Merge 701a4a3 into b7a8ca2

pom.xml

@@ -4,7 +4,7 @@
 
     <groupId>com.daedafusion</groupId>
     <artifactId>security-framework</artifactId>
-    <version>1.2-SNAPSHOT</version>
+    <version>1.3-SNAPSHOT</version>
 
     <name>DaedaFusion Security Framework</name>
     <url>http://daedafusion.com</url>
@@ -53,7 +53,7 @@
             <dependency>
                 <groupId>com.daedafusion</groupId>
                 <artifactId>configuration-core</artifactId>
-                <version>1.1</version>
+                <version>1.2-SNAPSHOT</version>
             </dependency>
             <dependency>
                 <groupId>com.daedafusion</groupId>
@@ -80,16 +80,16 @@
                 <artifactId>commons-codec</artifactId>
                 <version>[1.10,)</version>
             </dependency>
-            <dependency>
-                <groupId>log4j</groupId>
-                <artifactId>log4j</artifactId>
-                <version>1.2.17</version>
-            </dependency>
-            <dependency>
-                <groupId>junit</groupId>
-                <artifactId>junit</artifactId>
-                <version>4.12</version>
-            </dependency>
+          <dependency>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-core</artifactId>
+            <version>2.14.0</version>
+          </dependency>
+          <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <version>4.13.1</version>
+          </dependency>
             <dependency>
                 <groupId>org.mockito</groupId>
                 <artifactId>mockito-all</artifactId>
@@ -138,8 +138,8 @@
             <scope>test</scope>
         </dependency>
         <dependency>
-            <groupId>log4j</groupId>
-            <artifactId>log4j</artifactId>
+          <groupId>org.apache.logging.log4j</groupId>
+          <artifactId>log4j-core</artifactId>
         </dependency>
         <dependency>
             <groupId>junit</groupId>
@@ -214,7 +214,7 @@
             <plugin>
                 <groupId>org.jacoco</groupId>
                 <artifactId>jacoco-maven-plugin</artifactId>
-                <version>0.8.5</version>
+                <version>0.8.6</version>
                 <executions>
                     <execution>
                         <id>prepare-agent</id>

src/main/java/com/daedafusion/security/admin/impl/AuditAdminImpl.java

@@ -9,7 +9,8 @@
 import com.daedafusion.security.common.Context;
 import com.daedafusion.security.common.impl.DefaultContext;
 import com.daedafusion.security.exceptions.UnauthorizedException;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 
 import java.util.ArrayList;
 import java.util.List;
@@ -19,7 +20,7 @@
  */
 public class AuditAdminImpl extends AbstractService<AuditAdminProvider> implements AuditAdmin
 {
-    private static final Logger log = Logger.getLogger(AuditAdminImpl.class);
+    private static final Logger log = LogManager.getLogger(AuditAdminImpl.class);
 
     @Override
     public List<AuditEvent> getEvents(Subject subject, long after, long before, int limit) throws UnauthorizedException

src/main/java/com/daedafusion/security/admin/impl/DomainAdminImpl.java

@@ -10,7 +10,8 @@
 import com.daedafusion.security.common.impl.DefaultContext;
 import com.daedafusion.security.exceptions.NotFoundException;
 import com.daedafusion.security.exceptions.UnauthorizedException;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 
 import java.util.ArrayList;
 import java.util.List;
@@ -20,7 +21,7 @@
  */
 public class DomainAdminImpl extends AbstractService<DomainAdminProvider> implements DomainAdmin
 {
-    private static final Logger log = Logger.getLogger(DomainAdminImpl.class);
+    private static final Logger log = LogManager.getLogger(DomainAdminImpl.class);
 
     @Override
     public void createDomain(Subject subject, Domain domain) throws UnauthorizedException

src/main/java/com/daedafusion/security/admin/impl/IdentityAdminImpl.java

@@ -11,7 +11,8 @@
 import com.daedafusion.security.common.impl.DefaultContext;
 import com.daedafusion.security.exceptions.NotFoundException;
 import com.daedafusion.security.exceptions.UnauthorizedException;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 
 import java.util.ArrayList;
 import java.util.HashMap;
@@ -23,7 +24,7 @@
  */
 public class IdentityAdminImpl extends AbstractService<IdentityAdminProvider> implements IdentityAdmin
 {
-    private static final Logger log = Logger.getLogger(IdentityAdminImpl.class);
+    private static final Logger log = LogManager.getLogger(IdentityAdminImpl.class);
 
