Commit 62aa0ba6 authored by cdanger's avatar cdanger

- Upgraded parent project version to 7.5.0

- upgraded authzforce-ce-core-pdp-api to 15.3.0
- Added dependency on java.xmail v1.6.0 as mail-api implementation for
XACML RFC822Name validation
- Upgraded dependency authzforce-ce-xacml-json-model to 2.1.0
- New feature: policyLocations in native Policy Providers'
configurations support (not only PARENT_DIR property but also) system
properties and environment variables (enclosed between '${...}')
- Changed copyright company name to Thales
- Added unit test for DefaulEnvironmentProperties#replacePlaceholders()
parent 829b1012
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
<suppress>
<notes><![CDATA[
file name: mailapi-1.5.6.jar,
false positive reported: https://github.com/jeremylong/DependencyCheck/issues/912
]]></notes>
<cpe>cpe:/a:mail_project:mail</cpe>
<cpe>cpe:/a:sun:javamail</cpe>
<cve>CVE-2007-6059</cve>
<cve>CVE-2015-9097</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: spring-core-4.3.17.RELEASE.jar,
false positive for CVE-2018-1258
]]></notes>
<gav>org.springframework:spring-core:4.3.17.RELEASE</gav>
<cve>CVE-2018-1258</cve>
</suppress>
<suppress>
<!--See issue #35 on Github -->
<cve>CVE-2018-8088</cve>
</suppress>
</suppressions>
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
<suppress>
<notes><![CDATA[
file name: mailapi-1.5.6.jar,
false positive reported: https://github.com/jeremylong/DependencyCheck/issues/912
]]></notes>
<cpe>cpe:/a:mail_project:mail</cpe>
<cpe>cpe:/a:sun:javamail</cpe>
<cve>CVE-2007-6059</cve>
<cve>CVE-2015-9097</cve>
</suppress>
</suppressions>
\ No newline at end of file
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
<suppress>
<notes><![CDATA[
file name: mailapi-1.5.6.jar,
false positive reported: https://github.com/jeremylong/DependencyCheck/issues/912
]]></notes>
<cpe>cpe:/a:mail_project:mail</cpe>
<cpe>cpe:/a:sun:javamail</cpe>
<cve>CVE-2007-6059</cve>
<cve>CVE-2015-9097</cve>
</suppress>
<suppress>
<!--See issue #35 on Github -->
<cve>CVE-2018-8088</cve>
</suppress>
</suppressions>
\ No newline at end of file
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.ow2.authzforce</groupId>
......@@ -27,8 +30,13 @@
<artifactId>jcl-over-slf4j</artifactId>
</dependency>
<dependency>
<!-- Needed for org.springframework.util.ResourceUtils,SystemPropertyUtils,FileCopyUtils,
etc. -->
<!-- JavaMail API implementation for XACML RFC822Name datatype -->
<groupId>com.sun.mail</groupId>
<artifactId>javax.mail</artifactId>
<version>1.6.0</version>
</dependency>
<dependency>
<!-- Needed for org.springframework.util.ResourceUtils,SystemPropertyUtils,FileCopyUtils, etc. -->
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
</dependency>
......@@ -62,14 +70,11 @@
<build>
<plugins>
<plugin>
<!-- Consider combining with Red Hat Victims and OSS Index. More info
on Victims vs. Dependency-check: https://bugzilla.redhat.com/show_bug.cgi?id=1388712 -->
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<configuration>
<cveValidForHours>24</cveValidForHours>
<!-- The plugin has numerous issues with version matching, which triggers
false positives so we need a "suppresion" file for those. More info: https://github.com/jeremylong/DependencyCheck/issues -->
<!-- The plugin has numerous issues with version matching, which triggers false positives so we need a "suppresion" file for those. More info: https://github.com/jeremylong/DependencyCheck/issues -->
<suppressionFile>owasp-dependency-check-suppression.xml</suppressionFile>
<failBuildOnAnyVulnerability>true</failBuildOnAnyVulnerability>
</configuration>
......@@ -84,8 +89,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
<!-- target JDK already set by parent project's maven.compiler.target
property -->
<!-- target JDK already set by parent project's maven.compiler.target property -->
<configuration>
<verbose>true</verbose>
<excludeRoots>
......@@ -214,11 +218,14 @@
<systemPropertyVariables>
<javax.xml.accessExternalSchema>all</javax.xml.accessExternalSchema>
</systemPropertyVariables>
<environmentVariables>
<!-- Test environment variable for DefaultEnvironmentPropertiesTest class -->
<AUTHZFORCE_DATA_DIR>/tmp/authzforce</AUTHZFORCE_DATA_DIR>
</environmentVariables>
<properties>
<property>
<name>surefire.testng.verbose</name>
<!-- verbosity level from 0 to 10 (10 is the most detailed), or -1
for debug. More info: http://maven.apache.org/surefire/maven-surefire-plugin/examples/testng.html -->
<!-- verbosity level from 0 to 10 (10 is the most detailed), or -1 for debug. More info: http://maven.apache.org/surefire/maven-surefire-plugin/examples/testng.html -->
<value>3</value>
</property>
</properties>
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......@@ -26,23 +26,27 @@ import org.ow2.authzforce.core.pdp.api.EnvironmentPropertyName;
import org.springframework.util.PropertyPlaceholderHelper;
/**
* Default implementation of PDP configuration parser's environment properties.
