This is an automated email from the git hooks/post-receive script. New commit to branch develop in repository pollen. See https://gitlab.nuiton.org/chorem/pollen.git commit 5f169b9539792fbaa8cc94983bb663ea34c282d6 Author: Sylvain Bavencoff <bavencoff@codelutin.com> Date: Wed May 16 17:51:53 2018 +0200 Maj des dépendances java --- pollen-rest-api/pom.xml | 7 +- .../org/chorem/pollen/rest/api/v1/AuthApi.java | 6 +- .../pollen/rest/api/AbstractPollenRestApiTest.java | 2 + pollen-services/pom.xml | 7 +- .../services/DefaultPollenServiceContext.java | 52 +++--- .../services/config/PollenServicesConfig.java | 5 +- pom.xml | 179 ++++----------------- 7 files changed, 59 insertions(+), 199 deletions(-) diff --git a/pollen-rest-api/pom.xml b/pollen-rest-api/pom.xml index 1fa47b6f..deac8494 100644 --- a/pollen-rest-api/pom.xml +++ b/pollen-rest-api/pom.xml @@ -107,7 +107,7 @@ <dependency> <groupId>org.jboss.spec.javax.ws.rs</groupId> - <artifactId>jboss-jaxrs-api_2.0_spec</artifactId> + <artifactId>jboss-jaxrs-api_2.1_spec</artifactId> </dependency> <dependency> @@ -142,11 +142,6 @@ <artifactId>jackson-databind</artifactId> </dependency> - <dependency> - <groupId>org.apache.shiro</groupId> - <artifactId>shiro-core</artifactId> - </dependency> - <dependency> <groupId>org.nuiton.web</groupId> <artifactId>nuiton-web</artifactId> diff --git a/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/AuthApi.java b/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/AuthApi.java index 3436d3dd..a895c975 100644 --- a/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/AuthApi.java +++ b/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/AuthApi.java @@ -25,7 +25,6 @@ import com.google.gson.Gson; import org.apache.commons.lang3.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.apache.shiro.codec.Base64; import org.brickred.socialauth.SocialAuthManager; import org.chorem.pollen.persistence.entity.LoginProvider; import org.chorem.pollen.persistence.entity.PollenUser; @@ -37,9 +36,7 @@ import org.chorem.pollen.services.service.PollenUserService; import org.chorem.pollen.services.service.SocialAuthService; import org.chorem.pollen.services.service.security.MissingAuthenticationException; import org.chorem.pollen.services.service.security.PollenAuthenticationException; -import org.chorem.pollen.services.service.security.PollenCypherTechnicalException; import org.chorem.pollen.services.service.security.PollenEmailNotValidatedException; -import org.chorem.pollen.services.service.security.PollenInvalidSessionTokenException; import org.chorem.pollen.services.service.security.PollenSecurityContext; import org.chorem.pollen.services.service.security.PollenUserBannedException; import org.chorem.pollen.services.service.security.PollenUserUnknownException; @@ -59,6 +56,7 @@ import javax.ws.rs.QueryParam; import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; +import java.util.Base64; import java.util.List; import java.util.Map; @@ -88,7 +86,7 @@ public class AuthApi { PollenUserBannedException { if (StringUtils.startsWith(authHeader, "Basic ")) { - String s = new String(Base64.decode(StringUtils.substringAfter(authHeader, "Basic "))); + String s = new String(Base64.getDecoder().decode(StringUtils.substringAfter(authHeader, "Basic "))); String[] lp = s.split(":"); String login = lp[0]; String password = lp[1]; diff --git a/pollen-rest-api/src/test/java/org/chorem/pollen/rest/api/AbstractPollenRestApiTest.java b/pollen-rest-api/src/test/java/org/chorem/pollen/rest/api/AbstractPollenRestApiTest.java index 72136178..0b98651e 100644 --- a/pollen-rest-api/src/test/java/org/chorem/pollen/rest/api/AbstractPollenRestApiTest.java +++ b/pollen-rest-api/src/test/java/org/chorem/pollen/rest/api/AbstractPollenRestApiTest.java @@ -160,6 +160,8 @@ public class AbstractPollenRestApiTest { context.addParameter("javax.ws.rs.Application", PollenRestApiApplication.class.getName()); context.addServletMappingDecoded("/*", RESTEASY_SERVLET_NAME); server.start(); + +// Thread.sleep(60000); } protected String getWebappLocation() { diff --git a/pollen-services/pom.xml b/pollen-services/pom.xml index 72ae8dec..e8d1d3a4 100644 --- a/pollen-services/pom.xml +++ b/pollen-services/pom.xml @@ -181,11 +181,6 @@ <artifactId>nuiton-config</artifactId> </dependency> - <dependency> - <groupId>org.apache.shiro</groupId> - <artifactId>shiro-core</artifactId> - </dependency> - <dependency> <groupId>com.auth0</groupId> <artifactId>java-jwt</artifactId> @@ -221,7 +216,7 @@ <dependency> <groupId>org.jboss.spec.javax.ws.rs</groupId> - <artifactId>jboss-jaxrs-api_2.0_spec</artifactId> + <artifactId>jboss-jaxrs-api_2.1_spec</artifactId> </dependency> <dependency> diff --git a/pollen-services/src/main/java/org/chorem/pollen/services/DefaultPollenServiceContext.java b/pollen-services/src/main/java/org/chorem/pollen/services/DefaultPollenServiceContext.java index 9fef42d9..23fa38d6 100644 --- a/pollen-services/src/main/java/org/chorem/pollen/services/DefaultPollenServiceContext.java +++ b/pollen-services/src/main/java/org/chorem/pollen/services/DefaultPollenServiceContext.java @@ -26,11 +26,6 @@ import org.apache.commons.codec.binary.Base64; import org.apache.commons.codec.binary.Hex; import org.apache.commons.lang3.RandomStringUtils; import org.apache.commons.lang3.StringUtils; -import org.apache.shiro.crypto.RandomNumberGenerator; -import org.apache.shiro.crypto.hash.DefaultHashService; -import org.apache.shiro.crypto.hash.Hash; -import org.apache.shiro.crypto.hash.HashRequest; -import org.apache.shiro.util.ByteSource; import org.chorem.pollen.persistence.PollenPersistenceContext; import org.chorem.pollen.persistence.PollenTopiaApplicationContext; import org.chorem.pollen.services.config.PollenServicesConfig; @@ -39,8 +34,12 @@ import org.chorem.pollen.votecounting.VoteCountingFactory; import java.lang.reflect.Constructor; import java.lang.reflect.InvocationTargetException; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; import java.util.Date; import java.util.Locale; +import java.util.Random; import java.util.UUID; public class DefaultPollenServiceContext implements PollenServiceContext { @@ -55,11 +54,6 @@ public class DefaultPollenServiceContext implements PollenServiceContext { private PollenTopiaApplicationContext topiaApplicationContext; - /** - * To hash passwords. - */ - protected DefaultHashService hashService; - protected VoteCountingFactory voteCountingFactory; protected PollenUIContext uiContext; @@ -118,11 +112,10 @@ public class DefaultPollenServiceContext implements PollenServiceContext { @Override public String generateSalt() { - - RandomNumberGenerator generator = getHashService().getRandomNumberGenerator(); - ByteSource byteSource = generator.nextBytes(); - return byteSource.toBase64(); - + final Random r = new SecureRandom(); + byte[] salt = new byte[32]; + r.nextBytes(salt); + return Base64.encodeBase64String(salt); } @Override @@ -154,10 +147,19 @@ public class DefaultPollenServiceContext implements PollenServiceContext { @Override public String encodePassword(String salt, String password) { + String hashAlgorithmName = getPollenServicesConfig().getHashAlgorithmName(); + + try { + MessageDigest digest = MessageDigest.getInstance(hashAlgorithmName); + + digest.reset(); + digest.update(salt.getBytes()); + byte[] hashedBytes = digest.digest(password.getBytes()); + return Base64.encodeBase64String(hashedBytes); - HashRequest hashRequest = new HashRequest.Builder().setSalt(salt).setSource(password).build(); - Hash hash = getHashService().computeHash(hashRequest); - return hash.toBase64(); + } catch (NoSuchAlgorithmException e) { + throw new PollenTechnicalException("unable to hash password with " + hashAlgorithmName, e); + } } @@ -214,18 +216,4 @@ public class DefaultPollenServiceContext implements PollenServiceContext { } - protected DefaultHashService getHashService() { - - if (hashService == null) { - - hashService = new DefaultHashService(); - String hashAlgorithmName = getPollenServicesConfig().getHashAlgorithmName(); - hashService.setHashAlgorithmName(hashAlgorithmName); - - } - - return hashService; - - } - } diff --git a/pollen-services/src/main/java/org/chorem/pollen/services/config/PollenServicesConfig.java b/pollen-services/src/main/java/org/chorem/pollen/services/config/PollenServicesConfig.java index 591be692..1f611143 100644 --- a/pollen-services/src/main/java/org/chorem/pollen/services/config/PollenServicesConfig.java +++ b/pollen-services/src/main/java/org/chorem/pollen/services/config/PollenServicesConfig.java @@ -26,7 +26,6 @@ import com.google.common.collect.Maps; import org.apache.commons.lang3.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.apache.shiro.crypto.hash.Sha512Hash; import org.chorem.pollen.persistence.entity.CommentVisibility; import org.chorem.pollen.persistence.entity.PollType; import org.chorem.pollen.persistence.entity.ResultVisibility; @@ -82,7 +81,7 @@ public class PollenServicesConfig extends GeneratedPollenServicesConfig { for (PollenServicesConfigOption option : options) { builder.append(String.format("\n%1$-40s = %2$s", option.getKey(), - applicationConfig.getOption(option))); + applicationConfig.getOption(String.class, option.getKey()))); } log.info(builder.toString()); } @@ -106,7 +105,7 @@ public class PollenServicesConfig extends GeneratedPollenServicesConfig { } public String getHashAlgorithmName() { - return Sha512Hash.ALGORITHM_NAME; + return "SHA-512"; } @Override diff --git a/pom.xml b/pom.xml index cfa25a01..47b6aedb 100644 --- a/pom.xml +++ b/pom.xml @@ -174,29 +174,27 @@ <projectId>pollen</projectId> <!-- customized versions --> - <resteasyVersion>3.0.17.Final</resteasyVersion> - <jacksonVersion>2.8.11</jacksonVersion> + <resteasyVersion>3.5.1.Final</resteasyVersion> + <jacksonVersion>2.9.5</jacksonVersion> - <nuitonI18nVersion>3.6.2</nuitonI18nVersion> + <nuitonI18nVersion>3.7</nuitonI18nVersion> <eugenePluginVersion>3.0-alpha-10</eugenePluginVersion> - <topiaVersion>3.4</topiaVersion> + <topiaVersion>3.4.1</topiaVersion> <flywayVersion>5.0.0</flywayVersion> - <nuitonWebVersion>1.19</nuitonWebVersion> - <nuitonUtilsVersion>3.0-rc-17</nuitonUtilsVersion> - <nuitonConfigVersion>3.1.1</nuitonConfigVersion> + <nuitonWebVersion>1.20</nuitonWebVersion> + <nuitonUtilsVersion>3.0</nuitonUtilsVersion> + <nuitonConfigVersion>3.4</nuitonConfigVersion> <nuitonCsvVersion>3.0-alpha-3</nuitonCsvVersion> - <nuitonValidatorVersion>3.0.1</nuitonValidatorVersion> - <h2Version>1.4.178</h2Version> - <postgresqlVersion>9.4.1212.jre7</postgresqlVersion> - <shiroVersion>1.2.6</shiroVersion> - <javaJwtVersion>3.2.0</javaJwtVersion> - <slf4jVersion>1.7.22</slf4jVersion> - <jettyVersion>9.0.3.v20130506</jettyVersion> - <tomcatEmbedVersion>8.0.51</tomcatEmbedVersion> + <nuitonValidatorVersion>3.2</nuitonValidatorVersion> + <h2Version>1.4.197</h2Version> + <postgresqlVersion>42.2.2.jre7</postgresqlVersion> + <javaJwtVersion>3.3.0</javaJwtVersion> + <slf4jVersion>1.7.25</slf4jVersion> + <tomcatEmbedVersion>8.5.31</tomcatEmbedVersion> + <tomcatEmbedLoggingVersion>8.5.2</tomcatEmbedLoggingVersion> <hibernateVersion>5.2.10.Final</hibernateVersion> - <seleniumVersion>2.33.0</seleniumVersion> - <httpCommonsHttpclientVersion>4.5.2</httpCommonsHttpclientVersion> + <httpCommonsHttpclientVersion>4.5.5</httpCommonsHttpclientVersion> <pollenI18nBundle>pollen-i18n</pollenI18nBundle> <!