Version bump (#2678)

# Description

Please provide a summary of the changes, including relevant motivation
and context.

Closes #(issue_number)

## Checklist

- [ ] I have read the [Contribution
Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md)
- [ ] I have performed a self-review of my own code
- [ ] I have attached images of the change if it is UI based
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] If my code has heavily changed functionality I have updated
relevant docs on [Stirling-PDFs doc
repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/)
- [ ] My changes generate no new warnings
- [ ] I have read the section [Add New Translation
Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md#add-new-translation-tags)
(for new translation tags only)

.github/scripts/requirements_sync_readme.in

@@ -0,0 +1 @@
+tomlkit

.github/scripts/requirements_sync_readme.txt

@@ -0,0 +1,10 @@
+#
+# This file is autogenerated by pip-compile with Python 3.10
+# by the following command:
+#
+#    pip-compile --generate-hashes --output-file='.github\scripts\requirements_sync_readme.txt' '.github\scripts\requirements_sync_readme.in'
+#
+tomlkit==0.13.2 \
+    --hash=sha256:7a974427f6e119197f670fbbbeae7bef749a6c14e793db934baefc1b5f03efde \
+    --hash=sha256:fff5fe59a87295b278abd31bec92c15d9bc4a06885ab12bcea52c71119392e79
+    # via -r .github\scripts\requirements_sync_readme.in

.github/workflows/multiOSReleases.yml

@@ -9,24 +9,140 @@ permissions:
   contents: read
 
 jobs:
+  read_versions:
+    runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.versionNumber.outputs.versionNumber }}
+      versionMac: ${{ steps.versionNumberMac.outputs.versionNumberMac }}
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      # Get version number
+      - name: Get version number
+        id: versionNumber
+        run: |
+          VERSION=$(grep "^version =" build.gradle | awk -F'"' '{print $2}')
+          echo "versionNumber=$VERSION" >> $GITHUB_OUTPUT
+
+      - name: Get version number mac
+        id: versionNumberMac
+        run: |
+          VERSION=$(grep "^version =" build.gradle | awk -F'"' '{print $2}')
+          CURRENT_YEAR=$(date +'%Y')
+          IFS='.' read -r -a VERSION_PARTS <<< "$VERSION"
+          MAC_VERSION="$CURRENT_YEAR.${VERSION_PARTS[1]:-0}.${VERSION_PARTS[2]:-0}"
+          echo "versionNumberMac=$MAC_VERSION" >> $GITHUB_OUTPUT
+
+  build-portable:
+    needs: read_versions
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        enable_security: [true, false]
+        include:
+          - enable_security: true
+            file_suffix: "with-login-"
+          - enable_security: false
+            file_suffix: ""
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Set up JDK 21
+        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
+        with:
+          java-version: "21"
+          distribution: "temurin"
+
+      - uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
+        with:
+          gradle-version: 8.12
+
+      - name: Generate jar (With Security=${{ matrix.enable_security }})
+        run: ./gradlew clean createExe
+        env:
+          DOCKER_ENABLE_SECURITY: ${{ matrix.enable_security }}
+          STIRLING_PDF_DESKTOP_UI: false
+
+      - name: Rename binaries
+        run: |
+          mv ./build/launch4j/Stirling-PDF.exe ./win-Stirling-PDF-portable-Server-${{ matrix.file_suffix }}${{ needs.read_versions.outputs.version }}.exe
+          mv ./build/libs/Stirling-PDF-${{ needs.read_versions.outputs.version }}.jar ./Stirling-PDF-${{ matrix.file_suffix }}${{ needs.read_versions.outputs.version }}.jar
+
+      - name: Upload build artifacts
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        with:
+          retention-days: 1
+          if-no-files-found: error
+          name: stirling-${{ matrix.file_suffix }}binaries
+          path: |
+            ./win-Stirling-PDF-portable-Server-${{ matrix.file_suffix }}${{ needs.read_versions.outputs.version }}.exe
+            ./Stirling-PDF-${{ matrix.file_suffix }}${{ needs.read_versions.outputs.version }}.jar
+
+  sign_verify-portable:
+    needs: [build-portable, read_versions]
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        enable_security: [true, false]
+        include:
+          - enable_security: true
+            file_suffix: "with-login-"
+          - enable_security: false
+            file_suffix: ""
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        with:
+          egress-policy: audit
+
+      - name: Download build artifacts
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+        with:
+          name: stirling-${{ matrix.file_suffix }}binaries
+
+      - name: Display structure of downloaded files
+        run: ls -R
+
+      - name: Upload signed artifacts
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        with:
+          retention-days: 1
+          if-no-files-found: error
+          name: stirling-${{ matrix.file_suffix }}signed
+          path: |
+            ./*
+            !cosign.*
+
   build-installers:
+    needs: read_versions
     strategy:
       matrix:
         include:
           - os: windows-latest
-            platform: win
+            extra: "-installer"
+            platform: win-
             ext: exe
           # - os: macos-latest
-         #  platform: mac
+          #   extra: ""
+          #   platform: mac-
           #   ext: dmg
           # - os: ubuntu-latest
-         #  platform: linux
+          #   extra: ""
+          #   platform: linux-
           #   ext: deb
     runs-on: ${{ matrix.os }}
     permissions:
       contents: write
-      packages: write
-
     steps:
       - name: Harden Runner
         uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
@@ -52,24 +168,6 @@ jobs:
           curl -L -o wix.exe https://github.com/wixtoolset/wix3/releases/download/wix3141rtm/wix314.exe
           .\wix.exe /install /quiet
 
-      # Install Linux dependencies
-      - name: Install Linux Dependencies
-        if: matrix.os == 'ubuntu-latest'
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y fakeroot rpm
-
-      # Get version number
-      - name: Get version number
-        id: versionNumber
-        run: echo "versionNumber=$(./gradlew printVersion --quiet | tail -1)" >> $GITHUB_OUTPUT
-        shell: bash
-
-      - name: Get version number mac
-        id: versionNumberMac
-        run: echo "versionNumberMac=$(./gradlew printMacVersion --quiet | tail -1)" >> $GITHUB_OUTPUT
-        shell: bash
-
       # Build installer
       - name: Build Installer
         run: ./gradlew build jpackage -x test --info
@@ -83,23 +181,107 @@ jobs:
         shell: bash
         run: |
           if [ "${{ matrix.os }}" = "windows-latest" ]; then
-            mv "build/jpackage/Stirling-PDF-${{ steps.versionNumber.outputs.versionNumber }}.exe" "Stirling-PDF-${{ matrix.platform }}-installer.${{ matrix.ext }}"
+            mv "./build/jpackage/Stirling-PDF-${{ needs.read_versions.outputs.version }}.exe" "${{ matrix.platform }}Stirling-PDF${{ matrix.extra }}-${{ needs.read_versions.outputs.version }}.${{ matrix.ext }}"
           elif [ "${{ matrix.os }}" = "macos-latest" ]; then
-            mv "build/jpackage/Stirling-PDF-${{ steps.versionNumberMac.outputs.versionNumberMac }}.dmg" "Stirling-PDF-${{ steps.versionNumber.outputs.versionNumber }}-${{ matrix.platform }}.${{ matrix.ext }}"
+            mv "./build/jpackage/Stirling-PDF-${{ needs.read_versions.outputs.versionMac }}.dmg" "${{ matrix.platform }}Stirling-PDF${{ matrix.extra }}-${{ needs.read_versions.outputs.version }}.${{ matrix.ext }}"
           else
-            mv "build/jpackage/stirling-pdf_${{ steps.versionNumber.outputs.versionNumber }}-1_amd64.deb" "Stirling-PDF-${{ steps.versionNumber.outputs.versionNumber }}-${{ matrix.platform }}.${{ matrix.ext }}"
+            mv "./build/jpackage/stirling-pdf_${{ needs.read_versions.outputs.version }}-1_amd64.deb" "${{ matrix.platform }}Stirling-PDF${{ matrix.extra }}-${{ needs.read_versions.outputs.version }}.${{ matrix.ext }}"
           fi
 
-      # Upload installer as artifact for testing
+      - name: Upload build artifacts
-      - name: Upload Installer Artifact
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
-        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         with:
-          name: Stirling-PDF-${{ matrix.platform }}-installer.${{ matrix.ext }}
-          path: Stirling-PDF-${{ matrix.platform }}-installer.${{ matrix.ext }}
           retention-days: 1
           if-no-files-found: error
+          name: ${{ matrix.platform }}binaries
+          path: |
+            ./${{ matrix.platform }}Stirling-PDF${{ matrix.extra }}-${{ needs.read_versions.outputs.version }}.${{ matrix.ext }}
 
-      - name: Upload binaries to release
+  sign_verify:
+    needs: [read_versions, build-installers]
+    strategy:
+      matrix:
+        include:
+          - os: windows-latest
+            extra: "-installer"
+            platform: win-
+            ext: exe
+          # - os: macos-latest
+          #   extra: ""
+          #   platform: mac-
+          #   ext: dmg
+          # - os: ubuntu-latest
+          #   extra: ""
+          #   platform: linux-
+          #   ext: deb
+    runs-on: ubuntu-latest
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        with:
+          egress-policy: audit
+
+      - name: Download build artifacts
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+        with:
+          name: ${{ matrix.platform }}binaries
+
+      - name: Display structure of downloaded files
+        run: ls -R
+
+      - name: Install Cosign
+        if: matrix.os == 'windows-latest'
+        uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
+
+      - name: Generate key pair
+        if: matrix.os == 'windows-latest'
+        run: cosign generate-key-pair
+
+      - name: Sign and generate attestations
+        if: matrix.os == 'windows-latest'
+        run: |
+          cosign sign-blob \
+            --key ./cosign.key \
+            --yes \
+            --output-signature ./${{ matrix.platform }}Stirling-PDF${{ matrix.extra }}-${{ needs.read_versions.outputs.version }}.${{ matrix.ext }}.sig \
+            ./${{ matrix.platform }}Stirling-PDF${{ matrix.extra }}-${{ needs.read_versions.outputs.version }}.${{ matrix.ext }}
+
+          cosign attest-blob \
+            --predicate - \
+            --key ./cosign.key \
+            --yes \
+            --output-attestation ./${{ matrix.platform }}Stirling-PDF${{ matrix.extra }}-${{ needs.read_versions.outputs.version }}.${{ matrix.ext }}.intoto.jsonl \
+            ./${{ matrix.platform }}Stirling-PDF${{ matrix.extra }}-${{ needs.read_versions.outputs.version }}.${{ matrix.ext }}
+
+          cosign verify-blob \
+            --key ./cosign.pub \
+            --signature ./${{ matrix.platform }}Stirling-PDF${{ matrix.extra }}-${{ needs.read_versions.outputs.version }}.${{ matrix.ext }}.sig \
+            ./${{ matrix.platform }}Stirling-PDF${{ matrix.extra }}-${{ needs.read_versions.outputs.version }}.${{ matrix.ext }}
+
+      - name: Upload signed artifacts
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        with:
+          retention-days: 1
+          if-no-files-found: error
+          name: ${{ matrix.platform }}signed
+          path: |
+            ./${{ matrix.platform }}Stirling-PDF${{ matrix.extra }}-${{ needs.read_versions.outputs.version }}.*
+            !cosign.*
+
+  create-release:
+    needs: [read_versions, sign_verify, sign_verify-portable]
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Download signed artifacts
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+      - name: Display structure of downloaded files
+        run: ls -R
+      - name: Upload binaries, attestations and signatures to Release and create GitHub Release
         uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0
         with:
-          files: ./Stirling-PDF-${{ matrix.platform }}-installer.${{ matrix.ext }}
+          tag_name: v${{ needs.read_versions.outputs.version }}
+          generate_release_notes: true
+          files: |
+            ./*signed/*

.github/workflows/releaseArtifacts.yml

@@ -9,11 +9,8 @@ permissions:
   contents: read
 
 jobs:
-  push:
+  build:
     runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      packages: write
     strategy:
       matrix:
         enable_security: [true, false]
@@ -22,6 +19,8 @@ jobs:
             file_suffix: "-with-login"
           - enable_security: false
             file_suffix: ""
+    outputs:
+      version: ${{ steps.versionNumber.outputs.versionNumber }}
     steps:
       - name: Harden Runner
         uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
@@ -48,38 +47,134 @@ jobs:
 
       - name: Get version number
         id: versionNumber
-        run: echo "versionNumber=$(./gradlew printVersion --quiet | tail -1)" >> $GITHUB_OUTPUT
+        run: |
+          VERSION=$(grep "^version =" build.gradle | awk -F'"' '{print $2}')
+          echo "versionNumber=$VERSION" >> $GITHUB_OUTPUT
 
-      - name: Rename binarie
+      - name: Rename binaries
-        run: cp ./build/launch4j/Stirling-PDF.exe ./build/launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe
+        run: |
+          mv ./build/launch4j/Stirling-PDF.exe ./build/launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe
+          mv ./build/libs/Stirling-PDF-${{ steps.versionNumber.outputs.versionNumber }}.jar ./build/libs/Stirling-PDF${{ matrix.file_suffix }}.jar
 
-      - name: Upload Assets binarie
+      - name: Debug build artifacts
+        run: |
+          echo "Current Directory: $(pwd)"
+          ls -R ./build/libs
+          ls -R ./build/launch4j
+
+      - name: Upload build artifacts
         uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         with:
-          path: ./build/launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe
+          name: binaries${{ matrix.file_suffix }}
-          name: Stirling-PDF-Server${{ matrix.file_suffix }}.exe
+          path: |
-          overwrite: true
+            ./build/launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.*
-          retention-days: 1
+            ./build/libs/Stirling-PDF${{ matrix.file_suffix }}.*
-          if-no-files-found: error
 
-      - name: Upload binaries to release
+  sign_verify:
-        uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0
+    needs: build
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        enable_security: [true, false]
+        include:
+          - enable_security: true
+            file_suffix: "-with-login"
+          - enable_security: false
+            file_suffix: ""
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
         with:
-          files: ./build/launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe
+          egress-policy: audit
 
-      - name: Rename jar binaries
+      - name: Download build artifacts
-        run: cp ./build/libs/Stirling-PDF-${{ steps.versionNumber.outputs.versionNumber }}.jar ./build/libs/Stirling-PDF${{ matrix.file_suffix }}.jar
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+        with:
+          name: binaries${{ matrix.file_suffix }}
+      - name: Display structure of downloaded files
+        run: ls -R
 
-      - name: Upload Assets jar binaries
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
+
+      - name: Generate key pair
+        run: cosign generate-key-pair
+
+      - name: Sign and generate attestations
+        run: |
+          cosign sign-blob \
+            --key ./cosign.key \
+            --yes \
+            --output-signature ./libs/Stirling-PDF${{ matrix.file_suffix }}.jar.sig \
+            ./libs/Stirling-PDF${{ matrix.file_suffix }}.jar
+
+          cosign attest-blob \
+            --predicate - \
+            --key ./cosign.key \
+            --yes \
+            --output-attestation ./libs/Stirling-PDF${{ matrix.file_suffix }}.jar.intoto.jsonl \
+            ./libs/Stirling-PDF${{ matrix.file_suffix }}.jar
+
+          cosign verify-blob \
+            --key ./cosign.pub \
+            --signature ./libs/Stirling-PDF${{ matrix.file_suffix }}.jar.sig \
+            ./libs/Stirling-PDF${{ matrix.file_suffix }}.jar
+
+          cosign sign-blob \
+            --key ./cosign.key \
+            --yes \
+            --output-signature ./launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe.sig \
+            ./launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe
+
+          cosign attest-blob \
+            --predicate - \
+            --key ./cosign.key \
+            --yes \
+            --output-attestation ./launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe.intoto.jsonl \
+            ./launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe
+
+          cosign verify-blob \
+            --key ./cosign.pub \
+            --signature ./launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe.sig \
+            ./launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe
+
+      - name: Upload signed artifacts
         uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         with:
-          path: ./build/libs/Stirling-PDF${{ matrix.file_suffix }}.jar
+          name: signed${{ matrix.file_suffix }}
-          name: Stirling-PDF${{ matrix.file_suffix }}.jar
+          path: |
-          overwrite: true
+            ./libs/Stirling-PDF${{ matrix.file_suffix }}.*
-          retention-days: 1
+            ./launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.*
-          if-no-files-found: error
 
