Skip to content

Commit 2c67145

Browse files
author
analyst
committed
Upgrade to new version of LDAP library that works with Java 11.
Upgrade some dependencies and eliminate boot classpath compile warning.
1 parent dbe0152 commit 2c67145

File tree

4 files changed

+365
-317
lines changed

4 files changed

+365
-317
lines changed

pom.xml

+73-57
Original file line numberDiff line numberDiff line change
@@ -56,7 +56,7 @@
5656
<plugin>
5757
<groupId>com.h3xstream.findsecbugs</groupId>
5858
<artifactId>findsecbugs-plugin</artifactId>
59-
<version>1.12.0</version>
59+
<version>1.13.0</version>
6060
</plugin>
6161
</plugins>
6262
</configuration>
@@ -624,7 +624,7 @@
624624
<dependency>
625625
<groupId>commons-codec</groupId>
626626
<artifactId>commons-codec</artifactId>
627-
<version>1.16.0</version>
627+
<version>1.16.1</version>
628628
</dependency>
629629

630630
<!-- mvn dependency:analyze says this is an unused declared dependency, but its wrong. Get this runtime error if it's not included: Caused by: org.springframework.beans.factory.CannotLoadBeanClassException: Cannot find class [org.apache.commons.dbcp.BasicDataSource] for bean with name 'dataSource' defined in class path resource [context.xml]; nested exception is java.lang.ClassNotFoundException: org.apache.commons.dbcp.BasicDataSource -->
@@ -634,6 +634,12 @@
634634
<version>1.4</version>
635635
</dependency>
636636

637+
<dependency>
638+
<groupId>commons-io</groupId>
639+
<artifactId>commons-io</artifactId>
640+
<version>2.14.0</version>
641+
</dependency>
642+
637643
<dependency>
638644
<groupId>commons-lang</groupId>
639645
<artifactId>commons-lang</artifactId>
@@ -645,26 +651,31 @@
645651
<dependency>
646652
<groupId>org.slf4j</groupId>
647653
<artifactId>slf4j-reload4j</artifactId>
648-
<version>2.0.9</version>
654+
<version>2.0.12</version>
655+
</dependency>
656+
657+
<dependency>
658+
<groupId>org.apache.directory.api</groupId>
659+
<artifactId>api-ldap-model</artifactId>
660+
<version>${version.apache.api-ldap}</version>
661+
</dependency>
662+
663+
<dependency>
664+
<groupId>org.apache.directory.api</groupId>
665+
<artifactId>api-ldap-schema-data</artifactId>
666+
<version>${version.apache.api-ldap}</version>
649667
</dependency>
650668

651669
<dependency>
652670
<groupId>org.apache.directory.server</groupId>
653671
<artifactId>apacheds-core</artifactId>
654-
<!-- Upgrading to 2.0.0-M24 is an API breaking change. But it might be needed for Java 10, because I get this error, that I don't get with Java 8: [java] at org.apache.directory.server.core.DefaultDirectoryService.initialize(DefaultDirectoryService.java:1426) [java] at org.apache.directory.server.core.DefaultDirectoryService.startup(DefaultDirectoryService.java:907) [java] at org.owasp.benchmark.helpers.LDAPServer.initDirectoryService(LDAPServer.java:148) [java] at org.owasp.benchmark.helpers.LDAPServer.<init>(LDAPServer.java:42) [java] at org.owasp.benchmark.helpers.LDAPServer.main(LDAPServer.java:320) [java] Caused by: java.lang.NumberFormatException: multiple points [java] at java.base/jdk.internal.math.FloatingDecimal.readJavaFormatString(FloatingDecimal.java:1914) -->
655672
<version>${version.apacheds}</version>
656-
<exclusions>
657-
<!-- Excluded because its old, and there is a bug in it causing an exception when using it. -->
658-
<exclusion>
659-
<groupId>bouncycastle</groupId>
660-
<artifactId>bcprov-jdk15</artifactId>
661-
</exclusion>
662-
<!-- Excluded because it conflicts with esapi's dependency, which is newer -->
663-
<exclusion>
664-
<groupId>commons-collections</groupId>
665-
<artifactId>commons-collections</artifactId>
666-
</exclusion>
667-
</exclusions>
673+
</dependency>
674+
675+
<dependency>
676+
<groupId>org.apache.directory.server</groupId>
677+
<artifactId>apacheds-core-annotations</artifactId>
678+
<version>${version.apacheds}</version>
668679
</dependency>
669680

