Author: gk
Date: Mon Apr 15 13:51:10 2019
New Revision: 1857581
URL: http://svn.apache.org/viewvc?rev=1857581&view=rev
Log:
- add supress warnings for owasp
- remove junit 4.12 dependency (already transitively included) in pom.xml
- update xdoc migration documentation
- update jacoco (still optional) in pom.xml
- fix xml warning in application-schema.xml
- fix some javadoc
Modified:
turbine/core/trunk/extensions/maven-plugin/src/plugin-resources/om-layer/torque/schema/application-schema.xml
turbine/core/trunk/pom.xml
turbine/core/trunk/src/java/org/apache/turbine/Turbine.java
turbine/core/trunk/src/java/org/apache/turbine/services/schedule/QuartzSchedulerService.java
turbine/core/trunk/suppression-owasp-fp.xml
turbine/core/trunk/xdocs/howto/migrate-from-4_0-howto.xml
turbine/core/trunk/xdocs/todo.xml
Modified:
turbine/core/trunk/extensions/maven-plugin/src/plugin-resources/om-layer/torque/schema/application-schema.xml
URL:
http://svn.apache.org/viewvc/turbine/core/trunk/extensions/maven-plugin/src/plugin-resources/om-layer/torque/schema/application-schema.xml?rev=1857581&r1=1857580&r2=1857581&view=diff
==============================================================================
---
turbine/core/trunk/extensions/maven-plugin/src/plugin-resources/om-layer/torque/schema/application-schema.xml
(original)
+++
turbine/core/trunk/extensions/maven-plugin/src/plugin-resources/om-layer/torque/schema/application-schema.xml
Mon Apr 15 13:51:10 2019
@@ -32,5 +32,7 @@
defaultJavaType="primitive"
defaultJavaNamingMethod="underscore"
package="@DATABASE_PACKAGE@">
-
+ <table name="defaultName" >
+ <column name="colNamel"/>
+ </table>
</database>
Modified: turbine/core/trunk/pom.xml
URL:
http://svn.apache.org/viewvc/turbine/core/trunk/pom.xml?rev=1857581&r1=1857580&r2=1857581&view=diff
==============================================================================
--- turbine/core/trunk/pom.xml (original)
+++ turbine/core/trunk/pom.xml Mon Apr 15 13:51:10 2019
@@ -24,7 +24,6 @@
<artifactId>turbine-parent</artifactId>
<version>5</version>
</parent>
- <groupId>org.apache.turbine</groupId>
<artifactId>turbine</artifactId>
<name>Apache Turbine</name>
<version>5.0-SNAPSHOT</version>
@@ -501,6 +500,7 @@
</resource>
<resource>
<directory>${basedir}/src/main/resources</directory>
+ <!-- remove filtering to allow for non utf-8, if required; e.g. the
case of i10n and non ascii chars - otherwise use html entities or \u notation.
java.util.Properties files are in latin-1. -->
<filtering>true</filtering>
<includes>
<include>**/*.properties</include>
@@ -518,6 +518,16 @@
</includes>
</testResource>
</testResources>
+
+ <pluginManagement>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.torque</groupId>
+ <artifactId>torque-maven-plugin</artifactId>
+ <version>${torque.version}</version>
+ </plugin>
+ </plugins>
+ </pluginManagement>
<plugins>
<!-- run optionally, use not as reporting plugin, as it exposes file
paths to artifacts and
@@ -822,13 +832,15 @@
</dependencies>
</plugin>
<!-- no fat jar -->
- <!-- not activated, agent seems to block gpg agent ? -->
+ <!-- remove, if using parent 6 or above, not activated, agent seems to
block gpg agent ? -->
+ <!-- unskip this by setting -Djacoco.skip=true, cf. to pom property
+ Be aware, as we exclude tests itself, jacoco only starts, if not
skipping tests, as it is a coverage tool! -->
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<version>0.8.3</version>
<configuration>
- <skip>true</skip> <!-- not skipping in profile apache-release by
setting -Djacoco.skip=true or in pom property -->
+ <skip>${jacoco.skip}</skip>
<excludes>
<exclude>*/*Test*</exclude>
</excludes>