-      - name: Upload jar binaries to release
+  release:
+    needs: [build, sign_verify]
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    strategy:
+      matrix:
+        enable_security: [true, false]
+        include:
+          - enable_security: true
+            file_suffix: "-with-login"
+          - enable_security: false
+            file_suffix: ""
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        with:
+          egress-policy: audit
+
+      - name: Download signed artifacts
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+        with:
+          name: signed${{ matrix.file_suffix }}
+
+      - name: Upload binaries, attestations and signatures to Release and create GitHub Release
         uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0
         with:
-          files: ./build/libs/Stirling-PDF${{ matrix.file_suffix }}.jar
+          tag_name: v${{ needs.build.outputs.version }}
+          generate_release_notes: true
+          files: |
+            ./libs/Stirling-PDF*
+            ./launch4j/Stirling-PDF-Server*

.github/workflows/sync_files.yml

@@ -30,7 +30,7 @@ jobs:
         with:
           python-version: "3.12"
       - name: Install dependencies
-        run: pip install tomlkit
+        run: pip install --require-hashes -r ./.github/scripts/requirements_sync_readme.txt
       - name: Sync README
         run: python scripts/counter_translation.py
       - name: Set up git config

.gitignore

@@ -14,12 +14,16 @@ local.properties
 .classpath
 .project
 version.properties
+
+#### Stirling-PDF Files ###
 pipeline/watchedFolders/
 pipeline/finishedFolders/
-#### Stirling-PDF Files ###
 customFiles/
 configs/
 watchedFolders/
+!cucumber/
+!cucumber/exampleFiles/
+!cucumber/exampleFiles/example_html.zip
 
 # Gradle
 .gradle
@@ -111,6 +115,7 @@ watchedFolders/
 *.war
 *.nar
 *.ear
+*.zip
 *.tar.gz
 *.rar
 *.db

.pre-commit-config.yaml

@@ -20,7 +20,7 @@ repos:
           - --skip="./.*,*.csv,*.json,*.ambr"
           - --quiet-level=2
         files: \.(properties|html|css|js|py|md)$
-        exclude: (.vscode|.devcontainer|src/main/resources|Dockerfile)
+        exclude: (.vscode|.devcontainer|src/main/resources|Dockerfile|.*/pdfjs.*|.*/thirdParty.*|bootstrap.*|.*\.min\..*|.*diff\.js)
   - repo: https://github.com/gitleaks/gitleaks
     rev: v8.22.0
     hooks:

Dockerfile

@@ -1,5 +1,5 @@
 # Main stage
-FROM alpine:3.20.3
+FROM alpine:3.21.2@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099
 
 # Copy necessary files
 COPY scripts /scripts

Dockerfile.fat

@@ -12,7 +12,7 @@ RUN DOCKER_ENABLE_SECURITY=true \
 ./gradlew clean build
 
 # Main stage
-FROM alpine:3.20.3
+FROM alpine:3.21.2@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099
 
 # Copy necessary files
 COPY scripts /scripts

Dockerfile.ultra-lite

@@ -1,5 +1,5 @@
 # use alpine
-FROM alpine:3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
+FROM alpine:3.21.2@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099
 
 ARG VERSION_TAG
 

README.md

@@ -132,7 +132,7 @@ Stirling-PDF currently supports 38 languages!
 | German (Deutsch) (de_DE)                     | ![96%](https://geps.dev/progress/96)   |
 | Greek (Ελληνικά) (el_GR)                     | ![87%](https://geps.dev/progress/87)   |
 | Hindi (हिंदी) (hi_IN)                          | ![85%](https://geps.dev/progress/85)   |
-| Hungarian (Magyar) (hu_HU)                   | ![88%](https://geps.dev/progress/88)   |
+| Hungarian (Magyar) (hu_HU)                   | ![97%](https://geps.dev/progress/97)   |
 | Indonesian (Bahasa Indonesia) (id_ID)        | ![88%](https://geps.dev/progress/88)   |
 | Irish (Gaeilge) (ga_IE)                      | ![80%](https://geps.dev/progress/80)   |
 | Italian (Italiano) (it_IT)                   | ![99%](https://geps.dev/progress/99)   |
@@ -142,7 +142,7 @@ Stirling-PDF currently supports 38 languages!
 | Persian (فارسی) (fa_IR)                      | ![95%](https://geps.dev/progress/95)   |
 | Polish (Polski) (pl_PL)                      | ![87%](https://geps.dev/progress/87)   |
 | Portuguese (Português) (pt_PT)               | ![87%](https://geps.dev/progress/87)   |
-| Portuguese Brazilian (Português) (pt_BR)     | ![95%](https://geps.dev/progress/95)   |
+| Portuguese Brazilian (Português) (pt_BR)     | ![98%](https://geps.dev/progress/98)   |
 | Romanian (Română) (ro_RO)                    | ![82%](https://geps.dev/progress/82)   |
 | Russian (Русский) (ru_RU)                    | ![87%](https://geps.dev/progress/87)   |
 | Serbian Latin alphabet (Srpski) (sr_LATN_RS) | ![64%](https://geps.dev/progress/64)   |
@@ -152,7 +152,7 @@ Stirling-PDF currently supports 38 languages!
 | Swedish (Svenska) (sv_SE)                    | ![88%](https://geps.dev/progress/88)   |
 | Thai (ไทย) (th_TH)                           | ![87%](https://geps.dev/progress/87)   |
 | Tibetan (བོད་ཡིག་) (zh_BO)                     | ![96%](https://geps.dev/progress/96) |
-| Traditional Chinese (繁體中文) (zh_TW)        | ![96%](https://geps.dev/progress/96)   |
+| Traditional Chinese (繁體中文) (zh_TW)        | ![99%](https://geps.dev/progress/99)   |
 | Turkish (Türkçe) (tr_TR)                     | ![83%](https://geps.dev/progress/83)   |
 | Ukrainian (Українська) (uk_UA)               | ![73%](https://geps.dev/progress/73)   |
 | Vietnamese (Tiếng Việt) (vi_VN)              | ![80%](https://geps.dev/progress/80)   |

build.gradle

@@ -5,7 +5,7 @@ plugins {
     id "org.springdoc.openapi-gradle-plugin" version "1.8.0"
     id "io.swagger.swaggerhub" version "1.3.2"
     id "edu.sc.seis.launch4j" version "3.0.6"
-    id "com.diffplug.spotless" version "6.25.0"
+    id "com.diffplug.spotless" version "7.0.1"
     id "com.github.jk1.dependency-license-report" version "2.9"
 	//id "nebula.lint" version "19.0.3"
 	id("org.panteleyev.jpackageplugin") version "1.6.0"
@@ -27,7 +27,7 @@ ext {
 }
 
 group = "stirling.software"
-version = "0.36.6"
+version = "0.37.0"
 
 
 java {

cucumber/exampleFiles/example.html

@@ -8,4 +8,3 @@
 
 </body>
 </html>
-

cucumber/features/steps/step_definitions.py

@@ -1,7 +1,8 @@
 import os
 import requests
 from behave import given, when, then
-from PyPDF2 import PdfWriter, PdfReader
+from pypdf import PdfWriter, PdfReader
+from pypdf.errors import PdfReadError
 import io
 import random
 import string

cucumber/requirements.in

@@ -1,5 +1,5 @@
 behave
 requests
-PyPDF2
+pypdf
 reportlab
 PyCryptodome

cucumber/requirements.txt

@@ -231,9 +231,9 @@ pycryptodome==3.21.0 \
     --hash=sha256:f7787e0d469bdae763b876174cf2e6c0f7be79808af26b1da96f1a64bcf47297 \
     --hash=sha256:ff99f952db3db2fbe98a0b355175f93ec334ba3d01bbde25ad3a5a33abc02b58
     # via -r cucumber\requirements.in
-pypdf2==3.0.1 \
+pypdf==5.1.0 \
-    --hash=sha256:a74408f69ba6271f71b9352ef4ed03dc53a31aa404d29b5d31f53bfecfee1440 \
+    --hash=sha256:3bd4f503f4ebc58bae40d81e81a9176c400cbbac2ba2d877367595fb524dfdfc \
-    --hash=sha256:d16e4205cfee272fbdc0568b68d82be796540b1537508cef59388f839c191928
+    --hash=sha256:425a129abb1614183fd1aca6982f650b47f8026867c0ce7c4b9f281c443d2740
     # via -r cucumber\requirements.in
 reportlab==4.2.5 \
     --hash=sha256:5cf35b8fd609b68080ac7bbb0ae1e376104f7d5f7b2d3914c7adc63f2593941f \
@@ -249,6 +249,10 @@ six==1.17.0 \
     # via
     #   behave
     #   parse-type
+typing-extensions==4.12.2 \
+    --hash=sha256:04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d \
+    --hash=sha256:1a7ead55c7e559dd4dee8856e3a88b41225abfe1ce8df57b7c13915fe121ffb8
+    # via pypdf
 urllib3==2.3.0 \
     --hash=sha256:1cee9ad369867bfdbbb48b7dd50374c0967a0bb7710050facf0dd6911440e3df \
     --hash=sha256:f8c5449b3cf0861679ce7e0503c7b44b5ec981bec0d1d3795a07f1ba96f0204d

gradle.properties

@@ -0,0 +1,7 @@
+# Enables parallel execution of tasks, allowing multiple tasks to run simultaneously
+org.gradle.parallel=true
+
+# Enables build caching to reuse outputs from previous builds for faster execution
+# org.gradle.caching=true
+
+org.gradle.build-scan=true

gradle/wrapper/gradle-wrapper.properties

@@ -1,5 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.12-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.12-all.zip
+networkTimeout=10000
+validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

gradlew

@@ -15,6 +15,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+# SPDX-License-Identifier: Apache-2.0
+#
 
 ##############################################################################
 #
@@ -55,7 +57,7 @@
 #       Darwin, MinGW, and NonStop.
 #
 #   (3) This script is generated from the Groovy template
-#       https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       https://github.com/gradle/gradle/blob/HEAD/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
 #       within the Gradle project.
 #
 #       You can find Gradle at https://github.com/gradle/gradle/.
@@ -80,13 +82,11 @@ do
     esac
 done
 
-APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
+# This is normally unused
-
+# shellcheck disable=SC2034
-APP_NAME="Gradle"
 APP_BASE_NAME=${0##*/}
-
+# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
-# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s\n' "$PWD" ) || exit
-DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum
@@ -133,22 +133,29 @@ location of your Java installation."
     fi
 else
     JAVACMD=java
-    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+    if ! command -v java >/dev/null 2>&1
+    then
+        die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
 
 Please set the JAVA_HOME variable in your environment to match the
 location of your Java installation."
     fi
+fi
 
 # Increase the maximum file descriptors if we can.
 if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
     case $MAX_FD in #(
       max*)
+        # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
+        # shellcheck disable=SC2039,SC3045
         MAX_FD=$( ulimit -H -n ) ||
             warn "Could not query maximum file descriptor limit"
     esac
     case $MAX_FD in  #(
       '' | soft) :;; #(
       *)
+        # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
+        # shellcheck disable=SC2039,SC3045
         ulimit -n "$MAX_FD" ||
             warn "Could not set maximum file descriptor limit to $MAX_FD"
     esac
@@ -193,11 +200,15 @@ if "$cygwin" || "$msys" ; then
     done
 fi
 
-# Collect all arguments for the java command;
+
-#   * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
-#     shell script including quotes and variable substitutions, so put them in
+DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
-#     double quotes to make sure that they get re-expanded; and
+
-#   * put everything else in single quotes, so that it's not re-expanded.
+# Collect all arguments for the java command:
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
+#     and any embedded shellness will be escaped.
+#   * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
+#     treated as '${Hostname}' itself on the command line.
 
 set -- \
         "-Dorg.gradle.appname=$APP_BASE_NAME" \

gradlew.bat

@@ -13,6 +13,8 @@
 @rem See the License for the specific language governing permissions and
 @rem limitations under the License.
 @rem
+@rem SPDX-License-Identifier: Apache-2.0
+@rem
 
 @if "%DEBUG%"=="" @echo off
 @rem ##########################################################################
@@ -26,6 +28,7 @@ if "%OS%"=="Windows_NT" setlocal
 
 set DIRNAME=%~dp0
 if "%DIRNAME%"=="" set DIRNAME=.
+@rem This is normally unused
 set APP_BASE_NAME=%~n0
 set APP_HOME=%DIRNAME%
 
@@ -42,11 +45,11 @@ set JAVA_EXE=java.exe
 %JAVA_EXE% -version >NUL 2>&1
 if %ERRORLEVEL% equ 0 goto execute
 
-echo.
+echo. 1>&2
-echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2
-echo.
+echo. 1>&2
-echo Please set the JAVA_HOME variable in your environment to match the
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
-echo location of your Java installation.
+echo location of your Java installation. 1>&2
 
 goto fail
 
@@ -56,11 +59,11 @@ set JAVA_EXE=%JAVA_HOME%/bin/java.exe
 
 if exist "%JAVA_EXE%" goto execute
 
-echo.
+echo. 1>&2
-echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2
-echo.
+echo. 1>&2
-echo Please set the JAVA_HOME variable in your environment to match the
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
-echo location of your Java installation.
+echo location of your Java installation. 1>&2
 
 goto fail
 

src/main/java/stirling/software/SPDF/EE/EEAppConfig.java

@@ -27,4 +27,9 @@ public class EEAppConfig {
     public boolean runningEnterpriseEdition() {
         return licenseKeyChecker.getEnterpriseEnabledResult();
     }
+
+    @Bean(name = "SSOAutoLogin")
+    public boolean ssoAutoLogin() {
+        return applicationProperties.getEnterpriseEdition().isSsoAutoLogin();
+    }
 }

src/main/java/stirling/software/SPDF/EE/KeygenLicenseVerifier.java

@@ -94,7 +94,7 @@ public class KeygenLicenseVerifier {
                         .build();
 
         HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
-        log.info(" validateLicenseResponse body: " + response.body());
+        log.debug(" validateLicenseResponse body: " + response.body());
         JsonNode jsonResponse = objectMapper.readTree(response.body());
         if (response.statusCode() == 200) {
 

src/main/java/stirling/software/SPDF/config/InstallationPathConfig.java

@@ -22,6 +22,7 @@ public class InstallationPathConfig {
     // Pipeline paths
     private static final String PIPELINE_WATCHED_FOLDERS_PATH;
     private static final String PIPELINE_FINISHED_FOLDERS_PATH;
+    private static final String PIPELINE_DEFAULT_WEB_UI_CONFIGS;
     
     // Custom file paths
     private static final String STATIC_PATH;
@@ -45,6 +46,7 @@ public class InstallationPathConfig {
         // Initialize pipeline paths
         PIPELINE_WATCHED_FOLDERS_PATH = PIPELINE_PATH + "watchedFolders" + File.separator;
         PIPELINE_FINISHED_FOLDERS_PATH = PIPELINE_PATH + "finishedFolders" + File.separator;
+        PIPELINE_DEFAULT_WEB_UI_CONFIGS = PIPELINE_PATH + "defaultWebUIConfigs" + File.separator;
         
         // Initialize custom file paths
         STATIC_PATH = CUSTOM_FILES_PATH + "static" + File.separator;
@@ -118,6 +120,10 @@ public class InstallationPathConfig {
         return PIPELINE_FINISHED_FOLDERS_PATH;
     }
 
