diff options
author | Sunil Unnava <su622b@att.com> | 2018-02-27 03:39:09 -0500 |
---|---|---|
committer | Sunil Unnava <su622b@att.com> | 2018-02-27 03:40:08 -0500 |
commit | 0afd0dd2f1fa4435fa730a287e68fec4f271e617 (patch) | |
tree | 018918dbbbf1758c63cae176b7d65b22902bf0dd | |
parent | 1ab29ec8a91e845a59a2990ca2fe17166111a458 (diff) |
Security issues fixes
Issue-ID: DMAAP-205
Change-Id: I26dd72a7c1d0c366974983b263cc2d44b4c5cafa
Signed-off-by: Sunil Unnava <su622b@att.com>
-rw-r--r-- | pom.xml | 516 | ||||
-rw-r--r-- | version.properties | 2 |
2 files changed, 283 insertions, 235 deletions
@@ -1,241 +1,289 @@ <?xml version="1.0"?> -<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> - <modelVersion>4.0.0</modelVersion> - <groupId>org.onap.dmaap.dbcapi</groupId> - <artifactId>dbcapi</artifactId> - <version>${artifact.version}</version> - <name>dmaap-dbcapi</name> - <parent> - <groupId>org.onap.oparent</groupId> - <artifactId>oparent</artifactId> - <version>0.1.1</version> - <relativePath/> - </parent> - <build> - <finalName>dbcapi</finalName> - <resources> - <resource> - <directory>src/main/java/org/onap/dmaap/dbcapi/logging</directory> - </resource> - <resource> - <directory>src/main/resources</directory> - </resource> - </resources> - <plugins> -<!-- reference: https://tech.homeaway.com/development/2016/06/02/generating-swagger-spec.html ---> - <plugin> - <groupId>com.github.kongchen</groupId> - <artifactId>swagger-maven-plugin</artifactId> - <version>3.1.5</version> - <configuration> - <apiSources> - <apiSource> - <springmvc>false</springmvc> - <locations> - <location>org.onap.dmaap.dbcapi.resources</location> - </locations> - <schemes> - <scheme>http</scheme> - <scheme>https</scheme> - </schemes> - <host>www.[host]:[port]</host> - <basePath>/webapi</basePath> - <info> - <title>DMaaP Bus Controller REST API</title> - <version>1.1.0</version> - <description> -provides an API for OpenDCAE components which need to provision underlying DMaaP technologies (Data Router and Message Router). Primary clients for this API are anticipated to be the OpenDCAE Controller, OpenDCAE Orchestrator, OpenDCAE Inventory and the ECOMP Portal. +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> + <modelVersion>4.0.0</modelVersion> + <groupId>org.onap.dmaap.dbcapi</groupId> + <artifactId>dbcapi</artifactId> + <version>${artifact.version}</version> + <name>dmaap-dbcapi</name> + <parent> + <groupId>org.onap.oparent</groupId> + <artifactId>oparent</artifactId> + <version>0.1.1</version> + <relativePath /> + </parent> + <build> + <finalName>dbcapi</finalName> + <resources> + <resource> + <directory>src/main/java/org/onap/dmaap/dbcapi/logging</directory> + </resource> + <resource> + <directory>src/main/resources</directory> + </resource> + </resources> + <plugins> + <!-- reference: https://tech.homeaway.com/development/2016/06/02/generating-swagger-spec.html --> + <plugin> + <groupId>com.github.kongchen</groupId> + <artifactId>swagger-maven-plugin</artifactId> + <version>3.1.5</version> + <configuration> + <apiSources> + <apiSource> + <springmvc>false</springmvc> + <locations> + <location>org.onap.dmaap.dbcapi.resources</location> + </locations> + <schemes> + <scheme>http</scheme> + <scheme>https</scheme> + </schemes> + <host>www.