This is an automated email from the ASF dual-hosted git repository.
gk pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/turbine-core.git
The following commit(s) were added to refs/heads/trunk by this push:
new 24a53f6 upgrade fulcrum-security to 2.1.0, add url mapper service,
update howtos, references, suppress jython
24a53f6 is described below
commit 24a53f67cc0450f275e9fe2d91c3413404a28541
Author: Georg Kallidis <[email protected]>
AuthorDate: Fri Nov 19 15:58:55 2021 +0100
upgrade fulcrum-security to 2.1.0, add url mapper service, update howtos,
references, suppress jython
---
pom.xml | 9 +--
src/changes/changes.xml | 2 +-
src/site/site.xml | 3 +-
.../urlmapper/TurbineURLMapperServiceTest.java | 2 +-
suppression-owasp-fp.xml | 79 ++++++++++++----------
xdocs/features.xml | 2 +-
xdocs/howto/index.xml | 2 +-
xdocs/howto/url-mapper-howto.xml | 50 +++++++++-----
xdocs/index.xml | 10 +--
xdocs/services/index.xml | 6 ++
xdocs/services/urlmapper-service.xml | 50 ++++++++++++++
11 files changed, 148 insertions(+), 67 deletions(-)
diff --git a/pom.xml b/pom.xml
index ec16a69..2ded300 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1006,7 +1006,8 @@
<artifactId>fulcrum-quartz</artifactId>
<version>1.1.2</version>
</dependency>
- <!-- suppress owasp CVE-2018-11771, CVE-2018-1324, as jython-standalone is
optional.-->
+ <!-- suppress owasp CVE-2018-11771, CVE-2018-1324 .. as jython-standalone
is optional.
+ https://github.com/jython/jython/issues/137,
https://github.com/jython/jython/issues/138 -->
<dependency>
<groupId>org.python</groupId>
<artifactId>jython-standalone</artifactId>
@@ -1298,12 +1299,12 @@
<fulcrum.intake>2.0.0</fulcrum.intake>
<fulcrum.parser>2.0.1</fulcrum.parser>
<!--fulcrum.securityafter release change to 2.1.0 -->
- <fulcrum.security>2.0.1-SNAPSHOT</fulcrum.security>
+ <fulcrum.security>2.1.0</fulcrum.security>
<fulcrum.yaafi>1.0.8</fulcrum.yaafi>
<torque.version>5.0</torque.version>
- <jackson2.version>2.12.5</jackson2.version>
+ <jackson2.version>2.13.0</jackson2.version>
<doclint>none</doclint>
- <docker.testcontainers.version>1.16.0</docker.testcontainers.version>
+ <docker.testcontainers.version>1.16.2</docker.testcontainers.version>
<jacoco.skip>true</jacoco.skip>
<argLine></argLine>
</properties>
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index ae0c2ba..f001f27 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -24,7 +24,7 @@
</properties>
<body>
- <release version="5.1" date="in Subversion">
+ <release version="5.1" date="in Git">
<action type="update" dev="painter">
Updated dependencies: yauaa to 5.23, commons-lang3 to 3.12,
jython-standalone to 2.7.2
Update turbine-parent 8 (released)
diff --git a/src/site/site.xml b/src/site/site.xml
index 378d769..ba27015 100644
--- a/src/site/site.xml
+++ b/src/site/site.xml
@@ -78,6 +78,7 @@
<item name="Template Service"
href="/services/template-service.html"/>
<item name="UI Service" href="/services/ui-service.html"/>
<item name="Unique ID Service"
href="/services/uniqueid-service.html"/>
+ <item name="URL Mapper Service"
href="/services/urlmapper-service.html"/>
<item name="Upload Service"
href="http://turbine.apache.org/fulcrum/fulcrum-upload/"/>
<item name="Velocity Service"
href="/services/velocity-service.html"/>
<item name="XML-RPC Service"
href="http://turbine.apache.org/fulcrum/fulcrum-xmlrpc/"/>
@@ -99,7 +100,7 @@
<item name="Python Howto" href="/howto/python-howto.html"/>
<item name="Security Howto" href="/howto/security-howto.html"/>
<item name="Services Howto" href="/howto/services-howto.html"/>