* Default implementation of PDP configuration parser's environment properties, that supports user-defined properties, Java system properties and system-dependent environment variables.
*
* @version $Id: $
*/
public final class DefaultEnvironmentProperties implements EnvironmentProperties
{
private static final String PROPERTY_PLACEHOLDER_PREFIX = "${";
private static final String PROPERTY_PLACEHOLDER_SUFFIX = "}";
private static final String PROPERTY_PLACEHOLDER_DEFAULT_VALUE_SEPARATOR = ":";
/*
* We cannot use ':' as default value separator because not valid in XML anyURI
*/
private static final String PROPERTY_PLACEHOLDER_DEFAULT_VALUE_SEPARATOR = "!";
private static final PropertyPlaceholderHelper PROPERTY_PLACEHOLDER_HELPER = new PropertyPlaceholderHelper(PROPERTY_PLACEHOLDER_PREFIX, PROPERTY_PLACEHOLDER_SUFFIX,
PROPERTY_PLACEHOLDER_DEFAULT_VALUE_SEPARATOR, false);
PROPERTY_PLACEHOLDER_DEFAULT_VALUE_SEPARATOR, false);
private final Properties props = new Properties();
/**
* Empty properties
* Empty properties. Placeholders are resolved as system properties and environment variables only.
*/
public DefaultEnvironmentProperties()
{
......@@ -50,12 +54,13 @@ public final class DefaultEnvironmentProperties implements EnvironmentProperties
}
/**
* Constructs instance from existing properties in a map
* Constructs instance from existing properties in a map. Placeholders are resolved from {@code envProps} if the property name matches any, else as Java system property if the name matches any,
* else as system environment variables.
*
* @param envProps
* environment properties
* environment properties taking precedence over system properties or environment variables.
*/
public DefaultEnvironmentProperties(Map<EnvironmentPropertyName, String> envProps)
public DefaultEnvironmentProperties(final Map<EnvironmentPropertyName, String> envProps)
{
if (envProps == null)
{
......@@ -73,13 +78,29 @@ public final class DefaultEnvironmentProperties implements EnvironmentProperties
/** {@inheritDoc} */
@Override
public String replacePlaceholders(String input)
public String replacePlaceholders(final String input)
{
if (input == null)
{
return null;
}
return PROPERTY_PLACEHOLDER_HELPER.replacePlaceholders(input, props);
return PROPERTY_PLACEHOLDER_HELPER.replacePlaceholders(input, placeholderName -> {
assert placeholderName != null;
final String userDefinedPropVal = props.getProperty(placeholderName);
if (userDefinedPropVal != null)
{
return userDefinedPropVal;
}
final String sysPropVal = System.getProperty(placeholderName);
if (sysPropVal != null)
{
return sysPropVal;
}
// Fall back to searching the system environment.
return System.getenv(placeholderName);
});
}
}
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
* Copyright 2012-2018 THALES.
*
* This file is part of AuthzForce CE.
*
......