[host]:[port]</host> + <basePath>/webapi</basePath> + <info> + <title>DMaaP Bus Controller REST API</title> + <version>1.1.0</version> + <description> + provides an API for OpenDCAE components which need to provision + underlying DMaaP technologies (Data Router and Message Router). + Primary clients for this API are anticipated to be the OpenDCAE + Controller, OpenDCAE Orchestrator, OpenDCAE Inventory and the + ECOMP Portal. -Objects managed by DMaaP are deployed in a dcaeLocation which is a unique identifier for an OpenStack tenant for a dcaeLayer, opendcae-central (aka ecomp) or opendcae-local-ntc (aka edge). + Objects managed by DMaaP are deployed in a dcaeLocation which is a + unique identifier for an OpenStack tenant for a dcaeLayer, + opendcae-central (aka ecomp) or opendcae-local-ntc (aka edge). -A dcaeEnvironment (e.g. FTL or prod) has a single DMaaP. A DMaaP is managed by a one or more stateless DMaaP Bus Controller(s), though Bus Controller relies on PGaaS for persistence. Each DMaaP has a single instance of Data Router, which has 1 or more DR_Nodes deployed at each dcaeLocation. DR Clients of type DR_Pub generally publish to a DR_Node that is local to its dcaeLocation. Routing for a Feed is determined by the dcaelocation of its DR_Sub clients. + A dcaeEnvironment (e.g. FTL or prod) has a single DMaaP. A + DMaaP is managed by a one or more stateless DMaaP Bus + Controller(s), though Bus Controller relies on PGaaS for + persistence. Each DMaaP has a single instance of Data Router, + which has 1 or more DR_Nodes deployed at each dcaeLocation. DR + Clients of type DR_Pub generally publish to a DR_Node that is + local to its dcaeLocation. Routing for a Feed is determined by + the dcaelocation of its DR_Sub clients. -A DMaaP may have many Message Router instances. Each instance is deployed as an MR_Cluster. One MR_Cluster is deployed at each dcaeLocation. MR_Clients generally communicate to the MR_Cluster at the same dcaeLocation. Replication of messages between MR_Clusters is accomplished by MR Bridge, which is provioned by DMaaP Bus Controller based on Topic attributes. + A DMaaP may have many Message Router instances. Each instance is + deployed as an MR_Cluster. One MR_Cluster is deployed at each + dcaeLocation. MR_Clients generally communicate to the + MR_Cluster at the same dcaeLocation. Replication of messages + between MR_Clusters is accomplished by MR Bridge, which is + provioned by DMaaP Bus Controller based on Topic attributes. -Therefore, the role of DMaaP Bus Controller is to support other DCAE infrastructure components to dynamically provision DMaaP services on behalf of DMaaP clients, and to assist in any management or discovery activity of its clients. + Therefore, the role of DMaaP Bus Controller is to support other + DCAE infrastructure components to dynamically provision DMaaP + services on behalf of DMaaP clients, and to assist in any + management or discovery activity of its clients. -A convention of this API is to return JSON responses per OpenStack style. - </description> - <termsOfService> - http://www.apache.org/licenses/LICENSE-2.0 - </termsOfService> - <contact> - <url>http://www.onap.org</url> - </contact> - <license> - <url>http://www.apache.org/licenses/LICENSE-2.0</url> - <name>Licensed under the Apache License, Version 2.0</name> - </license> - </info> - <swaggerDirectory>target/generated-sources/</swaggerDirectory> - </apiSource> - </apiSources> - </configuration> - <executions> - <execution> - <phase>compile</phase> - <goals> - <goal>generate</goal> - </goals> - </execution> - </executions> - </plugin> - - </plugins> - <pluginManagement> - <plugins> - <!--This plugin's configuration is used to store Eclipse m2e settings only. It has no influence on the Maven build itself.