Updated client registration (store client secret hashcode).
Change-Id: Ifa14f1439b617be2b1c37c31a8c40298efcc6314
diff --git a/core/src/main/java/de/ids_mannheim/korap/config/AdminSetup.java b/core/src/main/java/de/ids_mannheim/korap/config/AdminSetup.java
deleted file mode 100644
index 4d6687f..0000000
--- a/core/src/main/java/de/ids_mannheim/korap/config/AdminSetup.java
+++ /dev/null
@@ -1,66 +0,0 @@
-package de.ids_mannheim.korap.config;
-
-import java.io.File;
-import java.io.FileOutputStream;
-
-import de.ids_mannheim.korap.interfaces.EncryptionIface;
-
-/**
- * Created by hanl on 30.05.16.
- */
-@Deprecated
-public class AdminSetup {
-
- private final String token_hash;
-
- private static AdminSetup setup;
-
-
- private AdminSetup (String token_hash) {
- this.token_hash = token_hash;
- }
-
-
- public static AdminSetup getInstance () {
- if (setup == null)
- setup = init();
- return setup;
- }
-
-
- public String getHash () {
- return this.token_hash;
- }
-
-
- private static AdminSetup init () {
- EncryptionIface iface = BeansFactory.getKustvaktContext()
- .getEncryption();
- String token = iface.createToken();
- File store = new File("./admin_token");
- try {
- String hash = iface.secureHash(token);
- AdminSetup setup = new AdminSetup(hash);
- FileOutputStream out = new FileOutputStream(store);
- out.write(token.getBytes());
-
- out.close();
-
- store.setReadable(true, true);
- store.setWritable(true, true);
- store.setExecutable(false);
- System.out.println();
- System.out
- .println("_______________________________________________");
- System.out.println("Token created. Please make note of it!");
- System.out.println("Token: " + token);
- System.out
- .println("_______________________________________________");
- System.out.println();
- return setup;
- }
- catch (Exception e) {
- throw new RuntimeException("setup failed! ", e);
- }
- }
-}
diff --git a/core/src/main/java/de/ids_mannheim/korap/config/ContextHolder.java b/core/src/main/java/de/ids_mannheim/korap/config/ContextHolder.java
index 0703cb5..5b716a6 100644
--- a/core/src/main/java/de/ids_mannheim/korap/config/ContextHolder.java
+++ b/core/src/main/java/de/ids_mannheim/korap/config/ContextHolder.java
@@ -6,7 +6,7 @@
import org.springframework.beans.factory.NoSuchBeanDefinitionException;
import org.springframework.context.ApplicationContext;
-import de.ids_mannheim.korap.interfaces.EncryptionIface;
+//import de.ids_mannheim.korap.interfaces.EncryptionIface;
import de.ids_mannheim.korap.interfaces.ValidatorIface;
import de.ids_mannheim.korap.interfaces.db.AuditingIface;
import de.ids_mannheim.korap.interfaces.db.PersistenceClient;
@@ -95,9 +95,9 @@
}
- public EncryptionIface getEncryption () {
- return getBean(KUSTVAKT_ENCRYPTION);
- }
+// public EncryptionIface getEncryption () {
+// return getBean(KUSTVAKT_ENCRYPTION);
+// }
// public AuthenticationManagerIface getAuthenticationManager () {
diff --git a/core/src/main/java/de/ids_mannheim/korap/config/KustvaktConfiguration.java b/core/src/main/java/de/ids_mannheim/korap/config/KustvaktConfiguration.java
index 7198bdc..5c98520 100644
--- a/core/src/main/java/de/ids_mannheim/korap/config/KustvaktConfiguration.java
+++ b/core/src/main/java/de/ids_mannheim/korap/config/KustvaktConfiguration.java
@@ -16,7 +16,6 @@
import org.slf4j.LoggerFactory;
import de.ids_mannheim.korap.exceptions.KustvaktException;
-import de.ids_mannheim.korap.interfaces.EncryptionIface;
import de.ids_mannheim.korap.utils.TimeUtils;
import lombok.Getter;
@@ -60,8 +59,7 @@
private int validationStringLength;
@Deprecated
private int validationEmaillength;
- // fixme: should move to base config?!
