KNOX-3217: Upgrade pac4j to 6.3.0 for JDK17 #1110
Draft
+178
−137
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…e-pac4j to 7.1.0. (Instead of the jee-pac4j artifact, javaee-pac4j needs to be used - then jakartaee-pac4j if we migrate to Jakarta). Update opensaml to 4.2.0 and cryptacular to 1.2.5 (from pac4j-saml:5.7.8). Pin net.shibboleth.utilities:java-support to 8.3.1. Fix KnoxSessionStore getSessionId and Pac4jIdentityAdapter removeProfiles call. Corrected Pac4jProviderTest. Pac4jSetCookieResponseWrapper.addCookie() is probably not needed anymore, pac4jcsrf is set in Set-Cookie header and is secure by default (goes through KnoxSessionStore).
…om Shibboleth maven repo. Updated shib-release maven repo URL.
…to 5.1.6. Update cryptacular to 1.2.7 and xmlsec to 4.0.4. org.pac4j.oidc.client.AzureAdClient was removed for AzureAd2Client; AzureAdOidcConfiguration to AzureAd2OidcConfiguration. Pinned managed dependency versions for org.apache.httpcomponents.client5:httpclient5:5.4.3 and org.apache.httpcomponents.core5:5.3.6 should work: org.pac4j:pac4j-saml:jar:6.3.0 would bring in org.apache.httpcomponents.client5:httpclient5:jar:5.3.1, plus a dependency convergence error with org.apache.httpcomponents.core5:httpcore5:jar:5.2.5 and 5.2.4.
…CsrfToken in logout.jsp (added in pac4j 5.0).
…vault library needs to be upgraded to 3.2.0 that is compatible with Spring 6.2). Removed spring-vault-dependencies as it is unavailable since 3.0+. Added httpclient and httpcore libraries to managed dependencies as these were taken from spring-vault-dependencies now. Removed duplicated dependencies from gateway pom.xml
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
KNOX-3217 - Update pac4j-related libraries to the latest version available.
What changes were proposed in this pull request?
Update javaee-pac4j to 8.1.0, pac4j to 6.3.0 and opensaml to 5.1.6.
How was this patch tested?
Not tested yet. Build passes, but spring vault tests fail. Will test with Keycloak and CAS.