spring-cloud-config
     environment:
+      - JHIPSTER_SLEEP=20
       - _JAVA_OPTIONS=-Xmx512m -Xms256m
       - SPRING_PROFILES_ACTIVE=dev,api-docs<% if (authenticationTypeOauth2) { %>,oauth2<% } %>
       - SPRING_SECURITY_USER_PASSWORD=admin

package/generators/server/templates/src/main/docker/config/realm-config/jhipster-realm.json.ejs

@@ -1671,14 +1671,14 @@
         "subComponents": {},
         "config": {
           "allowed-protocol-mapper-types": [
-            "oidc-full-name-mapper",
+            "oidc-usermodel-property-mapper",
+            "oidc-sha256-pairwise-sub-mapper",
+            "saml-user-attribute-mapper",
             "saml-user-property-mapper",
-            "oidc-usermodel-attribute-mapper",
-            "saml-role-list-mapper",
             "oidc-address-mapper",
-            "saml-user-attribute-mapper",
-            "oidc-usermodel-property-mapper",
-            "oidc-sha256-pairwise-sub-mapper"
+            "oidc-full-name-mapper",
+            "saml-role-list-mapper",
+            "oidc-usermodel-attribute-mapper"
           ]
         }
       },
@@ -1749,14 +1749,14 @@
         "subComponents": {},
         "config": {
           "allowed-protocol-mapper-types": [
-            "oidc-sha256-pairwise-sub-mapper",
+            "oidc-address-mapper",
             "oidc-usermodel-attribute-mapper",
-            "oidc-full-name-mapper",
+            "saml-user-property-mapper",
             "saml-user-attribute-mapper",
-            "oidc-address-mapper",
-            "oidc-usermodel-property-mapper",
             "saml-role-list-mapper",
-            "saml-user-property-mapper"
+            "oidc-full-name-mapper",
+            "oidc-usermodel-property-mapper",
+            "oidc-sha256-pairwise-sub-mapper"
           ]
         }
       },
@@ -2487,10 +2487,11 @@
     "oauth2DevicePollingInterval": "5",
     "clientSessionIdleTimeout": "0",
     "clientSessionMaxLifespan": "0",
+    "parRequestUriLifespan": "60",
     "clientOfflineSessionIdleTimeout": "0",
     "cibaInterval": "5"
   },
-  "keycloakVersion": "14.0.0",
+  "keycloakVersion": "15.0.2",
   "userManagedAccessAllowed": false,
   "clientProfiles": {
     "profiles": []

package/generators/server/templates/src/main/java/package/aop/logging/LoggingAspect.java.ejs

@@ -88,7 +88,7 @@ public class LoggingAspect {
         if (env.acceptsProfiles(Profiles.of(JHipsterConstants.SPRING_PROFILE_DEVELOPMENT))) {
             logger(joinPoint)
                 .error(
-                    "Exception in {}() with cause = \'{}\' and exception = \'{}\'",
+                    "Exception in {}() with cause = '{}' and exception = '{}'",
                     joinPoint.getSignature().getName(),
                     e.getCause() != null ? e.getCause() : "NULL",
                     e.getMessage(),

package/generators/server/templates/src/main/java/package/config/DatabaseConfiguration_cassandra.java.ejs

@@ -21,9 +21,6 @@ package <%= packageName %>.config;
 import com.datastax.oss.driver.api.core.data.TupleValue;
 import com.datastax.oss.driver.api.core.type.DataTypes;
 import com.datastax.oss.driver.api.core.type.TupleType;
-<%_ if (applicationTypeGateway && !databaseTypeCassandra) { _%>
-import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
-<%_ } _%>
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.convert.converter.Converter;
@@ -39,9 +36,6 @@ import java.util.ArrayList;
 import java.util.List;
 
 @Configuration
-<%_ if (applicationTypeGateway && !databaseTypeCassandra) { _%>
-@ConditionalOnProperty("jhipster.gateway.rate-limiting.enabled")
-<%_ } _%>
 public class DatabaseConfiguration {
 
     @Bean

package/generators/server/templates/src/main/java/package/config/DatabaseConfiguration_sql.java.ejs

