Merge pull request #6272 from OpenNMS/jira/NMS-15663-spring-security-…

…backport NMS-15663: update to spring security with backported fixes
OpenNMS · Jun 27, 2023 · 4604a7a · 4604a7a
2 parents 12b0e82 + 91d1839
commit 4604a7a
Show file tree

Hide file tree

Showing 94 changed files with 324 additions and 97 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -1238,7 +1238,7 @@ jobs:
       - attach_workspace:
           at: ~/
       - run-integration-tests:
-          rerun-failtest-count: 1
+          rerun-failtest-count: 0
   integration-test-with-coverage:
     executor: integration-test-executor
     parallelism: 10

diff --git a/container/features/src/license/THIRD-PARTY.properties b/container/features/src/license/THIRD-PARTY.properties
@@ -3,11 +3,12 @@ colt--colt--1.2.0=mit
 com.eclipsesource.jaxrs--features--1.0.2.ONMS=epl_v1
 findbugs--annotations--1.0.0=lgpl_v2_1
 javax.transaction--jta--1.1=cddl_v1_1
-org.codehaus.jettison--jettison--1.1=apache_v2
 org.jinterop--j-interop--2.0.8=lgpl_v3
 org.jinterop--j-interopdeps--2.0.8=lgpl_v3
 org.opennms--jicmp-api--2.0.1=gpl_v2_cpe
 org.opennms--jicmp6-api--2.0.1=gpl_v2_cpe
 org.samba.jcifs--jcifs--1.3.19=lgpl_v2_1
 org.simpleframework--org.simpleframework--3.1.3=lgpl_v2_1
+org.springframework.security--spring-security-core--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-remoting--4.2.21.RELEASE_1.ONMS.1=apache_v2
 org.vaadin.addons--dragdroplayouts--1.4.2=apache_v2
diff --git a/container/jaas-login-module/src/license/THIRD-PARTY.properties b/container/jaas-login-module/src/license/THIRD-PARTY.properties
@@ -1 +1,8 @@
 javax.transaction--jta--1.1=cddl_v1_1
+org.springframework.security--spring-security-acl--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-config--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-core--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-ldap--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-remoting--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-taglibs--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-web--4.2.21.RELEASE_1.ONMS.1=apache_v2
diff --git a/container/karaf/src/license/THIRD-PARTY.properties b/container/karaf/src/license/THIRD-PARTY.properties
@@ -1 +1,3 @@
 javax.transaction--jta--1.1=cddl_v1_1
+org.springframework.security--spring-security-core--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-remoting--4.2.21.RELEASE_1.ONMS.1=apache_v2
diff --git a/container/shared/src/license/THIRD-PARTY.properties b/container/shared/src/license/THIRD-PARTY.properties
@@ -1 +1,3 @@
 javax.transaction--jta--1.1=cddl_v1_1
+org.springframework.security--spring-security-core--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-remoting--4.2.21.RELEASE_1.ONMS.1=apache_v2
diff --git a/core/health/rest/src/license/THIRD-PARTY.properties b/core/health/rest/src/license/THIRD-PARTY.properties
@@ -1 +1,3 @@
 javax.transaction--jta--1.1=cddl_v1_1
+org.springframework.security--spring-security-core--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-remoting--4.2.21.RELEASE_1.ONMS.1=apache_v2
diff --git a/core/ipc/twin/common/src/license/THIRD-PARTY.properties b/core/ipc/twin/common/src/license/THIRD-PARTY.properties
@@ -1 +1,3 @@
 javax.transaction--jta--1.1=cddl_v1_1
+org.springframework.security--spring-security-core--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-remoting--4.2.21.RELEASE_1.ONMS.1=apache_v2
diff --git a/core/ipc/twin/grpc/common/src/license/THIRD-PARTY.properties b/core/ipc/twin/grpc/common/src/license/THIRD-PARTY.properties
@@ -1 +1,3 @@
 javax.transaction--jta--1.1=cddl_v1_1
+org.springframework.security--spring-security-core--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-remoting--4.2.21.RELEASE_1.ONMS.1=apache_v2
diff --git a/core/ipc/twin/grpc/publisher/src/license/THIRD-PARTY.properties b/core/ipc/twin/grpc/publisher/src/license/THIRD-PARTY.properties
@@ -1 +1,3 @@
 javax.transaction--jta--1.1=cddl_v1_1
+org.springframework.security--spring-security-core--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-remoting--4.2.21.RELEASE_1.ONMS.1=apache_v2
diff --git a/core/ipc/twin/grpc/subscriber/src/license/THIRD-PARTY.properties b/core/ipc/twin/grpc/subscriber/src/license/THIRD-PARTY.properties
@@ -1 +1,3 @@
 javax.transaction--jta--1.1=cddl_v1_1
+org.springframework.security--spring-security-core--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-remoting--4.2.21.RELEASE_1.ONMS.1=apache_v2
diff --git a/core/ipc/twin/jms/publisher/src/license/THIRD-PARTY.properties b/core/ipc/twin/jms/publisher/src/license/THIRD-PARTY.properties
@@ -1 +1,3 @@
 javax.transaction--jta--1.1=cddl_v1_1
+org.springframework.security--spring-security-core--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-remoting--4.2.21.RELEASE_1.ONMS.1=apache_v2
