evaluationDependsOn(xpackModule('core')) apply plugin: 'elasticsearch.esplugin' esplugin { name 'x-pack-security' description 'Elasticsearch Expanded Pack Plugin - Security' classname 'org.elasticsearch.xpack.security.Security' requiresKeystore true extendedPlugins = ['x-pack-core'] } archivesBaseName = 'x-pack-security' dependencies { compileOnly "org.elasticsearch.plugin:x-pack-core:${version}" compileOnly project(path: ':modules:transport-netty4', configuration: 'runtime') compileOnly project(path: ':plugins:transport-nio', configuration: 'runtime') testCompile project(path: xpackModule('monitoring')) testCompile project(path: xpackModule('sql:sql-proto')) testCompile project(path: xpackModule('core'), configuration: 'testArtifacts') compile 'com.unboundid:unboundid-ldapsdk:3.2.0' compile 'org.bouncycastle:bcprov-jdk15on:1.58' compile 'org.bouncycastle:bcpkix-jdk15on:1.58' // the following are all SAML dependencies - might as well download the whole internet compile "org.opensaml:opensaml-core:3.3.0" compile "org.opensaml:opensaml-saml-api:3.3.0" compile "org.opensaml:opensaml-saml-impl:3.3.0" compile "org.opensaml:opensaml-messaging-api:3.3.0" compile "org.opensaml:opensaml-messaging-impl:3.3.0" compile "org.opensaml:opensaml-security-api:3.3.0" compile "org.opensaml:opensaml-security-impl:3.3.0" compile "org.opensaml:opensaml-profile-api:3.3.0" compile "org.opensaml:opensaml-profile-impl:3.3.0" compile "org.opensaml:opensaml-xmlsec-api:3.3.0" compile "org.opensaml:opensaml-xmlsec-impl:3.3.0" compile "org.opensaml:opensaml-soap-api:3.3.0" compile "org.opensaml:opensaml-soap-impl:3.3.0" compile "org.opensaml:opensaml-storage-api:3.3.0" compile "org.opensaml:opensaml-storage-impl:3.3.0" compile "net.shibboleth.utilities:java-support:7.3.0" compile "org.apache.santuario:xmlsec:2.0.8" compile "io.dropwizard.metrics:metrics-core:3.2.2" compile "org.cryptacular:cryptacular:1.2.0" compile "org.slf4j:slf4j-api:${versions.slf4j}" compile "org.apache.logging.log4j:log4j-slf4j-impl:${versions.log4j}" compile "org.apache.httpcomponents:httpclient:${versions.httpclient}" compile "org.apache.httpcomponents:httpcore:${versions.httpcore}" compile "org.apache.httpcomponents:httpasyncclient:${versions.httpasyncclient}" compile "org.apache.httpcomponents:httpcore-nio:${versions.httpcore}" compile "org.apache.httpcomponents:httpclient-cache:${versions.httpclient}" compile 'com.google.guava:guava:19.0' testCompile 'org.elasticsearch:securemock:1.2' testCompile "org.elasticsearch:mocksocket:${versions.mocksocket}" //testCompile "org.yaml:snakeyaml:${versions.snakeyaml}" } compileJava.options.compilerArgs << "-Xlint:-deprecation,-rawtypes,-serial,-try,-unchecked" compileTestJava.options.compilerArgs << "-Xlint:-deprecation,-rawtypes,-serial,-try,-unchecked" configurations { testArtifacts.extendsFrom testRuntime } task testJar(type: Jar) { appendix 'test' from sourceSets.test.output } artifacts { // normal es plugins do not publish the jar but we need to since users need it for Transport Clients and extensions archives jar testArtifacts testJar } sourceSets.test.resources { srcDir '../core/src/test/resources' } dependencyLicenses { mapping from: /bc.*/, to: 'bouncycastle' mapping from: /java-support|opensaml-.*/, to: 'shibboleth' mapping from: /http.*/, to: 'httpclient' } licenseHeaders { // This class was sourced from apache directory studio for some microsoft-specific logic excludes << 'org/elasticsearch/xpack/security/authc/ldap/ActiveDirectorySIDUtil.java' } forbiddenPatterns { exclude '**/*.key' exclude '**/*.p12' exclude '**/*.der' exclude '**/*.zip' } forbiddenApisMain { signaturesURLs += file('forbidden/ldap-signatures.txt').toURI().toURL() signaturesURLs += file('forbidden/xml-signatures.txt').toURI().toURL() } // classes are missing, e.g. com.ibm.icu.lang.UCharacter thirdPartyAudit.excludes = [ // SAML dependencies // [missing classes] Some cli utilities that we don't use depend on these missing JCommander classes 'com.beust.jcommander.JCommander', 'com.beust.jcommander.converters.BaseConverter', // [missing classes] Shibboleth + OpenSAML have servlet support that we don't use 'javax.servlet.AsyncContext', 'javax.servlet.DispatcherType', 'javax.servlet.Filter', 'javax.servlet.FilterChain', 'javax.servlet.FilterConfig', 'javax.servlet.RequestDispatcher', 'javax.servlet.ServletContext', 'javax.servlet.ServletException', 