670681
<dependency>
@@ -673,12 +684,30 @@
673684
<version>${version.apacheds}</version>
674685
</dependency>
675686

687+
<dependency>
688+
<groupId>org.apache.directory.server</groupId>
689+
<artifactId>apacheds-core-avl</artifactId>
690+
<version>${version.apacheds}</version>
691+
</dependency>
692+
676693
<dependency>
677694
<groupId>org.apache.directory.server</groupId>
678695
<artifactId>apacheds-core-constants</artifactId>
679696
<version>${version.apacheds}</version>
680697
</dependency>
681698

699+
<dependency>
700+
<groupId>org.apache.directory.server</groupId>
701+
<artifactId>apacheds-core-jndi</artifactId>
702+
<version>${version.apacheds}</version>
703+
</dependency>
704+
705+
<dependency>
706+
<groupId>org.apache.directory.server</groupId>
707+
<artifactId>apacheds-interceptor-kerberos</artifactId>
708+
<version>${version.apacheds}</version>
709+
</dependency>
710+
682711
<dependency>
683712
<groupId>org.apache.directory.server</groupId>
684713
<artifactId>apacheds-jdbm-partition</artifactId>
@@ -687,7 +716,7 @@
687716

688717
<dependency>
689718
<groupId>org.apache.directory.server</groupId>
690-
<artifactId>apacheds-jdbm-store</artifactId>
719+
<artifactId>apacheds-kerberos-codec</artifactId>
691720
<version>${version.apacheds}</version>
692721
</dependency>
693722

@@ -711,45 +740,32 @@
711740

712741
<dependency>
713742
<groupId>org.apache.directory.server</groupId>
714-
<artifactId>apacheds-xdbm-base</artifactId>
743+
<artifactId>apacheds-server-annotations</artifactId>
715744
<version>${version.apacheds}</version>
716745
</dependency>
717746

718747
<dependency>
719-
<groupId>org.apache.directory.shared</groupId>
720-
<artifactId>shared-ldap</artifactId>
721-
<version>${version.apache-shared-ldap}</version>
722-
<exclusions>
723-
<!-- Excluded because it conflicts with esapi's dependency, which is newer -->
724-
<exclusion>
725-
<groupId>commons-collections</groupId>
726-
<artifactId>commons-collections</artifactId>
727-
</exclusion>
728-
</exclusions>
729-
</dependency>
730-
731-
<dependency>
732-
<groupId>org.apache.directory.shared</groupId>
733-
<artifactId>shared-ldap-schema</artifactId>
734-
<version>${version.apache-shared-ldap}</version>
748+
<groupId>org.apache.directory.server</groupId>
749+
<artifactId>apacheds-server-jndi</artifactId>
750+
<version>${version.apacheds}</version>
735751
</dependency>
736752

737753
<dependency>
738-
<groupId>org.apache.directory.shared</groupId>
739-
<artifactId>shared-ldap-schema-loader</artifactId>
740-
<version>${version.apache-shared-ldap}</version>
754+
<groupId>org.apache.directory.server</groupId>
755+
<artifactId>apacheds-test-framework</artifactId>
756+
<version>${version.apacheds}</version>
741757
</dependency>
742758

