Merge branch 'release/10.0.0'

aac8e4cc · cdanger · 17fe216f · a2772ee1 · aac8e4cc · aac8e4cc
Commit aac8e4cc authored Mar 09, 2021 by cdanger
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
+name: CI
+'on':
+  push:
+    branches:
+      - develop
+  pull_request:
+    branches:
+      - develop
+jobs:
+  unit-test:
+    name: Unit Tests
+    runs-on: ubuntu-latest
+    steps:
+      - name: Git checkout
+        uses: actions/checkout@v2
+      - name: Use Java 8
+        uses: actions/setup-java@v1
+        with:
+          java-version: 8
+      - name: 'Unit Tests with Java 8'
+        run: |
+          mvn install -DskipTests=true -Dmaven.javadoc.skip=true -B -V
+          mvn test -B
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          COVERALLS_TOKEN: ${{ secrets.COVERALLS_TOKEN }}
\ No newline at end of file
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,5 @@
 /.README.md.html
 /.CHANGELOG.md.html
 /.pmd
+/.idea
+*.iml
--- a/.travis.yml
+++ b/.travis.yml
-language: java
-jdk:
- openjdk8
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,40 @@ All notable changes to this project are documented in this file following the [K
 Issues reported on [GitHub](https://github.com/authzforce/server/issues) are referenced in the form of `[GH-N]`, where N is the issue number. Issues reported on [OW2](https://jira.ow2.org/browse/AUTHZFORCE/) are mentioned in the form of `[OW2-N]`, where N is the issue number.


+## 10.0.0
+### Changed
+- Upgraded AuthzForce Parent: 8.0.0:
+  - Upgraded to Java 11 support (Java 8 no longer supported)	
+- Upgraded dependencies:
+  - authzforce-ce-rest-api-model: 6.0.0
+  -	authzforce-ce-jaxrs-utils: 2.0.1
+  - authzforce-ce-core-pdp-engine: 17.1.0
+  - authzforce-ce-core-pdp-io-xacml-json: 17.1.0
+  -	authzforce-ce-core-pap-api: 11.0.0
+  - authzforce-ce-pap-dao-flat-file: 13.0.0
+  - authzforce-ce-core-pdp-api: 18.0.1	
+  - authzforce-ce-xacml-json-model: 3.0.2
+  - Jakarta RESTful Web Services: 2.1.6
+  - JAXB (Jakarta XML Binding): 2.3.3
+  - Apache CXF v3.4.1
+  - Spring Boot Starter 2.3.5
+  - Spring Core: 5.2.10 	
+  - jettison: 1.4.1
+  - org.json:json: v20190722 
+  - org.everit.json.schema: 1.12.1	
+  - SLF4J API: 1.7.30
+
+
+### Added
+- GH-61: JSON Object support in XACML/JSON Requests/Responses (as defined by JSON Profile of XACML), allowing custom XACML datatypes with JSON object structures.
+- Support for validation of XACML/JSON requests (JSON Profile) with custom JSON schema stored in configuration directory, using new webapp environment property (e.g. specified in Tomcat webapp context) `org.ow2.authzforce.domains.xacmlJsonSchemaRelativePath` to be specified in `/etc/tomcat9/<Engine>/<Host>/authzforce-ce.xml`  (more info in [webapp-context.xml](dist/src/webapp-context.xml) )
+
+### Fixed
+- GH-62: duplicate declaration of namespace prefix now allowed
+- CVE on jackson-databind -> v2.9.10.8
+- CVE-2018-8088 affecting slf4j
+
+
 ## 9.0.1
 ### Fixed
 - Tomcat startup error after Debian package install
@@ -31,7 +65,7 @@ Issues reported on [GitHub](https://github.com/authzforce/server/issues) are ref
 	- authzforce-ce-pap-dao-flat-file: 12.0.0