+    public static String getPipelineDefaultWebUIConfigsDir() {
+        return PIPELINE_DEFAULT_WEB_UI_CONFIGS;
+    }
+    
     public static String getStaticPath() {
         return STATIC_PATH;
     }

src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java

@@ -1,39 +1,24 @@
 package stirling.software.SPDF.config.security;
 
-import java.security.cert.X509Certificate;
 import java.util.*;
 
-import org.opensaml.saml.saml2.core.AuthnRequest;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.DependsOn;
 import org.springframework.context.annotation.Lazy;
-import org.springframework.core.io.Resource;
 import org.springframework.security.authentication.ProviderManager;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.security.oauth2.client.registration.ClientRegistration;
-import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
-import org.springframework.security.oauth2.client.registration.ClientRegistrations;
-import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
-import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
-import org.springframework.security.saml2.core.Saml2X509Credential;
-import org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509CredentialType;
 import org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider;
-import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository;
-import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
-import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
 import org.springframework.security.saml2.provider.service.web.authentication.OpenSaml4AuthenticationRequestResolver;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@@ -43,24 +28,16 @@ import org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler;
 import org.springframework.security.web.savedrequest.NullRequestCache;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
-import jakarta.servlet.http.HttpServletRequest;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.config.security.oauth2.CustomOAuth2AuthenticationFailureHandler;
 import stirling.software.SPDF.config.security.oauth2.CustomOAuth2AuthenticationSuccessHandler;
 import stirling.software.SPDF.config.security.oauth2.CustomOAuth2UserService;
-import stirling.software.SPDF.config.security.saml2.CertificateUtils;
 import stirling.software.SPDF.config.security.saml2.CustomSaml2AuthenticationFailureHandler;
 import stirling.software.SPDF.config.security.saml2.CustomSaml2AuthenticationSuccessHandler;
 import stirling.software.SPDF.config.security.saml2.CustomSaml2ResponseAuthenticationConverter;
 import stirling.software.SPDF.config.security.session.SessionPersistentRegistry;
 import stirling.software.SPDF.model.ApplicationProperties;
-import stirling.software.SPDF.model.ApplicationProperties.Security.OAUTH2;
-import stirling.software.SPDF.model.ApplicationProperties.Security.OAUTH2.Client;
-import stirling.software.SPDF.model.ApplicationProperties.Security.SAML2;
 import stirling.software.SPDF.model.User;
-import stirling.software.SPDF.model.provider.GithubProvider;
-import stirling.software.SPDF.model.provider.GoogleProvider;
-import stirling.software.SPDF.model.provider.KeycloakProvider;
 import stirling.software.SPDF.repository.JPATokenRepositoryImpl;
 import stirling.software.SPDF.repository.PersistentLoginRepository;
 
@@ -72,7 +49,7 @@ import stirling.software.SPDF.repository.PersistentLoginRepository;
 public class SecurityConfiguration {
 
     private final CustomUserDetailsService userDetailsService;
-    @Lazy private final UserService userService;
+    private final UserService userService;
 
     @Qualifier("loginEnabled")
     private final boolean loginEnabledValue;
@@ -86,16 +63,10 @@ public class SecurityConfiguration {
     private final FirstLoginFilter firstLoginFilter;
     private final SessionPersistentRegistry sessionRegistry;
     private final PersistentLoginRepository persistentLoginRepository;
+    private final GrantedAuthoritiesMapper oAuth2userAuthoritiesMapper;
+    private final RelyingPartyRegistrationRepository saml2RelyingPartyRegistrations;
+    private final OpenSaml4AuthenticationRequestResolver saml2AuthenticationRequestResolver;
 
-    //    // Only Dev test
-    //    @Bean
-    //    public WebSecurityCustomizer webSecurityCustomizer() {
-    //        return (web) ->
-    //                web.ignoring()
-    //                        .requestMatchers(
-    //                                "/css/**", "/images/**", "/js/**", "/**.svg",
-    // "/pdfjs-legacy/**");
-    //    }
     public SecurityConfiguration(
             PersistentLoginRepository persistentLoginRepository,
             CustomUserDetailsService userDetailsService,
@@ -106,7 +77,12 @@ public class SecurityConfiguration {
             UserAuthenticationFilter userAuthenticationFilter,
             LoginAttemptService loginAttemptService,
             FirstLoginFilter firstLoginFilter,
-            SessionPersistentRegistry sessionRegistry) {
+            SessionPersistentRegistry sessionRegistry,
+            @Autowired(required = false) GrantedAuthoritiesMapper oAuth2userAuthoritiesMapper,
+            @Autowired(required = false)
+                    RelyingPartyRegistrationRepository saml2RelyingPartyRegistrations,
+            @Autowired(required = false)
+                    OpenSaml4AuthenticationRequestResolver saml2AuthenticationRequestResolver) {
         this.userDetailsService = userDetailsService;
         this.userService = userService;
         this.loginEnabledValue = loginEnabledValue;
@@ -117,6 +93,9 @@ public class SecurityConfiguration {
         this.firstLoginFilter = firstLoginFilter;
         this.sessionRegistry = sessionRegistry;
         this.persistentLoginRepository = persistentLoginRepository;
+        this.oAuth2userAuthoritiesMapper = oAuth2userAuthoritiesMapper;
+        this.saml2RelyingPartyRegistrations = saml2RelyingPartyRegistrations;
+        this.saml2AuthenticationRequestResolver = saml2AuthenticationRequestResolver;
     }
 
     @Bean
@@ -274,7 +253,7 @@ public class SecurityConfiguration {
                                                                                 userService,
                                                                                 loginAttemptService))
                                                                 .userAuthoritiesMapper(
-                                                                        userAuthoritiesMapper()))
+                                                                        oAuth2userAuthoritiesMapper))
                                         .permitAll());
             }
             // Handle SAML
@@ -291,7 +270,7 @@ public class SecurityConfiguration {
                                     try {
                                         saml2.loginPage("/saml2")
                                                 .relyingPartyRegistrationRepository(
-                                                        relyingPartyRegistrations())
+                                                        saml2RelyingPartyRegistrations)
                                                 .authenticationManager(
                                                         new ProviderManager(authenticationProvider))
                                                 .successHandler(
@@ -302,8 +281,7 @@ public class SecurityConfiguration {
                                                 .failureHandler(
                                                         new CustomSaml2AuthenticationFailureHandler())
                                                 .authenticationRequestResolver(
-                                                        authenticationRequestResolver(
+                                                        saml2AuthenticationRequestResolver);
-                                                                relyingPartyRegistrations()));
                                     } catch (Exception e) {
                                         log.error("Error configuring SAML2 login", e);
                                         throw new RuntimeException(e);
@@ -311,244 +289,11 @@ public class SecurityConfiguration {
                                 });
             }
         } else {
-            //            if (!applicationProperties.getSecurity().getCsrfDisabled()) {
-            //                CookieCsrfTokenRepository cookieRepo =
-            //                        CookieCsrfTokenRepository.withHttpOnlyFalse();
-            //                CsrfTokenRequestAttributeHandler requestHandler =
-            //                        new CsrfTokenRequestAttributeHandler();
-            //                requestHandler.setCsrfRequestAttributeName(null);
-            //                http.csrf(
-            //                        csrf ->
-            //                                csrf.csrfTokenRepository(cookieRepo)
-            //                                        .csrfTokenRequestHandler(requestHandler));
-            //            }
             http.authorizeHttpRequests(authz -> authz.anyRequest().permitAll());
         }
         return http.build();
     }
 
-    @Bean
-    @ConditionalOnProperty(
-            value = "security.oauth2.enabled",
-            havingValue = "true",
-            matchIfMissing = false)
-    public ClientRegistrationRepository clientRegistrationRepository() {
-        List<ClientRegistration> registrations = new ArrayList<>();
-        githubClientRegistration().ifPresent(registrations::add);
-        oidcClientRegistration().ifPresent(registrations::add);
-        googleClientRegistration().ifPresent(registrations::add);
-        keycloakClientRegistration().ifPresent(registrations::add);
-        if (registrations.isEmpty()) {
-            log.error("At least one OAuth2 provider must be configured");
-            System.exit(1);
-        }
-        return new InMemoryClientRegistrationRepository(registrations);
-    }
-
-    private Optional<ClientRegistration> googleClientRegistration() {
-        OAUTH2 oauth = applicationProperties.getSecurity().getOauth2();
-        if (oauth == null || !oauth.getEnabled()) {
-            return Optional.empty();
-        }
-        Client client = oauth.getClient();
-        if (client == null) {
-            return Optional.empty();
-        }
-        GoogleProvider google = client.getGoogle();
-        return google != null && google.isSettingsValid()
-                ? Optional.of(
-                        ClientRegistration.withRegistrationId(google.getName())
-                                .clientId(google.getClientId())
-                                .clientSecret(google.getClientSecret())
-                                .scope(google.getScopes())
-                                .authorizationUri(google.getAuthorizationuri())
-                                .tokenUri(google.getTokenuri())
-                                .userInfoUri(google.getUserinfouri())
-                                .userNameAttributeName(google.getUseAsUsername())
-                                .clientName(google.getClientName())
-                                .redirectUri("{baseUrl}/login/oauth2/code/" + google.getName())
-                                .authorizationGrantType(
-                                        org.springframework.security.oauth2.core
-                                                .AuthorizationGrantType.AUTHORIZATION_CODE)
-                                .build())
-                : Optional.empty();
-    }
-
-    private Optional<ClientRegistration> keycloakClientRegistration() {
-        OAUTH2 oauth = applicationProperties.getSecurity().getOauth2();
-        if (oauth == null || !oauth.getEnabled()) {
-            return Optional.empty();
-        }
-        Client client = oauth.getClient();
-        if (client == null) {
-            return Optional.empty();
-        }
-        KeycloakProvider keycloak = client.getKeycloak();
-        return keycloak != null && keycloak.isSettingsValid()
-                ? Optional.of(
-                        ClientRegistrations.fromIssuerLocation(keycloak.getIssuer())
-                                .registrationId(keycloak.getName())
-                                .clientId(keycloak.getClientId())
-                                .clientSecret(keycloak.getClientSecret())
-                                .scope(keycloak.getScopes())
-                                .userNameAttributeName(keycloak.getUseAsUsername())
-                                .clientName(keycloak.getClientName())
-                                .build())
-                : Optional.empty();
-    }
-
-    private Optional<ClientRegistration> githubClientRegistration() {
-        OAUTH2 oauth = applicationProperties.getSecurity().getOauth2();
-        if (oauth == null || !oauth.getEnabled()) {
-            return Optional.empty();
-        }
-        Client client = oauth.getClient();
-        if (client == null) {
-            return Optional.empty();
-        }
-        GithubProvider github = client.getGithub();
-        return github != null && github.isSettingsValid()
-                ? Optional.of(
-                        ClientRegistration.withRegistrationId(github.getName())
-                                .clientId(github.getClientId())
-                                .clientSecret(github.getClientSecret())
-                                .scope(github.getScopes())
-                                .authorizationUri(github.getAuthorizationuri())
-                                .tokenUri(github.getTokenuri())
-                                .userInfoUri(github.getUserinfouri())
-                                .userNameAttributeName(github.getUseAsUsername())
-                                .clientName(github.getClientName())
-                                .redirectUri("{baseUrl}/login/oauth2/code/" + github.getName())
-                                .authorizationGrantType(
-                                        org.springframework.security.oauth2.core
-                                                .AuthorizationGrantType.AUTHORIZATION_CODE)
-                                .build())
-                : Optional.empty();
-    }
-
-    private Optional<ClientRegistration> oidcClientRegistration() {
-        OAUTH2 oauth = applicationProperties.getSecurity().getOauth2();
-        if (oauth == null
-                || oauth.getIssuer() == null
-                || oauth.getIssuer().isEmpty()
-                || oauth.getClientId() == null
-                || oauth.getClientId().isEmpty()
-                || oauth.getClientSecret() == null
-                || oauth.getClientSecret().isEmpty()
-                || oauth.getScopes() == null
-                || oauth.getScopes().isEmpty()
-                || oauth.getUseAsUsername() == null
-                || oauth.getUseAsUsername().isEmpty()) {
-            return Optional.empty();
-        }
-        return Optional.of(
-                ClientRegistrations.fromIssuerLocation(oauth.getIssuer())
-                        .registrationId("oidc")
-                        .clientId(oauth.getClientId())
-                        .clientSecret(oauth.getClientSecret())
-                        .scope(oauth.getScopes())
-                        .userNameAttributeName(oauth.getUseAsUsername())
-                        .clientName("OIDC")
-                        .build());
-    }
-
-    @Bean
-    @ConditionalOnProperty(
-            name = "security.saml2.enabled",
-            havingValue = "true",
-            matchIfMissing = false)
-    public RelyingPartyRegistrationRepository relyingPartyRegistrations() throws Exception {
-        SAML2 samlConf = applicationProperties.getSecurity().getSaml2();
-        X509Certificate idpCert = CertificateUtils.readCertificate(samlConf.getidpCert());
-        Saml2X509Credential verificationCredential = Saml2X509Credential.verification(idpCert);
-        Resource privateKeyResource = samlConf.getPrivateKey();
-        Resource certificateResource = samlConf.getSpCert();
-        Saml2X509Credential signingCredential =
-                new Saml2X509Credential(
-                        CertificateUtils.readPrivateKey(privateKeyResource),
-                        CertificateUtils.readCertificate(certificateResource),
-                        Saml2X509CredentialType.SIGNING);
-        RelyingPartyRegistration rp =
-                RelyingPartyRegistration.withRegistrationId(samlConf.getRegistrationId())
-                        .signingX509Credentials(c -> c.add(signingCredential))
-                        .assertingPartyMetadata(
-                                metadata ->
-                                        metadata.entityId(samlConf.getIdpIssuer())
-                                                .singleSignOnServiceLocation(
-                                                        samlConf.getIdpSingleLoginUrl())
-                                                .verificationX509Credentials(
-                                                        c -> c.add(verificationCredential))
-                                                .singleSignOnServiceBinding(
-                                                        Saml2MessageBinding.POST)
-                                                .wantAuthnRequestsSigned(true))
-                        .build();
-        return new InMemoryRelyingPartyRegistrationRepository(rp);
-    }
-
-    @Bean
-    @ConditionalOnProperty(
-            name = "security.saml2.enabled",
-            havingValue = "true",
-            matchIfMissing = false)
-    public OpenSaml4AuthenticationRequestResolver authenticationRequestResolver(
-            RelyingPartyRegistrationRepository relyingPartyRegistrationRepository) {
-        OpenSaml4AuthenticationRequestResolver resolver =
-                new OpenSaml4AuthenticationRequestResolver(relyingPartyRegistrationRepository);
-        resolver.setAuthnRequestCustomizer(
-                customizer -> {
-                    log.debug("Customizing SAML Authentication request");
-                    AuthnRequest authnRequest = customizer.getAuthnRequest();
-                    log.debug("AuthnRequest ID: {}", authnRequest.getID());
-                    if (authnRequest.getID() == null) {
-                        authnRequest.setID("ARQ" + UUID.randomUUID().toString());
-                    }
-                    log.debug("AuthnRequest new ID after set: {}", authnRequest.getID());
-                    log.debug("AuthnRequest IssueInstant: {}", authnRequest.getIssueInstant());
-                    log.debug(
-                            "AuthnRequest Issuer: {}",
-                            authnRequest.getIssuer() != null
-                                    ? authnRequest.getIssuer().getValue()
-                                    : "null");
-                    HttpServletRequest request = customizer.getRequest();
-                    // Log HTTP request details
-                    log.debug("HTTP Request Method: {}", request.getMethod());
-                    log.debug("Request URI: {}", request.getRequestURI());
-                    log.debug("Request URL: {}", request.getRequestURL().toString());
-                    log.debug("Query String: {}", request.getQueryString());
-                    log.debug("Remote Address: {}", request.getRemoteAddr());
-                    // Log headers
-                    Collections.list(request.getHeaderNames())
-                            .forEach(
-                                    headerName -> {
-                                        log.debug(
-                                                "Header - {}: {}",
-                                                headerName,
-                                                request.getHeader(headerName));
-                                    });
-                    // Log SAML specific parameters
-                    log.debug("SAML Request Parameters:");
-                    log.debug("SAMLRequest: {}", request.getParameter("SAMLRequest"));
-                    log.debug("RelayState: {}", request.getParameter("RelayState"));
-                    // Log session debugrmation if exists
-                    if (request.getSession(false) != null) {
-                        log.debug("Session ID: {}", request.getSession().getId());
-                    }
-                    // Log any assertions consumer service details if present
-                    if (authnRequest.getAssertionConsumerServiceURL() != null) {
-                        log.debug(
-                                "AssertionConsumerServiceURL: {}",
-                                authnRequest.getAssertionConsumerServiceURL());
-                    }
-                    // Log NameID policy if present
-                    if (authnRequest.getNameIDPolicy() != null) {
-                        log.debug(
-                                "NameIDPolicy Format: {}",
-                                authnRequest.getNameIDPolicy().getFormat());
-                    }
-                });
-        return resolver;
-    }
-
     public DaoAuthenticationProvider daoAuthenticationProvider() {
         DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
         provider.setUserDetailsService(userDetailsService);
@@ -556,46 +301,6 @@ public class SecurityConfiguration {
         return provider;
     }
 