@@ -85,9 +85,9 @@ import java.util.UUID;
 
 @Configuration
 <%_ if (reactive) { _%>
-@EnableR2dbcRepositories("<%= packageName %>.repository")
+@EnableR2dbcRepositories({<%- domains.map(domain => `"${domain}.repository"`).join(', ') %>})
 <%_ } else { _%>
-@EnableJpaRepositories("<%= packageName %>.repository")
+@EnableJpaRepositories({<%- domains.map(domain => `"${domain}.repository"`).join(', ') %>})
 @EnableJpaAuditing(auditorAwareRef = "springSecurityAuditorAware")
 <%_ } _%>
 @EnableTransactionManagement

package/generators/server/templates/src/main/java/package/config/JacksonConfiguration.java.ejs

@@ -26,7 +26,7 @@ import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.zalando.problem.ProblemModule;
+import org.zalando.problem.jackson.ProblemModule;
 import org.zalando.problem.violations.ConstraintViolationProblemModule;
 
 @Configuration

package/generators/server/templates/src/main/java/package/config/LocaleConfiguration.java.ejs

@@ -47,7 +47,6 @@ public class LocaleConfiguration implements WebMvcConfigurer {
 <%_ } else { _%>
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.springframework.boot.autoconfigure.web.reactive.WebFluxAutoConfiguration;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
@@ -70,7 +69,6 @@ import java.util.Locale;
 import java.util.TimeZone;
 
 @Configuration
-@Import(WebFluxAutoConfiguration.class)
 public class LocaleConfiguration {
 
     @Bean(name = "localeContextResolver")

package/generators/server/templates/src/main/java/package/config/SecurityConfiguration.java.ejs

@@ -233,7 +233,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
         .and()
             .referrerPolicy(ReferrerPolicyHeaderWriter.ReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN)
         .and()
-            .featurePolicy("geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; fullscreen 'self'; payment 'none'")
+            .permissionsPolicy().policy("camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()")
         .and()
             .frameOptions()
             .deny()
@@ -258,9 +258,6 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
             .antMatchers("/api/**").authenticated()
 <%_ if (communicationSpringWebsocket) { _%>
             .antMatchers("/websocket/**").authenticated()
-<%_ } _%>
-<%_ if (applicationTypeGateway) { _%>
-            .antMatchers("/services/*/v3/api-docs").hasAuthority(AuthoritiesConstants.ADMIN)
 <%_ } _%>
             .antMatchers("/management/health").permitAll()
             .antMatchers("/management/health/**").permitAll()
@@ -275,7 +272,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
         .and()
             .apply(securityConfigurerAdapter());
   <%_ } else if (authenticationTypeOauth2) { _%>
-    <%_ if (applicationTypeMonolith || applicationTypeGateway) { _%>
+    <%_ if (applicationTypeMonolith) { _%>
         .and()
             .oauth2Login()
     <%_ } _%>

package/generators/server/templates/src/main/java/package/config/SecurityConfiguration_reactive.java.ejs

@@ -253,7 +253,7 @@ public class SecurityConfiguration {
             .and()
                 .referrerPolicy(ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN)
             .and()
-                .featurePolicy("geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; fullscreen 'self'; payment 'none'")
+                .permissionsPolicy().policy("camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()")
             .and()
                 .frameOptions().disable()
 <%_ if (applicationTypeMicroservice) { _%>
@@ -277,6 +277,14 @@ public class SecurityConfiguration {
             .pathMatchers("/api/auth-info").permitAll()
             .pathMatchers("/api/admin/**").hasAuthority(AuthoritiesConstants.ADMIN)
             .pathMatchers("/api/**").authenticated()
+<%_ if (applicationTypeGateway) { _%>
+  <%_ if (microfrontend && (authenticationTypeJwt || clientFrameworkVue)) { _%>
+            // microfrontend resources are loaded by webpack without authentication, they need to be public
+            .pathMatchers("/services/*/*.js").permitAll()
+            .pathMatchers("/services/*/*.js.map").permitAll()
+  <%_ } _%>
+            .pathMatchers("/services/*/v3/api-docs").hasAuthority(AuthoritiesConstants.ADMIN)
+<%_ } _%>
 <%_ if (applicationTypeMonolith || applicationTypeGateway) { _%>
             .pathMatchers("/services/**").authenticated()
 <%_ } _%>

package/generators/server/templates/src/main/java/package/config/WebConfigurer.java.ejs

