This is an automated email from the ASF dual-hosted git repository.
krisden pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git
The following commit(s) were added to refs/heads/master by this push:
new d2f30e4 KNOX-1777 - Move pac4j version/dependencies to top level
pom.xml
d2f30e4 is described below
commit d2f30e40a3cd8a80158dd0070fc338cebec92508
Author: Kevin Risden <[email protected]>
AuthorDate: Thu Feb 14 14:08:32 2019 -0500
KNOX-1777 - Move pac4j version/dependencies to top level pom.xml
Signed-off-by: Kevin Risden <[email protected]>
---
gateway-provider-security-pac4j/pom.xml | 15 -------
pom.xml | 80 ++++++++++++++++++++++++++++++++-
2 files changed, 79 insertions(+), 16 deletions(-)
diff --git a/gateway-provider-security-pac4j/pom.xml
b/gateway-provider-security-pac4j/pom.xml
index 290e9c8..5af432a 100644
--- a/gateway-provider-security-pac4j/pom.xml
+++ b/gateway-provider-security-pac4j/pom.xml
@@ -28,12 +28,6 @@
<name>gateway-provider-security-pac4j</name>
<description>An extension of the gateway integrating pac4j as an
authentication provider.</description>
- <properties>
- <j2e-pac4j.version>4.1.0</j2e-pac4j.version>
- <pac4j.version>3.5.0</pac4j.version>
- <spring-core.version>5.1.4.RELEASE</spring-core.version>
- </properties>
-
<dependencies>
<dependency>
<groupId>org.apache.knox</groupId>
@@ -78,7 +72,6 @@
<dependency>
<groupId>org.pac4j</groupId>
<artifactId>j2e-pac4j</artifactId>
- <version>${j2e-pac4j.version}</version>
<exclusions>
<exclusion>
<groupId>org.pac4j</groupId>
@@ -91,12 +84,10 @@
<dependency>
<groupId>org.pac4j</groupId>
<artifactId>pac4j-cas</artifactId>
- <version>${pac4j.version}</version>
</dependency>
<dependency>
<groupId>org.pac4j</groupId>
<artifactId>pac4j-config</artifactId>
- <version>${pac4j.version}</version>
<exclusions>
<exclusion>
<groupId>xalan</groupId>
@@ -107,27 +98,22 @@
<dependency>
<groupId>org.pac4j</groupId>
<artifactId>pac4j-core</artifactId>
- <version>${pac4j.version}</version>
</dependency>
<dependency>
<groupId>org.pac4j</groupId>
<artifactId>pac4j-http</artifactId>
- <version>${pac4j.version}</version>
</dependency>
<dependency>
<groupId>org.pac4j</groupId>
<artifactId>pac4j-oauth</artifactId>
- <version>${pac4j.version}</version>
</dependency>
<dependency>
<groupId>org.pac4j</groupId>
<artifactId>pac4j-oidc</artifactId>
- <version>${pac4j.version}</version>
</dependency>
<dependency>
<groupId>org.pac4j</groupId>
<artifactId>pac4j-saml</artifactId>
- <version>${pac4j.version}</version>
<exclusions>
<exclusion>
<groupId>ch.qos.logback</groupId>
@@ -148,7 +134,6 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
- <version>${spring-core.version}</version>
</dependency>
<dependency>
diff --git a/pom.xml b/pom.xml
index 57ad595..f1cf2e2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -177,6 +177,7 @@
<hamcrest-json.version>0.2</hamcrest-json.version>
<httpclient.version>4.5.6</httpclient.version>
<httpcore.version>4.4.11</httpcore.version>
+ <j2e-pac4j.version>4.1.0</j2e-pac4j.version>
<jackson.version>2.9.8</jackson.version>
<jacoco-maven-plugin.version>0.8.3</jacoco-maven-plugin.version>
<jansi.version>1.17.1</jansi.version>
@@ -209,7 +210,7 @@
<mina.version>2.0.19</mina.version>
<nimbus-jose-jwt.version>7.0</nimbus-jose-jwt.version>
<okhttp.version>2.7.5</okhttp.version>
- <pac4j.version>2.1.0</pac4j.version>
+ <pac4j.version>3.5.0</pac4j.version>
<protobuf.version>3.6.1</protobuf.version>
<rest-assured.version>3.3.0</rest-assured.version>
<shiro.version>1.4.0</shiro.version>
@@ -218,6 +219,7 @@
<slf4j.version>1.7.25</slf4j.version>
<spotbugs.version>3.1.11</spotbugs.version>
<spotbugs-maven-plugin.version>3.1.11</spotbugs-maven-plugin.version>
+ <spring-core.version>5.1.5.RELEASE</spring-core.version>
<taglibs-standard.version>1.2.5</taglibs-standard.version>
<velocity.version>1.7</velocity.version>
<xmltool.version>3.3</xmltool.version>
@@ -1839,6 +1841,82 @@
<version>${metrics.version}</version>
</dependency>
+ <!-- pac4j Dependencies -->
+ <dependency>
+ <groupId>org.pac4j</groupId>
+ <artifactId>pac4j-cas</artifactId>
+ <version>${pac4j.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.pac4j</groupId>
+ <artifactId>pac4j-config</artifactId>
+ <version>${pac4j.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>xalan</groupId>
+ <artifactId>xalan</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.pac4j</groupId>
+ <artifactId>pac4j-core</artifactId>
+ <version>${pac4j.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.pac4j</groupId>
+ <artifactId>pac4j-http</artifactId>
+ <version>${pac4j.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.pac4j</groupId>
+ <artifactId>pac4j-oauth</artifactId>
+ <version>${pac4j.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.pac4j</groupId>
+ <artifactId>pac4j-oidc</artifactId>
+ <version>${pac4j.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.pac4j</groupId>
+ <artifactId>pac4j-saml</artifactId>
+ <version>${pac4j.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-classic</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>xalan</groupId>
+ <artifactId>xalan</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-core</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+
+ <!-- Upgrade pac4j-saml dependencies to avoid known CVEs -->
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-core</artifactId>
+ <version>${spring-core.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.pac4j</groupId>
+ <artifactId>j2e-pac4j</artifactId>
+ <version>${j2e-pac4j.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.pac4j</groupId>
+ <artifactId>pac4j-core</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+
<dependency>
<groupId>de.thetaphi</groupId>
<artifactId>forbiddenapis</artifactId>
