evaluationDependsOn(xpackModule('core'))
apply plugin: 'elasticsearch.esplugin'
apply plugin: 'nebula.maven-scm'
esplugin {
name 'x-pack-security'
description 'Elasticsearch Expanded Pack Plugin - Security'
classname 'org.elasticsearch.xpack.security.Security'
requiresKeystore true
extendedPlugins = ['x-pack-core']
}
archivesBaseName = 'x-pack-security'
dependencies {
// "org.elasticsearch.plugin:x-pack-core:${version}" doesn't work with idea because the testArtifacts are also here
compileOnly project(path: xpackModule('core'), configuration: 'default')
compileOnly project(path: ':modules:transport-netty4', configuration: 'runtime')
compileOnly project(path: ':plugins:transport-nio', configuration: 'runtime')
testCompile project(path: xpackModule('monitoring'))
testCompile project(path: xpackModule('sql:sql-action'))
testCompile project(path: xpackModule('core'), configuration: 'testArtifacts')
compile 'com.unboundid:unboundid-ldapsdk:4.0.8'
compileOnly 'org.bouncycastle:bcprov-jdk15on:1.59'
compileOnly 'org.bouncycastle:bcpkix-jdk15on:1.59'
// the following are all SAML dependencies - might as well download the whole internet
compile "org.opensaml:opensaml-core:3.3.0"
compile "org.opensaml:opensaml-saml-api:3.3.0"
compile "org.opensaml:opensaml-saml-impl:3.3.0"
compile "org.opensaml:opensaml-messaging-api:3.3.0"
compile "org.opensaml:opensaml-messaging-impl:3.3.0"
compile "org.opensaml:opensaml-security-api:3.3.0"
compile "org.opensaml:opensaml-security-impl:3.3.0"
compile "org.opensaml:opensaml-profile-api:3.3.0"
compile "org.opensaml:opensaml-profile-impl:3.3.0"
compile "org.opensaml:opensaml-xmlsec-api:3.3.0"
compile "org.opensaml:opensaml-xmlsec-impl:3.3.0"
compile "org.opensaml:opensaml-soap-api:3.3.0"
compile "org.opensaml:opensaml-soap-impl:3.3.0"
compile "org.opensaml:opensaml-storage-api:3.3.0"
compile "org.opensaml:opensaml-storage-impl:3.3.0"
compile "net.shibboleth.utilities:java-support:7.3.0"
compile "org.apache.santuario:xmlsec:2.0.8"
compile "io.dropwizard.metrics:metrics-core:3.2.2"
compile "org.cryptacular:cryptacular:1.2.0"
compile "org.slf4j:slf4j-api:${versions.slf4j}"
compile "org.apache.logging.log4j:log4j-slf4j-impl:${versions.log4j}"
compile "org.apache.httpcomponents:httpclient:${versions.httpclient}"
compile "org.apache.httpcomponents:httpcore:${versions.httpcore}"
compile "org.apache.httpcomponents:httpasyncclient:${versions.httpasyncclient}"
compile "org.apache.httpcomponents:httpcore-nio:${versions.httpcore}"
compile "org.apache.httpcomponents:httpclient-cache:${versions.httpclient}"
compile 'com.google.guava:guava:19.0'
testCompile 'org.elasticsearch:securemock:1.2'
testCompile "org.elasticsearch:mocksocket:${versions.mocksocket}"
//testCompile "org.yaml:snakeyaml:${versions.snakeyaml}"
// Test dependencies for Kerberos (MiniKdc)
testCompile('commons-io:commons-io:2.5')
testCompile('org.apache.kerby:kerb-simplekdc:1.1.1')
testCompile('org.apache.kerby:kerb-client:1.1.1')
testCompile('org.apache.kerby:kerby-config:1.1.1')
testCompile('org.apache.kerby:kerb-core:1.1.1')
testCompile('org.apache.kerby:kerby-pkix:1.1.1')
testCompile('org.apache.kerby:kerby-asn1:1.1.1')
testCompile('org.apache.kerby:kerby-util:1.1.1')
testCompile('org.apache.kerby:kerb-common:1.1.1')
testCompile('org.apache.kerby:kerb-crypto:1.1.1')
testCompile('org.apache.kerby:kerb-util:1.1.1')
testCompile('org.apache.kerby:token-provider:1.1.1')
testCompile('com.nimbusds:nimbus-jose-jwt:4.41.2')
testCompile('net.jcip:jcip-annotations:1.0')
testCompile('org.apache.kerby:kerb-admin:1.1.1')
testCompile('org.apache.kerby:kerb-server:1.1.1')
testCompile('org.apache.kerby:kerb-identity:1.1.1')
testCompile('org.apache.kerby:kerby-xdr:1.1.1')
// LDAP backend support for SimpleKdcServer
testCompile('org.apache.kerby:kerby-backend:1.1.1')
testCompile('org.apache.kerby:ldap-backend:1.1.1')
testCompile('org.apache.kerby:kerb-identity:1.1.1')
testCompile('org.apache.directory.api:api-ldap-client-api:1.0.0')
testCompile('org.apache.directory.api:api-ldap-schema-data:1.0.0')
testCompile('org.apache.directory.api:api-ldap-codec-core:1.0.0')
testCompile('org.apache.directory.api:api-ldap-extras-aci:1.0.0')
testCompile('org.apache.directory.api:api-ldap-extras-codec:1.0.0')