 ### Fixed
- #46 : bad PolicySets pushed to the /pap/policies endpoint are still saved on server side even if a HTTP 400 Bad Request is returned.
+- GH-46: bad PolicySets pushed to the /pap/policies endpoint are still saved on server side even if a HTTP 400 Bad Request is returned.
 - Issues with XACML/JSON responses (XACML JSON Profile)
 - CVE on slf4j


--- a/README.md
+++ b/README.md
@@ -7,7 +7,7 @@
 [![Support badge](https://img.shields.io/badge/support-ask.fiware.org-yellowgreen.svg)](https://ask.fiware.org/questions/scope:all/sort:activity-desc/tags:authzforce/)
 <br/>
 [![Documentation badge](https://readthedocs.org/projects/authzforce-ce-fiware/badge/?version=latest)](http://authzforce-ce-fiware.readthedocs.io/en/latest/?badge=latest)
-[![Build Status](https://travis-ci.org/authzforce/server.svg?branch=develop)](https://travis-ci.org/authzforce/server)
+[![CI](https://github.com/authzforce/server/workflows/CI/badge.svg)](https://github.com/authzforce/server/actions?query=workflow%3ACI)
 ![Status](https://nexus.lab.fiware.org/static/badges/statuses/authzforce.svg)
 [![Codacy Badge](https://api.codacy.com/project/badge/Grade/cdb9dd59cbf04a95bfbfbdcf770bb7d8)](https://www.codacy.com/app/coder103/authzforce-ce-server?utm_source=github.com&utm_medium=referral&utm_content=authzforce/server&utm_campaign=Badge_Grade)
 [![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fauthzforce%2Fserver.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Fauthzforce%2Fserver?ref=badge_shield)
@@ -67,6 +67,7 @@ applications, AuthzForce also provides a PDP engine as a Java library in
            validation;
        -   DoS mitigation: JSON parser variant checking max JSON string size,
            max number of JSON keys/array items and max JSON object depth.
+    - [GeoXACML 1.0.1](http://portal.opengeospatial.org/files/?artifact_id=42734). Supported as third-party extension from [Secure Dimensions](https://github.com/securedimensions/authzforce-geoxacml-basic)
    -   Experimental support for:
        -   [XACML Data Loss Prevention / Network Access Control (DLP/NAC) Profile Version 1.0](http://docs.oasis-open.org/xacml/xacml-3.0-dlp-nac/v1.0/xacml-3.0-dlp-nac-v1.0.html):
            only `dnsName-value` datatype and `dnsName-value-equal` function are
@@ -147,10 +148,10 @@ More information in the previous section.
 -   Conformance with
    [REST Profile of XACML v3.0 Version 1.0](http://docs.oasis-open.org/xacml/xacml-rest/v1.0/xacml-rest-v1.0.html)
 -   Supported data formats, aka content types:
-    - `application/xml`: XML based on API schema; 
-    - `application/fastinfoset`: [Fast Infoset](http://www.itu.int/en/ITU-T/asn1/Pages/Fast-Infoset.aspx) based on API's XML schema; 
-    - `application/json`: JSON based on API's XMLschema with a generic XML-to-JSON mapping convention 
-    - `application/xacml+xml`: XACML content only, as defined by [RFC 7061](https://tools.ietf.org/html/rfc7061) 
+    - `application/xml`: XML based on API schema;
+    - `application/fastinfoset`: [Fast Infoset](http://www.itu.int/en/ITU-T/asn1/Pages/Fast-Infoset.aspx) based on API's XML schema;
+    - `application/json`: JSON based on API's XMLschema with a generic XML-to-JSON mapping convention
+    - `application/xacml+xml`: XACML content only, as defined by [RFC 7061](https://tools.ietf.org/html/rfc7061)
    - `application/xacml+json`: JSON format for XACML Request/Response on PDP only, as defined by [XACML v3.0 - JSON Profile Version 1.0](http://docs.oasis-open.org/xacml/xacml-json-http/v1.0/xacml-json-http-v1.0.html)
 -   Defined in standard
    [Web Application Description Language and XML schema](https://github.com/authzforce/rest-api-model/tree/develop/src/main/resources)
@@ -249,7 +250,7 @@ forwards the request to the web service implementation if the decision is
 Permit, else rejects it. For more information, see the Javadoc of
 [RESTfulPdpBasedAuthzInterceptorTest](webapp/src/test/java/org/ow2/authzforce/webapp/test/pep/cxf/RESTfulPdpBasedAuthzInterceptorTest.java).

