Merge pull request #1 from Avishka-Shamendra/5.3.32-wso2vx

Remove Vulnerable Spring Class

README.md

@@ -1,3 +1,7 @@
+# wso2-spring-framework
+
+This is a fork of spring-projects/spring-framework repository which is forked at the tag 5.3.32.
+
 # <img src="src/docs/spring-framework.png" width="80" height="80"> Spring Framework [![Build Status](https://ci.spring.io/api/v1/teams/spring-framework/pipelines/spring-framework-5.3.x/jobs/build/badge)](https://ci.spring.io/teams/spring-framework/pipelines/spring-framework-5.3.x?groups=Build") [![Revved up by Gradle Enterprise](https://img.shields.io/badge/Revved%20up%20by-Gradle%20Enterprise-06A0CE?logo=Gradle&labelColor=02303A)](https://ge.spring.io/scans?search.rootProjectNames=spring)
 
 This is the home of the Spring Framework: the foundation for all [Spring projects](https://spring.io/projects). Collectively the Spring Framework and the family of Spring projects are often referred to simply as "Spring". 

build.gradle

@@ -388,7 +388,7 @@ configure([rootProject] + javaProjects) { project ->
 			// "https://junit.org/junit5/docs/5.8.2/api/",
 			"https://www.reactive-streams.org/reactive-streams-1.0.3-javadoc/",
 			"https://javadoc.io/static/io.rsocket/rsocket-core/1.1.1/",
-			"https://r2dbc.io/spec/0.8.5.RELEASE/api/",
+//			"https://r2dbc.io/spec/0.8.5.RELEASE/api/",
 			// The external Javadoc link for JSR 305 must come last to ensure that types from
 			// JSR 250 (such as @PostConstruct) are still supported. This is due to the fact
 			// that JSR 250 and JSR 305 both define types in javax.annotation, which results
@@ -438,6 +438,13 @@ configure(rootProject) {
 				artifact distZip
 			}
 		}
-	}
+	}	
+}
+
+tasks.named('build').configure {
+	finalizedBy('publishToMavenLocal')
+}
 
+tasks.named('publish').configure {
+	dependsOn('build')
 }

gradle.properties

@@ -1,4 +1,4 @@
-version=5.3.32
+version=5.3.32-wso2v1-SNAPSHOT
 org.gradle.jvmargs=-Xmx2048m
 org.gradle.caching=true
 org.gradle.parallel=true

gradle/spring-module.gradle

@@ -95,8 +95,29 @@ publishing {
 			artifact javadocJar
 		}
 	}
+
+	repositories {
+		maven {
+			name 'nexus'
+			url = System.getenv("NEXUS_REPO_URL") ? System.getenv("NEXUS_REPO_URL") :
+					"https://maven.wso2.org/nexus/content/repositories/releases"
+			credentials {
+				username rootProject.hasProperty("nexus_username") ? nexus_username : System.getenv("NEXUS_USERNAME")
+				password rootProject.hasProperty("nexus_password") ? nexus_password : System.getenv("NEXUS_PASSWORD")
+			}
+			allowInsecureProtocol = false
+		}
+	}
 }
 
 // Disable publication of test fixture artifacts.
 components.java.withVariantsFromConfiguration(configurations.testFixturesApiElements) { skip() }
 components.java.withVariantsFromConfiguration(configurations.testFixturesRuntimeElements) { skip() }
+
+tasks.named('build').configure {
+	finalizedBy('publishToMavenLocal')
+}
+
+tasks.named('publish').configure {
+	dependsOn('build')
+}

spring-context/src/main/java/org/springframework/remoting/rmi/RmiServiceExporter.java

@@ -64,7 +64,6 @@
  * @see java.rmi.Remote
  * @see java.rmi.RemoteException
  * @see org.springframework.remoting.caucho.HessianServiceExporter
- * @see org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter
  * @deprecated as of 5.3 (phasing out serialization-based remoting)
  */
 @Deprecated

spring-context/src/main/java/org/springframework/remoting/support/RemoteInvocation.java

@@ -45,7 +45,6 @@
  * @see org.springframework.remoting.rmi.RmiProxyFactoryBean
  * @see org.springframework.remoting.rmi.RmiServiceExporter
  * @see org.springframework.remoting.httpinvoker.HttpInvokerProxyFactoryBean
- * @see org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter
  */
 public class RemoteInvocation implements Serializable {
 

spring-context/src/main/java/org/springframework/remoting/support/RemoteInvocationExecutor.java