-    /*
-    This following function is to grant Authorities to the OAUTH2 user from the values stored in the database.
-    This is required for the internal; 'hasRole()' function to give out the correct role.
-     */
-    @Bean
-    @ConditionalOnProperty(
-            value = "security.oauth2.enabled",
-            havingValue = "true",
-            matchIfMissing = false)
-    GrantedAuthoritiesMapper userAuthoritiesMapper() {
-        return (authorities) -> {
-            Set<GrantedAuthority> mappedAuthorities = new HashSet<>();
-            authorities.forEach(
-                    authority -> {
-                        // Add existing OAUTH2 Authorities
-                        mappedAuthorities.add(new SimpleGrantedAuthority(authority.getAuthority()));
-                        // Add Authorities from database for existing user, if user is present.
-                        if (authority instanceof OAuth2UserAuthority oauth2Auth) {
-                            String useAsUsername =
-                                    applicationProperties
-                                            .getSecurity()
-                                            .getOauth2()
-                                            .getUseAsUsername();
-                            Optional<User> userOpt =
-                                    userService.findByUsernameIgnoreCase(
-                                            (String) oauth2Auth.getAttributes().get(useAsUsername));
-                            if (userOpt.isPresent()) {
-                                User user = userOpt.get();
-                                if (user != null) {
-                                    mappedAuthorities.add(
-                                            new SimpleGrantedAuthority(
-                                                    userService.findRole(user).getAuthority()));
-                                }
-                            }
-                        }
-                    });
-            return mappedAuthorities;
-        };
-    }
-
     @Bean
     public IPRateLimitingFilter rateLimitingFilter() {
         // Example limit TODO add config level

src/main/java/stirling/software/SPDF/config/security/UserService.java

@@ -329,12 +329,16 @@ public class UserService implements UserServiceInterface {
 
     public boolean isUsernameValid(String username) {
         // Checks whether the simple username is formatted correctly
+        // Regular expression for user name: Min. 3 characters, max. 50 characters
         boolean isValidSimpleUsername =
-                username.matches("^[a-zA-Z0-9][a-zA-Z0-9@._+-]*[a-zA-Z0-9]$");
+                username.matches("^[a-zA-Z0-9](?!.*[-@._+]{2,})[a-zA-Z0-9@._+-]{1,48}[a-zA-Z0-9]$");
+
         // Checks whether the email address is formatted correctly
+        // Regular expression for email addresses: Max. 320 characters, with RFC-like validation
         boolean isValidEmail =
                 username.matches(
-                        "^(?=.{1,64}@)[A-Za-z0-9]+(\\.[A-Za-z0-9_+.-]+)*@[^-][A-Za-z0-9-]+(\\.[A-Za-z0-9-]+)*(\\.[A-Za-z]{2,})$");
+                        "^(?=.{1,320}$)(?=.{1,64}@)[A-Za-z0-9](?:[A-Za-z0-9_.+-]*[A-Za-z0-9])?@[^-][A-Za-z0-9-]+(?:\\\\.[A-Za-z0-9-]+)*(?:\\\\.[A-Za-z]{2,})$");
+
         List<String> notAllowedUserList = new ArrayList<>();
         notAllowedUserList.add("ALL_USERS".toLowerCase());
         boolean notAllowedUser = notAllowedUserList.contains(username.toLowerCase());

src/main/java/stirling/software/SPDF/config/security/database/DatabaseConfig.java

@@ -1,5 +1,7 @@
 package stirling.software.SPDF.config.security.database;
 
+import java.io.File;
+
 import javax.sql.DataSource;
 
 import org.springframework.beans.factory.annotation.Qualifier;
@@ -9,6 +11,7 @@ import org.springframework.context.annotation.Configuration;
 
 import lombok.Getter;
 import lombok.extern.slf4j.Slf4j;
+import stirling.software.SPDF.config.InstallationPathConfig;
 import stirling.software.SPDF.model.ApplicationProperties;
 import stirling.software.SPDF.model.provider.UnsupportedProviderException;
 
@@ -17,8 +20,8 @@ import stirling.software.SPDF.model.provider.UnsupportedProviderException;
 @Configuration
 public class DatabaseConfig {
 
-    public static final String DATASOURCE_DEFAULT_URL =
+    public final String DATASOURCE_DEFAULT_URL;
-            "jdbc:h2:file:./configs/stirling-pdf-DB-2.3.232;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE";
+            
     public static final String DATASOURCE_URL_TEMPLATE = "jdbc:%s://%s:%4d/%s";
     public static final String DEFAULT_DRIVER = "org.h2.Driver";
     public static final String DEFAULT_USERNAME = "sa";
@@ -27,7 +30,10 @@ public class DatabaseConfig {
     private final ApplicationProperties applicationProperties;
     private final boolean runningEE;
 
-    public DatabaseConfig(ApplicationProperties applicationProperties, @Qualifier("runningEE") boolean runningEE) {
+    public DatabaseConfig(
+            ApplicationProperties applicationProperties,
+            @Qualifier("runningEE") boolean runningEE) {
+    	DATASOURCE_DEFAULT_URL = "jdbc:h2:file:" + InstallationPathConfig.getConfigPath() + File.separator + "stirling-pdf-DB-2.3.232;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE";
         this.applicationProperties = applicationProperties;
         this.runningEE = runningEE;
     }

src/main/java/stirling/software/SPDF/config/security/database/DatabaseService.java

@@ -26,6 +26,7 @@ import org.springframework.jdbc.datasource.init.ScriptException;
 import org.springframework.stereotype.Service;
 
 import lombok.extern.slf4j.Slf4j;
+import stirling.software.SPDF.config.InstallationPathConfig;
 import stirling.software.SPDF.config.interfaces.DatabaseInterface;
 import stirling.software.SPDF.model.ApplicationProperties;
 import stirling.software.SPDF.model.exception.BackupNotFoundException;
@@ -37,12 +38,14 @@ public class DatabaseService implements DatabaseInterface {
 
     public static final String BACKUP_PREFIX = "backup_";
     public static final String SQL_SUFFIX = ".sql";
-    private static final String BACKUP_DIR = "configs/db/backup/";
+    private final Path BACKUP_DIR;
 
     private final ApplicationProperties applicationProperties;
     private final DataSource dataSource;
 
     public DatabaseService(ApplicationProperties applicationProperties, DataSource dataSource) {
+        this.BACKUP_DIR =
+                Paths.get(InstallationPathConfig.getConfigPath(), "db", "backup").normalize();
         this.applicationProperties = applicationProperties;
         this.dataSource = dataSource;
     }
@@ -55,9 +58,9 @@ public class DatabaseService implements DatabaseInterface {
      */
     @Override
     public boolean hasBackup() {
-        Path filePath = Paths.get(BACKUP_DIR);
+        createBackupDirectory();
 
-        if (Files.exists(filePath)) {
+        if (Files.exists(BACKUP_DIR)) {
             return !getBackupList().isEmpty();
         }
 
@@ -74,11 +77,11 @@ public class DatabaseService implements DatabaseInterface {
         List<FileInfo> backupFiles = new ArrayList<>();
 
         if (isH2Database()) {
-            Path backupPath = Paths.get(BACKUP_DIR);
+            createBackupDirectory();
 
             try (DirectoryStream<Path> stream =
                     Files.newDirectoryStream(
-                            backupPath,
+                            BACKUP_DIR,
                             path ->
                                     path.getFileName().toString().startsWith(BACKUP_PREFIX)
                                             && path.getFileName()
@@ -110,6 +113,17 @@ public class DatabaseService implements DatabaseInterface {
         return backupFiles;
     }
 
+    private void createBackupDirectory() {
+        if (!Files.exists(BACKUP_DIR)) {
+            try {
+                Files.createDirectories(BACKUP_DIR);
+                log.debug("create backup directory: {}", BACKUP_DIR);
+            } catch (IOException e) {
+                log.error("Error create backup directory: {}", e.getMessage(), e);
+            }
+        }
+    }
+
     @Override
     public void importDatabase() {
         if (!hasBackup()) throw new BackupNotFoundException("No backup scripts were found.");
@@ -255,7 +269,8 @@ public class DatabaseService implements DatabaseInterface {
      * @return the <code>Path</code> object for the given file name
      */
     public Path getBackupFilePath(String fileName) {
-        Path filePath = Paths.get(BACKUP_DIR, fileName).normalize();
+        createBackupDirectory();
+        Path filePath = BACKUP_DIR.resolve(fileName).normalize();
         if (!filePath.startsWith(BACKUP_DIR)) {
             throw new SecurityException("Path traversal detected");
         }

src/main/java/stirling/software/SPDF/config/security/oauth2/OAuth2Configuration.java

@@ -0,0 +1,213 @@
+package stirling.software.SPDF.config.security.oauth2;
+
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Optional;
+import java.util.Set;
+
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Lazy;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
+import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
+import org.springframework.security.oauth2.client.registration.ClientRegistrations;
+import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
+import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
+
+import lombok.extern.slf4j.Slf4j;
+import stirling.software.SPDF.config.security.UserService;
+import stirling.software.SPDF.model.ApplicationProperties;
+import stirling.software.SPDF.model.ApplicationProperties.Security.OAUTH2;
+import stirling.software.SPDF.model.ApplicationProperties.Security.OAUTH2.Client;
+import stirling.software.SPDF.model.User;
+import stirling.software.SPDF.model.provider.GithubProvider;
+import stirling.software.SPDF.model.provider.GoogleProvider;
+import stirling.software.SPDF.model.provider.KeycloakProvider;
+
+@Configuration
+@Slf4j
+@ConditionalOnProperty(
+        value = "security.oauth2.enabled",
+        havingValue = "true",
+        matchIfMissing = false)
+public class OAuth2Configuration {
+
+    private final ApplicationProperties applicationProperties;
+    @Lazy private final UserService userService;
+
+    public OAuth2Configuration(
+            ApplicationProperties applicationProperties, @Lazy UserService userService) {
+        this.userService = userService;
+        this.applicationProperties = applicationProperties;
+    }
+
+    @Bean
+    @ConditionalOnProperty(
+            value = "security.oauth2.enabled",
+            havingValue = "true",
+            matchIfMissing = false)
+    public ClientRegistrationRepository clientRegistrationRepository() {
+        List<ClientRegistration> registrations = new ArrayList<>();
+        githubClientRegistration().ifPresent(registrations::add);
+        oidcClientRegistration().ifPresent(registrations::add);
+        googleClientRegistration().ifPresent(registrations::add);
+        keycloakClientRegistration().ifPresent(registrations::add);
+        if (registrations.isEmpty()) {
+            log.error("At least one OAuth2 provider must be configured");
+            System.exit(1);
+        }
+        return new InMemoryClientRegistrationRepository(registrations);
+    }
+
+    private Optional<ClientRegistration> googleClientRegistration() {
+        OAUTH2 oauth = applicationProperties.getSecurity().getOauth2();
+        if (oauth == null || !oauth.getEnabled()) {
+            return Optional.empty();
+        }
+        Client client = oauth.getClient();
+        if (client == null) {
+            return Optional.empty();
+        }
+        GoogleProvider google = client.getGoogle();
+        return google != null && google.isSettingsValid()
+                ? Optional.of(
+                        ClientRegistration.withRegistrationId(google.getName())
+                                .clientId(google.getClientId())
+                                .clientSecret(google.getClientSecret())
+                                .scope(google.getScopes())
+                                .authorizationUri(google.getAuthorizationuri())
+                                .tokenUri(google.getTokenuri())
+                                .userInfoUri(google.getUserinfouri())
+                                .userNameAttributeName(google.getUseAsUsername())
+                                .clientName(google.getClientName())
+                                .redirectUri("{baseUrl}/login/oauth2/code/" + google.getName())
+                                .authorizationGrantType(
+                                        org.springframework.security.oauth2.core
+                                                .AuthorizationGrantType.AUTHORIZATION_CODE)
+                                .build())
+                : Optional.empty();
+    }
+
+    private Optional<ClientRegistration> keycloakClientRegistration() {
+        OAUTH2 oauth = applicationProperties.getSecurity().getOauth2();
+        if (oauth == null || !oauth.getEnabled()) {
+            return Optional.empty();
+        }
+        Client client = oauth.getClient();
+        if (client == null) {
+            return Optional.empty();
+        }
+        KeycloakProvider keycloak = client.getKeycloak();
+        return keycloak != null && keycloak.isSettingsValid()
+                ? Optional.of(
+                        ClientRegistrations.fromIssuerLocation(keycloak.getIssuer())
+                                .registrationId(keycloak.getName())
+                                .clientId(keycloak.getClientId())
+                                .clientSecret(keycloak.getClientSecret())
+                                .scope(keycloak.getScopes())
+                                .userNameAttributeName(keycloak.getUseAsUsername())
+                                .clientName(keycloak.getClientName())
+                                .build())
+                : Optional.empty();
+    }
+
+    private Optional<ClientRegistration> githubClientRegistration() {
+        OAUTH2 oauth = applicationProperties.getSecurity().getOauth2();
+        if (oauth == null || !oauth.getEnabled()) {
+            return Optional.empty();
+        }
+        Client client = oauth.getClient();
+        if (client == null) {
+            return Optional.empty();
+        }
+        GithubProvider github = client.getGithub();
+        return github != null && github.isSettingsValid()
+                ? Optional.of(
+                        ClientRegistration.withRegistrationId(github.getName())
+                                .clientId(github.getClientId())
+                                .clientSecret(github.getClientSecret())
+                                .scope(github.getScopes())
+                                .authorizationUri(github.getAuthorizationuri())
+                                .tokenUri(github.getTokenuri())
+                                .userInfoUri(github.getUserinfouri())
+                                .userNameAttributeName(github.getUseAsUsername())
+                                .clientName(github.getClientName())
+                                .redirectUri("{baseUrl}/login/oauth2/code/" + github.getName())
+                                .authorizationGrantType(
+                                        org.springframework.security.oauth2.core
+                                                .AuthorizationGrantType.AUTHORIZATION_CODE)
+                                .build())
+                : Optional.empty();
+    }
+
+    private Optional<ClientRegistration> oidcClientRegistration() {
+        OAUTH2 oauth = applicationProperties.getSecurity().getOauth2();
+        if (oauth == null
+                || oauth.getIssuer() == null
+                || oauth.getIssuer().isEmpty()
+                || oauth.getClientId() == null
+                || oauth.getClientId().isEmpty()
+                || oauth.getClientSecret() == null
+                || oauth.getClientSecret().isEmpty()
+                || oauth.getScopes() == null
+                || oauth.getScopes().isEmpty()
+                || oauth.getUseAsUsername() == null
+                || oauth.getUseAsUsername().isEmpty()) {
+            return Optional.empty();
+        }
+        return Optional.of(
+                ClientRegistrations.fromIssuerLocation(oauth.getIssuer())
+                        .registrationId("oidc")
+                        .clientId(oauth.getClientId())
+                        .clientSecret(oauth.getClientSecret())
+                        .scope(oauth.getScopes())
+                        .userNameAttributeName(oauth.getUseAsUsername())
+                        .clientName("OIDC")
+                        .build());
+    }
+
+    /*
+    This following function is to grant Authorities to the OAUTH2 user from the values stored in the database.
+    This is required for the internal; 'hasRole()' function to give out the correct role.
+     */
+    @Bean
+    @ConditionalOnProperty(
+            value = "security.oauth2.enabled",
+            havingValue = "true",
+            matchIfMissing = false)
+    GrantedAuthoritiesMapper userAuthoritiesMapper() {
+        return (authorities) -> {
+            Set<GrantedAuthority> mappedAuthorities = new HashSet<>();
+            authorities.forEach(
+                    authority -> {
+                        // Add existing OAUTH2 Authorities
+                        mappedAuthorities.add(new SimpleGrantedAuthority(authority.getAuthority()));
+                        // Add Authorities from database for existing user, if user is present.
+                        if (authority instanceof OAuth2UserAuthority oauth2Auth) {
+                            String useAsUsername =
+                                    applicationProperties
+                                            .getSecurity()
+                                            .getOauth2()
+                                            .getUseAsUsername();
+                            Optional<User> userOpt =
+                                    userService.findByUsernameIgnoreCase(
+                                            (String) oauth2Auth.getAttributes().get(useAsUsername));
+                            if (userOpt.isPresent()) {
+                                User user = userOpt.get();
+                                if (user != null) {
+                                    mappedAuthorities.add(
+                                            new SimpleGrantedAuthority(
+                                                    userService.findRole(user).getAuthority()));
+                                }
+                            }
+                        }
+                    });
+            return mappedAuthorities;
+        };
+    }
+}

src/main/java/stirling/software/SPDF/config/security/saml2/SAML2Configuration.java