- private EncryptionIface.Encryption encryption;
+
private byte[] sharedSecret;
@Deprecated
private String adminToken;
@@ -143,8 +141,7 @@
"security.validation.stringLength", "150"));
validationEmaillength = Integer.valueOf(properties.getProperty(
"security.validation.emailLength", "40"));
- encryption = Enum.valueOf(EncryptionIface.Encryption.class,
- properties.getProperty("security.encryption", "BCRYPT"));
+
sharedSecret = properties.getProperty("security.sharedSecret", "")
.getBytes();
adminToken = properties.getProperty("security.adminToken");
diff --git a/full/Changes b/full/Changes
index 31f8127..b0fd244 100644
--- a/full/Changes
+++ b/full/Changes
@@ -6,6 +6,7 @@
- implemented public client deregistration task (margaretha)
- added client registration and deregistration tests (margaretha)
- implemented confidential client deregistration task (margaretha)
+ - fixed storing client secret (margaretha)
version 0.60.1
28/03/2018
diff --git a/full/pom.xml b/full/pom.xml
index 3667b80..5587931 100644
--- a/full/pom.xml
+++ b/full/pom.xml
@@ -156,7 +156,7 @@
<dependency>
<groupId>de.ids_mannheim.korap</groupId>
<artifactId>Kustvakt-core</artifactId>
- <version>0.60.1</version>
+ <version>0.60.2</version>
</dependency>
<!-- LDAP -->
<dependency>
diff --git a/full/src/main/java/de/ids_mannheim/korap/config/FullConfiguration.java b/full/src/main/java/de/ids_mannheim/korap/config/FullConfiguration.java
index f5f04ad..61b158e 100644
--- a/full/src/main/java/de/ids_mannheim/korap/config/FullConfiguration.java
+++ b/full/src/main/java/de/ids_mannheim/korap/config/FullConfiguration.java
@@ -6,6 +6,8 @@
import java.util.Properties;
import java.util.regex.Pattern;
+import de.ids_mannheim.korap.interfaces.EncryptionIface;
+
/** Configuration for Kustvakt full version including properties concerning
* authentication and licenses.
*
@@ -42,6 +44,8 @@
private boolean isSoftDeleteGroup;
private boolean isSoftDeleteGroupMember;
+ private EncryptionIface.Encryption encryption;
+
public FullConfiguration (Properties properties) throws IOException {
super(properties);
}
@@ -59,6 +63,8 @@
setMailConfiguration(properties);
ldapConfig = properties.getProperty("ldap.config");
+ setEncryption(Enum.valueOf(EncryptionIface.Encryption.class,
+ properties.getProperty("security.encryption", "BCRYPT")));
}
private void setMailConfiguration (Properties properties) {
@@ -283,4 +289,12 @@
this.emailAddressRetrieval = emailAddressRetrieval;
}
+ public EncryptionIface.Encryption getEncryption () {
+ return encryption;
+ }
+
+ public void setEncryption (EncryptionIface.Encryption encryption) {
+ this.encryption = encryption;
+ }
+
}
diff --git a/full/src/main/java/de/ids_mannheim/korap/dao/OAuth2ClientDao.java b/full/src/main/java/de/ids_mannheim/korap/dao/OAuth2ClientDao.java
index 21b3e2a..5ab083f 100644
--- a/full/src/main/java/de/ids_mannheim/korap/dao/OAuth2ClientDao.java
+++ b/full/src/main/java/de/ids_mannheim/korap/dao/OAuth2ClientDao.java
@@ -26,7 +26,7 @@
@PersistenceContext
private EntityManager entityManager;
- public void registerClient (String id, String secret, String name,
+ public void registerClient (String id, String secretHashcode, String name,
OAuth2ClientType type, String url, int urlHashCode,
String redirectURI, String registeredBy) throws KustvaktException {