-    
+
 ## Testing

 To run unit tests, install Maven and type
@@ -318,7 +319,7 @@ $ mvn -Dhttps.proxyHost=proxyhostname -Dhttps.proxyPort=8080 jgitflow:release-st
    ```console
    $ mvn -Dhttps.proxyHost=proxyhostname -Dhttps.proxyPort=8080 -DnoDeploy=true jgitflow:release-finish
    ```
-    
+
    More info on jgitflow: http://jgitflow.bitbucket.org/
 5.  Connect and log in to the OSS Nexus Repository Manager:
    https://oss.sonatype.org/
@@ -348,17 +349,17 @@ Apache License.

 ### Are there any legal issues with GPL 3.0? Is it safe for me to use?

-There is absolutely no problem in using a product licensed under GPL 3.0. Issues with GPL 
-(or AGPL) licenses are mostly related with the fact that different people assign different 
+There is absolutely no problem in using a product licensed under GPL 3.0. Issues with GPL
+(or AGPL) licenses are mostly related with the fact that different people assign different
 interpretations on the meaning of the term “derivate work” used in these licenses. Due to this,
 some people believe that there is a risk in just _using_ software under GPL or AGPL licenses
 (even without _modifying_ it).

-For the avoidance of doubt, the owners of this software licensed under an GPL 3.0 license  
+For the avoidance of doubt, the owners of this software licensed under an GPL 3.0 license
 wish to make a clarifying public statement as follows:

 > Please note that software derived as a result of modifying the source code of this
-> software in order to fix a bug or incorporate enhancements is considered a derivative 
-> work of the product. Software that merely uses or aggregates (i.e. links to) an otherwise 
+> software in order to fix a bug or incorporate enhancements is considered a derivative
+> work of the product. Software that merely uses or aggregates (i.e. links to) an otherwise
 > unmodified version of existing software is not considered a derivative work, and therefore
 > it does not need to be released as under the same license, or even released as open source.
--- a/ROADMAP.md
+++ b/ROADMAP.md
@@ -18,9 +18,9 @@ any time.
 ## Short term

 The following list of features are planned to be addressed in the short term,
-and incorporated in the next release of the product planned for **2020**:
+and incorporated in the next release of the product planned for **2021**:

- #50 .
+*N/A*

 ## Medium term

@@ -28,7 +28,7 @@ The following list of features are planned to be addressed in the medium term,
 typically within the subsequent release(s) generated in the next **9 months**
 after next planned release:

- GeoXACML support
+- #50 .

 ## Long term


--- a/dist/pom.xml
+++ b/dist/pom.xml
@@ -3,7 +3,7 @@
   <parent>
      <groupId>org.ow2.authzforce</groupId>
      <artifactId>authzforce-ce-server</artifactId>
-      <version>9.0.1</version>
+      <version>10.0.0</version>
      <relativePath>..</relativePath>
   </parent>
   <artifactId>authzforce-ce-server-dist</artifactId>

--- a/dist/src/debian/control/control
+++ b/dist/src/debian/control/control
@@ -3,7 +3,7 @@ Version: [[version]]
 Section: web
 Priority: optional
 Architecture: all
-Depends: debconf (>= 0.2.26), openjdk-8-jre | oracle-java8-installer, tomcat9
+Depends: debconf (>= 0.2.26), openjdk-11-jre | oracle-java11-installer, tomcat9
 Maintainer: [[productMaintainer]] 
 Description: AuthzForce CE Server.
 Reference Implementation of FIWARE Authorization PDP Generic Enabler