- <item name="URL Simplifier Howto" href="/howto/url-mapper-howto.html"/>
+ <item name="URL Mapper Howto" href="/howto/url-mapper-howto.html"/>
<item name="URL Rewriting Howto"
href="/howto/url-rewriting-howto.html"/>
<item name="Velocity Context Howto" href="/howto/context-howto.html"/>
<item name="Velocity Site Howto"
href="/howto/velocity-site-howto.html"/>
diff --git
a/src/test/org/apache/turbine/services/urlmapper/TurbineURLMapperServiceTest.java
b/src/test/org/apache/turbine/services/urlmapper/TurbineURLMapperServiceTest.java
index dac2738..6492fde 100644
---
a/src/test/org/apache/turbine/services/urlmapper/TurbineURLMapperServiceTest.java
+++
b/src/test/org/apache/turbine/services/urlmapper/TurbineURLMapperServiceTest.java
@@ -85,7 +85,7 @@ public class TurbineURLMapperServiceTest extends BaseTestCase
* <p>
* and
*
- *
<code>scheme://bob/wow/damn2/bookId/123/template/Book.vm?detail=1&detail=2&view=collapsed</code>
+ *
<code>scheme://bob/wow/damn2/bookId/123/template/Book.vm?detail=1&detail=2&view=collapsed</code>
* <code>scheme://bob/wow/book/123/1?view=collapsed</code>
*
* @throws Exception
diff --git a/suppression-owasp-fp.xml b/suppression-owasp-fp.xml
index b7fd3f7..2703792 100644
--- a/suppression-owasp-fp.xml
+++ b/suppression-owasp-fp.xml
@@ -21,54 +21,59 @@
<suppressions
xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd";>
<suppress>
<notes><![CDATA[
- file name: commons-io-2.6.jar
+ file name: jython-standalone-2.7.2.jar (shaded:
org.apache.commons:commons-compress:1.19)
]]></notes>
- <packageUrl regex="true">^pkg:maven/commons\-io/commons\-io@.*$</packageUrl>
- <cve>CVE-2021-29425</cve>
+ <packageUrl
regex="true">^pkg:maven/org\.apache\.commons/commons\-compress@.*$</packageUrl>
+ <cpe>cpe:/a:apache:commons_compress</cpe>
</suppress>
- <suppress>
+<suppress>
<notes><![CDATA[
file name: jython-standalone-2.7.2.jar (shaded:
com.google.guava:guava:28.0-android)
]]></notes>
<packageUrl
regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl>
- <cve>CVE-2020-8908</cve>
+ <cpe>cpe:/a:google:guava</cpe>
</suppress>
- <!-- suppress c3p0 warning until quartz v1.1.2 is released (in fulcrum
quartz), which fixes https://github.com/quartz-scheduler/quartz/issues/316 -->
- <suppress>
- <notes><![CDATA[
- file name: c3p0-0.9.5.2.jar
- ]]></notes>
- <gav regex="true">^com\.mchange:c3p0:.*$</gav>
- <cve>CVE-2018-20433</cve>
- </suppress>
- <!-- suppress guava < 24.1.1 as jython is only optional (in turbine) -->
- <suppress>
+<suppress>
<notes><![CDATA[
- file name: jython-standalone-2.7.1.jar (shaded:
com.google.guava:guava:22.0-android)
+ file name: jython-standalone-2.7.2.jar (shaded:
org.apache.commons:commons-compress:1.19)
]]></notes>
- <gav regex="true">^com\.google\.guava:guava:.*$</gav>
- <cve>CVE-2018-10237</cve>
+ <packageUrl
regex="true">^pkg:maven/org\.apache\.commons/commons\-compress@.*$</packageUrl>
+ <cve>CVE-2021-35515</cve>
</suppress>
-
- <!-- https://issues.apache.org/jira/browse/LOG4J2-1863 i.e. log4j 2.8.2
fixes, but affected versions match only log4j2 2.x, not log4j 1.x -->
- <suppress>
- <notes><![CDATA[
- file name: log4j-1.2.17.jar
- ]]></notes>
- <sha1>5af35056b4d257e4b64b9e8069c0746e8b08629f</sha1>
- <cve>CVE-2017-5645</cve>
- </suppress>
- <!-- jython-standalone is only optional, but check this
-
jython-standalone-2.7.1.jar\META-INF/maven/org.apache.commons/commons-compress/pom.xml
(pkg:maven/org.apache.commons/[email protected],
cpe:2.3:a:apache:commons-compress:1.14:*:*:*:*:*:*:*) : CVE-2018-11771,
CVE-2018-1324.
