Updated Jetty version due to vulnerabilities & uses fasterxml Jackson.
Change-Id: If6eaf454e06ba8afb05bbb2c752f53f4de79853f
diff --git a/core/Changes b/core/Changes
index ccc96b2..ceb57ee 100644
--- a/core/Changes
+++ b/core/Changes
@@ -2,7 +2,9 @@
18/03/2019
- Added close index controller (margaretha)
11/04/2019
- - Fixed multiple Jackson implementations (margaretha)
+ - Fixed multiple Jackson implementations (margaretha)
+25/04/2019
+ - Updated Jetty version due to vulnerabilities (margaretha)
# version 0.61.6
06/02/2019
diff --git a/core/pom.xml b/core/pom.xml
index aadb9b8..4699ffe 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -10,7 +10,7 @@
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<spring.version>5.1.2.RELEASE</spring.version>
<jersey.version>1.19.4</jersey.version>
- <jetty.version>9.4.12.v20180830</jetty.version>
+ <jetty.version>9.4.17.v20190418</jetty.version>
<hibernate.version>5.3.7.Final</hibernate.version>
</properties>
<build>
@@ -88,12 +88,6 @@
</execution>
</executions>
</plugin>
- <!-- <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-surefire-plugin</artifactId>
- <version>2.20.1</version> <configuration> <reuseForks>false</reuseForks>
- <forkCount>2</forkCount> <threadCount>10</threadCount> <argLine>-Xmx1024m
- -XX:MaxPermSize=256m</argLine> <excludes> <exclude>**/*APITest.java</exclude>
- </excludes> <includes> <include>de/ids_mannheim/korap/**/*.java</include>
- </includes> </configuration> </plugin> -->
</plugins>
</build>
<dependencies>
@@ -171,11 +165,12 @@
<artifactId>json-smart</artifactId>
<version>1.0.9</version>
</dependency>
- <!-- JSON support in Jersey -->
+
+ <!-- Jersey 1x originally uses codehaus -->
<dependency>
<groupId>com.fasterxml.jackson.jaxrs</groupId>
<artifactId>jackson-jaxrs-json-provider</artifactId>
- <version>[2.9.5,)</version>
+ <version>[2.9.8,)</version>
</dependency>
<!-- Flyway -->
@@ -295,11 +290,21 @@
</dependency>
<dependency>
+ <groupId>javax.annotation</groupId>
+ <artifactId>javax.annotation-api</artifactId>
+ <version>1.3.2</version>
+ </dependency>
+
+ <dependency>
<groupId>de.ids_mannheim.korap</groupId>
<artifactId>Krill</artifactId>
<version>[0.58.5,)</version>
<exclusions>
<exclusion>
+ <groupId>org.glassfish.jersey.containers</groupId>
+ <artifactId>jersey-container-grizzly2-http</artifactId>
+ </exclusion>
+ <exclusion>
<groupId>org.xerial</groupId>
<artifactId>sqlite-jdbc</artifactId>
</exclusion>
diff --git a/core/src/main/java/de/ids_mannheim/korap/server/KustvaktBaseServer.java b/core/src/main/java/de/ids_mannheim/korap/server/KustvaktBaseServer.java
index 8de109b..2ec9040 100644
--- a/core/src/main/java/de/ids_mannheim/korap/server/KustvaktBaseServer.java
+++ b/core/src/main/java/de/ids_mannheim/korap/server/KustvaktBaseServer.java
@@ -39,7 +39,10 @@
protected static String rootPackages;
protected static KustvaktArgs kargs;
- public KustvaktBaseServer () {}
+ public KustvaktBaseServer () {
+ rootPackages = "de.ids_mannheim.korap.web; "
+ + "com.fasterxml.jackson.jaxrs.json;";
+ }
protected KustvaktArgs readAttributes (String[] args) {
KustvaktArgs kargs = new KustvaktArgs();
@@ -106,8 +109,6 @@
ServletHolder servletHolder = new ServletHolder(new SpringServlet());
servletHolder.setInitParameter(
"com.sun.jersey.config.property.packages", rootPackages);
- servletHolder.setInitParameter(
- "com.sun.jersey.api.json.POJOMappingFeature", "true");
servletHolder.setInitOrder(1);
contextHandler.addServlet(servletHolder, config.getBaseURL());
diff --git a/full/src/main/java/de/ids_mannheim/korap/server/KustvaktServer.java b/full/src/main/java/de/ids_mannheim/korap/server/KustvaktServer.java
index b3a3a6e..8e23f82 100644
--- a/full/src/main/java/de/ids_mannheim/korap/server/KustvaktServer.java
+++ b/full/src/main/java/de/ids_mannheim/korap/server/KustvaktServer.java
@@ -42,7 +42,7 @@
if (kargs.getSpringConfig() == null){
kargs.setSpringConfig("default-config.xml");
}
- rootPackages = "de.ids_mannheim.korap.web;";
+
server.start();
}
}
diff --git a/full/src/test/java/de/ids_mannheim/korap/config/SpringJerseyTest.java b/full/src/test/java/de/ids_mannheim/korap/config/SpringJerseyTest.java
index b9ed11b..8a2f730 100644
--- a/full/src/test/java/de/ids_mannheim/korap/config/SpringJerseyTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/config/SpringJerseyTest.java
@@ -11,6 +11,8 @@
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.web.context.support.GenericWebApplicationContext;
+import com.sun.jersey.api.client.config.ClientConfig;
+import com.sun.jersey.api.client.config.DefaultClientConfig;
import com.sun.jersey.spi.spring.container.servlet.SpringServlet;
import com.sun.jersey.test.framework.AppDescriptor;
import com.sun.jersey.test.framework.JerseyTest;
@@ -28,10 +30,9 @@