diff --git a/core/ipc/twin/jms/subscriber/src/license/THIRD-PARTY.properties b/core/ipc/twin/jms/subscriber/src/license/THIRD-PARTY.properties
@@ -1 +1,3 @@
 javax.transaction--jta--1.1=cddl_v1_1
+org.springframework.security--spring-security-core--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-remoting--4.2.21.RELEASE_1.ONMS.1=apache_v2
diff --git a/core/ipc/twin/kafka/common/src/license/THIRD-PARTY.properties b/core/ipc/twin/kafka/common/src/license/THIRD-PARTY.properties
@@ -1 +1,3 @@
 javax.transaction--jta--1.1=cddl_v1_1
+org.springframework.security--spring-security-core--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-remoting--4.2.21.RELEASE_1.ONMS.1=apache_v2
diff --git a/core/ipc/twin/kafka/publisher/src/license/THIRD-PARTY.properties b/core/ipc/twin/kafka/publisher/src/license/THIRD-PARTY.properties
@@ -1 +1,3 @@
 javax.transaction--jta--1.1=cddl_v1_1
+org.springframework.security--spring-security-core--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-remoting--4.2.21.RELEASE_1.ONMS.1=apache_v2
diff --git a/core/ipc/twin/kafka/subscriber/src/license/THIRD-PARTY.properties b/core/ipc/twin/kafka/subscriber/src/license/THIRD-PARTY.properties
@@ -1 +1,3 @@
 javax.transaction--jta--1.1=cddl_v1_1
+org.springframework.security--spring-security-core--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-remoting--4.2.21.RELEASE_1.ONMS.1=apache_v2
diff --git a/core/ipc/twin/test/src/license/THIRD-PARTY.properties b/core/ipc/twin/test/src/license/THIRD-PARTY.properties
@@ -1 +1,3 @@
 javax.transaction--jta--1.1=cddl_v1_1
+org.springframework.security--spring-security-core--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-remoting--4.2.21.RELEASE_1.ONMS.1=apache_v2
diff --git a/core/upgrade/src/license/THIRD-PARTY.properties b/core/upgrade/src/license/THIRD-PARTY.properties
@@ -1 +1,3 @@
 javax.transaction--jta--1.1=cddl_v1_1
+org.springframework.security--spring-security-core--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-remoting--4.2.21.RELEASE_1.ONMS.1=apache_v2
diff --git a/dependencies/spring-security-core/pom.xml b/dependencies/spring-security-core/pom.xml
@@ -26,56 +26,24 @@
       <version>${springSecurityVersion}</version>
       <exclusions>
         <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-aop</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-beans</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-context</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-core</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-dao</artifactId>
+          <groupId>com.fasterxml.jackson.core</groupId>
+          <artifactId>*</artifactId>
         </exclusion>
         <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-expression</artifactId>
+          <groupId>commons-logging</groupId>
+          <artifactId>*</artifactId>
         </exclusion>
         <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-jdbc</artifactId>
+          <groupId>net.sf.ehcache</groupId>
+          <artifactId>*</artifactId>
         </exclusion>
         <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-mock</artifactId>
+          <groupId>org.aspectj</groupId>
+          <artifactId>*</artifactId>
         </exclusion>
         <exclusion>
           <groupId>org.springframework</groupId>
-          <artifactId>spring-remoting</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-support</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-tx</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-web</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-webmvc</artifactId>
+          <artifactId>*</artifactId>
         </exclusion>
       </exclusions>
     </dependency>
@@ -85,56 +53,12 @@
       <version>${springSecurityVersion}</version>
       <exclusions>
         <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-aop</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-beans</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-context</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-core</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-dao</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-expression</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-jdbc</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-mock</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-remoting</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-support</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-tx</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-web</artifactId>
+          <groupId>commons-logging</groupId>
+          <artifactId>commons-logging</artifactId>
         </exclusion>
         <exclusion>