743759
<dependency>
744-
<groupId>org.apache.directory.shared</groupId>
745-
<artifactId>shared-ldap-schema-manager</artifactId>
746-
<version>${version.apache-shared-ldap}</version>
760+
<groupId>org.apache.directory.server</groupId>
761+
<artifactId>apacheds-xdbm-partition</artifactId>
762+
<version>${version.apacheds}</version>
747763
</dependency>
748764

749765
<dependency>
750766
<groupId>org.apache.httpcomponents.client5</groupId>
751767
<artifactId>httpclient5</artifactId>
752-
<version>5.3</version>
768+
<version>5.3.1</version>
753769
</dependency>
754770

755771
<dependency>
@@ -865,7 +881,7 @@
865881
<plugin>
866882
<groupId>org.apache.maven.plugins</groupId>
867883
<artifactId>maven-assembly-plugin</artifactId>
868-
<version>3.6.0</version>
884+
<version>3.7.1</version>
869885
</plugin>
870886
<plugin>
871887
<groupId>org.apache.maven.plugins</groupId>
@@ -904,11 +920,12 @@
904920
<plugin>
905921
<groupId>org.apache.maven.plugins</groupId>
906922
<artifactId>maven-compiler-plugin</artifactId>
907-
<version>3.12.1</version>
923+
<version>3.13.0</version>
908924
<configuration>
909925
<fork>true</fork>
910926
<meminitial>1000m</meminitial>
911927
<maxmem>2000m</maxmem>
928+
<release>${java.target}</release>
912929
</configuration>
913930
</plugin>
914931

@@ -926,7 +943,7 @@
926943
<dependency>
927944
<groupId>org.codehaus.mojo</groupId>
928945
<artifactId>extra-enforcer-rules</artifactId>
929-
<version>1.7.0</version>
946+
<version>1.8.0</version>
930947
</dependency>
931948
</dependencies>
932949
<executions>
@@ -938,7 +955,7 @@
938955
<configuration>
939956
<rules>
940957
<enforceBytecodeVersion>
941-
<maxJdkVersion>${project.java.target}</maxJdkVersion>
958+
<maxJdkVersion>${java.target}</maxJdkVersion>
942959
<message>Dependencies shouldn't require Java 9+.</message>
943960
</enforceBytecodeVersion>
944961
</rules>
@@ -953,7 +970,7 @@
953970
<configuration>
954971
<rules>
955972
<requireJavaVersion>
956-
<version>${project.java.target}</version>
973+
<version>${java.target}</version>
957974
<message>Benchmark is currently written to support Java 8+.</message>
958975
</requireJavaVersion>
959976
</rules>
@@ -978,7 +995,7 @@
978995
<plugin>
979996
<groupId>org.apache.maven.plugins</groupId>
980997
<artifactId>maven-jxr-plugin</artifactId>
981-
<version>3.3.1</version>
998+
<version>3.3.2</version>
982999
</plugin>
9831000

9841001
<plugin>
@@ -1017,7 +1034,7 @@
10171034
<plugin>
10181035
<groupId>org.apache.maven.plugins</groupId>
10191036
<artifactId>maven-surefire-plugin</artifactId>
1020-
<version>3.2.3</version>
1037+
<version>3.2.5</version>
10211038
</plugin>
10221039

10231040
<plugin>
@@ -1032,7 +1049,7 @@
10321049
<plugin>
10331050
<groupId>org.codehaus.cargo</groupId>
10341051
<artifactId>cargo-maven3-plugin</artifactId>
1035-
<version>1.10.11</version>
1052+
<version>1.10.12</version>
10361053
</plugin>
10371054

10381055
<plugin>
@@ -1065,7 +1082,7 @@
10651082
<groupId>com.h3xstream.findsecbugs</groupId>
10661083
<artifactId>findsecbugs-plugin</artifactId>
10671084
<!-- You MUST update the plugin version used in findsecbugs profile, so these versions match. You can't define/use a versions.findsecbugs property because it breaks the naming of the findsecbugs results file. -->
1068-
<version>1.12.0</version>
1085+
<version>1.13.0</version>
10691086
</plugin>
10701087

