From 6fcfe3946fb8c252f9b7a4961720dd851f720f9a Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Sun, 9 Jan 2022 12:33:21 +0100
Subject: refactor(core): update to latest version of Velocity engine

---
 eaaf_core/pom.xml                                  |   2 +-
 .../core/impl/gui/velocity/VelocityLogAdapter.java | 105 ---------------------
 .../core/impl/gui/velocity/VelocityProvider.java   |   6 +-
 .../pvp2/idp/impl/AbstractPvp2XProtocol.java       |  12 +--
 pom.xml                                            |   4 +-
 5 files changed, 10 insertions(+), 119 deletions(-)
 delete mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/velocity/VelocityLogAdapter.java

diff --git a/eaaf_core/pom.xml b/eaaf_core/pom.xml
index 15628054..a14c107b 100644
--- a/eaaf_core/pom.xml
+++ b/eaaf_core/pom.xml
@@ -73,7 +73,7 @@
     </dependency>
     <dependency>
       <groupId>org.apache.velocity</groupId>
-      <artifactId>velocity</artifactId>
+      <artifactId>velocity-engine-core</artifactId>
     </dependency>
     <dependency>
       <groupId>commons-collections</groupId>
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/velocity/VelocityLogAdapter.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/velocity/VelocityLogAdapter.java
deleted file mode 100644
index bf8e75a9..00000000
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/velocity/VelocityLogAdapter.java
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
- * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
- * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
- * compliance with the Licence. You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the Licence
- * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the Licence for the specific language governing permissions and limitations under
- * the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text file for details on the
- * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
- * works that you distribute must include a readable copy of the "NOTICE" text file.
-*/
-
-package at.gv.egiz.eaaf.core.impl.gui.velocity;
-
-import org.apache.velocity.app.Velocity;
-import org.apache.velocity.runtime.RuntimeConstants;
-import org.apache.velocity.runtime.RuntimeServices;
-import org.apache.velocity.runtime.log.LogChute;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class VelocityLogAdapter implements LogChute {
-
-  private static final Logger log = LoggerFactory.getLogger(VelocityLogAdapter.class);
-
-  /**
-   * VeloCity Logging adapter.
-   *
-   */
-  public VelocityLogAdapter() {
-    try {
-      /*
-       * register this class as a logger with the Velocity singleton (NOTE: this would
-       * not work for the non-singleton method.)
-       */
-      Velocity.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM, this);
-      Velocity.init();
-    } catch (final Exception e) {
-      log.error("Failed to register Velocity logger");
-    }
-  }
-
-  @Override
-  public void init(final RuntimeServices arg0) throws Exception {
-
-  }
-
-  @Override
-  public boolean isLevelEnabled(final int arg0) {
-    switch (arg0) {
-      case LogChute.DEBUG_ID:
-        return log.isDebugEnabled();
-      case LogChute.TRACE_ID:
-        return log.isTraceEnabled();
-      default:
-        return true;
-    }
-  }
-
-  @Override
-  public void log(final int arg0, final String arg1) {
-    switch (arg0) {
-      case LogChute.DEBUG_ID:
-        log.debug(arg1);
-        break;
-      case LogChute.TRACE_ID:
-        log.trace(arg1);
-        break;
-      case LogChute.INFO_ID:
-        log.info(arg1);
-        break;
-      case LogChute.WARN_ID:
-        log.warn(arg1);
-        break;
-      case LogChute.ERROR_ID:
-      default:
-        log.error(arg1);
-        break;
-    }
-  }
-
-  @Override
-  public void log(final int arg0, final String arg1, final Throwable arg2) {
-    switch (arg0) {
-      case LogChute.DEBUG_ID:
-      case LogChute.TRACE_ID:
-      case LogChute.INFO_ID:
-      case LogChute.WARN_ID:
-        log.warn(arg1, arg2);
-        break;
-      case LogChute.ERROR_ID:
-      default:
-        log.error(arg1, arg2);
-        break;
-    }
-  }
-
-}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/velocity/VelocityProvider.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/velocity/VelocityProvider.java
index 18594985..3aca836e 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/velocity/VelocityProvider.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/velocity/VelocityProvider.java
@@ -80,12 +80,8 @@ public class VelocityProvider {
   private static VelocityEngine getBaseVelocityEngine() {
     final VelocityEngine velocityEngine = new VelocityEngine();
     velocityEngine.setProperty(RuntimeConstants.INPUT_ENCODING, "UTF-8");
-    velocityEngine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
-    // velocityEngine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS,
-    // "org.apache.velocity.runtime.log.SimpleLog4JLogSystem");
-    velocityEngine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM, new VelocityLogAdapter());
-
     return velocityEngine;
+    
   }
 