     @Override
     public Identity createIdentity(Subject subject, Identity identity) throws UnauthorizedException

src/main/java/com/daedafusion/security/admin/impl/PolicyAdminImpl.java

@@ -10,14 +10,15 @@
 import com.daedafusion.security.common.PasswordPolicy;
 import com.daedafusion.security.common.impl.DefaultContext;
 import com.daedafusion.security.exceptions.UnauthorizedException;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 
 /**
  * Created by mphilpot on 7/25/14.
  */
 public class PolicyAdminImpl extends AbstractService<PolicyAdminProvider> implements PolicyAdmin
 {
-    private static final Logger log = Logger.getLogger(PolicyAdminImpl.class);
+    private static final Logger log = LogManager.getLogger(PolicyAdminImpl.class);
 
     @Override
     public LockoutPolicy getLockoutPolicy(Subject subject, String domain) throws UnauthorizedException

src/main/java/com/daedafusion/security/admin/impl/SessionAdminImpl.java

@@ -10,7 +10,8 @@
 import com.daedafusion.security.common.impl.DefaultContext;
 import com.daedafusion.security.exceptions.NotFoundException;
 import com.daedafusion.security.exceptions.UnauthorizedException;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 
 import java.util.List;
 
@@ -19,7 +20,7 @@
  */
 public class SessionAdminImpl extends AbstractService<SessionAdminProvider> implements SessionAdmin
 {
-    private static final Logger log = Logger.getLogger(SessionAdminImpl.class);
+    private static final Logger log = LogManager.getLogger(SessionAdminImpl.class);
 
     @Override
     public List<Session> getSessions(Subject subject) throws NotFoundException, UnauthorizedException

src/main/java/com/daedafusion/security/audit/AuditEvent.java

@@ -1,6 +1,7 @@
 package com.daedafusion.security.audit;
 
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 
 import java.util.Arrays;
 import java.util.HashMap;
@@ -11,7 +12,7 @@
  */
 public class AuditEvent
 {
-    private static final Logger log = Logger.getLogger(AuditEvent.class);
+    private static final Logger log = LogManager.getLogger(AuditEvent.class);
 
     public enum Severity { INFO, SUCCESS, FAILURE }
 

src/main/java/com/daedafusion/security/audit/impl/AuditImpl.java

@@ -4,14 +4,15 @@
 import com.daedafusion.security.audit.Audit;
 import com.daedafusion.security.audit.AuditEvent;
 import com.daedafusion.security.audit.providers.AuditProvider;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 
 /**
  * Created by mphilpot on 8/12/14.
  */
 public class AuditImpl extends AbstractService<AuditProvider> implements Audit
 {
-    private static final Logger log = Logger.getLogger(AuditImpl.class);
+    private static final Logger log = LogManager.getLogger(AuditImpl.class);
 
     @Override
     public void reportEvent(AuditEvent event)

src/main/java/com/daedafusion/security/authentication/AuthenticationImpl.java

@@ -12,7 +12,8 @@
 import com.daedafusion.security.exceptions.AuthenticationFailedException;
 import com.daedafusion.security.exceptions.PasswordQualityException;
 import com.daedafusion.security.exceptions.PasswordResetRequiredException;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 
 import java.util.*;
 import java.util.concurrent.ConcurrentHashMap;
@@ -22,7 +23,7 @@
  */
 public class AuthenticationImpl extends AbstractService<AuthenticationProvider> implements Authentication
 {
-    private static final Logger log = Logger.getLogger(AuthenticationImpl.class);
+    private static final Logger log = LogManager.getLogger(AuthenticationImpl.class);
 
     private String combinerType; // unanimous, atLeastOne
 

src/main/java/com/daedafusion/security/authentication/SharedAuthenticationState.java

@@ -1,6 +1,7 @@
 package com.daedafusion.security.authentication;
 
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
@@ -10,7 +11,7 @@
  */
 public final class SharedAuthenticationState
 {
-    private static final Logger log = Logger.getLogger(SharedAuthenticationState.class);
+    private static final Logger log = LogManager.getLogger(SharedAuthenticationState.class);
 
     private final Map<String, Object> state;
 

src/main/java/com/daedafusion/security/authentication/TokenExchangeImpl.java

@@ -3,7 +3,8 @@
 import com.daedafusion.sf.AbstractService;
 import com.daedafusion.security.authentication.providers.TokenExchangeProvider;
 import com.daedafusion.sf.LifecycleListener;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 
 import java.util.*;
 import java.util.stream.Collectors;
@@ -14,7 +15,7 @@
  */
 public class TokenExchangeImpl extends AbstractService<TokenExchangeProvider> implements TokenExchange
 {
-    private static final Logger log = Logger.getLogger(TokenExchangeImpl.class);
+    private static final Logger log = LogManager.getLogger(TokenExchangeImpl.class);
 
     @Override
     public Subject exchange(Token... tokens)

src/main/java/com/daedafusion/security/authentication/impl/AbstractPrincipal.java

@@ -1,7 +1,8 @@
 package com.daedafusion.security.authentication.impl;
 
 import com.daedafusion.security.authentication.Principal;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 
 import java.util.*;
 