ParameterChecker.checkStringValue(id, "client id");
@@ -39,7 +39,7 @@
OAuth2Client client = new OAuth2Client();
client.setId(id);
client.setName(name);
- client.setSecret(secret);
+ client.setSecret(secretHashcode);
client.setType(type);
client.setUrl(url);
client.setUrlHashCode(urlHashCode);
diff --git a/core/src/main/java/de/ids_mannheim/korap/interfaces/defaults/DefaultEncryption.java b/full/src/main/java/de/ids_mannheim/korap/encryption/DefaultEncryption.java
similarity index 90%
rename from core/src/main/java/de/ids_mannheim/korap/interfaces/defaults/DefaultEncryption.java
rename to full/src/main/java/de/ids_mannheim/korap/encryption/DefaultEncryption.java
index d870e24..0f18f20 100644
--- a/core/src/main/java/de/ids_mannheim/korap/interfaces/defaults/DefaultEncryption.java
+++ b/full/src/main/java/de/ids_mannheim/korap/encryption/DefaultEncryption.java
@@ -1,4 +1,4 @@
-package de.ids_mannheim.korap.interfaces.defaults;
+package de.ids_mannheim.korap.encryption;
import de.ids_mannheim.korap.config.ContextHolder;
import de.ids_mannheim.korap.config.Configurable;
@@ -29,8 +29,7 @@
@Override
public String secureHash (String input, String salt)
- throws NoSuchAlgorithmException, UnsupportedEncodingException,
- KustvaktException {
+ throws KustvaktException {
return null;
}
diff --git a/core/src/main/java/de/ids_mannheim/korap/interfaces/defaults/KustvaktEncryption.java b/full/src/main/java/de/ids_mannheim/korap/encryption/KustvaktEncryption.java
similarity index 89%
rename from core/src/main/java/de/ids_mannheim/korap/interfaces/defaults/KustvaktEncryption.java
rename to full/src/main/java/de/ids_mannheim/korap/encryption/KustvaktEncryption.java
index 1539cfc..b73a524 100644
--- a/core/src/main/java/de/ids_mannheim/korap/interfaces/defaults/KustvaktEncryption.java
+++ b/full/src/main/java/de/ids_mannheim/korap/encryption/KustvaktEncryption.java
@@ -1,13 +1,10 @@
-package de.ids_mannheim.korap.interfaces.defaults;
+package de.ids_mannheim.korap.encryption;
-import de.ids_mannheim.korap.config.KustvaktConfiguration;
-import de.ids_mannheim.korap.exceptions.KustvaktException;
-import de.ids_mannheim.korap.exceptions.StatusCodes;
-import de.ids_mannheim.korap.interfaces.EncryptionIface;
-import de.ids_mannheim.korap.config.Attributes;
-import de.ids_mannheim.korap.user.User;
-import de.ids_mannheim.korap.web.utils.KustvaktMap;
-import edu.emory.mathcs.backport.java.util.Collections;
+import java.io.UnsupportedEncodingException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+
import org.apache.commons.codec.EncoderException;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.RandomStringUtils;
@@ -15,16 +12,8 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import java.io.UnsupportedEncodingException;
-import java.lang.reflect.Field;
-import java.lang.reflect.Modifier;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
+import de.ids_mannheim.korap.config.FullConfiguration;
+import de.ids_mannheim.korap.interfaces.EncryptionIface;
public class KustvaktEncryption implements EncryptionIface {
@@ -32,10 +21,10 @@
private static Logger jlog = LoggerFactory
.getLogger(KustvaktEncryption.class);
- private final KustvaktConfiguration config;
+ private final FullConfiguration config;
- public KustvaktEncryption (KustvaktConfiguration config) {