@@ -0,0 +1,136 @@
+package stirling.software.SPDF.config.security.saml2;
+
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.UUID;
+
+import org.opensaml.saml.saml2.core.AuthnRequest;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.io.Resource;
+import org.springframework.security.saml2.core.Saml2X509Credential;
+import org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509CredentialType;
+import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository;
+import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
+import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
+import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
+import org.springframework.security.saml2.provider.service.web.authentication.OpenSaml4AuthenticationRequestResolver;
+
+import jakarta.servlet.http.HttpServletRequest;
+import lombok.extern.slf4j.Slf4j;
+import stirling.software.SPDF.model.ApplicationProperties;
+import stirling.software.SPDF.model.ApplicationProperties.Security.SAML2;
+
+@Configuration
+@Slf4j
+@ConditionalOnProperty(
+        value = "security.saml2.enabled",
+        havingValue = "true",
+        matchIfMissing = false)
+public class SAML2Configuration {
+
+    private final ApplicationProperties applicationProperties;
+
+    public SAML2Configuration(ApplicationProperties applicationProperties) {
+
+        this.applicationProperties = applicationProperties;
+    }
+
+    @Bean
+    @ConditionalOnProperty(
+            name = "security.saml2.enabled",
+            havingValue = "true",
+            matchIfMissing = false)
+    public RelyingPartyRegistrationRepository relyingPartyRegistrations() throws Exception {
+        SAML2 samlConf = applicationProperties.getSecurity().getSaml2();
+        X509Certificate idpCert = CertificateUtils.readCertificate(samlConf.getidpCert());
+        Saml2X509Credential verificationCredential = Saml2X509Credential.verification(idpCert);
+        Resource privateKeyResource = samlConf.getPrivateKey();
+        Resource certificateResource = samlConf.getSpCert();
+        Saml2X509Credential signingCredential =
+                new Saml2X509Credential(
+                        CertificateUtils.readPrivateKey(privateKeyResource),
+                        CertificateUtils.readCertificate(certificateResource),
+                        Saml2X509CredentialType.SIGNING);
+        RelyingPartyRegistration rp =
+                RelyingPartyRegistration.withRegistrationId(samlConf.getRegistrationId())
+                        .signingX509Credentials(c -> c.add(signingCredential))
+                        .assertingPartyMetadata(
+                                metadata ->
+                                        metadata.entityId(samlConf.getIdpIssuer())
+                                                .singleSignOnServiceLocation(
+                                                        samlConf.getIdpSingleLoginUrl())
+                                                .verificationX509Credentials(
+                                                        c -> c.add(verificationCredential))
+                                                .singleSignOnServiceBinding(
+                                                        Saml2MessageBinding.POST)
+                                                .wantAuthnRequestsSigned(true))
+                        .build();
+        return new InMemoryRelyingPartyRegistrationRepository(rp);
+    }
+
+    @Bean
+    @ConditionalOnProperty(
+            name = "security.saml2.enabled",
+            havingValue = "true",
+            matchIfMissing = false)
+    public OpenSaml4AuthenticationRequestResolver authenticationRequestResolver(
+            RelyingPartyRegistrationRepository relyingPartyRegistrationRepository) {
+        OpenSaml4AuthenticationRequestResolver resolver =
+                new OpenSaml4AuthenticationRequestResolver(relyingPartyRegistrationRepository);
+        resolver.setAuthnRequestCustomizer(
+                customizer -> {
+                    log.debug("Customizing SAML Authentication request");
+                    AuthnRequest authnRequest = customizer.getAuthnRequest();
+                    log.debug("AuthnRequest ID: {}", authnRequest.getID());
+                    if (authnRequest.getID() == null) {
+                        authnRequest.setID("ARQ" + UUID.randomUUID().toString());
+                    }
+                    log.debug("AuthnRequest new ID after set: {}", authnRequest.getID());
+                    log.debug("AuthnRequest IssueInstant: {}", authnRequest.getIssueInstant());
+                    log.debug(
+                            "AuthnRequest Issuer: {}",
+                            authnRequest.getIssuer() != null
+                                    ? authnRequest.getIssuer().getValue()
+                                    : "null");
+                    HttpServletRequest request = customizer.getRequest();
+                    // Log HTTP request details
+                    log.debug("HTTP Request Method: {}", request.getMethod());
+                    log.debug("Request URI: {}", request.getRequestURI());
+                    log.debug("Request URL: {}", request.getRequestURL().toString());
+                    log.debug("Query String: {}", request.getQueryString());
+                    log.debug("Remote Address: {}", request.getRemoteAddr());
+                    // Log headers
+                    Collections.list(request.getHeaderNames())
+                            .forEach(
+                                    headerName -> {
+                                        log.debug(
+                                                "Header - {}: {}",
+                                                headerName,
+                                                request.getHeader(headerName));
+                                    });
+                    // Log SAML specific parameters
+                    log.debug("SAML Request Parameters:");
+                    log.debug("SAMLRequest: {}", request.getParameter("SAMLRequest"));
+                    log.debug("RelayState: {}", request.getParameter("RelayState"));
+                    // Log session debugrmation if exists
+                    if (request.getSession(false) != null) {
+                        log.debug("Session ID: {}", request.getSession().getId());
+                    }
+                    // Log any assertions consumer service details if present
+                    if (authnRequest.getAssertionConsumerServiceURL() != null) {
+                        log.debug(
+                                "AssertionConsumerServiceURL: {}",
+                                authnRequest.getAssertionConsumerServiceURL());
+                    }
+                    // Log NameID policy if present
+                    if (authnRequest.getNameIDPolicy() != null) {
+                        log.debug(
+                                "NameIDPolicy Format: {}",
+                                authnRequest.getNameIDPolicy().getFormat());
+                    }
+                });
+        return resolver;
+    }
+}

src/main/java/stirling/software/SPDF/controller/api/security/RedactController.java

@@ -26,7 +26,6 @@ import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 
 import lombok.extern.slf4j.Slf4j;
-
 import stirling.software.SPDF.model.PDFText;
 import stirling.software.SPDF.model.api.security.ManualRedactPdfRequest;
 import stirling.software.SPDF.model.api.security.RedactPdfRequest;
@@ -53,12 +52,17 @@ public class RedactController {
 
     @InitBinder
     public void initBinder(WebDataBinder binder) {
-        binder.registerCustomEditor(List.class, "redactions", new StringToArrayListPropertyEditor());
+        binder.registerCustomEditor(
+                List.class, "redactions", new StringToArrayListPropertyEditor());
     }
 
     @PostMapping(value = "/redact", consumes = "multipart/form-data")
-    @Operation(summary = "Redacts areas and pages in a PDF document", description = "This operation takes an input PDF file with a list of areas, page number(s)/range(s)/function(s) to redact. Input:PDF, Output:PDF, Type:SISO")
+    @Operation(
-    public ResponseEntity<byte[]> redactPDF(@ModelAttribute ManualRedactPdfRequest request) throws IOException {
+            summary = "Redacts areas and pages in a PDF document",
+            description =
+                    "This operation takes an input PDF file with a list of areas, page number(s)/range(s)/function(s) to redact. Input:PDF, Output:PDF, Type:SISO")
+    public ResponseEntity<byte[]> redactPDF(@ModelAttribute ManualRedactPdfRequest request)
+            throws IOException {
         MultipartFile file = request.getFileInput();
         List<RedactionArea> redactionAreas = request.getRedactions();
 
@@ -86,17 +90,21 @@ public class RedactController {
                         + "_redacted.pdf");
     }
 
-    private void redactAreas(List<RedactionArea> redactionAreas, PDDocument document, PDPageTree allPages)
+    private void redactAreas(
+            List<RedactionArea> redactionAreas, PDDocument document, PDPageTree allPages)
             throws IOException {
         Color redactColor = null;
         for (RedactionArea redactionArea : redactionAreas) {
-            if (redactionArea.getPage() == null || redactionArea.getPage() <= 0
+            if (redactionArea.getPage() == null
-                    || redactionArea.getHeight() == null || redactionArea.getHeight() <= 0.0D
+                    || redactionArea.getPage() <= 0
-                    || redactionArea.getWidth() == null || redactionArea.getWidth() <= 0.0D)
+                    || redactionArea.getHeight() == null
-                continue;
+                    || redactionArea.getHeight() <= 0.0D
+                    || redactionArea.getWidth() == null
+                    || redactionArea.getWidth() <= 0.0D) continue;
             PDPage page = allPages.get(redactionArea.getPage() - 1);
 
-            PDPageContentStream contentStream = new PDPageContentStream(
+            PDPageContentStream contentStream =
+                    new PDPageContentStream(
                             document, page, PDPageContentStream.AppendMode.APPEND, true, true);
             redactColor = decodeOrDefault(redactionArea.getColor(), Color.BLACK);
             contentStream.setNonStrokingColor(redactColor);
@@ -114,14 +122,16 @@ public class RedactController {
         }
     }
 
-    private void redactPages(ManualRedactPdfRequest request, PDDocument document, PDPageTree allPages)
+    private void redactPages(
+            ManualRedactPdfRequest request, PDDocument document, PDPageTree allPages)
             throws IOException {
         Color redactColor = decodeOrDefault(request.getPageRedactionColor(), Color.BLACK);
         List<Integer> pageNumbers = getPageNumbers(request, allPages.getCount());
         for (Integer pageNumber : pageNumbers) {
             PDPage page = allPages.get(pageNumber);
 
-            PDPageContentStream contentStream = new PDPageContentStream(
+            PDPageContentStream contentStream =
+                    new PDPageContentStream(
                             document, page, PDPageContentStream.AppendMode.APPEND, true, true);
             contentStream.setNonStrokingColor(redactColor);
 
@@ -146,8 +156,10 @@ public class RedactController {
 
     private List<Integer> getPageNumbers(ManualRedactPdfRequest request, int pagesCount) {
         String pageNumbersInput = request.getPageNumbers();
-        String[] parsedPageNumbers = pageNumbersInput != null ? pageNumbersInput.split(",") : new String[0];
+        String[] parsedPageNumbers =
-        List<Integer> pageNumbers = GeneralUtils.parsePageList(parsedPageNumbers, pagesCount, false);
+                pageNumbersInput != null ? pageNumbersInput.split(",") : new String[0];
+        List<Integer> pageNumbers =
+                GeneralUtils.parsePageList(parsedPageNumbers, pagesCount, false);
         Collections.sort(pageNumbers);
         return pageNumbers;
     }

src/main/java/stirling/software/SPDF/controller/web/GeneralWebController.java

@@ -54,8 +54,8 @@ public class GeneralWebController {
         model.addAttribute("currentPage", "pipeline");
         List<String> pipelineConfigs = new ArrayList<>();
         List<Map<String, String>> pipelineConfigsWithNames = new ArrayList<>();
-        if (new File("./pipeline/defaultWebUIConfigs/").exists()) {
+        if (new File(InstallationPathConfig.getPipelineDefaultWebUIConfigsDir()).exists()) {
-            try (Stream<Path> paths = Files.walk(Paths.get("./pipeline/defaultWebUIConfigs/"))) {
+            try (Stream<Path> paths = Files.walk(Paths.get(InstallationPathConfig.getPipelineDefaultWebUIConfigsDir()))) {
                 List<Path> jsonFiles =
                         paths.filter(Files::isRegularFile)
                                 .filter(p -> p.toString().endsWith(".json"))

src/main/java/stirling/software/SPDF/model/ApplicationProperties.java

@@ -366,6 +366,7 @@ public class ApplicationProperties {
         private boolean enabled;
         @ToString.Exclude private String key;
         private int maxUsers;
+        private boolean ssoAutoLogin;
         private CustomMetadata customMetadata = new CustomMetadata();
 
         @Data

src/main/java/stirling/software/SPDF/model/api/security/ManualRedactPdfRequest.java

@@ -3,6 +3,7 @@ package stirling.software.SPDF.model.api.security;
 import java.util.List;
 
 import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Data;
 import lombok.EqualsAndHashCode;
 import stirling.software.SPDF.model.api.PDFWithPageNums;

src/main/java/stirling/software/SPDF/model/api/security/RedactionArea.java

@@ -1,17 +1,20 @@
 package stirling.software.SPDF.model.api.security;
 
 import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Data;
 
 @Data
 public class RedactionArea {
     @Schema(description = "The left edge point of the area to be redacted.")
     private Double x;
+
     @Schema(description = "The top edge point of the area to be redacted.")
     private Double y;
 
     @Schema(description = "The height of the area to be redacted.")
     private Double height;
+
     @Schema(description = "The width of the area to be redacted.")
     private Double width;
 

src/main/java/stirling/software/SPDF/utils/propertyeditor/StringToArrayListPropertyEditor.java

@@ -24,8 +24,8 @@ public class StringToArrayListPropertyEditor extends PropertyEditorSupport {
         }
         try {
             objectMapper.configure(DeserializationFeature.ACCEPT_SINGLE_VALUE_AS_ARRAY, true);
-            TypeReference<ArrayList<RedactionArea>> typeRef = new TypeReference<ArrayList<RedactionArea>>() {
+            TypeReference<ArrayList<RedactionArea>> typeRef =
-            };
+                    new TypeReference<ArrayList<RedactionArea>>() {};
             List<RedactionArea> list = objectMapper.readValue(text, typeRef);
             setValue(list);
         } catch (Exception e) {

src/main/resources/messages_zh_TW.properties

@@ -82,7 +82,7 @@ pages=頁面
 loading=載入中...
 addToDoc=新增至文件
 reset=重設
-apply=Apply
+apply=套用
 
 legal.privacy=隱私權政策
 legal.terms=使用條款
@@ -249,7 +249,7 @@ database.backupCreated=資料庫備份成功
 database.fileNotFound=找不到檔案
 database.fileNullOrEmpty=檔案不得為空或空白
 database.failedImportFile=匯入檔案失敗
-database.notSupported=This function is not available for your database connection.
+database.notSupported=您的資料庫連線不支援此功能。
 
 session.expired=您的工作階段已過期。請重新整理頁面並再試一次。
 session.refreshPage=重新整理頁面
@@ -278,7 +278,7 @@ home.split.desc=將 PDF 分割為多個文件
 split.tags=頁面操作,劃分,多頁,剪下,伺服器端
 
 home.rotate.title=旋轉
-home.rotate.desc=輕鬆旋轉你的 PDF。
+home.rotate.desc=輕鬆旋轉您的 PDF。
 rotate.tags=伺服器端
 