10711088
<plugin>
@@ -1207,8 +1224,8 @@
12071224
<properties>
12081225
<failOnMissingWebXml>false</failOnMissingWebXml>
12091226
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
1210-
<project.java.target>1.8</project.java.target>
12111227
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
1228+
<java.target>8</java.target>
12121229
<maven.war.webxml>${basedir}/src/config/web.xml</maven.war.webxml>
12131230
<!-- runenv defaults to local here. But scripts can set this to 'remote' to launch remotely accessible Benchmark. e.g., mvn clean package cargo:run -Pdeploy1.2 -Drunenv=remote -->
12141231
<runenv>local</runenv>
@@ -1224,19 +1241,18 @@
12241241
</tomcat.jvmargs.debug>
12251242
<log.directory>${project.build.directory}/log</log.directory>
12261243

1227-
<version.apacheds>1.5.7</version.apacheds>
1228-
<version.apache-shared-ldap>0.9.19</version.apache-shared-ldap>
1229-
<version.exec.maven>1.6.0</version.exec.maven>
1244+
<version.apache.api-ldap>2.1.5</version.apache.api-ldap>
1245+
<version.apacheds>2.0.0.AM27</version.apacheds>
12301246
<version.fluido>2.0.0-M8</version.fluido>
12311247
<!-- hibernate is up to rev 6+. But 4.0.0. causes this error: symbol: org.hibernate.classic.Session not found -->
12321248
<version.hibernate>3.6.10.Final</version.hibernate>
1233-
<version.spotbugs.maven>4.8.2.0</version.spotbugs.maven>
1249+
<version.spotbugs.maven>4.8.3.1</version.spotbugs.maven>
12341250
<version.spotbugs>4.8.3</version.spotbugs>
12351251
<!-- Spring 6.x requires Java 17 -->
1236-
<version.springframework>5.3.31</version.springframework>
1252+
<version.springframework>5.3.33</version.springframework>
12371253
<!-- Tomcat 10 moves from Java EE to Jakarta EE, moving packages javax.* to jakarta.* - code changes likely required to address this change. -->
12381254
<tomcat.major.version>9</tomcat.major.version>
1239-
<version.tomcat>9.0.84</version.tomcat>
1255+
<version.tomcat>9.0.85</version.tomcat>
12401256
<tomcat.url>https://archive.apache.org/dist/tomcat/tomcat-${tomcat.major.version}/v${version.tomcat}/bin/apache-tomcat-${version.tomcat}.zip</tomcat.url>
12411257
</properties>
12421258

src/main/java/org/owasp/benchmark/helpers/LDAPManager.java

+6-1
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@
3434
import org.owasp.esapi.reference.DefaultEncoder;
3535

3636
/**
37-
* A simple example exposing how to embed Apache Directory Server version 1.5.7 into an application.
37+
* A simple example exposing how to embed Apache Directory Server into an application.
3838
*
3939
* @author <a href="mailto:[email protected]">Apache Directory Project</a>
4040
* @version $Rev$, $Date$
@@ -48,13 +48,18 @@ public LDAPManager() {
4848
try {
4949
ctx = getDirContext();
5050
} catch (NamingException e) {
51+
// FIXME: Don't eat exceptions!
5152
System.out.println("Failed to get Directory Context: " + e.getMessage());
53+
e.printStackTrace();
5254
}
5355
}
5456

5557
protected Hashtable<Object, Object> createEnv() {
5658
Hashtable<Object, Object> env = new Hashtable<Object, Object>();
5759
env.put(Context.PROVIDER_URL, "ldap://localhost:10389");
60+
env.put(Context.SECURITY_AUTHENTICATION, "simple");
61+
env.put(Context.SECURITY_PRINCIPAL, "uid=admin,ou=system");
62+
env.put(Context.SECURITY_CREDENTIALS, "secret");
5863
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
5964
return env;
6065
}

0 commit comments

Comments
 (0)