--> - <plugin> - <groupId>org.eclipse.m2e</groupId> - <artifactId>lifecycle-mapping</artifactId> - <version>1.0.0</version> - <configuration> - <lifecycleMappingMetadata> - <pluginExecutions> - <pluginExecution> - <pluginExecutionFilter> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-dependency-plugin</artifactId> - <versionRange>[2.10,)</versionRange> - <goals> - <goal>copy-dependencies</goal> - </goals> - </pluginExecutionFilter> - <action> - <ignore/> - </action> - </pluginExecution> - </pluginExecutions> - </lifecycleMappingMetadata> - </configuration> - </plugin> - </plugins> - </pluginManagement> - </build> - <dependencyManagement> - <dependencies> - - <dependency> - <groupId>org.glassfish.jersey</groupId> - <artifactId>jersey-bom</artifactId> - <version>${jersey.version}</version> - <type>pom</type> - <scope>import</scope> - </dependency> - </dependencies> - </dependencyManagement> - <dependencies> - <dependency> - <groupId>io.swagger</groupId> - <artifactId>swagger-core</artifactId> - <version>1.5.13</version> - </dependency> - <dependency> - <groupId>io.swagger</groupId> - <artifactId>swagger-jersey2-jaxrs</artifactId> - <version>1.5.13</version> - </dependency> - <dependency> - <groupId>io.swagger</groupId> - <artifactId>swagger-annotations</artifactId> - <version>1.5.13</version> - </dependency> - <dependency> - <groupId>org.glassfish.jersey.containers</groupId> - <artifactId>jersey-container-servlet-core</artifactId> - <!-- use the following artifactId if you don't need servlet 2.x compatibility --> - <!-- artifactId>jersey-container-servlet</artifactId --> - </dependency> - <dependency> - <groupId>org.glassfish.jersey.media</groupId> - <artifactId>jersey-media-moxy</artifactId> - </dependency> - <dependency> - <groupId>log4j</groupId> - <artifactId>log4j</artifactId> - <version>1.2.17</version> - </dependency> - <dependency> - <groupId>org.eclipse.jetty</groupId> - <artifactId>jetty-server</artifactId> - <version>${jettyVersion}</version> - </dependency> - <dependency> - <groupId>org.eclipse.jetty</groupId> - <artifactId>jetty-servlet</artifactId> - <version>${jettyVersion}</version> - <scope>compile</scope> - </dependency> - <dependency> - <groupId>org.eclipse.jetty</groupId> - <artifactId>jetty-servlets</artifactId> - <version>${jettyVersion}</version> - <scope>compile</scope> - </dependency> - <!-- https://mvnrepository.com/artifact/com.googlecode.json-simple/json-simple --> - <dependency> - <groupId>com.googlecode.json-simple</groupId> - <artifactId>json-simple</artifactId> - <version>1.1.1</version> - </dependency> - <dependency> - <groupId>commons-codec</groupId> - <artifactId>commons-codec</artifactId> - <version>1.6</version> - </dependency> - <!-- https://mvnrepository.com/artifact/org.postgresql/postgresql --> - <dependency> - <groupId>org.postgresql</groupId> - <artifactId>postgresql</artifactId> - <version>9.4.1208.jre7</version> - </dependency> - <dependency> - <groupId>com.att.eelf</groupId> - <artifactId>eelf-core</artifactId> - <version>${eelf.version}</version> - </dependency> - <dependency> - <groupId>org.slf4j</groupId> - <artifactId>slf4j-api</artifactId> - <version>1.7.22</version> - </dependency> - </dependencies> - <reporting> - <plugins> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-javadoc-plugin</artifactId> - <version>2.10.4</version> - <configuration> - <failOnError>false</failOnError> - <doclet>org.umlgraph.doclet.UmlGraphDoc</doclet> - <docletArtifact> - <groupId>org.umlgraph</groupId> - <artifactId>umlgraph</artifactId> - <version>5.6</version> - </docletArtifact> - <additionalparam>-views</additionalparam> - <useStandardDocletOptions>true</useStandardDocletOptions> - </configuration> - </plugin> - </plugins> - </reporting> - <properties> - <jersey.version>2.16</jersey.version> - <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> - <jettyVersion>9.3.7.v20160115</jettyVersion> - <eelf.version>0.0.1</eelf.version> - <artifact.version>1.0.1-SNAPSHOT</artifact.version> - <!