Merge pull request #1 from TouchInstinct/feature/skip-internal-ip

support internal requests skip

.mergify.yml

@@ -27,8 +27,8 @@ pull_request_rules:
     - label=dependencies
   actions:
     merge:
-      method: merge
+      method: squash
-      strict: true
+      strict: false
     delete_head_branch:
 - name: automatic merge by renovate
   conditions:
@@ -39,6 +39,6 @@ pull_request_rules:
     - label=dependencies
   actions:
     merge:
-      method: merge
+      method: squash
-      strict: true
+      strict: false
     delete_head_branch:

README.md

@@ -723,6 +723,7 @@ cas.validation-type=SAML
 
 ### Available optional properties
 
+* `cas.single-logout.enabled`
 * `cas.authentication-url-patterns`
 * `cas.validation-url-patterns`
 * `cas.request-wrapper-url-patterns`
@@ -793,7 +794,7 @@ type="java.lang.String" value="https://www.apereo.org/cas"/>
 ### Configuring Single Sign Out
 The Single Sign Out support in CAS consists of configuring one `SingleSignOutFilter` and one `ContextListener`. Please note that if you have configured the CAS Client for Java as Web filters, this filter must come before the other filters as described.
 
-The `SingleSignOutFilter` can affect character encoding. This becomes most obvious when used in conjunction with applications such as Atlassian Confluence. Its recommended you explicitly configure either the [VT Character Encoding Filter](http://code.google.com/p/vt-middleware/wiki/vtservletfilters#CharacterEncodingFilter) or the [Spring Character Encoding Filter](http://docs.spring.io/spring/docs/current/javadoc-api/org/springframework/web/filter/CharacterEncodingFilter.html) with explicit encodings.
+The `SingleSignOutFilter` can affect character encoding. This becomes most obvious when used in conjunction with applications such as Atlassian Confluence. It's recommended you explicitly configure either the [VT Character Encoding Filter](http://code.google.com/p/vt-middleware/wiki/vtservletfilters#CharacterEncodingFilter) or the [Spring Character Encoding Filter](http://docs.spring.io/spring/docs/current/javadoc-api/org/springframework/web/filter/CharacterEncodingFilter.html) with explicit encodings.
 
 #### Configuration
 
@@ -801,12 +802,10 @@ The `SingleSignOutFilter` can affect character encoding. This becomes most obvio
 |----------|-------|-----------
 | `artifactParameterName` | The ticket artifact parameter name. Defaults to `ticket`| No
 | `logoutParameterName` | Defaults to `logoutRequest` | No
-| `frontLogoutParameterName` | Defaults to `SAMLRequest` | No
 | `relayStateParameterName` | Defaults to `RelayState` | No
 | `eagerlyCreateSessions` | Defaults to `true` | No
 | `artifactParameterOverPost` | Defaults to  `false` | No
 | `logoutCallbackPath` | The path which is expected to receive logout callback requests from the CAS server. This is necessary if your app needs access to the raw input stream when handling form posts. If not configured, the default behavior will check every form post for a logout parameter. | No
-| `casServerUrlPrefix` | URL to root of CAS Web application context. | Yes
 
 <a name="cas-protocol"></a>
 #### CAS Protocol
@@ -815,10 +814,6 @@ The `SingleSignOutFilter` can affect character encoding. This becomes most obvio
 <filter>
    <filter-name>CAS Single Sign Out Filter</filter-name>
    <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
-   <init-param>
-      <param-name>casServerUrlPrefix</param-name>
-      <param-value>https://cas.example.com/cas</param-value>
-   </init-param>
 </filter>
 ...
 <filter-mapping>
@@ -842,10 +837,6 @@ The `SingleSignOutFilter` can affect character encoding. This becomes most obvio
       <param-name>artifactParameterName</param-name>
       <param-value>SAMLart</param-value>
    </init-param>
-   <init-param>
-      <param-name>casServerUrlPrefix</param-name>
-      <param-value>https://cas.example.com/cas</param-value>
-   </init-param>
 </filter>
 ...
 <filter-mapping>

cas-client-core/pom.xml

@@ -21,7 +21,7 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
     <parent>
         <groupId>org.jasig.cas.client</groupId>
-        <version>3.6.0</version>
+        <version>3.6.2-SNAPSHOT</version>
         <artifactId>cas-client</artifactId>
     </parent>
     <modelVersion>4.0.0</modelVersion>

cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java

@@ -82,6 +82,10 @@ public class AuthenticationFilter extends AbstractCasFilter {
 
     private UrlPatternMatcherStrategy ignoreUrlPatternMatcherStrategyClass = null;
 