@@ -21,14 +21,12 @@
 /**
  * Strategy interface for executing a {@link RemoteInvocation} on a target object.
  *
- * <p>Used by {@link org.springframework.remoting.rmi.RmiServiceExporter} (for RMI invokers)
- * and by {@link org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter}.
+ * <p>Used by {@link org.springframework.remoting.rmi.RmiServiceExporter} (for RMI invokers).
  *
  * @author Juergen Hoeller
  * @since 1.1
  * @see DefaultRemoteInvocationFactory
  * @see org.springframework.remoting.rmi.RmiServiceExporter#setRemoteInvocationExecutor
- * @see org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter#setRemoteInvocationExecutor
  */
 public interface RemoteInvocationExecutor {
 

spring-web/src/main/java/org/springframework/remoting/caucho/HessianServiceExporter.java

@@ -42,7 +42,6 @@
  * @since 13.05.2003
  * @see HessianClientInterceptor
  * @see HessianProxyFactoryBean
- * @see org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter
  * @see org.springframework.remoting.rmi.RmiServiceExporter
  * @deprecated as of 5.3 (phasing out serialization-based remoting)
  */

spring-web/src/main/java/org/springframework/remoting/httpinvoker/HttpInvokerClientInterceptor.java

@@ -66,7 +66,6 @@
  * @see #setCodebaseUrl
  * @see #setRemoteInvocationFactory
  * @see #setHttpInvokerRequestExecutor
- * @see HttpInvokerServiceExporter
  * @see HttpInvokerProxyFactoryBean
  * @see java.rmi.server.RMIClassLoader
  * @deprecated as of 5.3 (phasing out serialization-based remoting)

spring-web/src/main/java/org/springframework/remoting/httpinvoker/HttpInvokerProxyFactoryBean.java

@@ -50,7 +50,6 @@
  * @see #setServiceUrl
  * @see #setCodebaseUrl
  * @see HttpInvokerClientInterceptor
- * @see HttpInvokerServiceExporter
  * @see org.springframework.remoting.rmi.RmiProxyFactoryBean
  * @see org.springframework.remoting.caucho.HessianProxyFactoryBean
  * @deprecated as of 5.3 (phasing out serialization-based remoting)

spring-web/src/main/java/org/springframework/remoting/httpinvoker/SimpleHttpInvokerServiceExporter.java

@@ -53,7 +53,6 @@
  * @since 2.5.1
  * @see org.springframework.remoting.httpinvoker.HttpInvokerClientInterceptor
  * @see org.springframework.remoting.httpinvoker.HttpInvokerProxyFactoryBean
- * @deprecated as of Spring Framework 5.1, in favor of {@link HttpInvokerServiceExporter}
  */
 @Deprecated
 @org.springframework.lang.UsesSunHttpServer

spring-web/src/main/java/org/springframework/web/HttpRequestHandler.java

@@ -50,8 +50,7 @@
  * DispatcherServlet, indicating that there will never be a view to render.
  *
  * <p>As of Spring 2.0, Spring's HTTP-based remote exporters, such as
- * {@link org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter}
- * and {@link org.springframework.remoting.caucho.HessianServiceExporter},
+ * {@link org.springframework.remoting.caucho.HessianServiceExporter},
  * implement this interface rather than the more extensive Controller interface,
  * for minimal dependencies on Spring-specific web infrastructure.
  *
@@ -71,7 +70,6 @@
  * @see org.springframework.web.servlet.mvc.Controller
  * @see org.springframework.web.servlet.mvc.LastModified
  * @see org.springframework.web.servlet.mvc.HttpRequestHandlerAdapter
- * @see org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter
  * @see org.springframework.remoting.caucho.HessianServiceExporter
  */
 @FunctionalInterface

spring-web/src/main/java/org/springframework/web/context/support/HttpRequestHandlerServlet.java

@@ -37,8 +37,7 @@
  * HttpRequestHandlerServlet servlet-name as defined in {@code web.xml}.
  *
  * <p>This can for example be used to expose a single Spring remote exporter,
- * such as {@link org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter}
- * or {@link org.springframework.remoting.caucho.HessianServiceExporter},
+ * such as {@link org.springframework.remoting.caucho.HessianServiceExporter},
  * per HttpRequestHandlerServlet definition. This is a minimal alternative
  * to defining remote exporters as beans in a DispatcherServlet context
  * (with advanced mapping and interception facilities being available there).