Skip to content

Commit

Permalink
Added suppression for spring-security 5.1.5
Browse files Browse the repository at this point in the history 
Took 2 minutes
  • Loading branch information
@thorsten-p-weber
thorsten-p-weber committed Apr 24, 2019
1 parent e081177 commit e128e38
Show file tree
Hide file tree
Showing 3 changed files with 30 additions and 3 deletions.
6 changes: 6 additions & 0 deletions owasp-suppression.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.2.xsd">
<suppress>
<cpe>cpe:/a:pivotal_software:spring_security:5.1.5</cpe>
</suppress>
</suppressions>
24 changes: 22 additions & 2 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,7 @@
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<!-- -->
<spring-security.version>5.1.5.RELEASE</spring-security.version>
<spring.version>5.1.6.RELEASE</spring.version>
<jackson.version>2.9.8</jackson.version>
Expand All @@ -80,14 +81,14 @@
<vavr-encodings.version>0.6.0</vavr-encodings.version>
<default-immutables.version>1.2.5</default-immutables.version>
<java-jwt.version>3.8.0</java-jwt.version>
<jwks-rsa.version>0.7.0</jwks-rsa.version>
<jwks-rsa.version>0.8.0</jwks-rsa.version>
<vavr.version>0.10.0</vavr.version>
<slf4j-api.version>1.7.25</slf4j-api.version>
<jaxb-api.version>2.3.1</jaxb-api.version>
<!-- test -->
<junit.version>4.12</junit.version>
<assertj-core.version>3.12.2</assertj-core.version>
<mockito-core.version>2.25.1</mockito-core.version>
<mockito-core.version>2.27.0</mockito-core.version>
<bcprov-jdk15on.version>1.61</bcprov-jdk15on.version>
<logback-classic.version>1.2.3</logback-classic.version>
<!-- plugin -->
Expand Down Expand Up @@ -146,6 +147,9 @@
<skipProvidedScope>true</skipProvidedScope>
<skipTestScope>true</skipTestScope>
<skipSystemScope>true</skipSystemScope>
<suppressionFiles>
<suppressionFile>owasp-suppression.xml</suppressionFile>
</suppressionFiles>
</configuration>
</plugin>

Expand Down Expand Up @@ -259,6 +263,22 @@
<shadedPattern>com.mercateo.spring.security.jwt.relocated.io.vavr</shadedPattern>
</relocation>
</relocations>
<artifactSet>
<excludes>
<exclude>org.slf4j:slf4j-api:*</exclude>
<exclude>com.fasterxml.jackson.*</exclude>
<exclude>com.google.guava:*</exclude>
<exclude>javax.annotation:*</exclude>
<exclude>com.google.code.findbugs:*</exclude>
<exclude>commons-io:commons-io:*</exclude>
<exclude>org.springframework:*</exclude>
<exclude>org.checkerframework:*</exclude>
<exclude>commons-codec:commons-codec:*</exclude>
<exclude>com.google.j2objc:*</exclude>
<exclude>com.google.errorprone:*</exclude>
<exclude>org.codehaus.mojo:*</exclude>
</excludes>
</artifactSet>
</configuration>
</execution>
</executions>
Expand Down
3 changes: 2 additions & 1 deletion src/main/java/com/mercateo/spring/security/jwt/security/JWTAuthenticationEntryPoint.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,8 @@ public class JWTAuthenticationEntryPoint implements AuthenticationEntryPoint, Se
public void commence(HttpServletRequest request, HttpServletResponse response,
AuthenticationException authException) throws IOException {

log.warn("unauthorized: {}{}", request.getServletPath(), request.getPathInfo(), authException);
final String message = String.format("unauthorized: %s %s", request.getServletPath(), request.getPathInfo());
log.warn(message, authException);
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
}
}

0 comments on commit e128e38

Please sign in to comment.