From 10568ff1123bc27900254bcf865d23f6be4c59ad Mon Sep 17 00:00:00 2001
From: pujavs <43700552+pujavs@users.noreply.github.com>
Date: Wed, 23 Feb 2022 19:21:20 +0530
Subject: [PATCH] feat(jans-config-api): security issue - upgrade dependencies
 (#883)

* feat: pom changes for security issues

* feat: security issue fix

* feat: security issue fix

* feat: security issue fix
---
 jans-bom/pom.xml                              |  4 ++--
 jans-config-api/common/pom.xml                | 10 ----------
 jans-config-api/plugins/pom.xml               | 13 ++++++++++++
 jans-config-api/plugins/scim-plugin/pom.xml   |  1 -
 jans-config-api/pom.xml                       |  2 +-
 .../profiles/local/test.properties            | 20 +++++++++----------
 .../server/src/main/resources/log4j2.xml      |  6 ++++--
 jans-config-api/shared/pom.xml                |  9 ---------
 8 files changed, 30 insertions(+), 35 deletions(-)

diff --git a/jans-bom/pom.xml b/jans-bom/pom.xml
index 674eb3a5360..957f6b011f8 100644
--- a/jans-bom/pom.xml
+++ b/jans-bom/pom.xml
@@ -643,7 +643,7 @@
 			<dependency>
 			    <groupId>org.postgresql</groupId>
 			    <artifactId>postgresql</artifactId>
-			    <version>42.2.23.jre7</version>
+			    <version>42.3.2</version>
 			</dependency>
 
 			<!-- SQL Query -->
@@ -662,7 +662,7 @@
 			<dependency>
 			    <groupId>com.google.cloud</groupId>
 			    <artifactId>google-cloud-spanner</artifactId>
-			    <version>6.17.3</version>
+			    <version>6.17.4</version>
 			</dependency>
 			<!-- Force to use latest grpc libs. We need to remove this once google-cloud-spanner will depend on grpc >= 1.43.0  -->
 			<dependency>
diff --git a/jans-config-api/common/pom.xml b/jans-config-api/common/pom.xml
index 9ecba1e7ab8..1a9cafa8ea7 100644
--- a/jans-config-api/common/pom.xml
+++ b/jans-config-api/common/pom.xml
@@ -25,19 +25,10 @@
 			<groupId>io.jans</groupId>
 			<artifactId>jans-config-api-shared</artifactId>
 		</dependency>
-		<dependency>
-			<groupId>io.jans</groupId>
-			<artifactId>jans-core-util</artifactId>
-		</dependency>
 		<dependency>
 			<groupId>io.jans</groupId>
 			<artifactId>jans-core-model</artifactId>
 		</dependency>
-		<dependency>
-			<groupId>io.jans</groupId>
-			<artifactId>jans-auth-common</artifactId>
-		</dependency>
-
 
 		<!-- RestEasy -->
 		<dependency>
@@ -53,7 +44,6 @@
 		<dependency>
 			<groupId>javax.servlet</groupId>
 			<artifactId>javax.servlet-api</artifactId>
-			<version>3.1.0</version>
 		</dependency>
 
 	</dependencies>
diff --git a/jans-config-api/plugins/pom.xml b/jans-config-api/plugins/pom.xml
index e656ee962d0..2f4c43e0159 100644
--- a/jans-config-api/plugins/pom.xml
+++ b/jans-config-api/plugins/pom.xml
@@ -36,4 +36,17 @@
 			<scope>provided</scope>
 		</dependency>
 	</dependencies>
+
+	<build>
+		<pluginManagement>
+			<plugins>
+				<plugin>
+					<groupId>org.apache.maven.plugins</groupId>
+					<artifactId>maven-assembly-plugin</artifactId>
+					<version>3.3.0</version>
+				</plugin>
+			</plugins>
+		</pluginManagement>
+	</build>
+
 </project>
\ No newline at end of file
diff --git a/jans-config-api/plugins/scim-plugin/pom.xml b/jans-config-api/plugins/scim-plugin/pom.xml
index 820fa499d3f..58989313729 100644
--- a/jans-config-api/plugins/scim-plugin/pom.xml
+++ b/jans-config-api/plugins/scim-plugin/pom.xml
@@ -187,7 +187,6 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-resources-plugin</artifactId>
-				<version>3.1.0</version>
 				<executions>
 					<execution>
 						<id>deploy-to-local-folder</id>
diff --git a/jans-config-api/pom.xml b/jans-config-api/pom.xml
index 80b83cdc702..a5e9ef3d1c4 100644
--- a/jans-config-api/pom.xml
+++ b/jans-config-api/pom.xml
@@ -23,7 +23,7 @@
 
