diff options
author | wasala <przemyslaw.wasala@nokia.com> | 2018-10-16 10:36:59 +0200 |
---|---|---|
committer | wasala <przemyslaw.wasala@nokia.com> | 2018-10-16 10:40:58 +0200 |
commit | bb31441a6f401a0c819cb8158be85bf51cdfd405 (patch) | |
tree | 9405064cff48ac4878ddeb506f24181a947f3c31 | |
parent | 00c3ed839d7e46f991a7d7948eab142d6bb9b699 (diff) |
CLM SCAN VULNERABILITIES
*Upgraded Spring from 5.0.5 -> 5.1.0i
*Changed implementation of SSL in AAICLient
Change-Id: I1341c19931031da67c2d0deb14940a2748b0203b
Issue-ID: DCAEGEN2-870
Signed-off-by: wasala <przemyslaw.wasala@nokia.com>
-rw-r--r-- | pom.xml | 23 | ||||
-rw-r--r-- | prh-aai-client/pom.xml | 14 | ||||
-rw-r--r-- | prh-aai-client/src/main/java/org/onap/dcaegen2/services/prh/service/AaiReactiveWebClient.java | 15 | ||||
-rw-r--r-- | prh-app-server/pom.xml | 8 | ||||
-rw-r--r-- | prh-commons/pom.xml | 3 | ||||
-rw-r--r-- | prh-dmaap-client/pom.xml | 14 | ||||
-rw-r--r-- | version.properties | 2 |
7 files changed, 55 insertions, 24 deletions
@@ -32,7 +32,7 @@ <groupId>org.onap.dcaegen2.services</groupId> <artifactId>prh</artifactId> - <version>1.1.0-SNAPSHOT</version> + <version>1.1.1-SNAPSHOT</version> <name>dcaegen2-services-prh</name> <description>PNF Registration Handler</description> @@ -48,8 +48,8 @@ <properties> <java.version>8</java.version> <immutables.version>2.5.6</immutables.version> - <spring.version>5.0.5.RELEASE</spring.version> - <spring-boot.version>2.0.4.RELEASE</spring-boot.version> + <spring.version>5.1.0.RELEASE</spring.version> + <spring-boot.version>2.0.5.RELEASE</spring-boot.version> <tomcat.version>8.5.32</tomcat.version> <slf4j.version>1.7.25</slf4j.version> <junit-jupiter.version>5.1.0</junit-jupiter.version> @@ -133,11 +133,16 @@ <dependency> <groupId>io.projectreactor</groupId> <artifactId>reactor-bom</artifactId> - <version>Bismuth-SR10</version> + <version>Bismuth-SR12</version> <type>pom</type> <scope>import</scope> </dependency> <dependency> + <groupId>io.projectreactor.netty</groupId> + <artifactId>reactor-netty</artifactId> + <version>0.8.1.RELEASE</version> + </dependency> + <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-dependencies</artifactId> <version>${spring-boot.version}</version> @@ -162,6 +167,16 @@ </dependency> <dependency> <groupId>org.springframework</groupId> + <artifactId>spring-core</artifactId> + <version>${spring.version}</version> + </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-web</artifactId> + <version>${spring.version}</version> + </dependency> + <dependency> + <groupId>org.springframework</groupId> <artifactId>spring-context</artifactId> <version>${spring.version}</version> </dependency> diff --git a/prh-aai-client/pom.xml b/prh-aai-client/pom.xml index b86e9048..f08fed32 100644 --- a/prh-aai-client/pom.xml +++ b/prh-aai-client/pom.xml @@ -26,7 +26,7 @@ <parent> <groupId>org.onap.dcaegen2.services</groupId> <artifactId>prh</artifactId> - <version>1.1.0-SNAPSHOT</version> + <version>1.1.1-SNAPSHOT</version> </parent> <groupId>org.onap.dcaegen2.services.prh</groupId> @@ -48,10 +48,18 @@ </dependency> <dependency> <groupId>org.springframework</groupId> + <artifactId>spring-core</artifactId> + </dependency> + <dependency> + <groupId>org.springframework</groupId> <artifactId>spring-context</artifactId> </dependency> <dependency> <groupId>org.springframework</groupId> + <artifactId>spring-web</artifactId> + </dependency> + <dependency> + <groupId>org.springframework</groupId> <artifactId>spring-webflux</artifactId> </dependency> <dependency> @@ -59,6 +67,10 @@ <artifactId>spring-boot-starter-reactor-netty</artifactId> </dependency> <dependency> + <groupId>io.projectreactor.netty</groupId> + <artifactId>reactor-netty</artifactId> + </dependency> + <dependency> <groupId>org.onap.dcaegen2.services.prh</groupId> <artifactId>prh-commons</artifactId> <version>${project.version}</version> diff --git a/prh-aai-client/src/main/java/org/onap/dcaegen2/services/prh/service/AaiReactiveWebClient.java b/prh-aai-client/src/main/java/org/onap/dcaegen2/services/prh/service/AaiReactiveWebClient.java index 0dfe1f9e..256aa3b9 100644 --- a/prh-aai-client/src/main/java/org/onap/dcaegen2/services/prh/service/AaiReactiveWebClient.java +++ b/prh-aai-client/src/main/java/org/onap/dcaegen2/services/prh/service/AaiReactiveWebClient.java @@ -35,7 +35,9 @@ import org.onap.dcaegen2.services.prh.config.AaiClientConfiguration; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.slf4j.MDC; +import org.springframework.http.client.reactive.ClientHttpConnector; import org.springframework.http.client.reactive.ReactorClientHttpConnector; +import org.springframework.http.client.reactive.ReactorResourceFactory; import org.springframework.web.reactive.function.client.ExchangeFilterFunction; import org.springframework.web.reactive.function.client.WebClient; import reactor.core.publisher.Mono; @@ -68,18 +70,15 @@ public class AaiReactiveWebClient { * @return WebClient */ public WebClient build() throws SSLException { - SslContext sslContext; - sslContext = SslContextBuilder + LOGGER.debug("Setting ssl context"); + SslContext sslContext = SslContextBuilder .forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .build(); - LOGGER.debug("Setting ssl context"); - + ClientHttpConnector reactorClientHttpConnector = new ReactorClientHttpConnector(new ReactorResourceFactory(), + httpClient -> httpClient.secure(sslContextSpec -> sslContextSpec.sslContext(sslContext))); return WebClient.builder() - .clientConnector(new ReactorClientHttpConnector(clientOptions -> { - clientOptions.sslContext(sslContext); - clientOptions.disablePool(); - })) + .clientConnector(reactorClientHttpConnector) .defaultHeaders(httpHeaders -> httpHeaders.setAll(aaiHeaders)) .filter(basicAuthentication(aaiUserName, aaiUserPassword)) .filter(logRequest()) diff --git a/prh-app-server/pom.xml b/prh-app-server/pom.xml index df76b2b7..6584b5f9 100644 --- a/prh-app-server/pom.xml +++ b/prh-app-server/pom.xml @@ -26,7 +26,7 @@ <parent> <groupId>org.onap.dcaegen2.services</groupId> <artifactId>prh</artifactId> - <version>1.1.0-SNAPSHOT</version> + <version>1.1.1-SNAPSHOT</version> </parent> <groupId>org.onap.dcaegen2.services.prh</groupId> @@ -130,12 +130,6 @@ <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> - <!--<exclusions>--> - <!--<exclusion>--> - <!--<groupId>com.fasterxml.jackson.core</groupId>--> - <!--<artifactId>jackson-databind</artifactId>--> - <!--</exclusion>--> - <!--</exclusions>--> </dependency> <dependency> <groupId>org.springframework.boot</groupId> diff --git a/prh-commons/pom.xml b/prh-commons/pom.xml index 7cc78388..27b2efed 100644 --- a/prh-commons/pom.xml +++ b/prh-commons/pom.xml @@ -26,7 +26,7 @@ <parent> <groupId>org.onap.dcaegen2.services</groupId> <artifactId>prh</artifactId> - <version>1.1.0-SNAPSHOT</version> + <version>1.1.1-SNAPSHOT</version> </parent> <groupId>org.onap.dcaegen2.services.prh</groupId> @@ -73,7 +73,6 @@ <dependency> <groupId>org.springframework</groupId> <artifactId>spring-web</artifactId> - <version>5.0.5.RELEASE</version> </dependency> </dependencies> </project> diff --git a/prh-dmaap-client/pom.xml b/prh-dmaap-client/pom.xml index 9778e8c7..384f652d 100644 --- a/prh-dmaap-client/pom.xml +++ b/prh-dmaap-client/pom.xml @@ -26,7 +26,7 @@ <parent> <groupId>org.onap.dcaegen2.services</groupId> <artifactId>prh</artifactId> - <version>1.1.0-SNAPSHOT</version> + <version>1.1.1-SNAPSHOT</version> </parent> <groupId>org.onap.dcaegen2.services.prh</groupId> @@ -48,6 +48,18 @@ </dependency> <dependency> <groupId>org.springframework</groupId> + <artifactId>spring-web</artifactId> + </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-core</artifactId> + </dependency> + <dependency> + <groupId>io.projectreactor.netty</groupId> + <artifactId>reactor-netty</artifactId> + </dependency> + <dependency> + <groupId>org.springframework</groupId> <artifactId>spring-webflux</artifactId> </dependency> <dependency> diff --git a/version.properties b/version.properties index 73415a7d..11ad59d0 100644 --- a/version.properties +++ b/version.properties @@ -1,6 +1,6 @@ major=1
minor=1
-patch=0
+patch=1
base_version=${major}.${minor}.${patch}
release_version=${base_version}
snapshot_version=${base_version}-SNAPSHOT
|