           <groupId>org.springframework</groupId>
-          <artifactId>spring-webmvc</artifactId>
+          <artifactId>*</artifactId>
         </exclusion>
       </exclusions>
     </dependency>

diff --git a/dependencies/spring-security-core/src/license/THIRD-PARTY.properties b/dependencies/spring-security-core/src/license/THIRD-PARTY.properties
@@ -1 +1,3 @@
 javax.transaction--jta--1.1=cddl_v1_1
+org.springframework.security--spring-security-core--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-remoting--4.2.21.RELEASE_1.ONMS.1=apache_v2
diff --git a/dependencies/spring-security/pom.xml b/dependencies/spring-security/pom.xml
@@ -20,6 +20,38 @@
       <artifactId>spring-security-ldap</artifactId>
       <version>${springSecurityVersion}</version>
       <exclusions>
+        <exclusion>
+          <groupId>com.fasterxml.jackson.core</groupId>
+          <artifactId>*</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>com.unboundid</groupId>
+          <artifactId>*</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>commons-logging</groupId>
+          <artifactId>*</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>ldapsdk</groupId>
+          <artifactId>*</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>net.sf.ehcache</groupId>
+          <artifactId>*</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>org.apache.directory.server</groupId>
+          <artifactId>*</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>org.apache.directory.shared</groupId>
+          <artifactId>*</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>org.aspectj</groupId>
+          <artifactId>*</artifactId>
+        </exclusion>
         <exclusion>
           <groupId>org.springframework</groupId>
           <artifactId>*</artifactId>
@@ -33,7 +65,7 @@
       <exclusions>
         <exclusion>
           <groupId>commons-logging</groupId>
-          <artifactId>commons-logging</artifactId>
+          <artifactId>*</artifactId>
         </exclusion>
         <exclusion>
           <groupId>org.springframework</groupId>
@@ -46,17 +78,41 @@
       <artifactId>spring-security-config</artifactId>
       <version>${springSecurityVersion}</version>
       <exclusions>
+        <exclusion>
+          <groupId>com.fasterxml.jackson.core</groupId>
+          <artifactId>*</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>commons-logging</groupId>
+          <artifactId>*</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>org.aspectj</groupId>
+          <artifactId>*</artifactId>
+        </exclusion>
         <exclusion>
           <groupId>org.springframework</groupId>
           <artifactId>*</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>org.springframework.security</groupId>
+          <artifactId>*</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
     <dependency>
       <groupId>org.springframework.security</groupId>
       <artifactId>spring-security-acl</artifactId>
       <version>${springSecurityVersion}</version>
       <exclusions>
+        <exclusion>
+          <groupId>commons-logging</groupId>
+          <artifactId>*</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>net.sf.ehcache</groupId>
+          <artifactId>*</artifactId>
+        </exclusion>
         <exclusion>
           <groupId>org.springframework</groupId>
           <artifactId>*</artifactId>
@@ -68,6 +124,14 @@
       <artifactId>spring-security-taglibs</artifactId>
       <version>${springSecurityVersion}</version>
       <exclusions>
+        <exclusion>
+          <groupId>com.fasterxml.jackson.core</groupId>
+          <artifactId>*</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>commons-logging</groupId>
+          <artifactId>*</artifactId>
+        </exclusion>
         <exclusion>
           <groupId>org.springframework</groupId>
           <artifactId>*</artifactId>
@@ -107,6 +171,11 @@
         </exclusion>
       </exclusions>
     </dependency>
+    <dependency>
+      <groupId>org.opennms.dependencies</groupId>
+      <artifactId>jackson2-dependencies</artifactId>
+      <type>pom</type>
+    </dependency>
     <dependency>
       <groupId>org.opennms.dependencies</groupId>
       <artifactId>spring-dependencies</artifactId>

diff --git a/dependencies/spring-security/src/license/THIRD-PARTY.properties b/dependencies/spring-security/src/license/THIRD-PARTY.properties
@@ -1 +1,8 @@
 javax.transaction--jta--1.1=cddl_v1_1
+org.springframework.security--spring-security-acl--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-config--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-core--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-ldap--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-remoting--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-taglibs--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-web--4.2.21.RELEASE_1.ONMS.1=apache_v2
