feat: Modernize ESPI REST controllers (Issue #98, no auth-server migration)

[dfcoffin]

Summary

Supersedes #114. Cherry-picks the controller modernization work from
@springframeworkguru’s PR #114 onto a clean base, excluding the openespi-authserver
→ openespi-datacustodian fold-in which contradicts CLAUDE. md’s “Authorization
Server is completely independent,” invariant and is being deferred for separate architectural review.
Contributor authorship preserved via cherry-pick (original author field intact;
this branch only changes committer).

What’s included

Two commits cherry-picked from PR #114:

• 0284345e — Update Spring Boot to latest (amended)

  • Bumps spring.boot.version from 4.0.1 → 4.0.3 in root pom.xml.
  • Original 2c63a162 was amended to drop unintended <repositories> changes
    (removed GBA’s GitHub Packages repo, added an unused Atlassian mirror, left commented-out duplicate). Only the version-bump line remains.

• 1af8610d — Modernizing Rest Controllers and improving performance

  • Re-enables 8 ESPI REST controllers from .disabled extension:
    ApplicationInformationRESTController, CustomerRESTController, CustomerAccountRESTController, ElectricPowerQualitySummaryRESTController,
    IntervalBlockRESTController, ReadingTypeRESTController,
    UsageSummaryRESTController, plus modifications to the existing MeterReadingController, UsagePointController, AuthorizationController
  • Adds 6 new per-resource *ExportService classes in openespi-common:
    ApplicationInformationExportService, CustomerAccountExportService, ElectricPowerQualitySummaryExportService, IntervalBlockExportService, MeterReadingExportService, ReadingTypeExportService,
    UsageSummaryExportService, plus unit tests
  • Adds ApplicationInformationServiceImpl modifications, mapper updates,
    repository tweaks, and controller test infrastructure
    (AbstractControllerMockTest)
  • Adds Lombok dependency to openespi-datacustodian/pom.xml (used by 7 new
    controllers)
  • Adds contributor working-notes doc controll-update-status.md (filename
    typo and location to be addressed in a follow-up)

What’s excluded from PR #114

• Commit 4e340a93 — the auth-server migration. Removed entirely. - Drops the 21-file openespi-datacustodian/.../authserver/ tree
  (config, controllers, services, DTOs, repository, ~7,000 lines)
  • Drops 13 OAuth2 Flyway migrations under openespi-datacustodian/.../db/vendor/ - Drops Spring Authorization Server dependencies - Restores ResourceServerConfig.java.
  • Keeps openespi-authserver as an independent module (per CLAUDE.md)
• Three whitespace-only commits (67d5e304, c955a4dc, e6385942) — pure
  CI-poke artifacts, no functional content.
  ## Auth-server stowaways removed during cherry-pick

Resolved while applying 3a420e9d:

File	Reason for revert
openespi-datacustodian/.../config/SecurityConfiguration.java	Commented out .anyRequest().authenticated() and added an unfinished securityMatcher stub — security regression
openespi-datacustodian/src/main/resources/application.yml	Misplaced spring.test.print-condition-evaluation-report: false (test-only flag in production config)
original review)
openespi-datacustodian/pom.xml — com.sun.syndication:com.springsource.com.sun.syndication:1.0.0	Ancient ROME fork from a defunct SpringSource repo, unused by cherry-picked code

Build and test results

Run locally with JDK 25 + Maven from D:\Maven\apache-maven-3.6.3 (note: CLAUDE.md
specifies Maven 3.9+ (worth upgrading separately).

• ✅ mvn clean compile -pl openespi-common,openespi-datacustodian,openespi-thirdparty -am — all four modules compile (~20s)

• ✅ mvn clean install -pl openespi-common,openespi-datacustodian,openespi-thirdparty -am -DskipTests — Spring Boot repackage succeeds for both data-custodian and third-party JARs (~32s) - ✅ mvn test -pl openespi-common,openespi-datacustodian -am — 642 of 662 tests pass, 0 failures, 0 cherry-pick regressions
  The 20 errors are all TestContainers integration tests failing with Could not find a valid Docker environment — environmental, caused by Docker Desktop being
  moved into WSL while these tests still expect the Windows named-pipe socket.
  Identical failures would occur on main and PR feat: Issue 98 controller functionality #114 today; not a regression and ## ESPI XML marshaling — primary objective signal
  All JAXB Atom-marshaling tests pass and produce correct ESPI Atom output with
  the right namespaces:

• http://naesb.org/espi (usage domain)

• http://naesb.org/espi/customer (customer domain)

• http://www.w3.org/2005/Atom

Verified XML output for: Customer, CustomerAccount, CustomerAgreement,
ServiceLocation, ServiceSupplier, EndDevice, Meter, UsagePoint, MeterReading,
ReadingType, UsageSummary, TimeConfiguration. The new *ExportService classes
correctly initialize per-namespace JAXBContext instances.
## Known follow-ups (not blocking this PR)

1. MapStruct unmapped target properties on IdentifiedObject base fields
   (id, selfLink, upLink, relatedLinks, published, updated, etc.)
   across ~18 mappers. These are exactly the fields ESPI Atom feeds need for
   rel= “self”/rel=” up”/rel=” related” link generation. File as a separate
   issue against the marshaling/unmarshalling objective. 2. controll-update-status.md — typo’d filename, sits in module root. Rename to controller-update-status.md and move to
   .junie/prompts/issue-98-controllers/status.md to match existing pattern.
2. @accountSecurityService.hasAccessToAccount(...) referenced by customer
   controllers but not implemented anywhere — surfaced by contributor in the
   status doc. Needs the bean implemented or the SpEL expressions revised. 4. Maven version — project requires 3.9+ per CLAUDE.md; this PR was built
   with 3.6.3. Upgrade tooling separately.
3. TestContainers + WSL Docker — document the chosen setup (TCP socket, WSL integration enabled, or move build to WSL) in a contributor
   guide.
   with 3.6.3. Upgrade tooling separately.
4. TestContainers + WSL Docker — document the chosen setup
   (TCP socket, WSL integration enabled, or move build to WSL) in a contributor
   guide.

Test plan

• mvn clean compile succeeds across all four modules
• mvn clean install -DskipTests succeeds; both Boot JARs repackage
• mvn test — non-Docker tests pass (642/662)
• No files under openespi-datacustodian/.../authserver/
• No files under openespi-datacustodian/.../db/vendor/
• ResourceServerConfig.java present
• openespi-authserver/ byte-identical to main.
• git diff origin/main -- pom.xml shows only the Spring Boot version bump
• CI green on push (build-and-test + security scan; SonarCloud skipped for
  same-repo branch per ci.yml fork-guard logic)

Closes by superseding #114.