--- a/dist/src/debian/control/postinst
+++ b/dist/src/debian/control/postinst
@@ -17,7 +17,7 @@ systemctl daemon-reload

 db_get [[productId]]/restartTomcat
 if [ "$RET" = true ]; then
-        export JAVA_OPTS='"-Djava.awt.headless=true -Djavax.xml.accessExternalSchema=all -Xms1024m -Xmx1024m -XX:+UseConcMarkSweepGC -server"'
+        export JAVA_OPTS='"-Djava.awt.headless=true -Djavax.xml.accessExternalSchema=all -Xms1024m -Xmx1024m -server"'
        sed -i 's|^\(JAVA_OPTS\s*=\s*\).*$|\1'"$JAVA_OPTS"'|' /etc/default/tomcat9
        systemctl stop tomcat9
        rm -rf /var/log/tomcat9/*
@@ -25,7 +25,7 @@ if [ "$RET" = true ]; then
 fi

 echo "If you answered 'No' to the second question, you need to set the JAVA_OPTS in '/etc/default/tomcat9' by yourself before restarting Tomcat:" 
-echo "    JAVA_OPTS=\"-Djava.awt.headless=true -Djavax.xml.accessExternalSchema=all -Xms1024m -Xmx1024m -XX:+UseConcMarkSweepGC -server\""
+echo "    JAVA_OPTS=\"-Djava.awt.headless=true -Djavax.xml.accessExternalSchema=all -Xms1024m -Xmx1024m -server\""
 echo
 echo "If Tomcat fails to restart, check for any Tomcat high-level error in Tomcat log directory: /var/log/tomcat9"
 echo "Then fix it, in particular check the settings in Tomcat init script /etc/default/tomcat9 and restart Tomcat as follows:"

--- a/dist/src/debian/control/templates
+++ b/dist/src/debian/control/templates
@@ -10,7 +10,7 @@ Type: boolean
 Default: true
 Description: Do you want to apply recommended Tomcat settings for AuthzForce (and restart Tomcat to apply changes)?
 We recommend the following Tomcat settings for AuthzForce:
-        JAVA_OPTS='"-Djava.awt.headless=true -Djavax.xml.accessExternalSchema=all -Xms1024m -Xmx1024m -XX:+UseConcMarkSweepGC -server"'
+        JAVA_OPTS='"-Djava.awt.headless=true -Djavax.xml.accessExternalSchema=all -Xms1024m -Xmx1024m -server"'
 Do you agree to apply these settings to Tomcat init script (/etc/default/tomcat9) now?
 If you answer No, you can always apply these manually and restart Tomcat later with this command:
        $ systemctl restart tomcat9
--- a/dist/src/debian/copyright
+++ b/dist/src/debian/copyright
@@ -2,7 +2,7 @@ Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 Upstream-Name: authzforce-ce-server-dist

 Files: *
-Copyright: Copyright (C) 2012-2020 Thales. All rights reserved.
+Copyright: Copyright (C) 2012-2021 Thales. All rights reserved.
 Licence: GPL-3.0
 The full text of the GNU General Public
 License version 3 can be found in the file

--- a/dist/src/docker/Dockerfile.tmpl
+++ b/dist/src/docker/Dockerfile.tmpl
-# Copyright (C) 2012-2020 Thales.
+# Copyright (C) 2012-2021 Thales.
 #
 # This file is part of AuthzForce CE.
 #
@@ -23,7 +23,7 @@

 # The alternative is to use FROM ubuntu:* then install tomcat ubuntu package and use upstart/sysctl init script but this is not the way to go:
 # https://github.com/docker/docker/issues/6800
-FROM tomcat:9-jre8
+FROM tomcat:9-jre11-slim
 MAINTAINER AuthzForce Team