testCompile('org.apache.directory.api:api-ldap-extras-codec-api:1.0.0')
testCompile('commons-pool:commons-pool:1.6')
testCompile('commons-collections:commons-collections:3.2')
testCompile('org.apache.mina:mina-core:2.0.17')
testCompile('org.apache.directory.api:api-util:1.0.1')
testCompile('org.apache.directory.api:api-i18n:1.0.1')
testCompile('org.apache.directory.api:api-ldap-model:1.0.1')
testCompile('org.apache.directory.api:api-asn1-api:1.0.1')
testCompile('org.apache.directory.api:api-asn1-ber:1.0.1')
testCompile('org.apache.servicemix.bundles:org.apache.servicemix.bundles.antlr:2.7.7_5')
testCompile('org.apache.directory.server:apacheds-core-api:2.0.0-M24')
testCompile('org.apache.directory.server:apacheds-i18n:2.0.0-M24')
testCompile('org.apache.directory.api:api-ldap-extras-util:1.0.0')
testCompile('net.sf.ehcache:ehcache:2.10.4')
testCompile('org.apache.directory.server:apacheds-kerberos-codec:2.0.0-M24')
testCompile('org.apache.directory.server:apacheds-protocol-ldap:2.0.0-M24')
testCompile('org.apache.directory.server:apacheds-protocol-shared:2.0.0-M24')
testCompile('org.apache.directory.jdbm:apacheds-jdbm1:2.0.0-M3')
testCompile('org.apache.directory.server:apacheds-jdbm-partition:2.0.0-M24')
testCompile('org.apache.directory.server:apacheds-xdbm-partition:2.0.0-M24')
testCompile('org.apache.directory.api:api-ldap-extras-sp:1.0.0')
testCompile('org.apache.directory.server:apacheds-test-framework:2.0.0-M24')
testCompile('org.apache.directory.server:apacheds-core-annotations:2.0.0-M24')
testCompile('org.apache.directory.server:apacheds-ldif-partition:2.0.0-M24')
testCompile('org.apache.directory.server:apacheds-mavibot-partition:2.0.0-M24')
testCompile('org.apache.directory.server:apacheds-protocol-kerberos:2.0.0-M24')
testCompile('org.apache.directory.server:apacheds-server-annotations:2.0.0-M24')
testCompile('org.apache.directory.api:api-ldap-codec-standalone:1.0.0')
testCompile('org.apache.directory.api:api-ldap-net-mina:1.0.0')
testCompile('org.apache.directory.server:ldap-client-test:2.0.0-M24')
testCompile('org.apache.directory.server:apacheds-interceptor-kerberos:2.0.0-M24')
testCompile('org.apache.directory.mavibot:mavibot:1.0.0-M8')
}
compileJava.options.compilerArgs << "-Xlint:-deprecation,-rawtypes,-serial,-try,-unchecked"
compileTestJava.options.compilerArgs << "-Xlint:-deprecation,-rawtypes,-serial,-try,-unchecked"
configurations {
testArtifacts.extendsFrom testRuntime
}
task testJar(type: Jar) {
appendix 'test'
from sourceSets.test.output
}
artifacts {
// normal es plugins do not publish the jar but we need to since users need it for Transport Clients and extensions
archives jar
testArtifacts testJar
}
sourceSets.test.resources {
srcDir '../core/src/test/resources'
srcDir '../core/src/main/config'
}
dependencyLicenses {
mapping from: /java-support|opensaml-.*/, to: 'shibboleth'
mapping from: /http.*/, to: 'httpclient'
}
licenseHeaders {
// This class was sourced from apache directory studio for some microsoft-specific logic
excludes << 'org/elasticsearch/xpack/security/authc/ldap/ActiveDirectorySIDUtil.java'
}
forbiddenPatterns {
exclude '**/*.key'
exclude '**/*.p12'
exclude '**/*.der'
exclude '**/*.zip'
}
forbiddenApisMain {
signaturesFiles += files('forbidden/ldap-signatures.txt', 'forbidden/xml-signatures.txt')
}
// classes are missing, e.g. com.ibm.icu.lang.UCharacter
thirdPartyAudit {
ignoreMissingClasses (
// SAML dependencies
// [missing classes] Some cli utilities that we don't use depend on these missing JCommander classes
'com.beust.jcommander.JCommander',
'com.beust.jcommander.converters.BaseConverter',
// [missing classes] Shibboleth + OpenSAML have servlet support that we don't use
'javax.servlet.AsyncContext',
'javax.servlet.DispatcherType',
'javax.servlet.Filter',
'javax.servlet.FilterChain',
'javax.servlet.FilterConfig',
'javax.servlet.RequestDispatcher',
'javax.servlet.ServletContext',
'javax.servlet.ServletException',
'javax.servlet.ServletInputStream',
'javax.servlet.ServletOutputStream',
'javax.servlet.ServletRequest',
'javax.servlet.ServletResponse',
'javax.servlet.http.Cookie',
'javax.servlet.http.HttpServletRequest',
'javax.servlet.http.HttpServletResponse',
