Skip to content

v2.1.1 #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 28 commits into from
Dec 13, 2021
Merged

v2.1.1 #13

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
07e674a
Merge pull request #36 from blasttoys/master
GTYeokh Aug 13, 2021
babbcd3
Update AuthorizationTokenTest.java
lim-ming-tat Aug 19, 2021
d82cc7e
Update README.md
blasttoys Aug 19, 2021
2b7183f
Update README.md
blasttoys Aug 19, 2021
4e9780e
APEX 2 (#45)
blasttoys Nov 10, 2021
6050169
Merge branch 'master' into development
blasttoys Nov 12, 2021
37406bf
Merge pull request #46 from GovTechSG/development
GTYeokh Nov 19, 2021
84187bd
Release v2.1
lim-ming-tat Nov 22, 2021
bb6f7d2
Merge branch 'master' into development
lim-ming-tat Nov 22, 2021
48e3ae7
Merge branch 'master' into development
lim-ming-tat Nov 22, 2021
880dec5
Merge branch 'development' of https://github.com/GovTechSG/java-apex-…
lim-ming-tat Nov 22, 2021
4dedef5
Merge pull request #47 from GovTechSG/development
GTYeokh Nov 22, 2021
c30d54d
Merge branch 'master' into development
lim-ming-tat Nov 22, 2021
2490411
Merge pull request #48 from GovTechSG/development
GTYeokh Nov 22, 2021
157519f
Bump log4j-api from 2.14.1 to 2.15.0
dependabot[bot] Dec 10, 2021
7da55e1
fix: pom.xml to reduce vulnerabilities
snyk-bot Dec 10, 2021
5c44c5c
Merge pull request #49 from GovTechSG/dependabot/maven/org.apache.log…
GTYeokh Dec 13, 2021
86a6f03
fix: pom.xml to reduce vulnerabilities
snyk-bot Dec 13, 2021
1941fe5
Bump log4j-core from 2.14.1 to 2.15.0
dependabot[bot] Dec 13, 2021
b5cd69f
Merge pull request #50 from GovTechSG/dependabot/maven/org.apache.log…
GTYeokh Dec 13, 2021
475a465
Merge pull request #51 from GovTechSG/snyk-fix-24ef577d5120ae1695d296…
GTYeokh Dec 13, 2021
a6859b3
Merge pull request #52 from GovTechSG/snyk-fix-bb78f0faeb188fb4bb98cf…
GTYeokh Dec 13, 2021
07634ee
resolved conflict
blasttoys Dec 13, 2021
a4c4e91
Merge pull request #11 from blasttoys/master
blasttoys Dec 13, 2021
2458e39
Sync
blasttoys Dec 13, 2021
cb4da97
Merge branch 'development' of https://github.com/blasttoys/java-apex-…
blasttoys Dec 13, 2021
b1489f1
Merge branch 'GovTechSG-master' into development
blasttoys Dec 13, 2021
e87f339
v2.1.1
blasttoys Dec 13, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,14 @@
# Change Log

### V2.1.1

- Fixed vulnerability CVE-2021-44228
- Update to log4j version 2.15.0

### V2.1

- Release for APEX 2

### V2.0.0-SNAPSHOT

- Library to use authParam
Expand Down
31 changes: 7 additions & 24 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,8 +45,8 @@ mvn package
```

The compiled _jar_ file will be located in the **target** folder
+ java-apex-api-security-<version>-SNAPSHOT.jar
+ java-apex-api-security-<version>-SNAPSHOT-jar-with-dependencies.jar (this includes log4j libraries)
+ java-apex-api-security-<version>.jar
+ java-apex-api-security-<version>-jar-with-dependencies.jar (this includes log4j libraries)

Import this jar file into your java classpath to use the utility class

Expand All @@ -64,7 +64,7 @@ mvn install
<dependency>
<groupId>com.api.util</groupId>
<artifactId>ApiSecurity</artifactId>
<version>2.0.0-SNAPSHOT</version>
<version>2.1.1</version>
</dependency>
```

Expand All @@ -76,12 +76,12 @@ mvn install
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
<version>2.14.1</version>
<version>2.15.0</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
<version>2.14.1</version>
<version>2.15.0</version>
</dependency>
```

Expand Down Expand Up @@ -125,7 +125,7 @@ gradle test jacocoTestReport
```

The compiled _jar_ file will be located in the **build/libs** folder
+ java-apex-api-security-2.0.0-SNAPSHOT.jar
+ java-apex-api-security-2.1.1.jar

Import this jar into your java classpath to use the utility class

Expand All @@ -140,7 +140,7 @@ repositories {
mavenLocal()
}
dependencies {
compile group: 'com.api.util', name: 'ApiSecurity', version: '2.0.0-SNAPSHOT'
compile group: 'com.api.util', name: 'ApiSecurity', version: '2.1.1'
}

```
Expand All @@ -166,23 +166,6 @@ Authorization: Apex_l1_eg realm="https://XYZ.api.gov.sg/abc/def", apex_l1_eg_app

### Parameters

#### realm
This is an identifier for the caller. Any value can be used here.

**Note:** This is currently handled by the library

#### authPrefix

Authorization Header scheme prefix. There are 4 possible values for this
depending on the zone and the authentication method.

1. Apex_l1_ig
2. Apex_l1_eg
3. Apex_l2_ig
4. Apex_l2_eg

**Note:** This is currently handled by the library

#### httpMethod

The HTTP method, i.e. `GET`, `POST`, etc.
Expand Down
7 changes: 4 additions & 3 deletions build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@ plugins {
id 'com.github.kt3k.coveralls' version '2.6.3'
}

version '2.0.0-SNAPSHOT'

version '2.1.1'

tasks.withType(JavaCompile) {
options.encoding = "UTF-8"
Expand All @@ -19,8 +20,8 @@ dependencies {

//gradle 4.0
compile group: 'commons-lang', name: 'commons-lang', version: '2.4'
compile group: 'org.apache.logging.log4j', name: 'log4j-api', version: '2.14.1'
compile group: 'org.apache.logging.log4j', name: 'log4j-core', version: '2.14.1'
compile group: 'org.apache.logging.log4j', name: 'log4j-api', version: '2.15.0'
compile group: 'org.apache.logging.log4j', name: 'log4j-core', version: '2.15.0'
compile group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.10.5.1'
compile group: 'com.googlecode.json-simple', name: 'json-simple', version: '1.1.1'
compile group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version: '1.69'
Expand Down
6 changes: 3 additions & 3 deletions pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>com.api.util</groupId>
<artifactId>ApiSecurity</artifactId>
<version>2.0.0-SNAPSHOT</version>
<version>2.1.1</version>
<build>
<plugins>
<plugin>
Expand Down Expand Up @@ -80,12 +80,12 @@
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
<version>2.14.1</version>
<version>2.15.0</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
<version>2.14.1</version>
<version>2.15.0</version>
</dependency>
<dependency>
<groupId>commons-lang</groupId>
Expand Down
5 changes: 5 additions & 0 deletions src/main/java/com/api/util/ApiSecurity/ApiSigning.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,10 @@
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;


import org.bouncycastle.operator.InputDecryptorProvider;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;


import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

Expand Down Expand Up @@ -612,6 +616,7 @@ public static String getBaseString(String authPrefix

String baseString = null;


try {
authPrefix = authPrefix.toLowerCase();

Expand Down