- jython-standalone-2.7.1.jar bundles dependencies of the project inside the
JAR itself, unshaded.
- -->
- <suppress>
+<suppress>
<notes><![CDATA[
- file name: jython-standalone-2.7.1.jar (shaded:
org.apache.commons:commons-compress:1.14)
+ file name: jython-standalone-2.7.2.jar (shaded:
org.apache.commons:commons-compress:1.19)
]]></notes>
- <gav regex="true">^org\.apache\.commons:commons-compress:.*$</gav>
- <cpe>cpe:/a:apache:commons-compress</cpe>
- </suppress>
-
+ <packageUrl
regex="true">^pkg:maven/org\.apache\.commons/commons\-compress@.*$</packageUrl>
+ <cve>CVE-2021-35516</cve>
+</suppress>
+<suppress>
+ <notes><![CDATA[
+ file name: jython-standalone-2.7.2.jar (shaded:
org.apache.commons:commons-compress:1.19)
+ ]]></notes>
+ <packageUrl
regex="true">^pkg:maven/org\.apache\.commons/commons\-compress@.*$</packageUrl>
+ <cve>CVE-2021-35517</cve>
+</suppress>
+<suppress>
+ <notes><![CDATA[
+ file name: jython-standalone-2.7.2.jar (shaded:
org.apache.commons:commons-compress:1.19)
+ ]]></notes>
+ <packageUrl
regex="true">^pkg:maven/org\.apache\.commons/commons\-compress@.*$</packageUrl>
+ <cve>CVE-2021-36090</cve>
+</suppress>
+<suppress>
+ <notes><![CDATA[
+ file name: commons-io-2.6.jar
+ ]]></notes>
+ <packageUrl regex="true">^pkg:maven/commons\-io/commons\-io@.*$</packageUrl>
+ <cve>CVE-2021-29425</cve>
+</suppress>
+<suppress>
+ <notes><![CDATA[
+ file name: jython-standalone-2.7.2.jar (shaded:
com.google.guava:guava:28.0-android)
+ ]]></notes>
+ <packageUrl
regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl>
+ <cve>CVE-2020-8908</cve>
+</suppress>
</suppressions>
\ No newline at end of file
diff --git a/xdocs/features.xml b/xdocs/features.xml
index 11a5b6d..d456455 100644
--- a/xdocs/features.xml
+++ b/xdocs/features.xml
@@ -108,7 +108,7 @@ contributed</a> to Turbine over the last 10+ years.</strong>
<li>
Turbine Servlet works cleanly with Servlet API 2.4 and higher</li>
<li>
- Works with JDK 1.6 and higher - 100% Pure Java</li>
+ Works with JDK 1.8 and higher - 100% Pure Java</li>
</ul>
</section>
diff --git a/xdocs/howto/index.xml b/xdocs/howto/index.xml
index 23e84e9..155d7f1 100644
--- a/xdocs/howto/index.xml
+++ b/xdocs/howto/index.xml
@@ -43,7 +43,7 @@
<li><a href="python-howto.html">Python Howto</a></li>
<li><a href="security-howto.html">Security Howto</a></li>
<li><a href="services-howto.html">Services Howto</a></li>
- <li><strong>NEW!</strong> <a href="url-mapper-howto.html">URL
Simplifier Howto</a></li>
+ <li><strong>NEW!</strong> <a href="url-mapper-howto.html">URL Mapper
Howto</a></li>
<li><a href="url-rewriting-howto.html">URL Rewriting Howto</a></li>
<li><a href="context-howto.html">Velocity Context Howto</a></li>
<li><a href="velocity-site-howto.html">Velocity Site Howto</a></li>
diff --git a/xdocs/howto/url-mapper-howto.xml b/xdocs/howto/url-mapper-howto.xml
index 959a8e4..9387241 100644
--- a/xdocs/howto/url-mapper-howto.xml
+++ b/xdocs/howto/url-mapper-howto.xml
@@ -21,7 +21,7 @@
<document>
<properties>
- <title>URL Simplifier Howto</title>
+ <title>URL Mapper Howto</title>
</properties>
<body>
@@ -31,7 +31,7 @@
<p>
Unaltered Turbine URLs may look like this:
<code>http://www.foo.com:8080/CONTEXT/servlet/MAPPING/template/Foo.vm</code>.<br/>
-But you want shorter URLs Maybe this url would suit you better:
+But you want shorter URLs? Maybe this URL would suit you better:
<code>http://www.foo.com:8080/CONTEXT/servlet/beautiful/world</code>
</p>
@@ -40,7 +40,7 @@ defined in xml, json or yaml format to become more simplified
or beautiful!