@@ -79,7 +79,6 @@ import javax.servlet.*;
 import java.io.File;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Paths;
-import java.util.*;
 
 import static java.net.URLDecoder.decode;
     <%_ } _%>

package/generators/server/templates/src/main/java/package/management/SecurityMetersService.java.ejs

@@ -0,0 +1,68 @@
+<%#
+ Copyright 2013-2021 the original author or authors from the JHipster project.
+
+ This file is part of the JHipster project, see https://www.jhipster.tech/
+ for more information.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+      https://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-%>
+package <%= packageName %>.management;
+
+import org.springframework.stereotype.Service;
+
+import io.micrometer.core.instrument.Counter;
+import io.micrometer.core.instrument.MeterRegistry;
+
+@Service
+public class SecurityMetersService {
+
+    public static final String INVALID_TOKENS_METER_NAME = "security.authentication.invalid-tokens";
+    public static final String INVALID_TOKENS_METER_DESCRIPTION = "Indicates validation error count of the tokens presented by the clients.";
+    public static final String INVALID_TOKENS_METER_BASE_UNIT = "errors";
+    public static final String INVALID_TOKENS_METER_CAUSE_DIMENSION = "cause";
+
+    private final Counter tokenInvalidSignatureCounter;
+    private final Counter tokenExpiredCounter;
+    private final Counter tokenUnsupportedCounter;
+    private final Counter tokenMalformedCounter;
+
+    public SecurityMetersService(MeterRegistry registry) {
+        this.tokenInvalidSignatureCounter = invalidTokensCounterForCauseBuilder("invalid-signature").register(registry);
+        this.tokenExpiredCounter = invalidTokensCounterForCauseBuilder("expired").register(registry);
+        this.tokenUnsupportedCounter = invalidTokensCounterForCauseBuilder("unsupported").register(registry);
+        this.tokenMalformedCounter = invalidTokensCounterForCauseBuilder("malformed").register(registry);
+    }
+
+    private Counter.Builder invalidTokensCounterForCauseBuilder(String cause) {
+        return Counter.builder(INVALID_TOKENS_METER_NAME)
+            .baseUnit(INVALID_TOKENS_METER_BASE_UNIT)
+            .description(INVALID_TOKENS_METER_DESCRIPTION)
+            .tag(INVALID_TOKENS_METER_CAUSE_DIMENSION, cause);
+    }
+
+    public void trackTokenInvalidSignature() {
+        this.tokenInvalidSignatureCounter.increment();
+    }
+
+    public void trackTokenExpired() {
+        this.tokenExpiredCounter.increment();
+    }
+
+    public void trackTokenUnsupported() {
+        this.tokenUnsupportedCounter.increment();
+    }
+
+    public void trackTokenMalformed() {
+        this.tokenMalformedCounter.increment();
+    }
+}

package/generators/server/templates/src/main/java/package/repository/UserRepository.java.ejs

@@ -464,29 +464,6 @@ class UserRepositoryInternalImpl implements UserRepositoryInternal {
     }
 }
 
-class UserSqlHelper {
-    static List<Expression> getColumns(Table table, String columnPrefix) {
-        List<Expression> columns = new ArrayList<>();
-        columns.add(Column.aliased("id", table, columnPrefix + "_id"));
-        columns.add(Column.aliased("login", table, columnPrefix + "_login"));
-  <%_ if (!authenticationTypeOauth2) { _%>
-        columns.add(Column.aliased("password_hash", table, columnPrefix + "_password"));
-  <%_ } _%>
-        columns.add(Column.aliased("first_name", table, columnPrefix + "_first_name"));
-        columns.add(Column.aliased("last_name", table, columnPrefix + "_last_name"));
-        columns.add(Column.aliased("email", table, columnPrefix + "_email"));
-        columns.add(Column.aliased("activated", table, columnPrefix + "_activated"));
-        columns.add(Column.aliased("lang_key", table, columnPrefix + "_lang_key"));
-        columns.add(Column.aliased("image_url", table, columnPrefix + "_image_url"));
-  <%_ if (!authenticationTypeOauth2) { _%>
-        columns.add(Column.aliased("activation_key", table, columnPrefix + "_activation_key"));
-        columns.add(Column.aliased("reset_key", table, columnPrefix + "_reset_key"));
-        columns.add(Column.aliased("reset_date", table, columnPrefix + "_reset_date"));
-  <%_ } _%>
-        return columns;
-    }
-}
-
 <%_ } else if (databaseTypeCassandra) { _%>
 @Repository
 public class UserRepository {