+ public KustvaktEncryption (FullConfiguration config) {
jlog.info("initializing KorAPEncryption implementation");
this.config = config;
}
@@ -176,11 +165,14 @@
@Override
public String createToken () {
- String encoded;
- String v = RandomStringUtils.randomAlphanumeric(64);
- encoded = hash(v);
- jlog.trace("creating new token {}", encoded);
- return encoded;
+ return RandomStringUtils.randomAlphanumeric(64);
+
+ // EM: code from MH
+// String encoded;
+// String v = RandomStringUtils.randomAlphanumeric(64);
+// encoded = hash(v);
+// jlog.trace("creating new token {}", encoded);
+// return encoded;
}
diff --git a/full/src/main/java/de/ids_mannheim/korap/entity/OAuth2Client.java b/full/src/main/java/de/ids_mannheim/korap/entity/OAuth2Client.java
index c6d179f..35b6dce 100644
--- a/full/src/main/java/de/ids_mannheim/korap/entity/OAuth2Client.java
+++ b/full/src/main/java/de/ids_mannheim/korap/entity/OAuth2Client.java
@@ -24,6 +24,7 @@
@Id
private String id;
private String name;
+ // Secret hashcode is stored instead of plain secret
private String secret;
@Enumerated(EnumType.STRING)
private OAuth2ClientType type;
diff --git a/core/src/main/java/de/ids_mannheim/korap/interfaces/EncryptionIface.java b/full/src/main/java/de/ids_mannheim/korap/interfaces/EncryptionIface.java
similarity index 88%
rename from core/src/main/java/de/ids_mannheim/korap/interfaces/EncryptionIface.java
rename to full/src/main/java/de/ids_mannheim/korap/interfaces/EncryptionIface.java
index 1042992..134ebdb 100644
--- a/core/src/main/java/de/ids_mannheim/korap/interfaces/EncryptionIface.java
+++ b/full/src/main/java/de/ids_mannheim/korap/interfaces/EncryptionIface.java
@@ -21,12 +21,9 @@
* @param input
* @param salt
* @return
- * @throws java.security.NoSuchAlgorithmException
- * @throws java.io.UnsupportedEncodingException
*/
public String secureHash (String input, String salt)
- throws NoSuchAlgorithmException, UnsupportedEncodingException,
- KustvaktException;
+ throws KustvaktException;
public String secureHash (String input) throws NoSuchAlgorithmException,
diff --git a/full/src/main/java/de/ids_mannheim/korap/service/OAuth2ClientService.java b/full/src/main/java/de/ids_mannheim/korap/service/OAuth2ClientService.java
index c6c732b..fe27503 100644
--- a/full/src/main/java/de/ids_mannheim/korap/service/OAuth2ClientService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/service/OAuth2ClientService.java
@@ -9,6 +9,7 @@
import de.ids_mannheim.korap.authentication.http.AuthorizationData;
import de.ids_mannheim.korap.authentication.http.HttpAuthorizationHandler;
+import de.ids_mannheim.korap.config.FullConfiguration;
import de.ids_mannheim.korap.constant.AuthenticationScheme;
import de.ids_mannheim.korap.constant.OAuth2ClientType;
import de.ids_mannheim.korap.dao.AdminDao;
@@ -34,6 +35,8 @@
private EncryptionIface encryption;
@Autowired
private HttpAuthorizationHandler authorizationHandler;
+ @Autowired
+ private FullConfiguration config;
public OAuth2ClientDto registerClient (OAuth2ClientJson clientJson,
@@ -49,6 +52,7 @@
}
String secret = null;
+ String secretHashcode = null;
if (clientJson.getType().equals(OAuth2ClientType.CONFIDENTIAL)) {
// RFC 6749:
// The authorization server MUST NOT issue client passwords or other
@@ -61,11 +65,13 @@
// specific device.