-- license to use --> @@ -257,7 +255,7 @@ <dependency> <groupId>org.apache.commons</groupId> <artifactId>commons-lang3</artifactId> - <version>3.5</version> + <version>3.7</version> </dependency> <dependency> <groupId>commons-logging</groupId> @@ -267,7 +265,7 @@ <dependency> <groupId>commons-io</groupId> <artifactId>commons-io</artifactId> - <version>2.5</version> + <version>2.6</version> </dependency> <dependency> <groupId>commons-beanutils</groupId> @@ -277,7 +275,7 @@ <dependency> <groupId>commons-codec</groupId> <artifactId>commons-codec</artifactId> - <version>1.10</version> + <version>1.11</version> </dependency> <dependency> <groupId>org.apache.commons</groupId> @@ -288,14 +286,14 @@ <dependency> <groupId>com.sun.mail</groupId> <artifactId>javax.mail</artifactId> - <version>1.5.2</version> + <version>1.6.1</version> </dependency> <!-- Guava --> <dependency> <groupId>com.google.guava</groupId> <artifactId>guava</artifactId> - <version>21.0</version> + <version>25.0-jre</version> </dependency> <!-- persistence module dependencies --> @@ -349,7 +347,7 @@ <dependency> <groupId>com.esotericsoftware.yamlbeans</groupId> <artifactId>yamlbeans</artifactId> - <version>1.11</version> + <version>1.13</version> </dependency> <dependency> @@ -402,12 +400,12 @@ <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> - <version>2.8.0</version> + <version>${jacksonVersion}</version> </dependency> <dependency> <groupId>org.jboss.spec.javax.ws.rs</groupId> - <artifactId>jboss-jaxrs-api_2.0_spec</artifactId> + <artifactId>jboss-jaxrs-api_2.1_spec</artifactId> <version>1.0.0.Final</version> </dependency> @@ -456,25 +454,6 @@ <version>${nuitonI18nVersion}</version> </dependency> - <dependency> - <groupId>org.eclipse.jetty</groupId> - <artifactId>jetty-runner</artifactId> - <version>9.4.0.v20161208</version> - </dependency> - <dependency> - <groupId>javax.servlet</groupId> - <artifactId>javax.servlet-api</artifactId> - <version>3.1.0</version> - </dependency> - - <!-- Shiro --> - - <dependency> - <groupId>org.apache.shiro</groupId> - <artifactId>shiro-core</artifactId> - <version>${shiroVersion}</version> - </dependency> - <!-- Jwt-java --> <dependency> <groupId>com.auth0</groupId> @@ -482,32 +461,12 @@ <version>${javaJwtVersion}</version> </dependency> - <!--dependency> - <groupId>org.apache.shiro</groupId> - <artifactId>shiro-web</artifactId> - <version>${shiroVersion}</version> - </dependency--> - - <!-- JFreeChart --> - - <!--dependency> - <groupId>org.jfree</groupId> - <artifactId>jfreechart</artifactId> - <version>1.0.14</version> - </dependency> - - <dependency> - <groupId>org.jfree</groupId> - <artifactId>jcommon</artifactId> - <version>1.0.17</version> - </dependency--> - <!-- Rome (rss) --> <dependency> <groupId>com.rometools</groupId> <artifactId>rome</artifactId> - <version>1.7.2</version> + <version>1.9.0</version> </dependency> <!-- Logging --> @@ -527,13 +486,6 @@ <version>0.9.5</version> </dependency> - <!