diff --git a/features/bsm/vaadin-adminpage/src/license/THIRD-PARTY.properties b/features/bsm/vaadin-adminpage/src/license/THIRD-PARTY.properties
@@ -1 +1,3 @@
 javax.transaction--jta--1.1=cddl_v1_1
+org.springframework.security--spring-security-core--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-remoting--4.2.21.RELEASE_1.ONMS.1=apache_v2
diff --git a/features/datachoices/src/license/THIRD-PARTY.properties b/features/datachoices/src/license/THIRD-PARTY.properties
@@ -1 +1,3 @@
 javax.transaction--jta--1.1=cddl_v1_1
+org.springframework.security--spring-security-core--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-remoting--4.2.21.RELEASE_1.ONMS.1=apache_v2
diff --git a/features/endpoints/grafana/rest/src/license/THIRD-PARTY.properties b/features/endpoints/grafana/rest/src/license/THIRD-PARTY.properties
@@ -1 +1,3 @@
 javax.transaction--jta--1.1=cddl_v1_1
+org.springframework.security--spring-security-core--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-remoting--4.2.21.RELEASE_1.ONMS.1=apache_v2
diff --git a/features/flows/rest/impl/src/license/THIRD-PARTY.properties b/features/flows/rest/impl/src/license/THIRD-PARTY.properties
@@ -1 +1,3 @@
 javax.transaction--jta--1.1=cddl_v1_1
+org.springframework.security--spring-security-core--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-remoting--4.2.21.RELEASE_1.ONMS.1=apache_v2
diff --git a/features/geocoder/rest/src/license/THIRD-PARTY.properties b/features/geocoder/rest/src/license/THIRD-PARTY.properties
@@ -1 +1,3 @@
 javax.transaction--jta--1.1=cddl_v1_1
+org.springframework.security--spring-security-core--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-remoting--4.2.21.RELEASE_1.ONMS.1=apache_v2
diff --git a/features/geolocation/api/src/license/THIRD-PARTY.properties b/features/geolocation/api/src/license/THIRD-PARTY.properties
@@ -1 +1,3 @@
 javax.transaction--jta--1.1=cddl_v1_1
+org.springframework.security--spring-security-core--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-remoting--4.2.21.RELEASE_1.ONMS.1=apache_v2
diff --git a/features/geolocation/rest/src/license/THIRD-PARTY.properties b/features/geolocation/rest/src/license/THIRD-PARTY.properties
@@ -1 +1,3 @@
 javax.transaction--jta--1.1=cddl_v1_1
+org.springframework.security--spring-security-core--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-remoting--4.2.21.RELEASE_1.ONMS.1=apache_v2
diff --git a/features/geolocation/service/src/license/THIRD-PARTY.properties b/features/geolocation/service/src/license/THIRD-PARTY.properties
@@ -1 +1,3 @@
 javax.transaction--jta--1.1=cddl_v1_1
+org.springframework.security--spring-security-core--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-remoting--4.2.21.RELEASE_1.ONMS.1=apache_v2
diff --git a/features/graph/provider/bsm/src/license/THIRD-PARTY.properties b/features/graph/provider/bsm/src/license/THIRD-PARTY.properties
@@ -1 +1,3 @@
 javax.transaction--jta--1.1=cddl_v1_1
+org.springframework.security--spring-security-core--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-remoting--4.2.21.RELEASE_1.ONMS.1=apache_v2
diff --git a/features/graph/rest/api/src/license/THIRD-PARTY.properties b/features/graph/rest/api/src/license/THIRD-PARTY.properties
@@ -1 +1,3 @@
 javax.transaction--jta--1.1=cddl_v1_1
+org.springframework.security--spring-security-core--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-remoting--4.2.21.RELEASE_1.ONMS.1=apache_v2
diff --git a/features/graph/rest/impl/src/license/THIRD-PARTY.properties b/features/graph/rest/impl/src/license/THIRD-PARTY.properties
@@ -1 +1,3 @@
 javax.transaction--jta--1.1=cddl_v1_1
+org.springframework.security--spring-security-core--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-remoting--4.2.21.RELEASE_1.ONMS.1=apache_v2
diff --git a/features/graphml/rest/src/license/THIRD-PARTY.properties b/features/graphml/rest/src/license/THIRD-PARTY.properties
@@ -1 +1,3 @@
 javax.transaction--jta--1.1=cddl_v1_1
+org.springframework.security--spring-security-core--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-remoting--4.2.21.RELEASE_1.ONMS.1=apache_v2
diff --git a/features/juniper-tca-collector/src/license/THIRD-PARTY.properties b/features/juniper-tca-collector/src/license/THIRD-PARTY.properties
@@ -3,3 +3,5 @@ findbugs--annotations--1.0.0=lgpl_v2_1
 javax.transaction--jta--1.1=cddl_v1_1
 org.samba.jcifs--jcifs--1.3.19=lgpl_v2_1
 org.simpleframework--org.simpleframework--3.1.3=lgpl_v2_1
+org.springframework.security--spring-security-core--4.2.21.RELEASE_1.ONMS.1=apache_v2
+org.springframework.security--spring-security-remoting--4.2.21.RELEASE_1.ONMS.1=apache_v2