secret = encryption.createToken();
+ secretHashcode = encryption.secureHash(secret,
+ config.getPasscodeSaltField());
}
String id = encryption.createRandomNumber();
try {
- clientDao.registerClient(id, secret, clientJson.getName(),
+ clientDao.registerClient(id, secretHashcode, clientJson.getName(),
clientJson.getType(), clientJson.getUrl(),
clientJson.getUrl().hashCode(), clientJson.getRedirectURI(),
registeredBy);
@@ -162,7 +168,9 @@
.equals(AuthenticationScheme.BASIC)) {
authorizationHandler.parseBasicToken(authData);
if (!client.getId().equals(clientId)
- || !client.getSecret().equals(authData.getPassword())) {
+ || !encryption.checkHash(authData.getPassword(),
+ client.getSecret(),
+ config.getPasscodeSaltField())) {
throw new KustvaktException(
StatusCodes.AUTHENTICATION_FAILED,
"Client credentials are incorrect.");
diff --git a/full/src/main/resources/default-config.xml b/full/src/main/resources/default-config.xml
index b3bf566..76917d4 100644
--- a/full/src/main/resources/default-config.xml
+++ b/full/src/main/resources/default-config.xml
@@ -196,7 +196,7 @@
</bean>
<bean name="kustvakt_encryption"
- class="de.ids_mannheim.korap.interfaces.defaults.KustvaktEncryption">
+ class="de.ids_mannheim.korap.encryption.KustvaktEncryption">
<constructor-arg ref="kustvakt_config" />
</bean>
diff --git a/full/src/test/java/de/ids_mannheim/korap/config/ConfigTest.java b/full/src/test/java/de/ids_mannheim/korap/config/ConfigTest.java
index 8fd00ef..ac3a131 100644
--- a/full/src/test/java/de/ids_mannheim/korap/config/ConfigTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/config/ConfigTest.java
@@ -3,17 +3,12 @@
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotEquals;
import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertTrue;
-import java.io.File;
-import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
-import java.security.NoSuchAlgorithmException;
import java.util.Map;
import java.util.Properties;
-import org.codehaus.plexus.util.IOUtil;
import org.junit.Ignore;
import org.junit.Test;
@@ -43,22 +38,6 @@
assertNotNull(p);
}
-
- @Test
- public void testAdminHash () throws IOException, KustvaktException,
- NoSuchAlgorithmException {
- AdminSetup setup = AdminSetup.getInstance();
- String hash = setup.getHash();
- File f = new File("./admin_token");
- FileInputStream stream = new FileInputStream(f);
- String token = IOUtil.toString(stream);
- assertNotEquals("", hash);
- assertNotEquals("", token);
- EncryptionIface crypto = helper().getContext().getEncryption();
- assertTrue(crypto.checkHash(token, hash));
- }
-
-
@Test
public void testServiceInfo () {
String version = ServiceInfo.getInfo().getVersion();
@@ -89,16 +68,6 @@
}
@Test
- @Ignore
- public void testKustvaktValueValidation() {
- Map m = KustvaktConfiguration.KUSTVAKT_USER;
- EncryptionIface crypto = helper().getContext().getEncryption();
-
-
- }
-
-
- @Test
public void testBootConfigDependencyOrder () {
// todo:
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/OAuth2HandlerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/OAuth2HandlerTest.java
index a8742fa..24d468f 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/OAuth2HandlerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/OAuth2HandlerTest.java
@@ -11,6 +11,7 @@
import de.ids_mannheim.korap.config.BeanConfigTest;
import de.ids_mannheim.korap.config.ClientInfo;
import de.ids_mannheim.korap.config.ContextHolder;
+import de.ids_mannheim.korap.encryption.KustvaktEncryption;
import de.ids_mannheim.korap.exceptions.KustvaktException;
import de.ids_mannheim.korap.handlers.OAuth2Handler;
import de.ids_mannheim.korap.interfaces.EncryptionIface;
@@ -23,6 +24,7 @@
* @date 13/05/2015
*/
@Ignore
+@Deprecated
public class OAuth2HandlerTest extends BeanConfigTest {
private static ClientInfo info;
@@ -33,14 +35,20 @@
@Test
public void testStoreAuthorizationCodeThrowsNoException ()
throws KustvaktException {
- String auth_code = helper().getContext().getEncryption().createToken();