 ENV DEBIAN_FRONTEND noninteractive
@@ -37,7 +37,7 @@ ENV DEBIAN_FRONTEND noninteractive
 #ENV HTTP_PROXY 'http://user:password@proxy-host:proxy-port'
 #ENV HTTPS_PROXY 'http://user:password@proxy-host:proxy-port'

-ENV JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom -Djava.awt.headless=true -Djavax.xml.accessExternalSchema=all -Xms1024m -Xmx1024m -XX:+UseConcMarkSweepGC -server"
+ENV JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom -Djava.awt.headless=true -Djavax.xml.accessExternalSchema=all -Xms1024m -Xmx1024m -server"

 ENV AUTHZFORCE_SERVER_VERSION="${project.version}"
 ENV AUTHZFORCE_SERVER_DOWNLOAD_URL="https://repo1.maven.org/maven2/org/ow2/authzforce/authzforce-ce-server-dist/$AUTHZFORCE_SERVER_VERSION/authzforce-ce-server-dist-$AUTHZFORCE_SERVER_VERSION.deb"

--- a/dist/src/docker/README.md
+++ b/dist/src/docker/README.md
-## AuthzForce Server CE - Minimal Docker image
-
-This image of a minimal AuthzForce Server runtime is intended to work together with [Identity Manager - Keyrock](http://catalogue.fiware.org/enablers/identity-management-keyrock) and [PEP Proxy Wilma](http://catalogue.fiware.org/enablers/pep-proxy-wilma) generic enabler.
-
-## Image contents
- OpenJDK JRE 8;
- Tomcat 9;
- AuthzForce Server CE (version matching the Docker image tag).
-
-## Usage
-
-This image gives you a minimal installation for testing purposes. The AuthzForce Installation and Administration guide on [readthedocs.org](https://readthedocs.org/projects/authzforce-ce-fiware/versions/) (select the version matching the Docker image tag, then **AuthzForce - Installation and Administration Guide**) provides you a better approach for using it in a production environment. This installation guide also gives instructions to install from .deb package (instead of Docker), which is the recommended way for Ubuntu hosts.
-
-Create a container using `authzforce/server` image by doing (replace the first *8080* after *-p* with whatever network port you want to use on the host to access the AuthzForce Server, e.g. 80; and *release-9.0.0* with the current Docker image tag that you are using):
-
-```
-docker run -d -p 8080:8080 --name <container-name> fiware/authzforce-ce-server:release-9.0.0
-```
-
-As stands in the AuthzForce Installation and administration guide on [readthedocs.org](https://readthedocs.org/projects/authzforce-ce-fiware/versions/) (select the version matching the Docker image tag, then **AuthzForce - Installation and Administration Guide**) you can:
-
-* **Create a domain**
-
-```
-curl -s --request POST \
--header "Accept: application/xml" \
--header "Content-Type: application/xml;charset=UTF-8" \
--data '<?xml version="1.0" encoding="UTF-8"?><taz:domainProperties xmlns:taz="http://authzforce.github.io/rest-api-model/xmlns/authz/5" />' \
- http://<authzforce-container-ip>:8080/authzforce-ce/domains
-```
-
-* **Retrieve the domain ID**
-
-```
-curl -s --request GET http://<authzforce-container-ip>:8080/authzforce-ce/domains
-```
-
-* **Domain removal**
-
-```
-curl --verbose --request DELETE \
--header "Content-Type: application/xml;charset=UTF-8" \
--header "Accept: application/xml" \
-http://<authzforce-container-ip>:8080/authzforce-ce/domains/<domain-id>
-```
-
-* **User and Role Management Setup && Domain Role Assignment**
-
-These tasks are now delegated to the [Identity Manager - Keyrock](http://catalogue.fiware.org/enablers/identity-management-keyrock) enabler. Here you can find how to use the interface for that purpose: [How to manage AuthzForce in Fiware](https://www.fiware.org/devguides/handling-authorization-and-access-control-to-apis/how-to-manage-access-control-in-fiware/).
-
-## User feedback
-
-### Documentation
-