+    private String internalIp = null;
+
+    private static final String X_REAL_IP = "x-real-ip";
+
     private static final Map<String, Class<? extends UrlPatternMatcherStrategy>> PATTERN_MATCHER_TYPES =
         new HashMap<String, Class<? extends UrlPatternMatcherStrategy>>();
 
@@ -115,6 +119,7 @@ public class AuthenticationFilter extends AbstractCasFilter {
             setRenew(getBoolean(ConfigurationKeys.RENEW));
             setGateway(getBoolean(ConfigurationKeys.GATEWAY));
             setMethod(getString(ConfigurationKeys.METHOD));
+            setInternalIp(getString(ConfigurationKeys.INTERNAL_IP));
 
             final String ignorePattern = getString(ConfigurationKeys.IGNORE_PATTERN);
             final String ignoreUrlPatternType = getString(ConfigurationKeys.IGNORE_URL_PATTERN_TYPE);
@@ -169,6 +174,12 @@ public class AuthenticationFilter extends AbstractCasFilter {
         final HttpServletRequest request = (HttpServletRequest) servletRequest;
         final HttpServletResponse response = (HttpServletResponse) servletResponse;
 
+        if (isInternalRequest(request)) {
+            logger.debug("Request is ignored [internal].");
+            filterChain.doFilter(request, response);
+            return;
+        }
+
         if (isRequestUrlExcluded(request)) {
             logger.debug("Request is ignored.");
             filterChain.doFilter(request, response);
@@ -231,10 +242,24 @@ public class AuthenticationFilter extends AbstractCasFilter {
         this.casServerLoginUrl = casServerLoginUrl;
     }
 
+    public void setInternalIp(String internalIp) {
+        this.internalIp = internalIp;
+    }
+
     public final void setGatewayStorage(final GatewayResolver gatewayStorage) {
         this.gatewayStorage = gatewayStorage;
     }
 
+    private boolean isInternalRequest(final HttpServletRequest request) {
+        if (this.internalIp == null) {
+            return false;
+        }
+
+        String realIp = request.getHeader(X_REAL_IP);
+
+        return this.internalIp.equals(realIp);
+    }
+
     private boolean isRequestUrlExcluded(final HttpServletRequest request) {
         if (this.ignoreUrlPatternMatcherStrategyClass == null) {
             return false;

cas-client-core/src/main/java/org/jasig/cas/client/configuration/ConfigurationKeys.java

@@ -64,6 +64,7 @@ public interface ConfigurationKeys {
      */
     @Deprecated
     ConfigurationKey<Boolean> DISABLE_XML_SCHEMA_VALIDATION = new ConfigurationKey<Boolean>("disableXmlSchemaValidation", Boolean.FALSE);
+    ConfigurationKey<String> INTERNAL_IP = new ConfigurationKey<String>("internalIp", null);
     ConfigurationKey<String> IGNORE_PATTERN = new ConfigurationKey<String>("ignorePattern", null);
     ConfigurationKey<String> IGNORE_URL_PATTERN_TYPE = new ConfigurationKey<String>("ignoreUrlPatternType", "REGEX");
     ConfigurationKey<Class<? extends HostnameVerifier>> HOSTNAME_VERIFIER = new ConfigurationKey<Class<? extends HostnameVerifier>>("hostnameVerifier", null);

cas-client-core/src/main/java/org/jasig/cas/client/util/CommonUtils.java

@@ -18,16 +18,6 @@
  */
 package org.jasig.cas.client.util;
 
-import java.io.*;
-import java.net.HttpURLConnection;
-import java.net.URL;
-import java.net.URLEncoder;
-import java.util.*;
-
-import javax.net.ssl.SSLException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
 import org.jasig.cas.client.Protocol;
 import org.jasig.cas.client.proxy.ProxyGrantingTicketStorage;
 import org.jasig.cas.client.ssl.HttpURLConnectionFactory;
@@ -37,6 +27,23 @@ import org.jasig.cas.client.validation.ProxyListEditor;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import javax.net.ssl.SSLException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import java.io.Closeable;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.UnsupportedEncodingException;
+import java.net.HttpURLConnection;
+import java.net.URL;
+import java.net.URLEncoder;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
 /**
  * Common utilities so that we don't need to include Commons Lang.
  *
@@ -61,10 +68,6 @@ public final class CommonUtils {
 
     private static final String SERVICE_PARAMETER_NAMES;
 
