knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kris...@apache.org
Subject [knox] branch master updated: KNOX-1777 - Move pac4j version/dependencies to top level pom.xml
Date Thu, 14 Feb 2019 20:25:19 GMT
This is an automated email from the ASF dual-hosted git repository.

krisden pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git


The following commit(s) were added to refs/heads/master by this push:
     new d2f30e4  KNOX-1777 - Move pac4j version/dependencies to top level pom.xml
d2f30e4 is described below

commit d2f30e40a3cd8a80158dd0070fc338cebec92508
Author: Kevin Risden <krisden@apache.org>
AuthorDate: Thu Feb 14 14:08:32 2019 -0500

    KNOX-1777 - Move pac4j version/dependencies to top level pom.xml
    
    Signed-off-by: Kevin Risden <krisden@apache.org>
---
 gateway-provider-security-pac4j/pom.xml | 15 -------
 pom.xml                                 | 80 ++++++++++++++++++++++++++++++++-
 2 files changed, 79 insertions(+), 16 deletions(-)

diff --git a/gateway-provider-security-pac4j/pom.xml b/gateway-provider-security-pac4j/pom.xml
index 290e9c8..5af432a 100644
--- a/gateway-provider-security-pac4j/pom.xml
+++ b/gateway-provider-security-pac4j/pom.xml
@@ -28,12 +28,6 @@
     <name>gateway-provider-security-pac4j</name>
     <description>An extension of the gateway integrating pac4j as an authentication
provider.</description>
 
-    <properties>
-        <j2e-pac4j.version>4.1.0</j2e-pac4j.version>
-        <pac4j.version>3.5.0</pac4j.version>
-        <spring-core.version>5.1.4.RELEASE</spring-core.version>
-    </properties>
-
     <dependencies>
         <dependency>
             <groupId>org.apache.knox</groupId>
@@ -78,7 +72,6 @@
         <dependency>
             <groupId>org.pac4j</groupId>
             <artifactId>j2e-pac4j</artifactId>
-            <version>${j2e-pac4j.version}</version>
             <exclusions>
                 <exclusion>
                     <groupId>org.pac4j</groupId>
@@ -91,12 +84,10 @@
         <dependency>
             <groupId>org.pac4j</groupId>
             <artifactId>pac4j-cas</artifactId>
-            <version>${pac4j.version}</version>
         </dependency>
         <dependency>
             <groupId>org.pac4j</groupId>
             <artifactId>pac4j-config</artifactId>
-            <version>${pac4j.version}</version>
             <exclusions>
                 <exclusion>
                     <groupId>xalan</groupId>
@@ -107,27 +98,22 @@
         <dependency>
             <groupId>org.pac4j</groupId>
             <artifactId>pac4j-core</artifactId>
-            <version>${pac4j.version}</version>
         </dependency>
         <dependency>
             <groupId>org.pac4j</groupId>
             <artifactId>pac4j-http</artifactId>
-            <version>${pac4j.version}</version>
         </dependency>
         <dependency>
             <groupId>org.pac4j</groupId>
             <artifactId>pac4j-oauth</artifactId>
-            <version>${pac4j.version}</version>
         </dependency>
         <dependency>
             <groupId>org.pac4j</groupId>
             <artifactId>pac4j-oidc</artifactId>
-            <version>${pac4j.version}</version>
         </dependency>
         <dependency>
             <groupId>org.pac4j</groupId>
             <artifactId>pac4j-saml</artifactId>
-            <version>${pac4j.version}</version>
             <exclusions>
                 <exclusion>
                     <groupId>ch.qos.logback</groupId>
@@ -148,7 +134,6 @@
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-core</artifactId>
-            <version>${spring-core.version}</version>
         </dependency>
 
         <dependency>
diff --git a/pom.xml b/pom.xml
index 57ad595..f1cf2e2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -177,6 +177,7 @@
         <hamcrest-json.version>0.2</hamcrest-json.version>
         <httpclient.version>4.5.6</httpclient.version>
         <httpcore.version>4.4.11</httpcore.version>
+        <j2e-pac4j.version>4.1.0</j2e-pac4j.version>
         <jackson.version>2.9.8</jackson.version>
         <jacoco-maven-plugin.version>0.8.3</jacoco-maven-plugin.version>
         <jansi.version>1.17.1</jansi.version>
@@ -209,7 +210,7 @@
         <mina.version>2.0.19</mina.version>
         <nimbus-jose-jwt.version>7.0</nimbus-jose-jwt.version>
         <okhttp.version>2.7.5</okhttp.version>
-        <pac4j.version>2.1.0</pac4j.version>
+        <pac4j.version>3.5.0</pac4j.version>
         <protobuf.version>3.6.1</protobuf.version>
         <rest-assured.version>3.3.0</rest-assured.version>
         <shiro.version>1.4.0</shiro.version>
@@ -218,6 +219,7 @@
         <slf4j.version>1.7.25</slf4j.version>
         <spotbugs.version>3.1.11</spotbugs.version>
         <spotbugs-maven-plugin.version>3.1.11</spotbugs-maven-plugin.version>
+        <spring-core.version>5.1.5.RELEASE</spring-core.version>
         <taglibs-standard.version>1.2.5</taglibs-standard.version>
         <velocity.version>1.7</velocity.version>
         <xmltool.version>3.3</xmltool.version>
@@ -1839,6 +1841,82 @@
                 <version>${metrics.version}</version>
             </dependency>
 
+            <!-- pac4j Dependencies -->
+            <dependency>
+                <groupId>org.pac4j</groupId>
+                <artifactId>pac4j-cas</artifactId>
+                <version>${pac4j.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.pac4j</groupId>
+                <artifactId>pac4j-config</artifactId>
+                <version>${pac4j.version}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>xalan</groupId>
+                        <artifactId>xalan</artifactId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+            <dependency>
+                <groupId>org.pac4j</groupId>
+                <artifactId>pac4j-core</artifactId>
+                <version>${pac4j.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.pac4j</groupId>
+                <artifactId>pac4j-http</artifactId>
+                <version>${pac4j.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.pac4j</groupId>
+                <artifactId>pac4j-oauth</artifactId>
+                <version>${pac4j.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.pac4j</groupId>
+                <artifactId>pac4j-oidc</artifactId>
+                <version>${pac4j.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.pac4j</groupId>
+                <artifactId>pac4j-saml</artifactId>
+                <version>${pac4j.version}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>ch.qos.logback</groupId>
+                        <artifactId>logback-classic</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>xalan</groupId>
+                        <artifactId>xalan</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring-core</artifactId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+
+            <!-- Upgrade pac4j-saml dependencies to avoid known CVEs -->
+            <dependency>
+                <groupId>org.springframework</groupId>
+                <artifactId>spring-core</artifactId>
+                <version>${spring-core.version}</version>
+            </dependency>
+
+            <dependency>
+                <groupId>org.pac4j</groupId>
+                <artifactId>j2e-pac4j</artifactId>
+                <version>${j2e-pac4j.version}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>org.pac4j</groupId>
+                        <artifactId>pac4j-core</artifactId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+
             <dependency>
                 <groupId>de.thetaphi</groupId>
                 <artifactId>forbiddenapis</artifactId>


Mime
View raw message