@@ -839,14 +851,23 @@
<goals>
<goal>prepare-agent</goal>
</goals>
- </execution>
- <execution>
+ </execution>
+ <execution>
<id>report</id>
<phase>prepare-package</phase>
<goals>
<goal>report</goal>
</goals>
- </execution>
+ </execution>
+ <!--execution>
+ <id>check</id>
+ <goals>
+ <goal>check</goal>
+ </goals>
+ <configuration>
+ <haltOnFailure>false</haltOnFailure>
+ </configuration>
+ </execution-->
</executions>
</plugin>
</plugins>
@@ -1032,6 +1053,7 @@
<classifier>tests</classifier>
<scope>test</scope>
</dependency>
+ <!-- suppress oswasp warning until v1.1.2 is released, which fixes
https://github.com/quartz-scheduler/quartz/issues/316 -->
<dependency>
<groupId>org.apache.fulcrum</groupId>
<artifactId>fulcrum-quartz</artifactId>
@@ -1112,12 +1134,6 @@
<version>2.0</version>
</dependency>
<dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <version>4.12</version>
- <scope>test</scope>
- </dependency>
- <dependency>
<groupId>org.hsqldb</groupId>
<artifactId>hsqldb</artifactId>
<version>2.2.9</version>
@@ -1143,12 +1159,12 @@
<skip>false</skip>
</configuration>
</plugin>
- <!-- set active, may block gpg agent, use -Dgpg.useagent=false or
kill gpg agent before start -->
+ <!-- if set active (e.g. by -Djacoco.skip=false), may block gpg
agent, use -Dgpg.useagent=false or kill gpg agent before start -->
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<configuration>
- <skip>${jacoco.skip}</skip><!-- by default false, but set in pom
-->
+ <skip>${jacoco.skip}</skip><!-- by default true -->
</configuration>
</plugin>
<plugin>
@@ -1208,7 +1224,7 @@
<fulcrum.intake>2.0.0</fulcrum.intake>
<fulcrum.security>1.1.3</fulcrum.security>
<slf4j.version>1.7.25</slf4j.version>
- <log4j2.version>2.11.1</log4j2.version>
+ <log4j2.version>2.11.2</log4j2.version>
<dependency.check.skip>true</dependency.check.skip>
<torque.version>4.0</torque.version>
<jacoco.skip>true</jacoco.skip>
Modified: turbine/core/trunk/src/java/org/apache/turbine/Turbine.java
URL:
http://svn.apache.org/viewvc/turbine/core/trunk/src/java/org/apache/turbine/Turbine.java?rev=1857581&r1=1857580&r2=1857581&view=diff
==============================================================================
--- turbine/core/trunk/src/java/org/apache/turbine/Turbine.java (original)
+++ turbine/core/trunk/src/java/org/apache/turbine/Turbine.java Mon Apr 15
13:51:10 2019
@@ -951,7 +951,7 @@ public class Turbine extends HttpServlet
}
/**
- * Check {@value TurbineConstants#LOG4J2_CONFIG_FILE} in Turbine
+ * Check {@linkplain TurbineConstants#LOG4J2_CONFIG_FILE} in Turbine
* configuration.
*
* @param logConfPath
Modified:
turbine/core/trunk/src/java/org/apache/turbine/services/schedule/QuartzSchedulerService.java
URL:
http://svn.apache.org/viewvc/turbine/core/trunk/src/java/org/apache/turbine/services/schedule/QuartzSchedulerService.java?rev=1857581&r1=1857580&r2=1857581&view=diff
==============================================================================
---
turbine/core/trunk/src/java/org/apache/turbine/services/schedule/QuartzSchedulerService.java
(original)
+++
turbine/core/trunk/src/java/org/apache/turbine/services/schedule/QuartzSchedulerService.java
Mon Apr 15 13:51:10 2019
@@ -400,7 +400,7 @@ public class QuartzSchedulerService
* Builds a {@link JobEntryQuartz} from Quartz trigger/job.
*
* The developer should be aware to set identity/context properly, i.e.
to
- * {@value JobEntryQuartz#DEFAULT_JOB_GROUP_NAME}, if adding triggers/jobs.
+ * {@link JobEntryQuartz#DEFAULT_JOB_GROUP_NAME}, if adding triggers/jobs.
*
* @param trigger a Quartz {@link Trigger}.
* @param jd a Quartz {@link JobDetail} (built from a {@link
org.quartz.Job} with {@link JobBuilder}).