-All the information regarding the Dockerfile is hosted publicly on [Github](https://github.com/authzforce/server/tree/master/src/docker).
-
-### Issues
-
-If you find any issue with this image, feel free to report at [Github issue tracking system](https://github.com/authzforce/server/issues).
+## AuthzForce Server CE - Minimal Docker image
+
+This image of a minimal AuthzForce Server runtime is intended to work together with [Identity Manager - Keyrock](http://catalogue.fiware.org/enablers/identity-management-keyrock) and [PEP Proxy Wilma](http://catalogue.fiware.org/enablers/pep-proxy-wilma) generic enabler.
+
+## Image contents
+- OpenJDK JRE 8;
+- Tomcat 9 (since AuthzForce Server v9.0.1, else Tomcat 8 for older versions);
+- AuthzForce Server CE (version matching the Docker image tag).
+
+## Usage
+
+This image gives you a minimal installation for testing purposes. The AuthzForce Installation and Administration guide on [readthedocs.org](https://readthedocs.org/projects/authzforce-ce-fiware/versions/) (select the version matching the Docker image tag, then **AuthzForce - Installation and Administration Guide**) provides you a better approach for using it in a production environment. This installation guide also gives instructions to install from .deb package (instead of Docker), which is the recommended way for Ubuntu hosts.
+
+Create a container using `authzforce/server` image by doing (replace the first *8080* after *-p* with whatever network port you want to use on the host to access the AuthzForce Server, e.g. 80; and *release-9.0.1* with the current Docker image tag that you are using):
+
+```
+docker run -d -p 8080:8080 --name <container-name> authzforce/server:release-9.0.1
+```
+
+As stands in the AuthzForce Installation and administration guide on [readthedocs.org](https://readthedocs.org/projects/authzforce-ce-fiware/versions/) (select the version matching the Docker image tag, then **AuthzForce - Installation and Administration Guide**) you can:
+
+* **Create a domain**
+
+```
+curl -s --request POST \
+--header "Accept: application/xml" \
+--header "Content-Type: application/xml;charset=UTF-8" \
+--data '<?xml version="1.0" encoding="UTF-8"?><taz:domainProperties xmlns:taz="http://authzforce.github.io/rest-api-model/xmlns/authz/5" />' \
+ http://<authzforce-container-ip>:8080/authzforce-ce/domains
+```
+
+* **Retrieve the domain ID**
+
+```
+curl -s --request GET http://<authzforce-container-ip>:8080/authzforce-ce/domains
+```
+
+* **Domain removal**
+
+```
+curl --verbose --request DELETE \
+--header "Content-Type: application/xml;charset=UTF-8" \
+--header "Accept: application/xml" \
+http://<authzforce-container-ip>:8080/authzforce-ce/domains/<domain-id>
+```
+
+* **User and Role Management Setup && Domain Role Assignment**
+
+These tasks are now delegated to the [Identity Manager - Keyrock](http://catalogue.fiware.org/enablers/identity-management-keyrock) enabler. Here you can find how to use the interface for that purpose: [How to manage AuthzForce in Fiware](https://www.fiware.org/devguides/handling-authorization-and-access-control-to-apis/how-to-manage-access-control-in-fiware/).
+
+## User feedback
+
+### Documentation
+
+All the information regarding the Dockerfile is hosted publicly on [Github](https://github.com/authzforce/server/tree/master/src/docker).
+
+### Issues
+
+If you find any issue with this image, feel free to report at [Github issue tracking system](https://github.com/authzforce/server/issues).
--- a/dist/src/webapp-context.xml
+++ b/dist/src/webapp-context.xml
@@ -30,7 +30,10 @@
 	<Environment name="org.ow2.authzforce.domains.enableXacmlJsonProfile" value="true" type="java.lang.Boolean" override="false"
 		description="Enable support for JSON Profile of XACML 3.0 on domains' PDP endpoints iff true" />