 		<jans.version>1.0.0-SNAPSHOT</jans.version>
 		<weld.version>3.1.2.Final</weld.version>
-		<jetty.version>9.4.44.v20210927</jetty.version>
+		<jetty.version>11.0.1</jetty.version>
 		<resteasy.version>4.5.10.Final</resteasy.version>
 		<jackson.version>2.10.1</jackson.version>
 		<microprofile.version>3.0</microprofile.version>
diff --git a/jans-config-api/profiles/local/test.properties b/jans-config-api/profiles/local/test.properties
index 7f7fff14b15..ea13afc7440 100644
--- a/jans-config-api/profiles/local/test.properties
+++ b/jans-config-api/profiles/local/test.properties
@@ -39,11 +39,11 @@ test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/con
 #test.issuer=https:// pujavs.jans.server3
 
 # jans.server1
-#token.endpoint=https://jans.server1/jans-auth/restv1/token
-#token.grant.type=client_credentials
-#test.client.id=1800.df97feac-c94e-468d-9e22-48946da45403
-#test.client.secret=OL13IYRG0IjV
-#test.issuer=https://jans.server1
+token.endpoint=https://jans.server1/jans-auth/restv1/token
+token.grant.type=client_credentials
+test.client.id=1800.d166622d-6771-4d5a-8fab-555566b20091
+test.client.secret=slkveBOhwJn5
+test.issuer=https://jans.server1
 
 # jans.server2
 #token.endpoint=https://jans.server2/jans-auth/restv1/token
@@ -60,10 +60,10 @@ test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/con
 #test.issuer=https://jans.server3
 
 # jans.server4
-token.endpoint=https://jans.server4/jans-auth/restv1/token
-token.grant.type=client_credentials
-test.client.id=1800.7e78990f-fdae-40e9-9433-4fe20645851d
-test.client.secret=GfUrIapPM71X
-test.issuer=https://jans.server4
+#token.endpoint=https://jans.server4/jans-auth/restv1/token
+#token.grant.type=client_credentials
+#test.client.id=1800.7e78990f-fdae-40e9-9433-4fe20645851d
+#test.client.secret=GfUrIapPM71X
+#test.issuer=https://jans.server4
 
 
diff --git a/jans-config-api/server/src/main/resources/log4j2.xml b/jans-config-api/server/src/main/resources/log4j2.xml
index 16bf114d938..753018fa46d 100644
--- a/jans-config-api/server/src/main/resources/log4j2.xml
+++ b/jans-config-api/server/src/main/resources/log4j2.xml
@@ -104,9 +104,11 @@
 			<AppenderRef ref="JANS_CONFIGAPI_SCRIPT_LOG_FILE" />
 		</logger>
 
-        <Root level="ERROR">
-            <AppenderRef ref="Console" />
+        <Root level="INFO">
+			<AppenderRef ref="FILE" />
+			<AppenderRef ref="STDOUT" />
         </Root>
+		
     </Loggers>
 
 </Configuration>
diff --git a/jans-config-api/shared/pom.xml b/jans-config-api/shared/pom.xml
index fd46e261349..048edc18f0d 100644
--- a/jans-config-api/shared/pom.xml
+++ b/jans-config-api/shared/pom.xml
@@ -15,10 +15,6 @@
 	<dependencies>
 
 		<!-- jans -->
-		<dependency>
-			<groupId>io.jans</groupId>
-			<artifactId>jans-core-util</artifactId>
-		</dependency>
 		<dependency>
 			<groupId>io.jans</groupId>
 			<artifactId>jans-core-model</artifactId>
@@ -35,11 +31,6 @@
 			<groupId>io.jans</groupId>
 			<artifactId>jans-core-service</artifactId>
 		</dependency>
-		<dependency>
-			<groupId>io.jans</groupId>
-			<artifactId>jans-client-api</artifactId>
-		</dependency>
-
 
 		<!-- Weld -->
 		<dependency>