 
@@ -300,24 +300,24 @@ home.addImage.desc=在 PDF 的指定位置新增圖片
 addImage.tags=img,jpg,圖片,照片
 
 home.watermark.title=新增浮水印
-home.watermark.desc=在你的 PDF 檔案中新增自訂浮水印。
+home.watermark.desc=在您的 PDF 檔案中新增自訂浮水印。
 watermark.tags=文字,重複,標籤,自有,版權,商標,img,jpg,圖片,照片
 
 home.permissions.title=修改權限
-home.permissions.desc=修改你的 PDF 檔案權限
+home.permissions.desc=修改您的 PDF 檔案權限
 permissions.tags=讀取,寫入,編輯,列印
 
 
 home.removePages.title=移除
-home.removePages.desc=從你的 PDF 檔案中刪除不需要的頁面。
+home.removePages.desc=從您的 PDF 檔案中刪除不需要的頁面。
 removePages.tags=移除頁面,刪除頁面
 
 home.addPassword.title=新增密碼
-home.addPassword.desc=用密碼加密你的 PDF 檔案。
+home.addPassword.desc=用密碼加密您的 PDF 檔案。
 addPassword.tags=安全,安全性
 
 home.removePassword.title=移除密碼
-home.removePassword.desc=從你的 PDF 檔案中移除密碼保護。
+home.removePassword.desc=從您的 PDF 檔案中移除密碼保護。
 removePassword.tags=安全,解密,安全性,取消密碼,刪除密碼
 
 home.compressPdfs.title=壓縮
@@ -476,9 +476,9 @@ home.autoRedact.title=自動塗黑
 home.autoRedact.desc=根據輸入的文字自動塗黑 PDF 中的文字
 autoRedact.tags=塗黑,隱藏,塗黑,黑色,標記,隱藏
 
-home.redact.title=Manual Redaction
+home.redact.title=手動塗黑
-home.redact.desc=Redacts a PDF based on selected text, drawn shapes and/or selected page(s)
+home.redact.desc=依據選取的文字、繪製的形狀和選取的頁面塗黑 PDF
-redact.tags=Redact,Hide,black out,black,marker,hidden,manual
+redact.tags=塗黑,隱藏,黑色標記,黑色,標記,隱藏,手動
 
 home.tableExtraxt.title=PDF 轉 CSV
 home.tableExtraxt.desc=從 PDF 中提取表格並將其轉換為 CSV
@@ -556,21 +556,21 @@ login.header=登入
 login.signin=登入
 login.rememberme=記住我
 login.invalid=使用者名稱或密碼無效。
-login.locked=你的帳戶已被鎖定。
+login.locked=您的帳號已被鎖定。
 login.signinTitle=請登入
-login.ssoSignIn=透過織網單一簽入
+login.ssoSignIn=透過 SSO 單一登入
 login.oauth2AutoCreateDisabled=OAuth 2.0 自動建立使用者功能已停用
-login.oauth2AdminBlockedUser=目前已封鎖非註冊使用者的註冊或登入。請聯絡系統管理員。
+login.oauth2AdminBlockedUser=目前不允許未註冊的使用者註冊或登入。請聯絡系統管理員。
 login.oauth2RequestNotFound=找不到驗證請求
-login.oauth2InvalidUserInfoResponse=無效的使用者資訊回應
+login.oauth2InvalidUserInfoResponse=使用者資訊回應無效
-login.oauth2invalidRequest=無效的回應
+login.oauth2invalidRequest=請求無效
 login.oauth2AccessDenied=存取被拒
 login.oauth2InvalidTokenResponse=無效的權杖回應
-login.oauth2InvalidIdToken=無效的識別權杖
+login.oauth2InvalidIdToken=無效的身分權杖
-login.relyingPartyRegistrationNotFound=No relying party registration found
+login.relyingPartyRegistrationNotFound=找不到任何信賴方註冊紀錄
 login.userIsDisabled=使用者已停用，目前此使用者無法登入。請聯絡系統管理員。
 login.alreadyLoggedIn=您已經登入了
-login.alreadyLoggedIn2=個裝置。請登出其他裝置後再試一次。
+login.alreadyLoggedIn2=部裝置。請先從這些裝置登出後再試一次。
 login.toManySessions=您有太多使用中的工作階段
 
 #auto-redact
@@ -586,30 +586,30 @@ autoRedact.convertPDFToImageLabel=將 PDF 轉換為 PDF-影像（用於移除方
 autoRedact.submitButton=送出
 
 #redact
-redact.title=Manual Redaction
+redact.title=手動塗黑
-redact.header=Manual Redaction
+redact.header=手動塗黑
-redact.submit=Redact
+redact.submit=塗黑
-redact.textBasedRedaction=Text based Redaction
+redact.textBasedRedaction=以文字為基礎的塗黑
-redact.pageBasedRedaction=Page-based Redaction
+redact.pageBasedRedaction=以頁面為基礎的塗黑
-redact.convertPDFToImageLabel=Convert PDF to PDF-Image (Used to remove text behind the box)
+redact.convertPDFToImageLabel=將 PDF 轉換為 PDF 影像（用於移除黑框後的文字）
-redact.pageRedactionNumbers.title=Pages
+redact.pageRedactionNumbers.title=頁面
-redact.pageRedactionNumbers.placeholder=(e.g. 1,2,8 or 4,7,12-16 or 2n-1)
+redact.pageRedactionNumbers.placeholder=（例如 1,2,8 或 4,7,12-16 或 2n-1）
-redact.redactionColor.title=Redaction Color
+redact.redactionColor.title=塗黑顏色
-redact.export=Export
+redact.export=匯出
-redact.upload=Upload
+redact.upload=上傳
-redact.boxRedaction=Box draw redaction
+redact.boxRedaction=框選區域塗黑
-redact.zoom=Zoom
+redact.zoom=縮放
-redact.zoomIn=Zoom in
+redact.zoomIn=放大
-redact.zoomOut=Zoom out
+redact.zoomOut=縮小
-redact.nextPage=Next Page
+redact.nextPage=下一頁
-redact.previousPage=Previous Page
+redact.previousPage=上一頁
-redact.toggleSidebar=Toggle Sidebar
+redact.toggleSidebar=切換側邊欄
-redact.showThumbnails=Show Thumbnails
+redact.showThumbnails=顯示縮圖
-redact.showDocumentOutline=Show Document Outline (double-click to expand/collapse all items)
+redact.showDocumentOutline=顯示文件大綱（按兩下可展開/摺疊所有項目）
-redact.showAttatchments=Show Attachments
+redact.showAttatchments=顯示附件
-redact.showLayers=Show Layers (double-click to reset all layers to the default state)
+redact.showLayers=顯示圖層（按兩下可將所有圖層重設為預設狀態）
-redact.colourPicker=Colour Picker
+redact.colourPicker=顏色選擇器
-redact.findCurrentOutlineItem=Find current outline item
+redact.findCurrentOutlineItem=尋找目前的大綱項目
 
 #showJS
 showJS.title=顯示 JavaScript
@@ -778,15 +778,15 @@ scalePages.submit=送出
 
 #certSign
 certSign.title=憑證簽章
-certSign.header=使用你的憑證簽章（進行中）
+certSign.header=使用您的憑證簽章（進行中）
 certSign.selectPDF=選擇要簽章的 PDF 檔案：
-certSign.jksNote=注意：如果你的證書類型未被列在下方，請使用 keytool 命令列工具將其轉換為 Java Keystore （.jks） 檔案格式，然後選擇下面的 .jks 檔案選項。
+certSign.jksNote=注意：如果您的證書類型未被列在下方，請使用 keytool 命令列工具將其轉換為 Java Keystore （.jks） 檔案格式，然後選擇下面的 .jks 檔案選項。
-certSign.selectKey=選擇你的私鑰檔案（PKCS#8 格式，副檔名可能是 .pem 或 .der）：
+certSign.selectKey=選擇您的私鑰檔案（PKCS#8 格式，副檔名可能是 .pem 或 .der）：
-certSign.selectCert=選擇你的憑證檔案（X.509 格式，副檔名可能是 .pem 或 .der）：
+certSign.selectCert=選擇您的憑證檔案（X.509 格式，副檔名可能是 .pem 或 .der）：
-certSign.selectP12=選擇你的 PKCS#12 金鑰庫檔案（副檔名可能是 .p12 或 .pfx）（選填，如果有提供，則它應該包含你的私鑰和憑證）：
+certSign.selectP12=選擇您的 PKCS#12 金鑰庫檔案（副檔名可能是 .p12 或 .pfx）（選填，如果有提供，則它應該包含您的私鑰和憑證）：
-certSign.selectJKS=選擇你的 Java Keystore 檔案 （副檔名可能是 .jks 或 .keystore）：
+certSign.selectJKS=選擇您的 Java Keystore 檔案 （副檔名可能是 .jks 或 .keystore）：
 certSign.certType=憑證類型
-certSign.password=輸入你的金鑰庫或私鑰密碼（如果有的話）：
+certSign.password=輸入您的金鑰庫或私鑰密碼（如果有的話）：
 certSign.showSig=顯示簽章
 certSign.reason=原因
 certSign.location=位置
@@ -862,7 +862,7 @@ sign.first=第一頁
 sign.last=最後一頁
 sign.next=下一頁
 sign.previous=上一頁
-sign.maintainRatio=Toggle maintain aspect ratio
+sign.maintainRatio=切換維持長寬比
 
 
 #repair
@@ -1319,8 +1319,8 @@ splitByChapters.submit=分割 PDF
 fileChooser.click=點選
 fileChooser.or=或
 fileChooser.dragAndDrop=拖放檔案
-fileChooser.dragAndDropPDF=Drag & Drop PDF file
+fileChooser.dragAndDropPDF=拖放 PDF 檔案
-fileChooser.dragAndDropImage=Drag & Drop Image file
+fileChooser.dragAndDropImage=拖放圖片檔案
 fileChooser.hoveredDragAndDrop=將檔案拖放至此
 
 #release notes

src/main/resources/settings.yml.template

@@ -63,6 +63,7 @@ security:
 enterpriseEdition:
   enabled: false # set to 'true' to enable enterprise edition
   key: 00000000-0000-0000-0000-000000000000
+  SSOAutoLogin: false # Enable to auto login to first provided SSO
   CustomMetadata:
     autoUpdateMetadata: false # set to 'true' to automatically update metadata with below values
     author: username # supports text such as 'John Doe' or types such as username to autopopulate with user's username
@@ -86,8 +87,8 @@ system:
   tessdataDir: /usr/share/tessdata # path to the directory containing the Tessdata files. This setting is relevant for Windows systems. For Windows users, this path should be adjusted to point to the appropriate directory where the Tessdata files are stored.
   enableAnalytics: 'true' # set to 'true' to enable analytics, set to 'false' to disable analytics; for enterprise users, this is set to true
   datasource:
-    enableCustomDatabase: false # set this property to 'true' if you would like to use your own custom database configuration
+    enableCustomDatabase: false # Enterprise users ONLY, set this property to 'true' if you would like to use your own custom database configuration
-    customDatabaseUrl: jdbc:postgresql://localhost:5432/postgres # set the url for your own custom database connection. If provided, the type, hostName, port and name are not necessary and will not be used
+    customDatabaseUrl: '' # eg jdbc:postgresql://localhost:5432/postgres, set the url for your own custom database connection. If provided, the type, hostName, port and name are not necessary and will not be used
     username: postgres # set the database username
     password: postgres # set the database password
     type: postgresql # the type of the database to set (e.g. 'h2', 'postgresql')

src/main/resources/static/images/rename.svg

@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
+<svg width="800px" height="800px" viewBox="0 0 512 512" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+    <title>rename</title>
+        <symbol id="icon-rename" viewBox="0 0 512 512">
+    <g id="Page-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
+        <g id="Combined-Shape" fill="currentColor" transform="translate(42.666667, 64.000000)">
+            <path d="M362.666667,1.42108547e-14 L362.666667,21.3333333 L320,21.333 L320,362.666 L362.666667,362.666667 L362.666667,384 L320,383.999 L320,384 L298.666667,384 L298.666,383.999 L256,384 L256,362.666667 L298.666,362.666 L298.666,21.333 L256,21.3333333 L256,1.42108547e-14 L362.666667,1.42108547e-14 Z M426.666667,64 L426.666667,320 L341.333333,320 L341.333333,277.333333 L384,277.333333 L384,106.666667 L341.333333,106.666667 L341.333333,64 L426.666667,64 Z M277.333333,64 L277.333333,320 L3.55271368e-14,320 L3.55271368e-14,64 L277.333333,64 Z M179.2,89.6 L149.333333,89.6 L149.333333,234.666667 C149.333333,248 148.5,256.333333 147.875,264.354167 L147.792993,265.422171 L147.792993,265.422171 L147.714003,266.48894 C147.417695,270.579012 147.2,274.696296 147.2,279.466667 L147.2,279.466667 L177.066667,279.466667 L177.066667,260.266667 C184.941497,273.926888 199.708077,282.130544 215.466667,281.6 C229.540046,281.805757 242.921593,275.508559 251.733333,264.533333 C263.162478,248.989677 269.832496,230.461848 270.933333,211.2 C270.933333,170.666667 249.6,142.933333 217.6,142.933333 C202.507405,142.999748 188.308689,150.099106 179.2,162.133333 L179.2,162.133333 L179.2,89.6 Z M119.466667,162.133333 C107.961824,149.843793 91.4322333,143.546807 74.6666667,145.066667 C57.6785115,144.485924 40.8138255,148.15216 25.6,155.733333 L25.6,155.733333 L34.1333333,177.066667 C45.3979052,171.147831 57.7246848,167.522308 70.4,166.4 C78.5613135,165.511423 86.6853595,168.371259 92.4903835,174.176283 C98.2954074,179.981307 101.155244,188.105353 100.266667,196.266667 L100.266667,196.266667 L100.266667,198.4 L78.9333333,198.4 C65.8181975,197.679203 52.705771,199.864608 40.5333333,204.8 C26.2806563,210.950309 17.6507691,225.621117 19.2,241.066667 C19.0625857,252.057651 23.6679763,262.574827 31.8381493,269.927982 C40.0083223,277.281138 50.9508304,280.757072 61.8666667,279.466667 C77.2795695,280.291768 92.2192911,274.001359 102.4,262.4 L102.4,262.4 L102.4,277.333333 L130.133333,277.333333 C128.292479,266.054406 127.577851,254.620365 128,243.2 L128,243.2 L128,204.8 C129.999138,190.023932 126.995128,175.003882 119.466667,162.133333 Z M98.1333333,213.333333 L98.1333333,238.933333 C92.082572,249.988391 80.836024,257.218314 68.2666667,258.133333 C63.0655139,258.520242 57.9538681,256.621996 54.2659359,252.934064 C50.5780036,249.246132 48.6797582,244.134486 49.0666667,238.933333 C49.0666667,224 59.7333333,215.466667 85.3333333,213.333333 L85.3333333,213.333333 L98.1333333,213.333333 Z M209.066667,166.4 C226.133333,166.4 238.933333,183.466667 238.933333,211.2 C238.933333,238.933333 228.266667,256 211.2,256 C197.298049,255.69869 184.825037,247.383349 179.2,234.666667 L179.2,234.666667 L179.2,187.733333 C185.154203,176.240507 196.263981,168.304951 209.066667,166.4 Z">
+</path>
+        </g>
+    </g>
+    </symbol>
+</svg>

src/main/resources/static/js/settings.js

@@ -39,4 +39,3 @@ document.getElementById("cacheInputs").addEventListener("change", function () {
   cacheInputs = this.checked ? "enabled" : "disabled";
   localStorage.setItem("cacheInputs", cacheInputs);
 });
-

src/main/resources/templates/account.html

@@ -104,7 +104,14 @@
               </div>
               <script th:inline="javascript">
                 jQuery.validator.addMethod("usernamePattern", function(value, element) {
-                    return this.optional(element) || /^[a-zA-Z0-9][a-zA-Z0-9@._+-]*[a-zA-Z0-9]$|^(?=.{1,64}@)[A-Za-z0-9]+(\.[A-Za-z0-9_+.-]+)*@[^-][A-Za-z0-9-]+(\.[A-Za-z0-9-]+)*(\.[A-Za-z]{2,})$/.test(value);
+                  // Regular expression for user name: Min. 3 characters, max. 50 characters
+                  const regexUsername = /^[a-zA-Z0-9](?!.*[-@._+]{2,})([a-zA-Z0-9@._+-]{1,48})[a-zA-Z0-9]$/;
+
+                  // Regular expression for email addresses: Max. 320 characters, with RFC-like validation
+                  const regexEmail = /^(?=.{1,320}$)(?=.{1,64}@)[A-Za-z0-9](?:[A-Za-z0-9_.+-]*[A-Za-z0-9])?@[^-][A-Za-z0-9-]+(?:\.[A-Za-z0-9-]+)*(?:\.[A-Za-z]{2,})$/;
+
+                  // Check if the field is optional or meets the requirements
+                  return this.optional(element) || regexUsername.test(value) || regexEmail.test(value);
                 }, /*[[#{invalidUsernameMessage}]]*/ "Invalid username format");
                 $(document).ready(function() {
                   $.validator.addMethod("passwordMatch", function(value, element) {
@@ -267,7 +274,7 @@
               </div>
 