-- SONAR --> - <jacoco.version>0.7.7.201606060606</jacoco.version> - <sonar-jacoco-listeners.version>3.2</sonar-jacoco-listeners.version> - <sonar.core.codeCoveragePlugin>jacoco</sonar.core.codeCoveragePlugin> - <!-- Default Sonar configuration --> - <sonar.jacoco.reportPath>target/code-coverage/jacoco-ut.exec</sonar.jacoco.reportPath> - <sonar.jacoco.itReportPath>target/code-coverage/jacoco-it.exec</sonar.jacoco.itReportPath> - <!-- Note: This list should match jacoco-maven-plugin's exclusion list below --> - <sonar.exclusions>**/gen/**,**/generated-sources/**,**/yang-gen**,**/pax/**</sonar.exclusions> - </properties> - <description>Data Movement as a Platform (DMaaP) Bus Controller provides a REST API for other DCAE infrastructure components to provision DMaaP resources. A DMaaP resource is a Data Router Feed or a Message Router Topic, and their associated publishers and subscribers.</description> + A convention of this API is to return JSON responses per + OpenStack style. + </description> + <termsOfService> + http://www.apache.org/licenses/LICENSE-2.0 + </termsOfService> + <contact> + <url>http://www.onap.org</url> + </contact> + <license> + <url>http://www.apache.org/licenses/LICENSE-2.0</url> + <name>Licensed under the Apache License, Version 2.0</name> + </license> + </info> + <swaggerDirectory>target/generated-sources/</swaggerDirectory> + </apiSource> + </apiSources> + </configuration> + <executions> + <execution> + <phase>compile</phase> + <goals> + <goal>generate</goal> + </goals> + </execution> + </executions> + </plugin> + + </plugins> + <pluginManagement> + <plugins> + <!--This plugin's configuration is used to store Eclipse m2e settings + only. It has no influence on the Maven build itself. --> + <plugin> + <groupId>org.eclipse.m2e</groupId> + <artifactId>lifecycle-mapping</artifactId> + <version>1.0.0</version> + <configuration> + <lifecycleMappingMetadata> + <pluginExecutions> + <pluginExecution> + <pluginExecutionFilter> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-dependency-plugin</artifactId> + <versionRange>[2.10,)</versionRange> + <goals> + <goal>copy-dependencies</goal> + </goals> + </pluginExecutionFilter> + <action> + <ignore /> + </action> + </pluginExecution> + </pluginExecutions> + </lifecycleMappingMetadata> + </configuration> + </plugin> + </plugins> + </pluginManagement> + </build> + <dependencyManagement> + <dependencies> + <dependency> + <groupId>org.glassfish.jersey</groupId> + <artifactId>jersey-bom</artifactId> + <version>${jersey.version}</version> + <type>pom</type> + <scope>import</scope> + </dependency> + </dependencies> + </dependencyManagement> + <dependencies> + <dependency> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-annotations</artifactId> + <version>2.8.9</version> + </dependency> + <dependency> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-databind</artifactId> + <version>2.8.9</version> + </dependency> + <dependency> + <groupId>com.fasterxml.jackson.dataformat</groupId> + <artifactId>jackson-dataformat-yaml</artifactId> + <version>2.8.9</version> + </dependency> + <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-core</artifactId> + <version>1.2.0</version> + </dependency> + <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + <version>1.2.0</version> + </dependency> + <dependency> + <groupId>io.swagger</groupId> + <artifactId>swagger-core</artifactId> + <version>1.5.13</version> + </dependency> + <dependency> + <groupId>io.swagger</groupId> + <artifactId>swagger-jersey2-jaxrs</artifactId> + <version>1.5.13</version> + </dependency> + <dependency> + <groupId>io.swagger</groupId> + <artifactId>swagger-annotations</artifactId> + <version>1.5.13</version> + </dependency> + <dependency> + <groupId>org.glassfish.jersey.containers</groupId> + <artifactId>jersey-container-servlet-core</artifactId> + <!