-    private CommonUtils() {
-        // nothing to do
-    }
-
     static {
         final Set<String> serviceParameterSet = new HashSet<String>(4);
         for (final Protocol protocol : Protocol.values()) {
@@ -74,6 +77,11 @@ public final class CommonUtils {
             .replaceAll("\\[|\\]", "")
             .replaceAll("\\s", "");
     }
+
+    private CommonUtils() {
+        // nothing to do
+    }
+
     /**
      * Check whether the object is null or not. If it is, throw an exception and
      * display the message.
@@ -189,6 +197,21 @@ public final class CommonUtils {
             + (method != null ? "&method=" + method : "");
     }
 
+    /**
+     * Construct redirect url to a CAS server.
+     *
+     * @param casServerLoginUrl    the cas server login url
+     * @param serviceParameterName the service parameter name
+     * @param serviceUrl           the service url
+     * @param renew                the renew
+     * @param gateway              the gateway
+     * @return the string
+     */
+    public static String constructRedirectUrl(final String casServerLoginUrl, final String serviceParameterName,
+                                              final String serviceUrl, final boolean renew, final boolean gateway) {
+        return constructRedirectUrl(casServerLoginUrl, serviceParameterName, serviceUrl, renew, gateway, null);
+    }
+
     /**
      * Url encode a value using UTF-8 encoding.
      *

cas-client-integration-atlassian/pom.xml

@@ -21,7 +21,7 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
     <parent>
         <groupId>org.jasig.cas.client</groupId>
-        <version>3.6.0-SNAPSHOT</version>
+        <version>3.6.1</version>
         <artifactId>cas-client</artifactId>
     </parent>
     <modelVersion>4.0.0</modelVersion>

cas-client-integration-jboss/pom.xml

@@ -21,7 +21,7 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
     <parent>
         <groupId>org.jasig.cas.client</groupId>
-        <version>3.6.0</version>
+        <version>3.6.2-SNAPSHOT</version>
         <artifactId>cas-client</artifactId>
     </parent>
     <modelVersion>4.0.0</modelVersion>

cas-client-integration-jetty/pom.xml

@@ -23,7 +23,7 @@
     <parent>
         <artifactId>cas-client</artifactId>
         <groupId>org.jasig.cas.client</groupId>
-        <version>3.6.0</version>
+        <version>3.6.2-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
@@ -33,7 +33,7 @@
 
     <properties>
         <!-- Note Jetty 9.2.x is the last version to support Java SE 7 -->
-        <jetty.version>9.4.21.v20190926</jetty.version>
+        <jetty.version>9.4.25.v20191220</jetty.version>
     </properties>
 
     <dependencies>

cas-client-integration-tomcat-common/pom.xml

@@ -23,7 +23,7 @@
     <parent>
         <artifactId>cas-client</artifactId>
         <groupId>org.jasig.cas.client</groupId>
-        <version>3.6.0</version>
+        <version>3.6.2-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

cas-client-integration-tomcat-v6/pom.xml

@@ -23,7 +23,7 @@
     <parent>
         <artifactId>cas-client</artifactId>
         <groupId>org.jasig.cas.client</groupId>
-        <version>3.6.0</version>
+        <version>3.6.2-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

cas-client-integration-tomcat-v7/pom.xml

@@ -23,7 +23,7 @@
     <parent>
         <artifactId>cas-client</artifactId>
         <groupId>org.jasig.cas.client</groupId>
-        <version>3.6.0</version>
+        <version>3.6.2-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
@@ -50,7 +50,7 @@
         <dependency>
             <groupId>org.apache.tomcat</groupId>
             <artifactId>tomcat-catalina</artifactId>
-            <version>7.0.96</version>
+            <version>7.0.99</version>
             <type>jar</type>
             <scope>provided</scope>
             <exclusions>

cas-client-integration-tomcat-v8/pom.xml

@@ -23,7 +23,7 @@
     <parent>
         <artifactId>cas-client</artifactId>
         <groupId>org.jasig.cas.client</groupId>
-        <version>3.6.0</version>
+        <version>3.6.2-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
@@ -50,7 +50,7 @@
         <dependency>
             <groupId>org.apache.tomcat</groupId>
             <artifactId>tomcat-catalina</artifactId>
-            <version>8.5.46</version>
+            <version>8.5.50</version>
             <type>jar</type>
             <scope>provided</scope>
             <exclusions>

cas-client-integration-tomcat-v85/pom.xml

@@ -23,7 +23,7 @@
     <parent>
         <artifactId>cas-client</artifactId>
         <groupId>org.jasig.cas.client</groupId>
-        <version>3.6.0</version>
+        <version>3.6.2-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
@@ -50,14 +50,14 @@
         <dependency>
             <groupId>org.apache.tomcat.embed</groupId>
             <artifactId>tomcat-embed-core</artifactId>
-            <version>8.5.46</version>
+            <version>8.5.50</version>
             <type>jar</type>
             <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>org.apache.tomcat</groupId>
             <artifactId>tomcat-catalina</artifactId>
-            <version>8.5.46</version>
+            <version>8.5.50</version>
             <type>jar</type>
             <scope>provided</scope>
             <exclusions>