package/generators/server/templates/src/main/java/package/security/PersistentTokenRememberMeServices.java.ejs

@@ -71,8 +71,6 @@ import java.util.*;
  * <p>
  * This is inspired by:
  * <ul>
- * <li><a href="http://jaspan.com/improved_persistent_login_cookie_best_practice">Improved Persistent Login Cookie
- * Best Practice</a></li>
  * <li><a href="https://github.com/blog/1661-modeling-your-app-s-user-session">GitHub's "Modeling your App's User Session"</a></li>
  * </ul>
  * <p>

package/generators/server/templates/src/main/java/package/security/jwt/TokenProvider.java.ejs

@@ -34,13 +34,17 @@ import org.springframework.stereotype.Component;
 import org.springframework.util.ObjectUtils;
 
 import tech.jhipster.config.JHipsterProperties;
+
 import io.jsonwebtoken.*;
 import io.jsonwebtoken.io.Decoders;
+import io.jsonwebtoken.security.SignatureException;
 <%_ if (reactive) { _%>
 import io.jsonwebtoken.jackson.io.JacksonSerializer;
 <%_ } _%>
 import io.jsonwebtoken.security.Keys;
 
+import <%= packageName %>.management.SecurityMetersService;
+
 @Component
 public class TokenProvider {
 
@@ -56,7 +60,9 @@ public class TokenProvider {
 
     private final long tokenValidityInMillisecondsForRememberMe;
 
-    public TokenProvider(JHipsterProperties jHipsterProperties) {
+    private final SecurityMetersService securityMetersService;
+
+    public TokenProvider(JHipsterProperties jHipsterProperties, SecurityMetersService securityMetersService) {
         byte[] keyBytes;
         String secret = jHipsterProperties.getSecurity().getAuthentication().getJwt().getBase64Secret();
         if (!ObjectUtils.isEmpty(secret)) {
@@ -75,6 +81,8 @@ public class TokenProvider {
         this.tokenValidityInMillisecondsForRememberMe =
             1000 * jHipsterProperties.getSecurity().getAuthentication().getJwt()
                 .getTokenValidityInSecondsForRememberMe();
+
+        this.securityMetersService = securityMetersService;
     }
 
     public String createToken(Authentication authentication, boolean rememberMe) {
@@ -118,11 +126,28 @@ public class TokenProvider {
     public boolean validateToken(String authToken) {
         try {
             jwtParser.parseClaimsJws(authToken);
+
             return true;
-        } catch (JwtException | IllegalArgumentException e) {
-            log.info("Invalid JWT token.");
-            log.trace("Invalid JWT token trace.", e);
+        } catch (ExpiredJwtException e) {
+            this.securityMetersService.trackTokenExpired();
+
+            log.trace("Invalid JWT token.", e);
+        } catch (UnsupportedJwtException e) {
+            this.securityMetersService.trackTokenUnsupported();
+
+            log.trace("Invalid JWT token.", e);
+        } catch (MalformedJwtException e) {
+            this.securityMetersService.trackTokenMalformed();
+
+            log.trace("Invalid JWT token.", e);
+        } catch (SignatureException e) {
+            this.securityMetersService.trackTokenInvalidSignature();
+
+            log.trace("Invalid JWT token.", e);
+        } catch (IllegalArgumentException e) { // TODO: should we let it bubble (no catch), to avoid defensive programming and follow the fail-fast principle?
+            log.error("Token validation error {}", e.getMessage());
         }
+
         return false;
     }
 }