Information on dependencies in accordance with PCI DSS 6.3.2

superfly-client-opt/pom.xml

@@ -10,62 +10,75 @@
     <description>Optional Superfly-related client features (like SSL support)</description>
     <dependencies>
         <dependency>
+            <!--Justification: HTTP requests handling library. -->
             <groupId>commons-httpclient</groupId>
             <artifactId>commons-httpclient</artifactId>
         </dependency>
         <dependency>
+            <!--Justification: Core functionality of the Spring framework -->
             <groupId>org.springframework</groupId>
             <artifactId>spring-core</artifactId>
             <optional>true</optional>
         </dependency>
         <dependency>
+            <!--Justification: Provides support for Spring's bean factory and dependency injection -->
             <groupId>org.springframework</groupId>
             <artifactId>spring-beans</artifactId>
             <optional>true</optional>
         </dependency>
         <dependency>
+            <!--Justification: Central interface to the Spring IoC container for test purpose-->
             <groupId>org.springframework</groupId>
             <artifactId>spring-context</artifactId>
             <scope>test</scope>
             <optional>true</optional>
         </dependency>
         <dependency>
+            <!--Justification: Core functionality for Spring Security; managing authentication, authorization, and security configurations -->
             <groupId>org.springframework.security</groupId>
             <artifactId>spring-security-core</artifactId>
             <scope>test</scope>
         </dependency>
         <dependency>
+            <!--Justification: Remote API for interacting with SuperFly services -->
             <groupId>com.payneteasy.superfly</groupId>
             <artifactId>superfly-remote-api</artifactId>
         </dependency>
         <dependency>
+            <!--Justification: Client library for interaction with SuperFly services -->
             <groupId>com.payneteasy.superfly</groupId>
             <artifactId>superfly-client</artifactId>
         </dependency>
         <dependency>
+            <!--Justification: SSL-enabled HTTP client for secure communication with SuperFly services -->
             <groupId>com.payneteasy.superfly</groupId>
             <artifactId>superfly-httpclient-ssl</artifactId>
         </dependency>
         <dependency>
+            <!--Justification: Provides the Servlet API, necessary for web applications; marked as provided since it's provided by the servlet container -->
             <groupId>javax.servlet</groupId>
             <artifactId>javax.servlet-api</artifactId>
         </dependency>
         <dependency>
+            <!--Justification: Provides SSL/TLS support with fixes for specific vulnerabilities -->
             <groupId>ca.juliusdavies</groupId>
             <artifactId>not-yet-commons-ssl</artifactId>
         </dependency>
 
         <dependency>
+            <!--Justification: Reflection library to obtain metadata about classes -->
             <groupId>org.reflections</groupId>
             <artifactId>reflections</artifactId>
         </dependency>
 
         <dependency>
+            <!--Justification: Logback implementation for SLF4J, provides logging capabilities -->
             <groupId>ch.qos.logback</groupId>
             <artifactId>logback-classic</artifactId>
             <scope>test</scope>
         </dependency>
         <dependency>
+            <!--Justification: Allows the use of SLF4J API with legacy Commons Logging applications -->
             <groupId>org.slf4j</groupId>
             <artifactId>jcl-over-slf4j</artifactId>
             <scope>test</scope>

superfly-client-web-security/pom.xml

@@ -12,26 +12,31 @@
 
         <!-- Superfly API -->
         <dependency>
+            <!--Justification: Remote API for interacting with SuperFly services -->
             <groupId>com.payneteasy.superfly</groupId>
             <artifactId>superfly-remote-api</artifactId>
         </dependency>
 
         <!-- Access via Hessian protocol -->
         <dependency>
+            <!--Justification: Used for Hessian serialization-->
             <groupId>com.caucho</groupId>
             <artifactId>hessian</artifactId>
             <optional>true</optional>
         </dependency>
 
         <!-- Mustache template engine -->
         <dependency>
+            <!--Justification: Mustache template rendering functionality-->
             <groupId>com.github.spullara.mustache.java</groupId>
             <artifactId>compiler</artifactId>
             <optional>true</optional>
         </dependency>
 
