Security issues fixes
Issue-ID: DMAAP-207
Change-Id: I8c95f2647676fc4c2e754bdc280b97886f53403f
Signed-off-by: Sunil Unnava <su622b@att.com>
diff --git a/.project b/.project
index 885141a..13ca257 100644
--- a/.project
+++ b/.project
@@ -11,12 +11,29 @@
</arguments>
</buildCommand>
<buildCommand>
+ <name>net.sf.eclipsecs.core.CheckstyleBuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
<name>org.eclipse.m2e.core.maven2Builder</name>
<arguments>
</arguments>
</buildCommand>
+ <buildCommand>
+ <name>org.springframework.ide.eclipse.core.springbuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.springframework.ide.eclipse.boot.validation.springbootbuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
</buildSpec>
<natures>
+ <nature>org.springframework.ide.eclipse.core.springnature</nature>
+ <nature>net.sf.eclipsecs.core.CheckstyleNature</nature>
<nature>org.eclipse.jdt.core.javanature</nature>
<nature>org.eclipse.m2e.core.maven2Nature</nature>
</natures>
diff --git a/pom.xml b/pom.xml
index 90ae0fe..2630493 100644
--- a/pom.xml
+++ b/pom.xml
@@ -24,7 +24,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.onap.dmaap.messagerouter.msgrtr</groupId>
<artifactId>msgrtr</artifactId>
- <version>1.1.0-SNAPSHOT</version>
+ <version>1.1.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>dmaap-messagerouter-msgrtr</name>
<description>Message Router - Restful interface built for kafka</description>
@@ -36,7 +36,7 @@
</parent>
<properties>
- <spring.version>3.2.14.RELEASE</spring.version>
+ <spring.version>3.2.15.RELEASE</spring.version>
<cxf.version>3.0.4</cxf.version>
<jstl.version>1.2</jstl.version>
<maven.compiler.target>1.7</maven.compiler.target>
@@ -90,13 +90,62 @@
</developers>
<dependencies>
-
+ <dependency>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ <version>3.2.2</version>
+ </dependency>
+ <dependency>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-core</artifactId>
+ <version>1.2.0</version>
+ </dependency>
+ <dependency>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-classic</artifactId>
+ <version>1.2.0</version>
+ </dependency>
+ <dependency>
+ <groupId>commons-beanutils</groupId>
+ <artifactId>commons-beanutils</artifactId>
+ <version>1.9.2</version>
+ <exclusions>
+ <!-- We have JCL-over-SLF4J instead. -->
+ <exclusion>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.codehaus.groovy</groupId>
+ <artifactId>groovy-all</artifactId>
+ <version>2.4.4</version>
+ <scope>compile</scope>
+ <exclusions>
+ <exclusion>
+ <artifactId>jline</artifactId>
+ <groupId>jline</groupId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>commons-fileupload</groupId>
+ <artifactId>commons-fileupload</artifactId>
+ <version>1.3.3</version>
+ </dependency>
+
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.11</version>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>com.att.aft</groupId>
+ <artifactId>dme2</artifactId>
+ <version>3.1.200-oss</version>
+ </dependency>
<!-- slf4j logger -->
<dependency>
@@ -233,15 +282,21 @@
</exclusions>
</dependency>
<dependency>
- <groupId>org.apache.httpcomponents</groupId>
- <artifactId>httpclient</artifactId>
- <version>4.4.1</version>
- </dependency>
- <dependency>
- <groupId>org.apache.httpcomponents</groupId>
- <artifactId>httpclient-cache</artifactId>
- <version>4.4.1</version>
- </dependency>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpclient</artifactId>
+ <version>4.5.3</version>
+</dependency>
+ <dependency>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpclient-cache</artifactId>
+ <version>4.5.3</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpcore</artifactId>
+ <version>4.4.1</version>
+ </dependency>
+
<!-- explicit jline add b/c it conflicts with the zk client -->
<dependency>
@@ -262,24 +317,12 @@
<version>2.6.0</version>
</dependency>
- <dependency>
- <groupId>com.att.aft</groupId>
- <artifactId>dme2</artifactId>
- <version>3.1.200</version>
- </dependency>
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
<version>2.8.0</version>
</dependency>
- <dependency>
- <groupId>org.mockito</groupId>
- <artifactId>mockito-all</artifactId>
- <version>1.9.5</version>