cas-client-integration-tomcat-v90/pom.xml

@@ -23,7 +23,7 @@
     <parent>
         <artifactId>cas-client</artifactId>
         <groupId>org.jasig.cas.client</groupId>
-        <version>3.6.0</version>
+        <version>3.6.2-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
@@ -32,7 +32,7 @@
     <name>Jasig CAS Client for Java - Tomcat 9.0.x Integration</name>
 
     <properties>
-        <tomcat.version>9.0.26</tomcat.version>
+        <tomcat.version>9.0.30</tomcat.version>
     </properties>
     <dependencies>
         <dependency>

cas-client-support-distributed-ehcache/pom.xml

@@ -23,7 +23,7 @@
     <parent>
         <artifactId>cas-client</artifactId>
         <groupId>org.jasig.cas.client</groupId>
-        <version>3.6.0</version>
+        <version>3.6.2-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     <name>Jasig CAS Client for Java - Distributed Proxy Storage Support: EhCache

cas-client-support-distributed-memcached/pom.xml

@@ -23,7 +23,7 @@
     <parent>
         <artifactId>cas-client</artifactId>
         <groupId>org.jasig.cas.client</groupId>
-        <version>3.6.0</version>
+        <version>3.6.2-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

cas-client-support-saml/pom.xml

@@ -21,7 +21,7 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
     <parent>
         <groupId>org.jasig.cas.client</groupId>
-        <version>3.6.0</version>
+        <version>3.6.2-SNAPSHOT</version>
         <artifactId>cas-client</artifactId>
     </parent>
     <modelVersion>4.0.0</modelVersion>
@@ -38,7 +38,7 @@
         <dependency>
             <groupId>joda-time</groupId>
             <artifactId>joda-time</artifactId>
-            <version>2.10.4</version>
+            <version>2.10.5</version>
         </dependency>
 
         <!-- Test dependencies -->

cas-client-support-springboot/pom.xml

@@ -21,7 +21,7 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
     <parent>
         <groupId>org.jasig.cas.client</groupId>
-        <version>3.6.0</version>
+        <version>3.6.2-SNAPSHOT</version>
         <artifactId>cas-client</artifactId>
     </parent>
     <modelVersion>4.0.0</modelVersion>
@@ -58,6 +58,15 @@
             <artifactId>spring-context</artifactId>
             <scope>provided</scope>
         </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-configuration-processor</artifactId>
+            <optional>true</optional>
+            <version>${springboot.version}</version>
+            <scope>provided</scope>
+        </dependency>
+
         <!-- Test dependencies -->
         <dependency>
             <groupId>org.jasig.cas.client</groupId>
@@ -74,6 +83,6 @@
     </dependencies>
 
     <properties>
-        <springboot.version>2.1.9.RELEASE</springboot.version>
+        <springboot.version>2.2.2.RELEASE</springboot.version>
     </properties>
 </project>

cas-client-support-springboot/src/main/java/org/jasig/cas/client/boot/configuration/CasClientConfiguration.java

@@ -20,6 +20,8 @@ package org.jasig.cas.client.boot.configuration;
 
 import org.jasig.cas.client.authentication.AuthenticationFilter;
 import org.jasig.cas.client.authentication.Saml11AuthenticationFilter;
+import org.jasig.cas.client.session.SingleSignOutFilter;
+import org.jasig.cas.client.session.SingleSignOutHttpSessionListener;
 import org.jasig.cas.client.util.AssertionThreadLocalFilter;
 import org.jasig.cas.client.util.HttpServletRequestWrapperFilter;
 import org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter;
@@ -29,8 +31,10 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.Ordered;
 import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
 
@@ -40,6 +44,7 @@ import java.util.Collection;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.EventListener;
 