</section>
-<section name="Turbine Configuration">
+<section name="Turbine URLMapper Configuration">
<p>
You need to
@@ -90,20 +90,29 @@ the URLMapperService's configfile.</p>
</section>
-<section name="URL Mapping Mechanism">
+<section name="Define your patterns">
-<p>The pattern format scheme is as follows, e.g. in JSON:</p>
+<p>The URL Mapping Mechanism uses a well defined pattern format.
+The pattern format scheme is defined as follows, e.g. in JSON:</p>
<source><![CDATA[
"pattern":
"/(?<webAppRoot>[.\\-\\w]+)/(?<contextPath>\\w+)/(?<resolvableParam>\\w+)/beautifulname"
]]></source>
-<p>That is any specific parameter name or key, which should be resolved, has
to be set like this</p>
+<p>That is <strong>resolvableParam</strong> is just a specific parameter name
or key, which should be resolved after the context slash and before the next
URL part, which starts with "/beatifulname".
+
+It has to be set like this</p>
<source><![CDATA[
/(?<resolvableParam>\\w+)
]]></source>
+Technically this isa non matching named group, with the group name
<strong>resolvableParam</strong> and
+
+in this case a sequence of alphabetical characters with minimal length of 1.
+
+The same is true for the predefined <strong>webAppRoot</strong> and
<strong>contextPath</strong>.
+
<p>Another condition to be met, is that the parameter name must follow the
"Java Named Group pattern characters restriction":</p>
<source><![CDATA[
@@ -146,7 +155,7 @@ This will be converted, if matched, to an URL like
<strong>/book/4</strong>.
The pattern uses type restrictions for the value, e.g. number for the bookId
and a extended character set for the webAppRoot, which will be applied in (back
resolving) <strong>mapFromURL</strong>.
</p>
-<p>Another example in <strong>JSON</strong> format with just more short URL by
replacing two parameters:</p>
+<p>Another example in <strong>JSON</strong> format, which is much more
readable, if not viewing in a browser is here (showing a shortened URL by
replacing two parameters):</p>
<source><![CDATA[
{
@@ -164,7 +173,7 @@ The pattern uses type restrictions for the value, e.g.
number for the bookId and
</section>
-<section name="Turbine Service Description and Usage">
+<section name="Service Description">
<p>The main methods of the service <strong>TurbineURLMapperService</strong>
are</p>
@@ -176,7 +185,7 @@ The pattern uses type restrictions for the value, e.g.
number for the bookId and
<subsection name="Matrix">
<table>
<tr>
- <th colspan="6">Turbine URL Simplifier Mapping Model</th>
+ <th colspan="6">Turbine URL Mapper Model</th>
</tr>
<tr>
<th>Mechanism</th><th>Method</th><th>Pattern</th><th>Implicit
Param</th><th>Override Param</th><th>Ignore Param</th>
@@ -197,30 +206,39 @@ The pattern uses type restrictions for the value, e.g.
number for the bookId and
</table>
</subsection>
- <p>N.B. Symbolic group names wenapproot and context could not be ignored or
overridden!</p>
+ <p>N.B. Symbolic group names <i>webAppRoot</i> and <i>context</i> could not
be ignored or overridden!</p>
+
+
+</section>
+<section name="Usage">
<p>
-The convenience class MappedTemplateLink class (of type TemplateLink) calls
with its methods getRelative or getAbsoluteLink mapToUrl implicitely.
-Use it in a velocity template like this:
+Use the methods getRelative or getAbsoluteLink of the provided convenience
class MappedTemplateLink class (of type TemplateLink)
+in a velocity template like this:
</p>
<source><![CDATA[
+
$mlink.addPathInfo("world","nice").getRelativeLink()
- ## may result into /beautiful/world
+ ## should result into a URL: /beautiful/world
+
]]></source>
<p>
-<p>Alternatively you can use the service explicitely in Java, e.g. in a Java
Action or other class:</p>
+<p>Alternatively you can use the service explicitely in Java, e.g. in a Java
Action or other class if you inject the URLMapperService (or provide this in a
shared controller class).</p>
<source><