You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by am...@apache.org on 2018/04/25 21:10:33 UTC
[ambari] branch trunk updated: AMBARI-23688. Remove unsecure
dependencies from ambari-server (amagyar) (#1095)
This is an automated email from the ASF dual-hosted git repository.
amagyar pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push:
new 25c83cd AMBARI-23688. Remove unsecure dependencies from ambari-server (amagyar) (#1095)
25c83cd is described below
commit 25c83cd577b20ff86725941cd7af870c61949e92
Author: Attila Magyar <m....@gmail.com>
AuthorDate: Wed Apr 25 23:10:27 2018 +0200
AMBARI-23688. Remove unsecure dependencies from ambari-server (amagyar) (#1095)
---
ambari-project/pom.xml | 14 +++----
ambari-server/pom.xml | 11 +++++-
.../jwt/AmbariJwtAuthenticationFilterTest.java | 43 +++++++++++-----------
3 files changed, 39 insertions(+), 29 deletions(-)
diff --git a/ambari-project/pom.xml b/ambari-project/pom.xml
index 394fb8a..9d6e5fa 100644
--- a/ambari-project/pom.xml
+++ b/ambari-project/pom.xml
@@ -33,7 +33,7 @@
<jetty.version>9.4.2.v20170220</jetty.version>
<ldap-api.version>1.0.0</ldap-api.version>
<checkstyle.version>6.19</checkstyle.version> <!-- last version that does not require Java 8 -->
- <swagger.version>1.5.10</swagger.version>
+ <swagger.version>1.5.19</swagger.version>
<swagger.maven.plugin.version>3.1.4</swagger.maven.plugin.version>
<slf4j.version>1.7.20</slf4j.version>
<guice.version>4.1.0</guice.version>
@@ -162,17 +162,17 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
- <version>4.2.2.RELEASE</version>
+ <version>4.2.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
- <version>4.2.2.RELEASE</version>
+ <version>4.2.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
- <version>4.2.2.RELEASE</version>
+ <version>4.2.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security.kerberos</groupId>
@@ -188,12 +188,12 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
- <version>4.0.4.RELEASE</version>
+ <version>4.1.1.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.ldap</groupId>
<artifactId>spring-ldap-core</artifactId>
- <version>2.0.4.RELEASE</version>
+ <version>2.3.2.RELEASE</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
@@ -329,7 +329,7 @@
<dependency>
<groupId>org.apache.ant</groupId>
<artifactId>ant-launcher</artifactId>
- <version>1.7.1</version>
+ <version>1.10.3</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
diff --git a/ambari-server/pom.xml b/ambari-server/pom.xml
index d3b6448..b71896c 100644
--- a/ambari-server/pom.xml
+++ b/ambari-server/pom.xml
@@ -1644,7 +1644,7 @@
<dependency>
<groupId>com.nimbusds</groupId>
<artifactId>nimbus-jose-jwt</artifactId>
- <version>3.9</version>
+ <version>5.9</version>
<scope>compile</scope>
<exclusions>
<exclusion>
@@ -1709,9 +1709,18 @@
<groupId>org.apache.zookeeper</groupId>
<artifactId>zookeeper</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>com.jcraft</groupId>
+ <artifactId>jsch</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
+ <groupId>com.jcraft</groupId>
+ <artifactId>jsch</artifactId>
+ <version>0.1.45</version>
+ </dependency>
+ <dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-util</artifactId>
<version>${jetty.version}</version>
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/jwt/AmbariJwtAuthenticationFilterTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/jwt/AmbariJwtAuthenticationFilterTest.java
index 77b3565..ba4eb74 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/jwt/AmbariJwtAuthenticationFilterTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/jwt/AmbariJwtAuthenticationFilterTest.java
@@ -125,14 +125,13 @@ public class AmbariJwtAuthenticationFilterTest extends EasyMockSupport {
Calendar calendar = Calendar.getInstance();
calendar.setTimeInMillis(System.currentTimeMillis());
- JWTClaimsSet claimsSet = new JWTClaimsSet();
- claimsSet.setSubject("test-user");
- claimsSet.setIssuer("unit-test");
- claimsSet.setIssueTime(calendar.getTime());
-
- claimsSet.setExpirationTime(expirationTime);
-
- claimsSet.setAudience(audience);
+ JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
+ .subject("test-user")
+ .issuer("unit-test")
+ .issueTime(calendar.getTime())
+ .expirationTime(expirationTime)
+ .audience(audience)
+ .build();
SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), claimsSet);
signedJWT.sign(signer);
@@ -143,19 +142,21 @@ public class AmbariJwtAuthenticationFilterTest extends EasyMockSupport {
private SignedJWT getInvalidToken() throws JOSEException {
RSASSASigner signer = new RSASSASigner(invalidPrivateKey);
- Calendar calendar = Calendar.getInstance();
- calendar.setTimeInMillis(System.currentTimeMillis());
- calendar.add(Calendar.DATE, -2);
-
- JWTClaimsSet claimsSet = new JWTClaimsSet();
- claimsSet.setSubject("test-user");
- claimsSet.setIssuer("unit-test");
- claimsSet.setIssueTime(calendar.getTime());
-
- calendar.add(Calendar.DATE, 1); //add one day
- claimsSet.setExpirationTime(calendar.getTime());
-
- claimsSet.setAudience("test-audience-invalid");
+ Calendar issueTime = Calendar.getInstance();
+ issueTime.setTimeInMillis(System.currentTimeMillis());
+ issueTime.add(Calendar.DATE, -2);
+
+ Calendar expirationTime = Calendar.getInstance();
+ issueTime.setTimeInMillis(System.currentTimeMillis());
+ expirationTime.add(Calendar.DATE, -1);
+
+ JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
+ .subject("test-user")
+ .issuer("unit-test")
+ .issueTime(issueTime.getTime())
+ .expirationTime(issueTime.getTime())
+ .audience("test-audience-invalid")
+ .build();
SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), claimsSet);
signedJWT.sign(signer);
--
To stop receiving notification emails like this one, please contact
amagyar@apache.org.