'javax.servlet.http.HttpServletResponseWrapper',
'javax.servlet.http.HttpSession',
'javax.servlet.http.Part',
// [missing classes] Shibboleth + OpenSAML have velocity support that we don't use
'org.apache.velocity.VelocityContext',
'org.apache.velocity.app.VelocityEngine',
'org.apache.velocity.context.Context',
'org.apache.velocity.exception.VelocityException',
'org.apache.velocity.runtime.RuntimeServices',
'org.apache.velocity.runtime.log.LogChute',
'org.apache.velocity.runtime.resource.loader.StringResourceLoader',
'org.apache.velocity.runtime.resource.util.StringResourceRepository',
// [missing classes] OpenSAML depends on Apache XML security which depends on Xalan, but only for functionality that OpenSAML doesn't use
'org.apache.xml.dtm.DTM',
'org.apache.xml.utils.PrefixResolver',
'org.apache.xml.utils.PrefixResolverDefault',
'org.apache.xpath.Expression',
'org.apache.xpath.NodeSetDTM',
'org.apache.xpath.XPath',
'org.apache.xpath.XPathContext',
'org.apache.xpath.compiler.FunctionTable',
'org.apache.xpath.functions.Function',
'org.apache.xpath.objects.XNodeSet',
'org.apache.xpath.objects.XObject',
// [missing classes] OpenSAML storage has an optional LDAP storage impl
'org.ldaptive.AttributeModification',
'org.ldaptive.AttributeModificationType',
'org.ldaptive.Connection',
'org.ldaptive.DeleteOperation',
'org.ldaptive.DeleteRequest',
'org.ldaptive.LdapAttribute',
'org.ldaptive.LdapEntry',
'org.ldaptive.LdapException',
'org.ldaptive.ModifyOperation',
'org.ldaptive.ModifyRequest',
'org.ldaptive.Response',
'org.ldaptive.ResultCode',
'org.ldaptive.SearchOperation',
'org.ldaptive.SearchRequest',
'org.ldaptive.SearchResult',
'org.ldaptive.ext.MergeOperation',
'org.ldaptive.ext.MergeRequest',
'org.ldaptive.pool.ConnectionPool',
'org.ldaptive.pool.PooledConnectionFactory',
// [missing classes] OpenSAML storage has an optional JSON-backed storage impl
'javax.json.Json',
'javax.json.JsonException',
'javax.json.JsonNumber',
'javax.json.JsonObject',
'javax.json.JsonReader',
'javax.json.JsonValue$ValueType',
'javax.json.JsonValue',
'javax.json.stream.JsonGenerator',
// [missing classes] OpenSAML storage has an optional JPA storage impl
'javax.persistence.EntityManager',
'javax.persistence.EntityManagerFactory',
'javax.persistence.EntityTransaction',
'javax.persistence.LockModeType',
'javax.persistence.Query',
// [missing classes] OpenSAML storage and HttpClient cache have optional memcache support
'net.spy.memcached.CASResponse',
'net.spy.memcached.CASValue',
'net.spy.memcached.MemcachedClient',
'net.spy.memcached.MemcachedClientIF',
'net.spy.memcached.CachedData',
'net.spy.memcached.internal.OperationFuture',
'net.spy.memcached.transcoders.Transcoder',
// [missing classes] Http Client cache has optional ehcache support
'net.sf.ehcache.Ehcache',
'net.sf.ehcache.Element',
// [missing classes] SLF4j includes an optional class that depends on an extension class (!)
'org.slf4j.ext.EventData'
)
ignoreViolations (
// Guava uses internal java api: sun.misc.Unsafe
'com.google.common.cache.Striped64',
'com.google.common.cache.Striped64$1',
'com.google.common.cache.Striped64$Cell',
'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator',
'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator$1',
'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper',
'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper$1',
)
}
if (project.runtimeJavaVersion > JavaVersion.VERSION_1_8) {
thirdPartyAudit.ignoreMissingClasses(
'javax.xml.bind.JAXBContext',
'javax.xml.bind.JAXBElement',
'javax.xml.bind.JAXBException',
'javax.xml.bind.Unmarshaller',
'javax.xml.bind.UnmarshallerHandler'
)
}
run {
plugin xpackModule('core')
}
unitTest {
/*
* We have to disable setting the number of available processors as tests in the same JVM randomize processors and will step on each
* other if we allow them to set the number of available processors as it's set-once in Netty.
*/
systemProperty 'es.set.netty.runtime.available.processors', 'false'
}
// xpack modules are installed in real clusters as the meta plugin, so
// installing them as individual plugins for integ tests doesn't make sense,
// so we disable integ tests
integTest.enabled = false