 /**
  * Configuration class providing default CAS client infrastructure filters.
@@ -199,4 +204,25 @@ public class CasClientConfiguration {
         }
         this.casClientConfigurer = configurers.iterator().next();
     }
+
+    @Bean
+    @ConditionalOnProperty(prefix = "cas", value = "single-logout.enabled", havingValue = "true")
+    public FilterRegistrationBean casSingleSignOutFilter() {
+        final FilterRegistrationBean singleSignOutFilter = new FilterRegistrationBean();
+        singleSignOutFilter.setFilter(new SingleSignOutFilter());
+        Map<String,String> initParameters = new HashMap<>(1);
+        initParameters.put("casServerUrlPrefix", configProps.getServerUrlPrefix());
+        singleSignOutFilter.setInitParameters(initParameters);
+        singleSignOutFilter.setOrder(Ordered.HIGHEST_PRECEDENCE);
+        return singleSignOutFilter;
+    }
+
+    @Bean
+    @ConditionalOnProperty(prefix = "cas", value = "single-logout.enabled", havingValue = "true")
+    public ServletListenerRegistrationBean<EventListener> casSingleSignOutListener(){
+        ServletListenerRegistrationBean<EventListener> singleSignOutListener = new ServletListenerRegistrationBean<>();
+        singleSignOutListener.setListener(new SingleSignOutHttpSessionListener());
+        singleSignOutListener.setOrder(Ordered.HIGHEST_PRECEDENCE);
+        return singleSignOutListener;
+    }
 }

cas-client-support-springboot/src/main/java/org/jasig/cas/client/boot/configuration/CasClientConfigurationProperties.java

@@ -115,6 +115,24 @@ public class CasClientConfigurationProperties {
 
     private Boolean skipTicketValidation = false;
 
+    private SingleLogout singleLogout;
+
+    public static class SingleLogout{
+        /**
+         * whether to receive the single logout request from cas server.
+         */
+        private boolean enabled = false;
+
+        public boolean isEnabled() {
+            return enabled;
+        }
+
+        public void setEnabled(boolean enabled) {
+            this.enabled = enabled;
+        }
+    }
+
+
     public String getServerUrlPrefix() {
         return serverUrlPrefix;
     }
@@ -242,4 +260,13 @@ public class CasClientConfigurationProperties {
     public void setSkipTicketValidation(final Boolean skipTicketValidation) {
         this.skipTicketValidation = skipTicketValidation;
     }
+
+    public SingleLogout getSingleLogout() {
+        return singleLogout;
+    }
+
+    public void setSingleLogout(SingleLogout singleLogout) {
+        this.singleLogout = singleLogout;
+    }
+
 }

pom.xml

@@ -26,7 +26,7 @@
     </parent>
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.jasig.cas.client</groupId>
-    <version>3.6.0</version>
+    <version>3.6.2-SNAPSHOT</version>
     <artifactId>cas-client</artifactId>
     <packaging>pom</packaging>
 
@@ -41,7 +41,7 @@
         <connection>scm:git:git@github.com:apereo/java-cas-client.git</connection>
         <developerConnection>scm:git:git@github.com:apereo/java-cas-client.git</developerConnection>
         <url>https://github.com/apereo/java-cas-client</url>
-        <tag>cas-client-3.6.0</tag>
+        <tag>HEAD</tag>
     </scm>
 
     <inceptionYear>2006</inceptionYear>
@@ -79,7 +79,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-assembly-plugin</artifactId>
-                <version>3.1.1</version>
+                <version>3.2.0</version>
                 <configuration>
                     <descriptors>
                         <descriptor>${basedir}/assembly.xml</descriptor>
@@ -109,7 +109,7 @@
             </plugin>
             <plugin>
                 <artifactId>maven-source-plugin</artifactId>
-                <version>3.1.0</version>
+                <version>3.2.1</version>
                 <executions>
                     <execution>
                         <id>attach-sources</id>
@@ -144,8 +144,8 @@
             </plugin>
 
             <plugin>
-                <groupId>com.mycila.maven-license-plugin</groupId>
+                <groupId>com.mycila</groupId>
-                <artifactId>maven-license-plugin</artifactId>
+                <artifactId>license-maven-plugin</artifactId>
                 <configuration>
                     <header>src/licensing/header.txt</header>
                     <skipExistingHeaders>true</skipExistingHeaders>
@@ -268,7 +268,7 @@
         <dependency>
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcpkix-jdk15on</artifactId>
-            <version>1.63</version>
+            <version>1.64</version>
             <scope>compile</scope>
         </dependency>
         <dependency>
@@ -309,10 +309,10 @@
     </modules>
 
     <properties>
-        <spring.version>5.2.0.RELEASE</spring.version>
+        <spring.version>5.2.2.RELEASE</spring.version>
         <ehcache.version>2.6.11</ehcache.version>
         <clover.version>3.0.2</clover.version>
-        <slf4j.version>1.7.28</slf4j.version>
+        <slf4j.version>1.7.30</slf4j.version>
-        <jackson.version>2.10.0</jackson.version>
+        <jackson.version>2.10.1</jackson.version>
     </properties>
 </project>