         <!-- Spring Core -->
+
         <dependency>
+            <!--Justification: Core functionality of the Spring framework -->
             <groupId>org.springframework</groupId>
             <artifactId>spring-core</artifactId>
             <optional>true</optional>
@@ -45,12 +50,14 @@
 
         <!-- for Spring AOP -->
         <dependency>
+            <!--Justification: Aspect-oriented programming support in Spring -->
             <groupId>org.springframework</groupId>
             <artifactId>spring-aop</artifactId>
             <optional>true</optional>
         </dependency>
 
         <dependency>
+            <!--Justification: Provides the Servlet API, necessary for web applications; marked as provided since it's provided by the servlet container -->
             <groupId>javax.servlet</groupId>
             <artifactId>javax.servlet-api</artifactId>
             <scope>provided</scope>
@@ -62,18 +69,21 @@
         <!--</dependency>-->
 
         <dependency>
+            <!--Justification: Logging API for the application -->
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
             <optional>true</optional>
         </dependency>
 
         <dependency>
+            <!--Justification: Logback implementation for SLF4J, provides logging capabilities -->
             <groupId>ch.qos.logback</groupId>
             <artifactId>logback-classic</artifactId>
             <scope>test</scope>
         </dependency>
 
         <dependency>
+            <!--Justification: Allows the use of SLF4J API with legacy Commons Logging applications -->
             <groupId>org.slf4j</groupId>
             <artifactId>jcl-over-slf4j</artifactId>
             <scope>test</scope>

superfly-client/pom.xml

@@ -10,27 +10,33 @@
     <description>Contains classes used to use Superfly facilities by clients</description>
     <dependencies>
         <dependency>
+            <!--Justification: Remote API for interacting with SuperFly services -->
             <groupId>com.payneteasy.superfly</groupId>
             <artifactId>superfly-remote-api</artifactId>
         </dependency>
         <dependency>
+            <!--Justification: Common utilities and shared functionality for SuperFly components -->
             <groupId>com.payneteasy.superfly</groupId>
             <artifactId>superfly-common</artifactId>
         </dependency>
         <dependency>
+            <!--Justification: Logging API for the application -->
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
         </dependency>
         <dependency>
+            <!--Justification: Provides the Servlet API, necessary for web applications; marked as provided since it's provided by the servlet container -->
             <groupId>javax.servlet</groupId>
             <artifactId>javax.servlet-api</artifactId>
         </dependency>
         <dependency>
+            <!--Justification: Provides standard annotations used in Java applications -->
             <groupId>javax.annotation</groupId>
             <artifactId>javax.annotation-api</artifactId>
         </dependency>
 
         <dependency>
+            <!--Justification: Core functionality for Spring Security; managing authentication, authorization, and security configurations -->
             <groupId>org.springframework.security</groupId>
             <artifactId>spring-security-core</artifactId>
             <scope>test</scope>

superfly-common/pom.xml

@@ -10,19 +10,23 @@
     <description>Common classes used by other Superfly libraries</description>
     <dependencies>
         <dependency>
+            <!--Justification: Remote API for interacting with SuperFly services -->
             <groupId>com.payneteasy.superfly</groupId>
             <artifactId>superfly-remote-api</artifactId>
         </dependency>
         <dependency>
+            <!--Justification: Provides the Servlet API, necessary for web applications; marked as provided since it's provided by the servlet container -->
             <groupId>javax.servlet</groupId>
             <artifactId>javax.servlet-api</artifactId>
         </dependency>
 