'javax.servlet.ServletInputStream', 'javax.servlet.ServletOutputStream', 'javax.servlet.ServletRequest', 'javax.servlet.ServletResponse', 'javax.servlet.http.Cookie', 'javax.servlet.http.HttpServletRequest', 'javax.servlet.http.HttpServletResponse', 'javax.servlet.http.HttpServletResponseWrapper', 'javax.servlet.http.HttpSession', 'javax.servlet.http.Part', // [missing classes] Shibboleth + OpenSAML have velocity support that we don't use 'org.apache.velocity.VelocityContext', 'org.apache.velocity.app.VelocityEngine', 'org.apache.velocity.context.Context', 'org.apache.velocity.exception.VelocityException', 'org.apache.velocity.runtime.RuntimeServices', 'org.apache.velocity.runtime.log.LogChute', 'org.apache.velocity.runtime.resource.loader.StringResourceLoader', 'org.apache.velocity.runtime.resource.util.StringResourceRepository', // [missing classes] OpenSAML depends on Apache XML security which depends on Xalan, but only for functionality that OpenSAML doesn't use 'org.apache.xml.dtm.DTM', 'org.apache.xml.utils.PrefixResolver', 'org.apache.xml.utils.PrefixResolverDefault', 'org.apache.xpath.Expression', 'org.apache.xpath.NodeSetDTM', 'org.apache.xpath.XPath', 'org.apache.xpath.XPathContext', 'org.apache.xpath.compiler.FunctionTable', 'org.apache.xpath.functions.Function', 'org.apache.xpath.objects.XNodeSet', 'org.apache.xpath.objects.XObject', // [missing classes] OpenSAML storage has an optional LDAP storage impl 'org.ldaptive.AttributeModification', 'org.ldaptive.AttributeModificationType', 'org.ldaptive.Connection', 'org.ldaptive.DeleteOperation', 'org.ldaptive.DeleteRequest', 'org.ldaptive.LdapAttribute', 'org.ldaptive.LdapEntry', 'org.ldaptive.LdapException', 'org.ldaptive.ModifyOperation', 'org.ldaptive.ModifyRequest', 'org.ldaptive.Response', 'org.ldaptive.ResultCode', 'org.ldaptive.SearchOperation', 'org.ldaptive.SearchRequest', 'org.ldaptive.SearchResult', 'org.ldaptive.ext.MergeOperation', 'org.ldaptive.ext.MergeRequest', 'org.ldaptive.pool.ConnectionPool', 'org.ldaptive.pool.PooledConnectionFactory', // [missing classes] OpenSAML storage has an optional JSON-backed storage impl 'javax.json.Json', 'javax.json.JsonException', 'javax.json.JsonNumber', 'javax.json.JsonObject', 'javax.json.JsonReader', 'javax.json.JsonValue$ValueType', 'javax.json.JsonValue', 'javax.json.stream.JsonGenerator', // [missing classes] OpenSAML storage has an optional JPA storage impl 'javax.persistence.EntityManager', 'javax.persistence.EntityManagerFactory', 'javax.persistence.EntityTransaction', 'javax.persistence.LockModeType', 'javax/persistence/Query', // [missing classes] OpenSAML storage and HttpClient cache have optional memcache support 'net.spy.memcached.CASResponse', 'net.spy.memcached.CASValue', 'net.spy.memcached.MemcachedClient', 'net.spy.memcached.MemcachedClientIF', 'net.spy.memcached.CachedData', 'net.spy.memcached.internal.OperationFuture', 'net.spy.memcached.transcoders.Transcoder', // [missing classes] Http Client cache has optional ehcache support 'net.sf.ehcache.Ehcache', 'net.sf.ehcache.Element', // [missing classes] SLF4j includes an optional class that depends on an extension class (!) 'org.slf4j.ext.EventData', // Guava uses internal java api: sun.misc.Unsafe 'com.google.common.cache.Striped64', 'com.google.common.cache.Striped64$1', 'com.google.common.cache.Striped64$Cell', 'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator', 'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator$1', 'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper', 'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper$1', ] if (JavaVersion.current() > JavaVersion.VERSION_1_8) { thirdPartyAudit.excludes += [ 'javax.xml.bind.JAXBContext', 'javax.xml.bind.JAXBElement', 'javax.xml.bind.JAXBException', 'javax.xml.bind.Unmarshaller', 'javax.xml.bind.UnmarshallerHandler', ]; } run { plugin xpackModule('core') } test { /* * We have to disable setting the number of available processors as tests in the same JVM randomize processors and will step on each * other if we allow them to set the number of available processors as it's set-once in Netty. */ systemProperty 'es.set.netty.runtime.available.processors', 'false' } // xpack modules are installed in real clusters as the meta plugin, so // installing them as individual plugins for integ tests doesn't make sense, // so we disable integ tests integTest.enabled = false