               <script th:inline="javascript">
-                document.addEventListener("DOMContentLoaded", function() {
+                document.addEventListener("DOMContentLoaded", async function() {
                   const settingsTableBody = document.querySelector("#settingsTable tbody");
 
                   /*<![CDATA[*/
@@ -306,29 +313,38 @@
                     location.reload();  // Refresh the page after sync
                   });
 
-                  document.getElementById('syncToAccount').addEventListener('click', function() {
+                  document.getElementById('syncToAccount').addEventListener('click', async  function() {
                     /*<![CDATA[*/
                     const urlUpdateUserSettings = /*[[@{/api/v1/user/updateUserSettings}]]*/ "/api/v1/user/updateUserSettings";
                     /*]]>*/
-                    let form = document.createElement("form");
-                    form.method = "POST";
-                    form.action = urlUpdateUserSettings;  // Your endpoint URL
 
+                    let settings = {};
                     for (let i = 0; i < localStorage.length; i++) {
                       const key = localStorage.key(i);
-                      if(key !== 'debug' && key !== '0' && key !== '1' && !key.includes('pdfjs') && !key.includes('posthog') && !key.includes('pageViews')) { // Only send non-ignored keys
+                      if(key !== 'debug' && key !== '0' && key !== '1' && !key.includes('pdfjs') && !key.includes('posthog') && !key.includes('pageViews')) {
-                        let hiddenField = document.createElement("input");
+                        settings[key] = localStorage.getItem(key);
-                        hiddenField.type = "hidden";
-                        hiddenField.name = key;
-                        hiddenField.value = localStorage.getItem(key);
-                        form.appendChild(hiddenField);
                       }
                     }
 
-                    document.body.appendChild(form);
+                    try {
-                    form.submit();
+                      const response = await window.fetchWithCsrf(urlUpdateUserSettings, {
+                        method: 'POST',
+                        headers: {
+                          'Content-Type': 'application/json',
+                        },
+                        body: JSON.stringify(settings)
                       });
 
+                      if (response.ok) {
+                        location.reload();
+                      } else {
+                        alert('Error syncing settings to account');
+                      }
+                    } catch (error) {
+                      console.error('Error:', error);
+                      alert('Error syncing settings to account');
+                    }
+                  });
                 });
               </script>
               <div class="mb-3 mt-4 text-center">

src/main/resources/templates/addUsers.html

@@ -207,7 +207,14 @@
 
       <script th:inline="javascript">
         jQuery.validator.addMethod("usernamePattern", function(value, element) {
-            return this.optional(element) || /^[a-zA-Z0-9][a-zA-Z0-9@._+-]*[a-zA-Z0-9]$|^(?=.{1,64}@)[A-Za-z0-9]+(\.[A-Za-z0-9_+.-]+)*@[^-][A-Za-z0-9-]+(\.[A-Za-z0-9-]+)*(\.[A-Za-z]{2,})$/.test(value);
+          // Regular expression for user name: Min. 3 characters, max. 50 characters
+          const regexUsername = /^[a-zA-Z0-9](?!.*[-@._+]{2,})([a-zA-Z0-9@._+-]{1,48})[a-zA-Z0-9]$/;
+
+          // Regular expression for email addresses: Max. 320 characters, with RFC-like validation
+          const regexEmail = /^(?=.{1,320}$)(?=.{1,64}@)[A-Za-z0-9](?:[A-Za-z0-9_.+-]*[A-Za-z0-9])?@[^-][A-Za-z0-9-]+(?:\.[A-Za-z0-9-]+)*(?:\.[A-Za-z]{2,})$/;
+
+          // Check if the field is optional or meets the requirements
+          return this.optional(element) || regexUsername.test(value) || regexEmail.test(value);
         }, /*[[#{invalidUsernameMessage}]]*/ "Invalid username format");
         $(document).ready(function() {
           $('[data-toggle="tooltip"]').tooltip();

src/main/resources/templates/fragments/navbar.html

@@ -82,12 +82,13 @@
                           th:replace="~{fragments/navbarEntry :: navbarEntry ('pdf-to-single-page', 'looks_one', 'home.PdfToSinglePage.title', 'home.PdfToSinglePage.desc', 'PdfToSinglePage.tags', 'organize')}">
                         </div>
                       </div>
-                      <div id="stacked" class="navbar-item col-lg-2 col-sm-6 py px-xl-1 px-2"style="display:flex; flex-direction: column;">
+                      <div id="stacked" class="navbar-item col-lg-2 col-sm-6 py px-xl-1 px-2"
+                        style="display:flex; flex-direction: column;">
                         <!-- Convert to PDF menu items -->
                         <div class="navbar-item py px-xl-1 px-2" style="margin-bottom: 1rem;">
                           <h6 class="menu-title" th:text="#{navbar.sections.convertTo}"></h6>
                           <div
-                          th:replace="~{fragments/navbarEntry :: navbarEntry ('img-to-pdf', 'image', 'home.imageToPdf.title', 'home.imageToPdf.desc', 'imageToPdf.tags', 'image')}">
+                            th:replace="~{fragments/navbarEntry :: navbarEntry ('img-to-pdf', 'picture_as_pdf', 'home.imageToPdf.title', 'home.imageToPdf.desc', 'imageToPdf.tags', 'image')}">
                           </div>
                           <div
                             th:replace="~{fragments/navbarEntry :: navbarEntry ('file-to-pdf', 'draft', 'home.fileToPDF.title', 'home.fileToPDF.desc', 'fileToPDF.tags', 'convert')}">
@@ -109,7 +110,7 @@
                         <div class="navbar-item py px-xl-1">
                           <h6 class="menu-title" th:text="#{navbar.sections.convertFrom}"></h6>
                           <div
-                          th:replace="~{fragments/navbarEntry :: navbarEntry ('pdf-to-img', 'image', 'home.pdfToImage.title', 'home.pdfToImage.desc', 'pdfToImage.tags', 'image')}">
+                            th:replace="~{fragments/navbarEntry :: navbarEntry ('pdf-to-img', 'photo_library', 'home.pdfToImage.title', 'home.pdfToImage.desc', 'pdfToImage.tags', 'image')}">
                           </div>
                           <div
                             th:replace="~{fragments/navbarEntry :: navbarEntry ('pdf-to-word', 'description', 'home.PDFToWord.title', 'home.PDFToWord.desc', 'PDFToWord.tags', 'word')}">
@@ -168,10 +169,10 @@
                           th:replace="~{fragments/navbarEntry :: navbarEntry ('sanitize-pdf', 'sanitizer', 'home.sanitizePdf.title', 'home.sanitizePdf.desc', 'sanitizePdf.tags', 'security')}">
                         </div>
                         <div
-                          th:replace="~{fragments/navbarEntry :: navbarEntry ('auto-redact', 'ink_eraser', 'home.autoRedact.title', 'home.autoRedact.desc', 'autoRedact.tags', 'security')}">
+                          th:replace="~{fragments/navbarEntry :: navbarEntry ('auto-redact', 'contract_delete', 'home.autoRedact.title', 'home.autoRedact.desc', 'autoRedact.tags', 'security')}">
                         </div>
                         <div
-                          th:replace="~{fragments/navbarEntry :: navbarEntry ('redact', 'ink_eraser', 'home.redact.title', 'home.redact.desc', 'redact.tags', 'security')}">
+                          th:replace="~{fragments/navbarEntry :: navbarEntry ('redact', 'playlist_remove', 'home.redact.title', 'home.redact.desc', 'redact.tags', 'security')}">
                         </div>
                         <div
                           th:replace="~{fragments/navbarEntry :: navbarEntry ('stamp', 'approval', 'home.AddStampRequest.title', 'home.AddStampRequest.desc', 'AddStampRequest.tags', 'security')}">
@@ -193,7 +194,7 @@
                           th:replace="~{fragments/navbarEntry :: navbarEntry ('add-image', 'add_photo_alternate', 'home.addImage.title', 'home.addImage.desc', 'addImage.tags', 'other')}">
                         </div>
                         <div
-                          th:replace="~{fragments/navbarEntry :: navbarEntry ('extract-images', 'photo_library', 'home.extractImages.title', 'home.extractImages.desc', 'extractImages.tags', 'other')}">
+                          th:replace="~{fragments/navbarEntry :: navbarEntry ('extract-images', 'wallpaper', 'home.extractImages.title', 'home.extractImages.desc', 'extractImages.tags', 'other')}">
                         </div>
                         <div
                           th:replace="~{fragments/navbarEntry :: navbarEntry ('flatten', 'layers_clear', 'home.flatten.title', 'home.flatten.desc', 'flatten.tags', 'other')}">
@@ -230,7 +231,7 @@
                           th:replace="~{fragments/navbarEntry :: navbarEntry ('pipeline', 'family_history', 'home.pipeline.title', 'home.pipeline.desc', 'pipeline.tags', 'advance')}">
                         </div>
                         <div
-                          th:replace="~{fragments/navbarEntry :: navbarEntry ('auto-rename', 'text_fields_alt', 'home.auto-rename.title', 'home.auto-rename.desc', 'auto-rename.tags', 'advance')}">
+                          th:replace="~{fragments/navbarEntryCustom :: navbarEntry ('auto-rename', '/images/rename.svg#icon-rename', 'home.auto-rename.title', 'home.auto-rename.desc', 'auto-rename.tags', 'advance')}">
                         </div>
                         <div
                           th:replace="~{fragments/navbarEntry :: navbarEntry ('repair', 'build', 'home.repair.title', 'home.repair.desc', 'repair.tags', 'advance')}">
@@ -340,7 +341,8 @@
               <span class="material-symbols-rounded" id="dark-mode-icon">
                 dark_mode
               </span>
-              <span class="icon-text icon-hide" id="dark-mode-text" th:data-text="#{navbar.darkmode}" th:text="#{navbar.darkmode}"></span>
+              <span class="icon-text icon-hide" id="dark-mode-text" th:data-text="#{navbar.darkmode}"
+                th:text="#{navbar.darkmode}"></span>
             </a>
           </li>
           <li class="nav-item dropdown">
@@ -361,7 +363,8 @@
           </li>
 
           <li class="nav-item dropdown">
-            <a class="nav-link" href="#" id="searchDropdown" role="button" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false" th:title="#{navbar.search}">
+            <a class="nav-link" href="#" id="searchDropdown" role="button" data-bs-toggle="dropdown"
+              aria-haspopup="true" aria-expanded="false" th:title="#{navbar.search}">
               <span class="material-symbols-rounded">
                 search
               </span>
@@ -370,7 +373,8 @@
             <div class="dropdown-menu dropdown-menu-tp" aria-labelledby="searchDropdown">
               <div class="dropdown-menu-wrapper px-xl-2 px-2">
                 <form th:action="@{''}" class="d-flex p-2 search-form" id="searchForm">
-                  <input class="form-control search-input" type="search" th:placeholder="#{navbar.search}" aria-label="Search" id="navbarSearchInput">
+                  <input class="form-control search-input" type="search" th:placeholder="#{navbar.search}"
+                    aria-label="Search" id="navbarSearchInput">
                 </form>
                 <!-- Search Results -->
                 <div id="searchResults" class="search-results scrollable-y dropdown-mw-20"></div>
@@ -379,13 +383,15 @@
           </li>
 
           <li class="nav-item" th:if="${!@runningEE}">
-            <a href="https://stirlingpdf.com/pricing" class="nav-link go-pro-link" target="_blank" rel="noopener noreferrer">
+            <a href="https://stirlingpdf.com/pricing" class="nav-link go-pro-link" target="_blank"
+              rel="noopener noreferrer">
               <span class="go-pro-badge" th:text="#{enterpriseEdition.button}"></span>
             </a>
           </li>
           <li class="nav-item">
             <!-- Settings Button -->
-            <a href="#" class="nav-link" data-bs-toggle="modal" data-bs-target="#settingsModal" th:title="#{navbar.settings}">
+            <a href="#" class="nav-link" data-bs-toggle="modal" data-bs-target="#settingsModal"
+              th:title="#{navbar.settings}">
               <span class="material-symbols-rounded">
                 settings
               </span>
@@ -420,10 +426,12 @@
                 th:title="#{visitGithub}">
                 <img th:src="@{'/images/github.svg'}" alt="github">
               </a>
-              <a href="https://hub.docker.com/r/stirlingtools/stirling-pdf" class="mx-1" role="button" target="_blank"th:title="#{seeDockerHub}">
+              <a href="https://hub.docker.com/r/stirlingtools/stirling-pdf" class="mx-1" role="button" target="_blank"
+                th:title="#{seeDockerHub}">
                 <img th:src="@{'/images/docker.svg'}" alt="docker">
               </a>
-              <a href="https://discord.gg/Cn8pWhQRxZ" class="mx-1" role="button" target="_blank" th:title="#{joinDiscord}">
+              <a href="https://discord.gg/Cn8pWhQRxZ" class="mx-1" role="button" target="_blank"
+                th:title="#{joinDiscord}">
                 <img th:src="@{'/images/discord.svg'}" alt="discord">
               </a>
             </div>

src/main/resources/templates/fragments/navbarEntryCustom.html

@@ -0,0 +1,13 @@
+<th:block th:fragment="navbarEntry(endpoint, toolIcon, titleKey, descKey, tagKey, toolGroup)"
+  th:if="${@endpointConfiguration.isEndpointEnabled(endpoint)}">
+  <a class="dropdown-item" href="#" th:href="@{${endpoint}}"
+    th:classappend="${endpoint.equals(currentPage)} ?  ${toolGroup} + ' active' : '' + ${toolGroup}"
+    th:title="#{${descKey}}" th:data-bs-tags="#{${tagKey}}">
+    <div class="icon" alt="icon" th:class="@{${toolGroup}}">
+      <svg class="nav-icon" style="height: 2.5rem; width:2.5rem">
+        <use th:xlink:href="@{${toolIcon}}"></use>
+      </svg>
+      <span class="icon-text" th:text="#{${titleKey}}"></span>
+    </div>
+  </a>
+</th:block>