-- use the following artifactId if you don't need servlet 2.x compatibility --> + <!-- artifactId>jersey-container-servlet</artifactId --> + </dependency> + <dependency> + <groupId>org.glassfish.jersey.media</groupId> + <artifactId>jersey-media-moxy</artifactId> + </dependency> + <dependency> + <groupId>log4j</groupId> + <artifactId>log4j</artifactId> + <version>1.2.17</version> + </dependency> + <dependency> + <groupId>org.eclipse.jetty</groupId> + <artifactId>jetty-server</artifactId> + <version>${jettyVersion}</version> + </dependency> + <dependency> + <groupId>org.eclipse.jetty</groupId> + <artifactId>jetty-servlet</artifactId> + <version>${jettyVersion}</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>org.eclipse.jetty</groupId> + <artifactId>jetty-servlets</artifactId> + <version>${jettyVersion}</version> + <scope>compile</scope> + </dependency> + <!-- https://mvnrepository.com/artifact/com.googlecode.json-simple/json-simple --> + <dependency> + <groupId>com.googlecode.json-simple</groupId> + <artifactId>json-simple</artifactId> + <version>1.1.1</version> + </dependency> + <dependency> + <groupId>commons-codec</groupId> + <artifactId>commons-codec</artifactId> + <version>1.6</version> + </dependency> + <!-- https://mvnrepository.com/artifact/org.postgresql/postgresql --> + <dependency> + <groupId>org.postgresql</groupId> + <artifactId>postgresql</artifactId> + <version>9.4.1208.jre7</version> + </dependency> + <dependency> + <groupId>com.att.eelf</groupId> + <artifactId>eelf-core</artifactId> + <version>${eelf.version}</version> + </dependency> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-api</artifactId> + <version>1.7.22</version> + </dependency> + </dependencies> + <reporting> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-javadoc-plugin</artifactId> + <version>2.10.4</version> + <configuration> + <failOnError>false</failOnError> + <doclet>org.umlgraph.doclet.UmlGraphDoc</doclet> + <docletArtifact> + <groupId>org.umlgraph</groupId> + <artifactId>umlgraph</artifactId> + <version>5.6</version> + </docletArtifact> + <additionalparam>-views</additionalparam> + <useStandardDocletOptions>true</useStandardDocletOptions> + </configuration> + </plugin> + </plugins> + </reporting> + <properties> + <jersey.version>2.16</jersey.version> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + <jettyVersion> 9.3.9.v20160517</jettyVersion> + <eelf.version>0.0.1</eelf.version> + <artifact.version>1.0.2-SNAPSHOT</artifact.version> + <!-- SONAR --> + <jacoco.version>0.7.7.201606060606</jacoco.version> + <sonar-jacoco-listeners.version>3.2</sonar-jacoco-listeners.version> + <sonar.core.codeCoveragePlugin>jacoco</sonar.core.codeCoveragePlugin> + <!-- Default Sonar configuration --> + <sonar.jacoco.reportPath>target/code-coverage/jacoco-ut.exec</sonar.jacoco.reportPath> + <sonar.jacoco.itReportPath>target/code-coverage/jacoco-it.exec</sonar.jacoco.itReportPath> + <!-- Note: This list should match jacoco-maven-plugin's exclusion list + below --> + <sonar.exclusions>**/gen/**,**/generated-sources/**,**/yang-gen**,**/pax/**</sonar.exclusions> + </properties> + <description>Data Movement as a Platform (DMaaP) Bus Controller provides a REST API for other DCAE infrastructure components to provision DMaaP resources. A DMaaP resource is a Data Router Feed or a Message Router Topic, and their associated publishers and subscribers.</description> </project> diff --git a/version.properties b/version.properties index 71c1fed..f94c740 100644 --- a/version.properties +++ b/version.properties @@ -27,7 +27,7 @@ major=1 minor=0 -patch=1 +patch=2 base_version=${major}.${minor}.${patch} # Release must be completed with git revision # in Jenkins |