 }
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
index 2e30dcd9..63c8c99a 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
@@ -27,8 +27,8 @@ import javax.annotation.PostConstruct;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.text.StringEscapeUtils;
 import org.opensaml.saml.common.xml.SAMLConstants;
 import org.opensaml.saml.saml2.core.AuthnRequest;
 import org.opensaml.saml.saml2.core.Issuer;
@@ -134,11 +134,11 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
 
     if (e instanceof NoPassivAuthenticationException) {
       statusCode.setValue(StatusCode.NO_PASSIVE);
-      statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
+      statusMessage.setMessage(StringEscapeUtils.escapeXml11(e.getLocalizedMessage()));
 
     } else if (e instanceof NameIdFormatNotSupportedException) {
       statusCode.setValue(StatusCode.INVALID_NAMEID_POLICY);
-      statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
+      statusMessage.setMessage(StringEscapeUtils.escapeXml11(e.getLocalizedMessage()));
 
     } else if (e instanceof SloException) {
       // SLOExecpetions only occurs if session information is lost
@@ -149,7 +149,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
       statusCode.setValue(ex.getStatusCodeValue());
       final String statusMessageValue = ex.getStatusMessageValue();
       if (statusMessageValue != null) {
-        statusMessage.setMessage(StringEscapeUtils.escapeXml(statusMessageValue));
+        statusMessage.setMessage(StringEscapeUtils.escapeXml11(statusMessageValue));
         
       }
       
@@ -157,7 +157,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
 
     } else {
       statusCode.setValue(StatusCode.RESPONDER);
-      statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
+      statusMessage.setMessage(StringEscapeUtils.escapeXml11(e.getLocalizedMessage()));
       internalErrorCode = statusMessager.getResponseErrorCode(e);
       
     }
@@ -531,7 +531,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
     log.info(
         "Dispatch PVP2 AuthnRequest: OAURL=" + oaUrl + " Binding=" + consumerService.getBinding());
 
-    pendingReq.setSpEntityId(StringEscapeUtils.escapeHtml(oaUrl));
+    pendingReq.setSpEntityId(StringEscapeUtils.escapeHtml4(oaUrl));
     pendingReq.setOnlineApplicationConfiguration(
         authConfig.getServiceProviderConfiguration(pendingReq.getSpEntityId()));
     pendingReq.setBinding(consumerService.getBinding());
diff --git a/pom.xml b/pom.xml
index 6b78e3f2..af2cab73 100644
--- a/pom.xml
+++ b/pom.xml
@@ -69,7 +69,7 @@
 
     <javax.servlet-api>3.0.1</javax.servlet-api>
     
-    <org.apache.velocity.version>1.7</org.apache.velocity.version>
+    <org.apache.velocity.version>2.3</org.apache.velocity.version>
     <javax.annotation-api>1.3.2</javax.annotation-api>
     <joda-time.version>2.10.13</joda-time.version>
     <jsr305.version>3.0.2</jsr305.version>
@@ -553,7 +553,7 @@
       </dependency>
       <dependency>
         <groupId>org.apache.velocity</groupId>
-        <artifactId>velocity</artifactId>
+        <artifactId>velocity-engine-core</artifactId>
         <version>${org.apache.velocity.version}</version>
       </dependency>
       <dependency>
-- 
cgit v1.2.3