@@ -10,7 +11,7 @@
  */
 public abstract class AbstractPrincipal implements Principal
 {
-    private static final Logger log = Logger.getLogger(AbstractPrincipal.class);
+    private static final Logger log = LogManager.getLogger(AbstractPrincipal.class);
 
     private final UUID instanceId;
     private final Type                type;

src/main/java/com/daedafusion/security/authentication/impl/DefaultAssociationPrincipal.java

@@ -1,6 +1,7 @@
 package com.daedafusion.security.authentication.impl;
 
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 
 import java.util.Map;
 import java.util.Set;
@@ -11,7 +12,7 @@
  */
 public class DefaultAssociationPrincipal extends AbstractPrincipal
 {
-    private static final Logger log = Logger.getLogger(DefaultAssociationPrincipal.class);
+    private static final Logger log = LogManager.getLogger(DefaultAssociationPrincipal.class);
 
     public DefaultAssociationPrincipal(UUID instanceId, Type type, Map<String, Set<String>> attributes, String signature)
     {

src/main/java/com/daedafusion/security/authentication/impl/DefaultAuthenticatedPrincipal.java

@@ -2,7 +2,8 @@
 
 import com.daedafusion.security.authentication.AuthenticatedPrincipal;
 import com.daedafusion.security.authentication.Principal;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 
 import java.util.*;
 import java.util.function.BooleanSupplier;
@@ -12,7 +13,7 @@
  */
 public class DefaultAuthenticatedPrincipal extends AbstractPrincipal implements AuthenticatedPrincipal
 {
-    private static final Logger log = Logger.getLogger(DefaultAuthenticatedPrincipal.class);
+    private static final Logger log = LogManager.getLogger(DefaultAuthenticatedPrincipal.class);
 
     private Set<Principal> associations;
     private Map<String, String> context;

src/main/java/com/daedafusion/security/authentication/impl/DefaultRole.java

@@ -1,7 +1,8 @@
 package com.daedafusion.security.authentication.impl;
 
 import com.daedafusion.security.authentication.Role;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 
 import java.util.Map;
 import java.util.Set;
@@ -12,7 +13,7 @@
  */
 public class DefaultRole extends AbstractPrincipal implements Role
 {
-    private static final Logger log = Logger.getLogger(DefaultRole.class);
+    private static final Logger log = LogManager.getLogger(DefaultRole.class);
     private final RoleType roleType;
 
     public DefaultRole(UUID instanceId, Type type, Map<String, Set<String>> attributes, RoleType roleType, String signature)

src/main/java/com/daedafusion/security/authentication/impl/PrincipalToken.java

@@ -1,7 +1,8 @@
 package com.daedafusion.security.authentication.impl;
 
 import com.daedafusion.security.authentication.Token;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 
 import java.util.Optional;
 
@@ -10,7 +11,7 @@
  */
 public class PrincipalToken implements Token
 {
-    private static final Logger log = Logger.getLogger(PrincipalToken.class);
+    private static final Logger log = LogManager.getLogger(PrincipalToken.class);
 
     private final String tokenString;
     private final String authority;

src/main/java/com/daedafusion/security/authorization/impl/UnanimousResultAuthorizationImpl.java

@@ -12,7 +12,8 @@
 import com.daedafusion.security.obligation.Obligation;
 import com.daedafusion.security.obligation.ObligationHandler;
 import com.daedafusion.sf.LifecycleListener;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 
 import javax.servlet.http.HttpServletRequest;
 import java.net.URI;
@@ -24,7 +25,7 @@
  */
 public class UnanimousResultAuthorizationImpl extends AbstractService<AuthorizationProvider> implements Authorization
 {
-    private static final Logger log = Logger.getLogger(UnanimousResultAuthorizationImpl.class);
+    private static final Logger log = LogManager.getLogger(UnanimousResultAuthorizationImpl.class);
 
     private Set<AuthorizationProvider> enabledProviders;
 

src/main/java/com/daedafusion/security/authorization/providers/impl/AlwaysPermitAuthorizationProvider.java

@@ -6,7 +6,8 @@
 import com.daedafusion.security.decision.Decision;
 import com.daedafusion.security.obligation.Obligation;
 import com.daedafusion.sf.AbstractProvider;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 
 import java.net.URI;
 
@@ -15,7 +16,7 @@
  */
 public class AlwaysPermitAuthorizationProvider extends AbstractProvider implements AuthorizationProvider
 {
-    private static final Logger log = Logger.getLogger(AlwaysPermitAuthorizationProvider.class);
+    private static final Logger log = LogManager.getLogger(AlwaysPermitAuthorizationProvider.class);
 
     @Override
     public Decision getAccessDecision(Subject subject, URI resource, String action, Context context)