Merge pull request #96 from Julius278/dependency-updates

Dependency updates, remove some vulnerabilities

Author: cfries

pom.xml

@@ -30,7 +30,7 @@
         <springdoc-openapi-ui.version>2.2.0</springdoc-openapi-ui.version>
         <jackson-databind-nullable.version>0.2.6</jackson-databind-nullable.version>
         <commons-cli.version>1.5.0</commons-cli.version>
-        <spring-boot-dependencies.version>3.0.5</spring-boot-dependencies.version>
+        <spring-boot-dependencies.version>3.2.10</spring-boot-dependencies.version>
         <finmath-lib.version>6.0.12</finmath-lib.version>
         <finmath-lib-plot-extensions.version>0.4.8</finmath-lib-plot-extensions.version>
         <spring-statemachine.version>3.2.0</spring-statemachine.version>
@@ -56,6 +56,7 @@
         <doxia-skin-model.version>2.0.0-M6</doxia-skin-model.version>
         <doxia-module-markdown.version>2.0.0-M6</doxia-module-markdown.version>
         <git-commit-id-maven-plugin.version>5.0.0</git-commit-id-maven-plugin.version>
+        <httpcore.version>5.3</httpcore.version>
     </properties>
 
     <developers>
@@ -167,17 +168,23 @@
                     <groupId>net.finmath</groupId>
                     <artifactId>finmath-lib</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>com.itextpdf</groupId>
+                    <artifactId>itextpdf</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
 
         <dependency>
-            <groupId>org.apache.httpcomponents</groupId>
-            <artifactId>httpclient</artifactId>
+            <groupId>org.apache.httpcomponents.client5</groupId>
+            <artifactId>httpclient5</artifactId>
+            <version>${httpcore.version}</version>
         </dependency>
 
         <dependency>
-            <groupId>org.apache.httpcomponents</groupId>
-            <artifactId>httpcore</artifactId>
+            <groupId>org.apache.httpcomponents.core5</groupId>
+            <artifactId>httpcore5</artifactId>
+            <version>${httpcore.version}</version>
         </dependency>
 
         <dependency>
@@ -310,12 +317,11 @@
             <version>${commons-cli.version}</version>
         </dependency>
 
-        <!-- https://mvnrepository.com/artifact/org.postgresql/postgresql -->
-        <dependency>
+        <!-- currently no need for postgres db connection -->
+        <!--dependency>
             <groupId>org.postgresql</groupId>
             <artifactId>postgresql</artifactId>
-        </dependency>
-
+        </dependency-->
 
         <dependency>
             <groupId>org.slf4j</groupId>

src/main/java/net/finmath/smartcontract/valuation/marketdata/generators/WebSocketConnector.java

@@ -7,23 +7,22 @@
 
 import com.neovisionaries.ws.client.*;
 
-import org.apache.http.Header;
-import org.apache.http.HttpResponse;
-import org.apache.http.HttpStatus;
-import org.apache.http.NameValuePair;
-import org.apache.http.client.HttpClient;
-import org.apache.http.client.entity.UrlEncodedFormEntity;
-import org.apache.http.client.methods.HttpPost;
-import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
-import org.apache.http.impl.client.HttpClients;
-import org.apache.http.message.BasicNameValuePair;
-import org.apache.http.ssl.SSLContextBuilder;
-import org.apache.http.util.EntityUtils;
+import org.apache.hc.client5.http.classic.HttpClient;
+import org.apache.hc.client5.http.classic.methods.HttpPost;
+import org.apache.hc.client5.http.entity.UrlEncodedFormEntity;
+import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
+import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager;
+import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
+import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactoryBuilder;
+import org.apache.hc.core5.http.*;
+import org.apache.hc.core5.http.io.entity.EntityUtils;
+import org.apache.hc.core5.http.message.BasicNameValuePair;
 import org.json.JSONObject;
 
 import javax.net.ssl.SSLParameters;
 import java.io.IOException;
 import java.net.Inet4Address;
+import java.nio.charset.StandardCharsets;
 import java.security.NoSuchAlgorithmException;
 import java.util.ArrayList;
 import java.util.List;
@@ -48,12 +47,9 @@
  *   providing the updated token to the Real-Time endpoint before token expiration.
  */
 public class WebSocketConnector {
-
-
 	Properties connectionProperties;
 	public JSONObject authJson;
 
