Great work Akila! We might need to verify all the features after doing this modification. Were you able to run any tests after doing this?
Thanks On Tue, Nov 17, 2015 at 10:02 PM, Akila Ravihansa Perera <raviha...@wso2.com > wrote: > Hi, > > Currently Stratos components do not properly import/export packages > to/from OSGi bundles. This might lead to unexpected behaviors in an OSGi > runtime. Also dependency versions in pom files are currently hard-coded > which is less maintainable. I've done a refactoring of all pom files to fix > the above issues. Following is a summary of changes done; > > - Removed hard-coded maven dependency versions and moved everything to > parent pom > > - Parameterized dependency versions with maven properties > > - Added OSGi import ranges for external dependencies which are set from > parent pom as a maven property > > - Added OSGi import version for Stratos internal dependencies as > project.version. This will ensure only intended component will always > > - Upgraded commons-collections dependency to version 3.2.2 to mitigate > the security vulnerability as reported in [1] > > > While working on this I found several issues in the code base. I've > summarized the issues and fixes done below. > > - Incorrect import of Arrays class in [2] > Changed the import to java.util.Arrays > > - CloudController imports a private package of StratosCommon component [3] > Changed the import to CC's service holder class > > - Incorrect dependency to org.wso2.carbon.identity.oauth.stub component > at [4,5] resulting unrunnable code at [6, 7] > This is because actual identity.oauth.stub bundle version packed into the > distribution is 4.2.3 and the dependency version defined in the Stratos > component is 4.2.0. Changed the dependency version to 4.2.3 and updated > code to be compatible with newer version. > > - Metadata service webapp imports a private package of StratosCommon > component [8] > > - Stratos rest endpoint webapp imports a private package of > StratosManager component [9] > Removed the private package import and used > PrivilegedCarbonContext->getOSGiService method in the Carbon kernel to > retrieve the ComponentStartUpSynchronizer OSGi service. > > - Unnecessary Activator class in Autoscaler component [10]. > Removed the class and reference in maven-bundle-plugin Bundle-Activator > directive. > > - Embedded dependencies are not added as maven dependencies in the pom > for fabric8/kubernetes-api [11] > Added all relevant maven dependencies to the parent pom (with versions) > and sub-module (without versions). > > Created a JIRA [12] to track these changes. > > Following is a list of jars that were changed/upgraded as part of this > effort; > > Old version -> New version > > commons-collections-3.2.1.jar -> commons-collections-3.2.2.wso2v1.jar > commons-lang-2.6.jar -> commons-lang-2.6.0.wso2v1.jar > cxf-bundle-2.7.6.jar -> cxf-bundle-2.7.7.jar > httpasyncclient-4.0-beta3.jar -> httpasyncclient-4.0.jar > httpclient-4.2.5.jar -> httpclient-4.5.1.jar > httpcore-4.2.4.jar -> httpcore-4.4.4.jar > javax.ws.rs-api-2.0-m10.jar -> javax.ws.rs-api-2.0.1.jar > neethi-3.0.2.jar -> neethi-2.0.4.wso2v4.jar > wsdl4j-1.6.3.jar -> wsdl4j-1.6.2.wso2v4.jar > xmlschema-core-2.0.3.jar -> xmlschema-core-2.2.1.jar > slf4j.api_1.6.4.jar -> slf4j.api_1.7.6.jar > slf4j.log4j12_1.6.4.jar -> slf4j.log4j12_1.7.5.jar > > Following jars were added > > commons-collections_3.2.2.wso2v1.jar > org.apache.commons.configuration_1.9.0.jar > org.apache.httpcomponents.httpclient_4.5.1.jar > org.apache.httpcomponents.httpcore_4.4.4.jar > org.mvel2_2.1.3.Final.jar > > [1] https://issues.apache.org/jira/browse/COLLECTIONS-580 > > [2] > https://github.com/apache/stratos/blob/4.1.4/components/org.apache.stratos.autoscaler/src/main/java/org/apache/stratos/autoscaler/algorithms/networkpartition/AllAtOnceAlgorithm.java#L21 > > [3] > https://github.com/apache/stratos/blob/4.1.4/components/org.apache.stratos.cloud.controller/src/main/java/org/apache/stratos/cloud/controller/registry/RegistryManager.java#L26 > > [4] > https://github.com/apache/stratos/blob/4.1.4/components/org.apache.stratos.metadata.service/pom.xml#L99 > > [5] > https://github.com/apache/stratos/blob/4.1.4/components/org.apache.stratos.rest.endpoint/pom.xml#L101 > > [6] > https://github.com/apache/stratos/blob/4.1.4/components/org.apache.stratos.metadata.service/src/main/java/org/apache/stratos/metadata/service/oauth2/ValidationServiceClient.java#L54 > > [7] > https://github.com/apache/stratos/blob/4.1.4/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/oauth2/ValidationServiceClient.java#L53 > > [8] > https://github.com/apache/stratos/blob/4.1.4/components/org.apache.stratos.metadata.service/src/main/java/org/apache/stratos/metadata/service/registry/MetadataApiRegistry.java#L253 > > [9] > https://github.com/apache/stratos/blob/4.1.4/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/ComponentSynchronizerHandler.java#L28 > > [10] > https://github.com/apache/stratos/blob/4.1.4/components/org.apache.stratos.autoscaler/src/main/java/org/apache/stratos/autoscaler/internal/ASBundleActivater.java > > [11] > https://github.com/apache/stratos/blob/4.1.4/dependencies/fabric8/kubernetes-api/pom.xml#L153 > > [12] https://issues.apache.org/jira/browse/STRATOS-1623 > > Thanks. > > -- > Akila Ravihansa Perera > WSO2 Inc.; http://wso2.com/ > > Blog: http://ravihansa3000.blogspot.com > -- Imesh Gunaratne Senior Technical Lead, WSO2 Committer & PMC Member, Apache Stratos