@Autowired
protected GenericApplicationContext applicationContext;
- private static String[] classPackages =
- new String[] { "de.ids_mannheim.korap.web.controller",
- "de.ids_mannheim.korap.web.filter",
- "de.ids_mannheim.korap.web.utils" };
+ public static String[] classPackages =
+ new String[] { "de.ids_mannheim.korap.web",
+ "com.fasterxml.jackson.jaxrs.json"};
@Override
protected TestContainerFactory getTestContainerFactory ()
@@ -54,6 +55,11 @@
@Override
protected AppDescriptor configure () {
+ // Simulation of the production server
+ // Indicate to use codehaus jackson
+ ClientConfig config = new DefaultClientConfig();
+ config.getFeatures().put("com.sun.jersey.api.json.POJOMappingFeature", true);
+
return new WebAppDescriptor.Builder(classPackages)
.servletClass(SpringServlet.class)
.contextListenerClass(StaticContextLoaderListener.class)
diff --git a/full/src/test/java/de/ids_mannheim/korap/misc/MapUtilsTest.java b/full/src/test/java/de/ids_mannheim/korap/misc/MapUtilsTest.java
index e95615a..4a7317b 100644
--- a/full/src/test/java/de/ids_mannheim/korap/misc/MapUtilsTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/misc/MapUtilsTest.java
@@ -4,11 +4,12 @@
import java.util.Map;
-import javax.ws.rs.core.MultivaluedHashMap;
import javax.ws.rs.core.MultivaluedMap;
import org.junit.Test;
+import com.sun.jersey.core.util.MultivaluedMapImpl;
+
import de.ids_mannheim.korap.web.utils.MapUtils;
import edu.emory.mathcs.backport.java.util.Arrays;
@@ -17,8 +18,7 @@
@SuppressWarnings("unchecked")
@Test
public void testConvertToMap () {
- MultivaluedMap<String, String> mm =
- new MultivaluedHashMap<String, String>();
+ MultivaluedMap<String, String> mm = new MultivaluedMapImpl();
mm.put("k1", Arrays.asList(new String[] { "a", "b", "c" }));
mm.put("k2", Arrays.asList(new String[] { "d", "e", "f" }));
@@ -35,8 +35,7 @@
@Test
public void testConvertEmptyMap () {
- MultivaluedMap<String, String> mm =
- new MultivaluedHashMap<String, String>();
+ MultivaluedMap<String, String> mm = new MultivaluedMapImpl();
Map<String, String> map = MapUtils.toMap(mm);
assertEquals(0, map.size());
}
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerAdminTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerAdminTest.java
index fb0a22c..5e66b23 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerAdminTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerAdminTest.java
@@ -3,7 +3,6 @@
import static org.junit.Assert.assertEquals;
import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedHashMap;
import javax.ws.rs.core.MultivaluedMap;
import org.junit.Test;
@@ -205,7 +204,7 @@
private void testAddMemberRoles (String groupId, String memberUsername)
throws UniformInterfaceException, ClientHandlerException,
KustvaktException {
- MultivaluedMap<String, String> map = new MultivaluedHashMap<>();
+ MultivaluedMap<String, String> map = new MultivaluedMapImpl();
map.add("groupId", groupId.toString());
map.add("memberUsername", memberUsername);
map.add("roleIds", "1"); // USER_GROUP_ADMIN
@@ -239,7 +238,7 @@
private void testDeleteMemberRoles (String groupId, String memberUsername)
throws UniformInterfaceException, ClientHandlerException,
KustvaktException {
- MultivaluedMap<String, String> map = new MultivaluedHashMap<>();
+ MultivaluedMap<String, String> map = new MultivaluedMapImpl();
map.add("groupId", groupId.toString());
map.add("memberUsername", memberUsername);
map.add("roleIds", "1"); // USER_GROUP_ADMIN
diff --git a/lite/src/main/java/de/ids_mannheim/korap/server/KustvaktLiteServer.java b/lite/src/main/java/de/ids_mannheim/korap/server/KustvaktLiteServer.java
index c1b533f..7203b4b 100644
--- a/lite/src/main/java/de/ids_mannheim/korap/server/KustvaktLiteServer.java
+++ b/lite/src/main/java/de/ids_mannheim/korap/server/KustvaktLiteServer.java
@@ -33,7 +33,6 @@
config.loadBasicProperties(properties);
kargs.setSpringConfig("lite-config.xml");
- rootPackages = "de.ids_mannheim.korap.web";
server.start();
}
diff --git a/lite/src/test/java/de/ids_mannheim/korap/config/LiteJerseyTest.java b/lite/src/test/java/de/ids_mannheim/korap/config/LiteJerseyTest.java
index bef92bf..99b2703 100644
--- a/lite/src/test/java/de/ids_mannheim/korap/config/LiteJerseyTest.java
+++ b/lite/src/test/java/de/ids_mannheim/korap/config/LiteJerseyTest.java
@@ -28,10 +28,9 @@
@Autowired
protected GenericApplicationContext applicationContext;
- private static String[] classPackages =
- new String[] { "de.ids_mannheim.korap.web.controller",
- "de.ids_mannheim.korap.web.filter",
- "de.ids_mannheim.korap.web.utils" };
+ public static String[] classPackages =
+ new String[] { "de.ids_mannheim.korap.web",
+ "com.fasterxml.jackson.jaxrs.json"};
@Override
protected TestContainerFactory getTestContainerFactory ()