--dependency> - <groupId>javax.servlet</groupId> - <artifactId>servlet-api</artifactId> - <version>2.5</version> - <scope>provided</scope> - </dependency--> - <dependency> <groupId>org.apache.httpcomponents</groupId> <artifactId>fluent-hc</artifactId> @@ -543,7 +495,7 @@ <dependency> <groupId>org.apache.httpcomponents</groupId> <artifactId>httpcore</artifactId> - <version>4.4.5</version> + <version>4.4.9</version> </dependency> <dependency> @@ -555,23 +507,16 @@ <dependency> <groupId>com.google.code.gson</groupId> <artifactId>gson</artifactId> - <version>2.8.0</version> + <version>2.8.4</version> </dependency> <dependency> <groupId>javax</groupId> <artifactId>javaee-api</artifactId> - <version>7.0</version> + <version>8.0</version> <scope>provided</scope> </dependency> - <!--dependency> - <groupId>org.mortbay.jetty</groupId> - <artifactId>jetty-runner</artifactId> - <version>${jettyVersion}</version> - <scope>provided</scope> - </dependency--> - <dependency> <groupId>org.apache.tomcat.embed</groupId> <artifactId>tomcat-embed-core</artifactId> @@ -582,14 +527,14 @@ <dependency> <groupId>org.apache.tomcat.embed</groupId> <artifactId>tomcat-embed-logging-juli</artifactId> - <version>${tomcatEmbedVersion}</version> + <version>${tomcatEmbedLoggingVersion}</version> <scope>provided</scope> </dependency> <dependency> <groupId>org.apache.tomcat.embed</groupId> <artifactId>tomcat-embed-logging-log4j</artifactId> - <version>${tomcatEmbedVersion}</version> + <version>${tomcatEmbedLoggingVersion}</version> <scope>provided</scope> </dependency> @@ -625,68 +570,6 @@ <version>4.14</version> </dependency> - <!--dependency> - <groupId>javax.activation</groupId> - <artifactId>activation</artifactId> - <version>1.1.1</version> - </dependency--> - - <!-- Selenium --> - <!--dependency> - <groupId>org.seleniumhq.selenium</groupId> - <artifactId>selenium-api</artifactId> - <version>${seleniumVersion}</version> - <scope>test</scope> - </dependency> - <dependency> - <groupId>org.seleniumhq.selenium</groupId> - <artifactId>selenium-support</artifactId> - <version>${seleniumVersion}</version> - <scope>test</scope> - </dependency> - <dependency> - <groupId>org.seleniumhq.selenium</groupId> - <artifactId>selenium-chrome-driver</artifactId> - <version>${seleniumVersion}</version> - <scope>test</scope> - </dependency> - <dependency> - <groupId>org.seleniumhq.selenium</groupId> - <artifactId>selenium-ie-driver</artifactId> - <version>${seleniumVersion}</version> - <scope>test</scope> - </dependency> - <dependency> - <groupId>org.seleniumhq.selenium</groupId> - <artifactId>selenium-safari-driver</artifactId> - <version>${seleniumVersion}</version> - <scope>test</scope> - </dependency> - <dependency> - <groupId>org.seleniumhq.selenium</groupId> - <artifactId>selenium-firefox-driver</artifactId> - <version>${seleniumVersion}</version> - <scope>test</scope> - </dependency> - <dependency> - <groupId>org.seleniumhq.selenium</groupId> - <artifactId>selenium-htmlunit-driver</artifactId> - <version>${seleniumVersion}</version> - <scope>test</scope> - </dependency> - <dependency> - <groupId>org.seleniumhq.selenium</groupId> - <artifactId>selenium-java</artifactId> - <version>${seleniumVersion}</version> - <scope>test</scope> - </dependency> - <dependency> - <groupId>org.seleniumhq.selenium</groupId> - <artifactId>selenium-remote-driver</artifactId> - <version>${seleniumVersion}</version> - <scope>test</scope> - </dependency--> - <!-- Logging --> <dependency> <groupId>log4j</groupId> @@ -698,7 +581,7 @@ <dependency> <groupId>org.mockito</groupId> <artifactId>mockito-core</artifactId> - <version>2.6.2</version> + <version>2.18.3</version> <scope>test</scope> </dependency> <dependency> @@ -717,7 +600,7 @@ <dependency> <groupId>org.assertj</groupId> <artifactId>assertj-core</artifactId> - <version>3.7.0</version> + <version>3.10.0</version> <scope>test</scope> </dependency> -- To stop receiving notification emails like this one, please contact chorem.org SCM administrator <admin+scm@chorem.org>.