- AuthCodeInfo codeInfo = new AuthCodeInfo(info.getClient_id(), auth_code);
+
+ EncryptionIface crypto = new KustvaktEncryption(
+ helper().getContext().getConfiguration());
+
+ String auth_code = crypto.createToken();
+ AuthCodeInfo codeInfo =
+ new AuthCodeInfo(info.getClient_id(), auth_code);
codeInfo.setScopes(SCOPES);
- OAuth2Handler handler = new OAuth2Handler(helper().getContext()
- .getPersistenceClient());
+ OAuth2Handler handler =
+ new OAuth2Handler(helper().getContext().getPersistenceClient());
handler.authorize(codeInfo, helper().getUser());
- assertTrue("couldn't find entry in cache", handler.hasCacheEntry(codeInfo.getCode()));
+ assertTrue("couldn't find entry in cache",
+ handler.hasCacheEntry(codeInfo.getCode()));
codeInfo = handler.getAuthorization(auth_code);
assertNotNull("client is null!", codeInfo);
}
@@ -49,15 +57,19 @@
@Test
public void testAuthorizationCodeRemoveThrowsNoException ()
throws KustvaktException {
- String auth_code = helper().getContext().getEncryption().createToken();
- AuthCodeInfo codeInfo = new AuthCodeInfo(info.getClient_id(), auth_code);
+ EncryptionIface crypto = new KustvaktEncryption(
+ helper().getContext().getConfiguration());
+
+ String auth_code = crypto.createToken();
+ AuthCodeInfo codeInfo =
+ new AuthCodeInfo(info.getClient_id(), auth_code);
codeInfo.setScopes(SCOPES);
- OAuth2Handler handler = new OAuth2Handler(helper().getContext()
- .getPersistenceClient());
+ OAuth2Handler handler =
+ new OAuth2Handler(helper().getContext().getPersistenceClient());
handler.authorize(codeInfo, helper().getUser());
- String t = helper().getContext().getEncryption().createToken();
- String refresh = helper().getContext().getEncryption().createToken();
+ String t = crypto.createToken();
+ String refresh = crypto.createToken();
handler.addToken(codeInfo.getCode(), t, refresh, 7200);
TokenContext ctx = handler.getPersistenceHandler().getContext(t);
@@ -76,8 +88,11 @@
@Test
public void testStoreAccessCodeViaAuthCodeThrowsNoException () {
- String auth_code = helper().getContext().getEncryption().createToken();
- AuthCodeInfo codeInfo = new AuthCodeInfo(info.getClient_id(), auth_code);
+ String auth_code =
+ new KustvaktEncryption(helper().getContext().getConfiguration())
+ .createToken();
+ AuthCodeInfo codeInfo =
+ new AuthCodeInfo(info.getClient_id(), auth_code);
codeInfo.setScopes(SCOPES);
}
@@ -112,14 +127,17 @@
public void initMethod () throws KustvaktException {
helper().setupAccount();
- EncryptionIface crypto = helper().getContext().getEncryption();
- info = new ClientInfo(crypto.createRandomNumber(), crypto.createToken());
+ EncryptionIface crypto = new KustvaktEncryption(
+ helper().getContext().getConfiguration());
+ info = new ClientInfo(crypto.createRandomNumber(),
+ crypto.createToken());
info.setConfidential(true);
//todo: support for subdomains?!
info.setUrl("http://localhost:8080/api/v0.1");
info.setRedirect_uri("testwebsite/login");
PersistenceClient cl = helper().getBean(ContextHolder.KUSTVAKT_DB);
OAuth2Handler handler = new OAuth2Handler(cl);
- handler.getPersistenceHandler().registerClient(info, helper().getUser());
+ handler.getPersistenceHandler().registerClient(info,
+ helper().getUser());
}
}
diff --git a/full/src/test/resources/test-config.xml b/full/src/test/resources/test-config.xml
index ffd8c9e..562c3bb 100644
--- a/full/src/test/resources/test-config.xml
+++ b/full/src/test/resources/test-config.xml
@@ -195,7 +195,7 @@
</bean>
<bean name="kustvakt_encryption"
- class="de.ids_mannheim.korap.interfaces.defaults.KustvaktEncryption">
+ class="de.ids_mannheim.korap.encryption.KustvaktEncryption">
<constructor-arg ref="kustvakt_config" />
</bean>
diff --git a/lite/pom.xml b/lite/pom.xml
index f73ba49..38c5a4d 100644
--- a/lite/pom.xml
+++ b/lite/pom.xml
@@ -147,7 +147,7 @@
<dependency>
<groupId>de.ids_mannheim.korap</groupId>
<artifactId>Kustvakt-core</artifactId>
- <version>0.60.1</version>
+ <version>0.60.2</version>
</dependency>
<!-- Spring -->