Modified: turbine/core/trunk/suppression-owasp-fp.xml
URL:
http://svn.apache.org/viewvc/turbine/core/trunk/suppression-owasp-fp.xml?rev=1857581&r1=1857580&r2=1857581&view=diff
==============================================================================
--- turbine/core/trunk/suppression-owasp-fp.xml (original)
+++ turbine/core/trunk/suppression-owasp-fp.xml Mon Apr 15 13:51:10 2019
@@ -19,6 +19,23 @@
-->
<!-- general cft.
https://jeremylong.github.io/DependencyCheck/general/suppression.html -->
<suppressions
xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd";>
+ <!-- suppress c3p0 warning until quartz v1.1.2 is released (in fulcrum
quartz), which fixes https://github.com/quartz-scheduler/quartz/issues/316 -->
+ <suppress>
+ <notes><![CDATA[
+ file name: c3p0-0.9.5.2.jar
+ ]]></notes>
+ <gav regex="true">^com\.mchange:c3p0:.*$</gav>
+ <cve>CVE-2018-20433</cve>
+ </suppress>
+ <!-- suppress guava < 24.1.1 as jython is only optional (in turbine) -->
+ <suppress>
+ <notes><![CDATA[
+ file name: jython-standalone-2.7.1.jar (shaded:
com.google.guava:guava:22.0-android)
+ ]]></notes>
+ <gav regex="true">^com\.google\.guava:guava:.*$</gav>
+ <cve>CVE-2018-10237</cve>
+</suppress>
+
<!-- https://issues.apache.org/jira/browse/LOG4J2-1863 i.e. log4j 2.8.2
fixes, but affected versions match only log4j2 2.x, not log4j 1.x -->
<suppress>
<notes><![CDATA[
Modified: turbine/core/trunk/xdocs/howto/migrate-from-4_0-howto.xml
URL:
http://svn.apache.org/viewvc/turbine/core/trunk/xdocs/howto/migrate-from-4_0-howto.xml?rev=1857581&r1=1857580&r2=1857581&view=diff
==============================================================================
--- turbine/core/trunk/xdocs/howto/migrate-from-4_0-howto.xml (original)
+++ turbine/core/trunk/xdocs/howto/migrate-from-4_0-howto.xml Mon Apr 15
13:51:10 2019
@@ -154,6 +154,45 @@
</section>
+<section name="Migrating to Functioal Interfaces and Rundata">
+
+ <p>Functional interfaces are now used instead of abstract classes.
Rundata should be removed and instead of PipelineData used, but we keep it for
now.
+ As a result <strong>AbstractValve was removed</strong> and with it the
method <strong>getRunData(pipelineData)</strong> is gone.
+ You may retrieve the Rundata casted object now with
<strong>pipelineData.getRunData()</strong>.
+ </p>
+
+<source>
+<![CDATA[
+ // old
+ // RunData rundata = getRunData(pipelineData)
+ RunData rundata = pipelineData.getRunData();
+
+]]>
+ </source>
+
+ <p>
+ Assembler derived classes in package org.apache.turbine.modules
(Action, LayoutScreen, Navigation, Page, ..)
+ are now declared as java functional interfaces instead of abstract
classes.
+ Using them in child classes might be as easy as replacing
<strong>extends</strong> with <strong>implements</strong> keyword in class
declaration.
+ Remark: Method signature containing checked exceptions were not
changed. To use Java 8 functional lamda functions you may
+ catch and rethrow them wrapped into a RuntimeException.
+ </p>
+
+<source>
+<![CDATA[
+
+ // old
+ // class MyAction extends Action
+
+ class MyAction implements Action
+
+]]>
+</source>
+
+</section>
+
+
+
<section name="Migrating file upload to Parts">
<p>
Modified: turbine/core/trunk/xdocs/todo.xml
URL:
http://svn.apache.org/viewvc/turbine/core/trunk/xdocs/todo.xml?rev=1857581&r1=1857580&r2=1857581&view=diff
==============================================================================
--- turbine/core/trunk/xdocs/todo.xml (original)
+++ turbine/core/trunk/xdocs/todo.xml Mon Apr 15 13:51:10 2019
@@ -44,6 +44,7 @@ No current items.
<li>Make sure that pull tools get refreshed correctly under all
circumstances (done?)</li>
<li>Check lifetimes of authorized and session tools if the application is
not the standard login-logout application (done?)</li>
<li>Move AvalonComponentService to the Fortress container (suggested by
the avalon-dev list) - or looking for an alternative</li>
+ <li>Move doclint and jacoco settings to Turbine parent</li>
</ul>
</p>
</subsection>
@@ -51,7 +52,7 @@ No current items.
<subsection name="Blue Skying for future Turbine releases">
<p>
<ul>
- <li>Servlet 3.x asynchronous cycle handling / prototype / proof of concept
(servlet API is still 2.5 in Turbine in 2017)</li>
+ <li>Servlet 3.x asynchronous cycle handling / prototype / proof of concept
(Servlet API is 2.5 in Turbine 4.x, but 3.x for Turbine 5.x in 2019)</li>
<li>OSGI or Java 9 modularization (proposal exists and Java required
version is still 6 for Turbine in 2017</li>
</ul>
</p>
