The following classes:
org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeBase (original source code)org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeCommonUtilsorg.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeUtils
were copied from the Grouper repository.
It seems that only a few changes has been made:
-
Logging: although the code is commented out, so it's not relevant (org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeBase#iLogger)
-
Skipping the Expression Language (EL) related processing in org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeBase#propertiesHelper: again this is only relevant if there are keys with ".elConfig" suffix
-
The following lines of code:
//InputStream inputStream = configFile.getConfigFileType().inputStream(configFile.getConfigFileTypeConfig(), this);
try {
//get the string and store it first (to see if it changes later)
String configFileContents = configFile.retrieveContents(this);
configFile.setContents(configFileContents);
result.properties.load(new StringReader(configFileContents));in org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeBase#retrieveFromConfigFiles which seem to do the same as the original code.
The question is, are these modifications really needed? If not, the original code could be used as a maven dependency:
<dependency>
<groupId>edu.internet2.middleware.grouper</groupId>
<artifactId>grouper-activemq</artifactId>
<version>2.5.29</version>
</dependency>Side note: the Grouper project is outdated/bulky/poorly written with a lot of duplicated code from the org.apache.commons:commons-lang3 and other common libraries. It would be nice to replace with a better alternative
The following classes:
org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeBase(original source code)org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeCommonUtilsorg.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeUtilswere copied from the Grouper repository.
It seems that only a few changes has been made:
Logging: although the code is commented out, so it's not relevant (
org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeBase#iLogger)Skipping the Expression Language (EL) related processing in
org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeBase#propertiesHelper: again this is only relevant if there are keys with ".elConfig" suffixThe following lines of code:
in
org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeBase#retrieveFromConfigFileswhich seem to do the same as the original code.The question is, are these modifications really needed? If not, the original code could be used as a maven dependency:
Side note: the Grouper project is outdated/bulky/poorly written with a lot of duplicated code from the
org.apache.commons:commons-lang3and other common libraries. It would be nice to replace with a better alternative