- <scope>test</scope>
- </dependency>
-
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
diff --git a/src/test/java/com/att/nsa/cambria/service/impl/AdminServiceImplemTest.java b/src/test/java/com/att/nsa/cambria/service/impl/AdminServiceImplemTest.java
index b2db07e..df486d5 100644
--- a/src/test/java/com/att/nsa/cambria/service/impl/AdminServiceImplemTest.java
+++ b/src/test/java/com/att/nsa/cambria/service/impl/AdminServiceImplemTest.java
@@ -25,23 +25,51 @@
import static org.junit.Assert.*;
import java.io.IOException;
+import java.util.Date;
import com.att.nsa.cambria.beans.DMaaPContext;
+import com.att.nsa.cambria.embed.EmbedConfigurationReader;
+import com.att.nsa.cambria.utils.ConfigurationReader;
import com.att.nsa.configs.ConfigDbException;
+import com.att.nsa.drumlin.till.data.sha1HmacSigner;
import com.att.nsa.security.ReadWriteSecuredResource.AccessDeniedException;
-import org.junit.After;
-import org.junit.Before;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
import org.junit.Test;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
public class AdminServiceImplemTest {
+
+ private static DMaaPContext context = new DMaaPContext();
+
+ private static EmbedConfigurationReader embedConfigurationReader = new EmbedConfigurationReader();
- @Before
- public void setUp() throws Exception {
+ @BeforeClass
+ public static void setUp() throws Exception {
+
+ final long nowMs = System.currentTimeMillis();
+ Date date = new Date(nowMs + 10000);
+
+ final String serverCalculatedSignature = sha1HmacSigner.sign(date.toString(), "password");
+ MockHttpServletRequest request = new MockHttpServletRequest();
+ request.addHeader("X-Auth", "admin:" + serverCalculatedSignature);
+
+ //NsaSimpleApiKey apiKey = new NsaSimpleApiKey("admin", "password");
+ // PowerMockito.when(baseNsaApiDbImpl.loadApiKey("b/7ouTn9FfEw2PQwL0ov/Q==")).thenReturn(apiKey);
+
+ request.addHeader("X-Date", date);
+ request.addHeader("Date", date);
+ MockHttpServletResponse response = new MockHttpServletResponse();
+ context.setRequest(request);
+ context.setResponse(response);
+ context.setConfigReader(embedConfigurationReader.buildConfigurationReader());
}
- @After
- public void tearDown() throws Exception {
+ @AfterClass
+ public static void tearDown() throws Exception {
+ embedConfigurationReader.tearDown();
}
@@ -51,7 +79,7 @@
AdminServiceImpl adminServiceImpl = new AdminServiceImpl();
try {
- adminServiceImpl.showConsumerCache(new DMaaPContext());
+ adminServiceImpl.showConsumerCache(context);
} catch (IOException | AccessDeniedException e) {
// TODO Auto-generated catch block
e.printStackTrace();
@@ -73,7 +101,7 @@
AdminServiceImpl adminServiceImpl = new AdminServiceImpl();
try {
- adminServiceImpl.dropConsumerCache(new DMaaPContext());
+ adminServiceImpl.dropConsumerCache(context);
} catch (IOException | AccessDeniedException e) {
// TODO Auto-generated catch block
e.printStackTrace();
@@ -95,7 +123,7 @@
AdminServiceImpl adminServiceImpl = new AdminServiceImpl();
try {
- adminServiceImpl.getBlacklist(new DMaaPContext());
+ adminServiceImpl.getBlacklist(context);
} catch (IOException | AccessDeniedException e) {
// TODO Auto-generated catch block
e.printStackTrace();
@@ -117,7 +145,7 @@
AdminServiceImpl adminServiceImpl = new AdminServiceImpl();
try {
- adminServiceImpl.addToBlacklist(new DMaaPContext(), "120.120.120.120");
+ adminServiceImpl.addToBlacklist(context, "120.120.120.120");
} catch (IOException | AccessDeniedException | ConfigDbException e) {
// TODO Auto-generated catch block
e.printStackTrace();
@@ -139,7 +167,7 @@
AdminServiceImpl adminServiceImpl = new AdminServiceImpl();
try {
- adminServiceImpl.addToBlacklist(new DMaaPContext(), "120.120.120.120");
+ adminServiceImpl.addToBlacklist(context, "120.120.120.120");
} catch (IOException | AccessDeniedException | ConfigDbException e) {
// TODO Auto-generated catch block
e.printStackTrace();
diff --git a/version.properties b/version.properties
index d6e413c..e1118ab 100644
--- a/version.properties
+++ b/version.properties
@@ -27,7 +27,7 @@
major=1
minor=1
-patch=0
+patch=1
base_version=${major}.${minor}.${patch}