-	<!-- <Environment name="org.ow2.authzforce.webapp.publishedEndpointUrl" value="http://localhost:8080" type="java.lang.Boolean" override="false" description="Base address specified in the auto-generated 
+	<Environment name="org.ow2.authzforce.domains.xacmlJsonSchemaRelativePath" value="" type="java.lang.String" override="false"
+				 description="Path to JSON schema file for XACML JSON Profile's Request validation, relative to ${org.ow2.authzforce.config.dir} (if undefined/empty value, the Request.schema.json file from authzforce-ce-xacml-json-model project is used by default)" />
+
+	<!-- <Environment name="org.ow2.authzforce.webapp.publishedEndpointUrl" value="http://localhost:8080" type="java.lang.String" override="false" description="Base address specified in the auto-generated
 		WADL. This parameter allows setting the public URL that may not be the same as the URL the service is deployed on. (For example, the service is behind a proxy of some sort)." /> -->

 	<!-- <Environment name="org.ow2.authzforce.webapp.jsonKeysWithArrays" type="java.lang.String" override="false" description="Comma-separated list of JSON keys with values to be always serialized to JSON 

--- a/pom.xml
+++ b/pom.xml
@@ -4,21 +4,21 @@
   <parent>
      <groupId>org.ow2.authzforce</groupId>
      <artifactId>authzforce-ce-parent</artifactId>
-      <version>7.6.1</version>
+      <version>8.0.0</version>
   </parent>
   <artifactId>authzforce-ce-server</artifactId>
   <!-- FIWARE Versioning + Version must be equal or higher than 'authzforce-ce-rest-api-model' dependency in 'rest-service' module -->
-   <version>9.0.1</version>
+   <version>10.0.0</version>
   <packaging>pom</packaging>
   <name>${project.groupId}:${project.artifactId}</name>
   <description>AuthzForce CE Server</description>
   <url>${project.url}</url>
   <properties>
      <git.url.base>https://github.com/authzforce/server</git.url.base>
-      <authzforce-ce-core.version>16.0.0</authzforce-ce-core.version>
-      <authzforce-ce-core-pap-api.version>10.1.0</authzforce-ce-core-pap-api.version>
+      <authzforce-ce-core.version>17.1.0</authzforce-ce-core.version>
+      <authzforce-ce-core-pap-api.version>11.0.0</authzforce-ce-core-pap-api.version>
      <!-- Version must be compatible with authzforce-ce-core and authzforce-ce-core-pap-api versions above. -->
-      <authzforce-ce-pap-dao-flat-file.version>12.0.0</authzforce-ce-pap-dao-flat-file.version>
+      <authzforce-ce-pap-dao-flat-file.version>13.0.0</authzforce-ce-pap-dao-flat-file.version>
      <productId>authzforce-ce-server</productId>
      <productName>AuthzForce CE Server</productName>
      <productMaintainer>THALES</productMaintainer>