-
 	public String position;
 	public String scope = "";
 	public String server = "";
@@ -63,8 +59,6 @@ public class WebSocketConnector {
 	public WebSocketConnector(Properties connectionProperties) throws Exception {
 		this.connectionProperties = connectionProperties;
 		this.position = Inet4Address.getLocalHost().getHostAddress();
-
-
 	}
 
 	public WebSocket getWebSocket() throws Exception{
@@ -84,10 +78,8 @@ public String getPosition(){
 
 	public WebSocketConnector initAuthJson() {
 		try {
-
 			// Connect to Live Market Data Platform and authenticate (using our username and password)
 			this.authJson = getAuthenticationInfo(null, connectionProperties.get("AUTHURL").toString());
-
 		} catch (Exception e) {
 			e.printStackTrace();
 		}
@@ -134,17 +126,20 @@ public WebSocket initWebSocketConnection() throws IOException, WebSocketExceptio
 	public JSONObject getAuthenticationInfo(JSONObject previousAuthResponseJson, String url) {
 		try
 		{
-			SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(new SSLContextBuilder().build());
+			PoolingHttpClientConnectionManager connectionManager = PoolingHttpClientConnectionManagerBuilder.create()
+					.setSSLSocketFactory(SSLConnectionSocketFactoryBuilder.create().build())
+					.build();
 
-			HttpClient httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
+			HttpClient httpclient = HttpClientBuilder.create()
+					.setConnectionManager(connectionManager).build();
 			HttpPost httppost = new HttpPost(url);
            /* HttpParams httpParams = new BasicHttpParams();
 
             // Disable redirect
             httpParams.setParameter(ClientPNames.HANDLE_REDIRECTS, false);*/
 
 			// Set request parameters.
-			List<NameValuePair> params = new ArrayList<NameValuePair>(2);
+			List<NameValuePair> params = new ArrayList<>(2);
 			params.add(new BasicNameValuePair("client_id", connectionProperties.get("CLIENTID").toString()));
 			params.add(new BasicNameValuePair("username", connectionProperties.get("USER").toString()));
 
@@ -164,12 +159,12 @@ public JSONObject getAuthenticationInfo(JSONObject previousAuthResponseJson, Str
 			}
 
 			//httppost.setParams(httpParams);
-			httppost.setEntity(new UrlEncodedFormEntity(params, "UTF-8"));
+			httppost.setEntity(new UrlEncodedFormEntity(params, StandardCharsets.UTF_8));
 
 			//Execute and get the response.
-			HttpResponse response = httpclient.execute(httppost);
+			ClassicHttpResponse response = httpclient.executeOpen(null, httppost, null);
 
-			int statusCode = response.getStatusLine().getStatusCode();
+			int statusCode = response.getCode();
 
 			switch ( statusCode ) {
 				case HttpStatus.SC_OK:                  // 200
@@ -198,7 +193,7 @@ public JSONObject getAuthenticationInfo(JSONObject previousAuthResponseJson, Str
 				case HttpStatus.SC_BAD_REQUEST:                    // 400
 				case HttpStatus.SC_UNAUTHORIZED:                   // 401
 					// Retry with username and password
-					System.out.println("Refinitiv Data Platform authentication HTTP code: " + response.getStatusLine().getStatusCode() + " " + response.getStatusLine().getReasonPhrase());
+					System.out.println("Refinitiv Data Platform authentication HTTP code: " + response.getCode() + " " + response.getReasonPhrase());
 					if (previousAuthResponseJson != null) {
 						System.out.println("Retry with username and password");
 						return getAuthenticationInfo(null, connectionProperties.get("AUTHURL").toString());
@@ -209,12 +204,12 @@ public JSONObject getAuthenticationInfo(JSONObject previousAuthResponseJson, Str
 				case HttpStatus.SC_GONE:                           // 410
 				case 451:                                          // 451 Unavailable For Legal Reasons
 					// Stop retrying with the request
-					System.out.println("Refinitiv Data Platform authentication HTTP code: " + response.getStatusLine().getStatusCode() + " " + response.getStatusLine().getReasonPhrase());
+					System.out.println("Refinitiv Data Platform authentication HTTP code: " + response.getCode() + " " + response.getReasonPhrase());
 					System.out.println("Stop retrying with the request");
 					return null;
 				default:
 					// Retry the request to Refinitiv Data Platform
-					System.out.println("Refinitiv Data Platform authentication HTTP code: " + response.getStatusLine().getStatusCode() + " " + response.getStatusLine().getReasonPhrase());
+					System.out.println("Refinitiv Data Platform authentication HTTP code: " + response.getCode() + " " + response.getReasonPhrase());
 					Thread.sleep(5000);
 					// CAUTION: This is sample code with infinite retries.
 					System.out.println("Retry the request to Refinitiv Data Platform");

src/main/java/net/finmath/smartcontract/valuation/service/config/BasicAuthWebSecurityConfiguration.java

@@ -24,7 +24,7 @@
 
 @Configuration
 @EnableWebSecurity
-@EnableConfigurationProperties(value = ApplicationProperties.class)
+//@EnableConfigurationProperties(value = ApplicationProperties.class)
 public class BasicAuthWebSecurityConfiguration {
 
 	Logger logger = LoggerFactory.getLogger(BasicAuthWebSecurityConfiguration.class);