Your configuration references a custom permission evaluator, but it seems to be missing. The class is: org.dontpanic.spanners.security.SpannerPermissionEvaluator

What am I missing?

The spanners project currently uses 15 libraries with known vulnerabilities, you may want to update the dependencies to the latest version.

You can track vulnerable components and keep your project up-to-date by using SourceClear

Hi all,
when I try to execute mvn clean install I get the following error:

[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building Spanners Spring-WS Demo Application 2.7-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Spanners demo applications ........................ SUCCESS [0.347s]
[INFO] Spanners database module .......................... SUCCESS [5.035s]
[INFO] Spanners Spring-WS Demo Application ............... FAILURE [0.220s]
[INFO] Spanners Struts Demo Application .................. SKIPPED
[INFO] Spanners Spring MVC Demo Application .............. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 5.800s
[INFO] Finished at: Wed Jul 16 19:02:06 CEST 2014
[INFO] Final Memory: 21M/231M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal on project spanners-ws: Could not resolve dependencies for project org.dontpanic:spanners-ws:war:2.7-SNAPSHOT: Failure to find javax.activation:activation:jar:1.0.2 in http://maven.springframework.org/milestone was cached in the local repository, resolution will not be reattempted until the update interval of com.springsource.repository.maven.milestone has elapsed or updates are forced

Can anyone help me ?

Greetings,

We are researchers and we are looking for insecure coding patterns and configurations in the microservice architecture repositories. In your repository, we have found instances of usage of excessive privileges. CWE says "An attacker will be able to gain access to any resources that are allowed by the extra privileges. Common results include executing code, disabling services, and reading restricted data."

Hopefully, you agree and will fix it. We suggest you restrict certain privileges for a single user, instead of allocating all privileges.

Source:

Greetings,

We are security researchers and we are looking for insecure coding patterns and configurations in the microservice architecture repositories. In your repository, we have found instances of hard-coded passwords. According to CWE, "A hard-coded password typically leads to a significant authentication failure that can be difficult for the system administrator to detect."

Hopefully, you agree and will fix it.

Source: https://github.com/hotblac/spanners/blob/master/spanners-users/src/main/resources/application.properties