--- a/rest-service/license/header-defs.xml
+++ b/rest-service/license/header-defs.xml
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<additionalHeaders>
+    <javadoc_style>
+        <firstLine>/*</firstLine>
+        <beforeEachLine> * </beforeEachLine>
+        <endLine> */</endLine>
+        <!--<afterEachLine></afterEachLine>-->
+        <!--skipLine></skipLine-->
+        <firstLineDetectionPattern>(\s|\t)*/\*.*$</firstLineDetectionPattern>
+        <lastLineDetectionPattern>.*\*/(\s|\t)*$</lastLineDetectionPattern>
+        <allowBlankLines>false</allowBlankLines>
+        <isMultiline>true</isMultiline>
+        <padLines>false</padLines>
+    </javadoc_style>
+</additionalHeaders>
+
--- a/rest-service/pom.xml
+++ b/rest-service/pom.xml
@@ -4,7 +4,7 @@
      <groupId>org.ow2.authzforce</groupId>
      <artifactId>authzforce-ce-server</artifactId>
      <!-- Version must be equal or higher than authzforce-ce-rest-api-model dependency -->
-      <version>9.0.1</version>
+      <version>10.0.0</version>
      <relativePath>..</relativePath>
   </parent>
   <artifactId>authzforce-ce-server-rest-service</artifactId>
@@ -30,7 +30,7 @@
      <dependency>
         <groupId>${project.groupId}</groupId>
         <artifactId>${artifactId.prefix}-rest-api-model</artifactId>
-         <version>5.7.0</version>
+         <version>6.0.0</version>
      </dependency>
      <dependency>
         <groupId>${project.groupId}</groupId>
@@ -39,7 +39,7 @@
      <dependency>
         <groupId>org.ow2.authzforce</groupId>
         <artifactId>authzforce-ce-jaxrs-utils</artifactId>
-         <version>1.6.0</version>
+         <version>2.0.1</version>
      </dependency>
   </dependencies>
   <build>
@@ -83,7 +83,7 @@
                     <resources>
                        <!-- Replace variable 'productName', 'project.version', 'build.date' in some source files. The result goes to ${project.build.directory}. -->
                        <resource>
-                           <directory>src</directory>
+                           <directory>src/main/resources</directory>
                           <filtering>true</filtering>
                           <includes>
                              <include>org.ow2.authzforce.server.product.properties</include>
@@ -112,8 +112,8 @@
            </executions>
         </plugin>
         <plugin>
-            <groupId>org.codehaus.mojo</groupId>
-            <artifactId>findbugs-maven-plugin</artifactId>
+            <groupId>com.github.spotbugs</groupId>
+            <artifactId>spotbugs-maven-plugin</artifactId>
            <executions>
               <execution>
                  <phase>verify</phase>
@@ -144,8 +144,11 @@
            <artifactId>license-maven-plugin</artifactId>
            <configuration>
               <header>license/thales-gpl.header.txt</header>
+               <headerDefinitions>
+                  <headerDefinition>license/header-defs.xml</headerDefinition>
+               </headerDefinitions>
               <includes>
-                  <include>src/**</include>
+                  <include>src/main/java/**</include>
               </includes>
               <excludes>
                  <exclude>src/test/resources/**</exclude>

--- a/rest-service/spotbugs-security-exclude.xml
+++ b/rest-service/spotbugs-security-exclude.xml
+<?xml version="1.0"?>
+<!--
+  This file contains some false positive bugs detected by Findbugs. Their
+  false positive nature has been analyzed individually and they have been
+  put here to instruct Findbugs to ignore them.
+-->
+<FindBugsFilter>
+</FindBugsFilter>
\ No newline at end of file
--- a/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/DomainResourceImpl.java
+++ b/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/DomainResourceImpl.java
-/**
- * Copyright (C) 2012-2020 THALES.
+/*
+ * Copyright (C) 2012-2021 THALES.
 *
 * This file is part of AuthzForce CE.
 *

--- a/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/DomainsResourceImpl.java
+++ b/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/DomainsResourceImpl.java
-/**
- * Copyright (C) 2012-2020 THALES.
+/*
+ * Copyright (C) 2012-2021 THALES.
 *
 * This file is part of AuthzForce CE.
 *
@@ -16,9 +16,6 @@
 * You should have received a copy of the GNU General Public License
 * along with AuthzForce CE.  If not, see <http://www.gnu.org/licenses/>.
 */
-/**
- * 
- */
 package org.ow2.authzforce.rest.service.jaxrs;

 import java.beans.ConstructorProperties;