src/main/resources/templates/home.html

@@ -140,7 +140,7 @@
             </div>
             <div class="feature-group-container">
               <div
-                th:replace="~{fragments/card :: card(id='img-to-pdf', cardTitle=#{home.imageToPdf.title}, cardText=#{home.imageToPdf.desc}, cardLink='img-to-pdf', toolIcon='image', tags=#{imageToPdf.tags}, toolGroup='image')}">
+                th:replace="~{fragments/card :: card(id='img-to-pdf', cardTitle=#{home.imageToPdf.title}, cardText=#{home.imageToPdf.desc}, cardLink='picture_as_pdf', toolIcon='picture_as_pdf', tags=#{imageToPdf.tags}, toolGroup='image')}">
               </div>
               <div
                 th:replace="~{fragments/card :: card(id='file-to-pdf', cardTitle=#{home.fileToPDF.title}, cardText=#{home.fileToPDF.desc}, cardLink='file-to-pdf', toolIcon='draft', tags=#{fileToPDF.tags}, toolGroup='convert')}">
@@ -166,7 +166,7 @@
             </div>
             <div class="feature-group-container">
               <div
-                th:replace="~{fragments/card :: card(id='pdf-to-img', cardTitle=#{home.pdfToImage.title}, cardText=#{home.pdfToImage.desc}, cardLink='pdf-to-img', toolIcon='image', tags=#{pdfToImage.tags}, toolGroup='image')}">
+                th:replace="~{fragments/card :: card(id='pdf-to-img', cardTitle=#{home.pdfToImage.title}, cardText=#{home.pdfToImage.desc}, cardLink='pdf-to-img', toolIcon='photo_library', tags=#{pdfToImage.tags}, toolGroup='image')}">
               </div>
               <div
                 th:replace="~{fragments/card :: card(id='pdf-to-pdfa', cardTitle=#{home.pdfToPDFA.title}, cardText=#{home.pdfToPDFA.desc}, cardLink='pdf-to-pdfa', toolIcon='picture_as_pdf', tags=#{pdfToPDFA.tags}, toolGroup='convert')}">
@@ -228,7 +228,7 @@
                 th:replace="~{fragments/card :: card(id='auto-redact', cardTitle=#{home.autoRedact.title}, cardText=#{home.autoRedact.desc}, cardLink='auto-redact', toolIcon='ink_eraser', tags=#{autoRedact.tags}, toolGroup='security')}">
               </div>
               <div
-                th:replace="~{fragments/card :: card(id='redact', cardTitle=#{home.redact.title}, cardText=#{home.redact.desc}, cardLink='redact', toolIcon='ink_eraser', tags=#{redact.tags}, toolGroup='security')}">
+                th:replace="~{fragments/card :: card(id='redact', cardTitle=#{home.redact.title}, cardText=#{home.redact.desc}, cardLink='redact', toolIcon='playlist_remove', tags=#{redact.tags}, toolGroup='security')}">
               </div>
               <div
                 th:replace="~{fragments/card :: card(id='stamp', cardTitle=#{home.AddStampRequest.title}, cardText=#{home.AddStampRequest.desc}, cardLink='stamp', toolIcon='approval', tags=#{AddStampRequest.tags}, toolGroup='security')}">
@@ -250,7 +250,7 @@
                 th:replace="~{fragments/card :: card(id='add-page-numbers', cardTitle=#{home.add-page-numbers.title}, cardText=#{home.add-page-numbers.desc}, cardLink='add-page-numbers', toolIcon='123', tags=#{add-page-numbers.tags}, toolGroup='other')}">
               </div>
               <div
-                th:replace="~{fragments/card :: card(id='add-image', cardTitle=#{home.addImage.title}, cardText=#{home.addImage.desc}, cardLink='add-image', toolIcon='text_fields', tags=#{addImage.tags}, toolGroup='other')}">
+                th:replace="~{fragments/card :: card(id='add-image', cardTitle=#{home.addImage.title}, cardText=#{home.addImage.desc}, cardLink='add-image', toolIcon='add_photo_alternate', tags=#{addImage.tags}, toolGroup='other')}">
               </div>
 
               <div
@@ -260,7 +260,7 @@
                 th:replace="~{fragments/card :: card(id='ocr-pdf', cardTitle=#{home.ocr.title}, cardText=#{home.ocr.desc}, cardLink='ocr-pdf', toolIcon='quick_reference_all', tags=#{ocr.tags}, toolGroup='other')}">
               </div>
               <div
-                th:replace="~{fragments/card :: card(id='extract-images', cardTitle=#{home.extractImages.title}, cardText=#{home.extractImages.desc}, cardLink='extract-images', toolIcon='photo_library', tags=#{extractImages.tags}, toolGroup='other')}">
+                th:replace="~{fragments/card :: card(id='extract-images', cardTitle=#{home.extractImages.title}, cardText=#{home.extractImages.desc}, cardLink='extract-images', toolIcon='wallpaper', tags=#{extractImages.tags}, toolGroup='other')}">
               </div>
               <div
                 th:replace="~{fragments/card :: card(id='flatten', cardTitle=#{home.flatten.title}, cardText=#{home.flatten.desc}, cardLink='flatten', toolIcon='layers_clear', tags=#{flatten.tags}, toolGroup='other')}">
@@ -288,7 +288,6 @@
           </div>
           <div id="groupAdvanced" class="feature-group">
             <div
-
               th:replace="~{fragments/featureGroupHeader :: featureGroupHeader(groupTitle=#{navbar.sections.advance})}">
             </div>
             <div class="feature-group-container">
@@ -338,7 +337,8 @@
 
 
   <!-- Survey Modal -->
-  <div class="modal fade" id="surveyModal" tabindex="-1" role="dialog" aria-labelledby="surveyModalLabel" aria-hidden="true">
+  <div class="modal fade" id="surveyModal" tabindex="-1" role="dialog" aria-labelledby="surveyModalLabel"
+    aria-hidden="true">
     <div class="modal-dialog modal-dialog-centered" role="document">
       <div class="modal-content">
         <div class="modal-header">
@@ -346,12 +346,16 @@
           <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
         </div>
         <div class="modal-body">
-          <p><span th:text="#{survey.changes}">Stirling-PDF has changed since the last survey! To find out more please check our blog post here: </span><a href="https://www.stirlingpdf.com/blog/stirling-pdf-future" target="_blank"> Stirling PDF</a></p>
+          <p><span th:text="#{survey.changes}">Stirling-PDF has changed since the last survey! To find out more please
+              check our blog post here: </span><a href="https://www.stirlingpdf.com/blog/stirling-pdf-future"
+              target="_blank"> Stirling PDF</a></p>
 
           <p th:text="#{survey.changes2}">With these changes we are getting paid business support and funding</p>
           <p th:text="#{survey.please}">Please consider taking our survey!</p>
-          <p th:text="#{survey.disabled}">Survey popup will be disabled in following updates but available at foot of page)</p>
+          <p th:text="#{survey.disabled}">Survey popup will be disabled in following updates but available at foot of
-          <a href="https://stirlingpdf.info/s/cm28y3niq000o56dv7liv8wsu" target="_blank" class="btn btn-primary" id="takeSurvey"th:text="#{survey.button}" >Take Survey</a>
+            page)</p>
+          <a href="https://stirlingpdf.info/s/cm28y3niq000o56dv7liv8wsu" target="_blank" class="btn btn-primary"
+            id="takeSurvey" th:text="#{survey.button}">Take Survey</a>
         </div>
         <div class="modal-footer">
           <div class="form-check mb-3">
@@ -368,21 +372,28 @@
 
 
   <!-- Analytics Modal -->
-  <div class="modal fade" id="analyticsModal" tabindex="-1" role="dialog" aria-labelledby="analyticsModalLabel" aria-hidden="true" th:if="${@analyticsPrompt}">
+  <div class="modal fade" id="analyticsModal" tabindex="-1" role="dialog" aria-labelledby="analyticsModalLabel"
+    aria-hidden="true" th:if="${@analyticsPrompt}">
     <div class="modal-dialog modal-dialog-centered" role="document">
       <div class="modal-content">
         <div class="modal-header">
-          <h5 class="modal-title" id="analyticsModalLabel" th:text="#{analytics.title}">Do you want make Stirling PDF better?</h5>
+          <h5 class="modal-title" id="analyticsModalLabel" th:text="#{analytics.title}">Do you want make Stirling PDF
+            better?</h5>
           <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
         </div>
         <div class="modal-body">
-          <p th:text="#{analytics.paragraph1}">Stirling PDF has opt in analytics to help us improve the product. We do not track any personal information or file contents.</p>
+          <p th:text="#{analytics.paragraph1}">Stirling PDF has opt in analytics to help us improve the product. We do
-          <p th:text="#{analytics.paragraph2}">Please consider enabling analytics to help Stirling-PDF grow and to allow us to understand our users better.</p>
+            not track any personal information or file contents.</p>
-          <p th:text="#{analytics.settings}">You can change the settings for analytics in the config/settings.yml file</p>
+          <p th:text="#{analytics.paragraph2}">Please consider enabling analytics to help Stirling-PDF grow and to allow
+            us to understand our users better.</p>
+          <p th:text="#{analytics.settings}">You can change the settings for analytics in the config/settings.yml file
+          </p>
         </div>
         <div class="modal-footer justify-content-between">
-                <button type="button" class="btn btn-secondary" data-bs-dismiss="modal" onclick="setAnalytics(false)" th:text="#{analytics.disable}">Disable analytics</button>
+          <button type="button" class="btn btn-secondary" data-bs-dismiss="modal" onclick="setAnalytics(false)"
-                <button type="button" class="btn btn-primary" th:text="#{analytics.enable}" onclick="setAnalytics(true)">Enable analytics</button>
+            th:text="#{analytics.disable}">Disable analytics</button>
+          <button type="button" class="btn btn-primary" th:text="#{analytics.enable}"
+            onclick="setAnalytics(true)">Enable analytics</button>
         </div>
       </div>
     </div>

src/main/resources/templates/login.html

@@ -11,7 +11,14 @@
     <div class="your-container-class"></div>
     <div class="container-flex">
       <main class="form-signin">
-        <script>
+        <script th:inline="javascript">
+          const redirectAttempts = parseInt(localStorage.getItem('ssoRedirectAttempts') || '0');
+          const urlParams = new URLSearchParams(window.location.search);
+          const hasRedirectError = urlParams.has('error');
+          const hasLogout = urlParams.has('logout');
+          const hasMessage = urlParams.has('message');
+          const MAX_REDIRECT_ATTEMPTS = 3;
+
           document.addEventListener('modeChanged', function(e) {
               var mode = e.detail;
 
@@ -31,6 +38,39 @@
           });
 
           document.addEventListener('DOMContentLoaded', function() {
+
+              const runningEE = /*[[${@runningEE}]]*/ false;
+              const SSOAutoLogin = /*[[${@SSOAutoLogin}]]*/ false;
+              const loginMethod = /*[[${loginMethod}]]*/ 'normal';
+              const providerList = /*[[${providerlist}]]*/ {};
+              const shouldAutoRedirect = !hasRedirectError &&
+                  !hasLogout &&
+                  !hasMessage &&
+                  redirectAttempts < MAX_REDIRECT_ATTEMPTS &&
+                  loginMethod !== 'normal' && runningEE && SSOAutoLogin;
+
+              console.log('Should redirect:', shouldAutoRedirect, {
+                  'No error': !hasRedirectError,
+                  'No logout': !hasLogout,
+                  'No message': !hasMessage,
+                  'Under max attempts': redirectAttempts < MAX_REDIRECT_ATTEMPTS,
+                  'Is only OAuth2': loginMethod === 'oauth2'
+              });
+
+              if (shouldAutoRedirect && providerList && Object.keys(providerList).length > 0) {
+                  localStorage.setItem('ssoRedirectAttempts', redirectAttempts + 1);
+                  const firstProvider = Object.keys(providerList)[0];
+                  window.location.href = firstProvider;
+              }
+
+              // Reset redirect attempts if successful login or after 1 hour
+              const lastAttemptTime = parseInt(localStorage.getItem('lastRedirectAttempt') || '0');
+              if (Date.now() - lastAttemptTime > 3600000) { // 1 hour
+                  localStorage.setItem('ssoRedirectAttempts', '0');
+              }
+              localStorage.setItem('lastRedirectAttempt', Date.now().toString());
+
+
               const defaultLocale = getStoredOrDefaultLocale();
               checkUserLanguage(defaultLocale);
 

src/main/resources/templates/releases.html

@@ -107,7 +107,7 @@
     /*<![CDATA[*/
 
     // Get the current version from the appVersion bean
-    const appVersion = [[${@appVersion}]];
+    const appVersion = /*[[${@appVersion}]]*/ '';
 
     // GitHub API configuration
     const REPO_OWNER = 'Stirling-Tools';
@@ -134,7 +134,6 @@
         return element;
     }
 
-	
     const ALLOWED_TAGS = {
         'a': ['href', 'target', 'rel', 'class'],
         'img': ['src', 'alt', 'width', 'height', 'style'],
@@ -275,9 +274,31 @@
 function formatText(text) {
     const container = document.createElement('div');
 
+    if (!text || typeof text !== 'string') {
+        console.error('Invalid input to formatText:', text);
+        return container;
+    }
+
+    let textWithoutComments;
+    try {
+        textWithoutComments = text.replace(
+            /<!-- Release notes generated using configuration in .github\/release\.yml at main -->/,
+            ''
+        );
+    } catch (error) {
+        console.error('Error in replace operation:', error);
+        return container;
+    }
+
     // Split the text into lines
-    const textWithoutComments = text.replace(/<!--[\s\S]*?-->/g, '');
+    let lines;
-    const lines = textWithoutComments.split('\n');
+    try {
+        lines = textWithoutComments.split('\n');
+    } catch (error) {
+        console.error('Error in split operation:', error);
+        return container;
+    }
+
     let currentList = null;
 
     lines.forEach(line => {
@@ -391,10 +412,26 @@ async function loadReleases() {
         while (container.firstChild) {
             container.removeChild(container.firstChild);
         }
+        const cachedReleases = sessionStorage.getItem('releases');
 
+        let releases;
+        if (cachedReleases) {
+            releases = JSON.parse(cachedReleases);
+            console.log("Read from storage");
+        } else {
             const response = await fetch(GITHUB_API + '/releases');
-        if (!response.ok) throw new Error('Failed to fetch releases');
+            if (!response.ok) {
-        const releases = await response.json();
+                if (response.status === 403) {
+                    throw new Error('API rate limit exceeded');
+                }
+                if (response.status === 404) {
+                    throw new Error('Repository not found');
+                }
+                throw new Error('Failed to fetch releases');
+            }
+            releases = await response.json();
+            sessionStorage.setItem('releases', JSON.stringify(releases));
+        }
 
         // Sort releases by version number (descending)
         releases.sort((a, b) => compareVersions(b.tag_name, a.tag_name));

test.sh

@@ -74,11 +74,11 @@ main() {
 
     # Building Docker images
     # docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest -f ./Dockerfile .
-  # docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-ultra-lite -f ./Dockerfile.ultra-lite .
+    docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-ultra-lite -f ./Dockerfile.ultra-lite .
 	
     # Test each configuration
-    #run_tests "Stirling-PDF-Ultra-Lite" "./exampleYmlFiles/docker-compose-latest-ultra-lite.yml"
+    run_tests "Stirling-PDF-Ultra-Lite" "./exampleYmlFiles/docker-compose-latest-ultra-lite.yml"
-	#docker-compose -f "./exampleYmlFiles/docker-compose-latest-ultra-lite.yml" down
+	docker-compose -f "./exampleYmlFiles/docker-compose-latest-ultra-lite.yml" down
 	
 
     #run_tests "Stirling-PDF" "./exampleYmlFiles/docker-compose-latest.yml"