         <dependency>
+            <!--Justification: Logging API for the application -->
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
         </dependency>
         <dependency>
+            <!--Justification: Logback implementation for SLF4J, provides logging capabilities -->
             <groupId>ch.qos.logback</groupId>
             <artifactId>logback-classic</artifactId>
         </dependency>

superfly-crypto/pom.xml

@@ -10,10 +10,12 @@
     <description>Contains crypto services like OpenPGP-compatible encryption</description>
     <dependencies>
         <dependency>
+            <!--Justification: Bouncy Castle API for cryptography functions -->
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcpg-jdk18on</artifactId>
         </dependency>
         <dependency>
+            <!--Justification: Logging API for the application -->
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
         </dependency>

superfly-demo/pom.xml

@@ -95,6 +95,7 @@
             <version>1.1.2</version>
         </dependency>
         <dependency>
+            <!--Justification: Client library for interaction with SuperFly services -->
             <groupId>com.payneteasy.superfly</groupId>
             <artifactId>superfly-client</artifactId>
             <version>${superfly.version}</version>

superfly-httpclient-ssl/pom.xml

@@ -10,10 +10,12 @@
     <description>Extensions to HttpClient which allow to use client SSL authentication as well as server trust check</description>
     <dependencies>
         <dependency>
+            <!--Justification: HTTP requests handling library. -->
             <groupId>commons-httpclient</groupId>
             <artifactId>commons-httpclient</artifactId>
         </dependency>
         <dependency>
+            <!--Justification: Logging API for the application -->
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
         </dependency>

superfly-integration-test/pom.xml

@@ -24,26 +24,31 @@
 
     <dependencies>
         <dependency>
+            <!--Justification: Core service implementation for SuperFly authentication/authorization -->
             <groupId>com.payneteasy.superfly</groupId>
             <artifactId>superfly-service</artifactId>
             <scope>compile</scope>
         </dependency>
         <dependency>
+            <!--Justification: Spring framework support for testing -->
             <groupId>org.springframework</groupId>
             <artifactId>spring-test</artifactId>
             <scope>test</scope>
         </dependency>
         <dependency>
+            <!--Justification: Commons Database Connection Pooling -->
             <groupId>commons-dbcp</groupId>
             <artifactId>commons-dbcp</artifactId>
             <scope>test</scope>
         </dependency>
         <dependency>
+            <!--Justification:  Commons Object Pooling Library-->
             <groupId>commons-pool</groupId>
             <artifactId>commons-pool</artifactId>
             <scope>test</scope>
         </dependency>
         <dependency>
+            <!--Justification: MySQL database connectivity -->
             <groupId>mysql</groupId>
             <artifactId>mysql-connector-java</artifactId>
             <scope>test</scope>

superfly-service/pom.xml

@@ -11,88 +11,109 @@
     <description>Service layer classes, including DAO layer too</description>
     <dependencies>
         <dependency>
+            <!--Justification: Common utilities and shared functionality for SuperFly components -->
             <groupId>com.payneteasy.superfly</groupId>
             <artifactId>superfly-common</artifactId>
         </dependency>
 
         <dependency>
+            <!--Justification: Remote API for interacting with SuperFly services -->
             <groupId>com.payneteasy.superfly</groupId>
             <artifactId>superfly-remote-api</artifactId>
         </dependency>
         <dependency>
+            <!--Justification: Service Provider Interface (SPI) for SuperFly, allowing extensibility -->
             <groupId>com.payneteasy.superfly</groupId>
             <artifactId>superfly-spi</artifactId>
         </dependency>
         <dependency>
+            <!--Justification: Cryptography support for SuperFly, handling secure data operations -->
             <groupId>com.payneteasy.superfly</groupId>
             <artifactId>superfly-crypto</artifactId>
         </dependency>
 
         <dependency>
+            <!--Justification: Core functionality of the Spring framework -->
             <groupId>org.springframework</groupId>
             <artifactId>spring-core</artifactId>
         </dependency>
         <dependency>
+            <!--Justification: Provides support for Spring's bean factory and dependency injection -->
             <groupId>org.springframework</groupId>
             <artifactId>spring-beans</artifactId>
         </dependency>
         <dependency>
+            <!--Justification: Additional support for application context features -->
             <groupId>org.springframework</groupId>
             <artifactId>spring-context-support</artifactId>
         </dependency>
         <dependency>
+            <!--Justification: JDBC support for database operations -->
             <groupId>org.springframework</groupId>
             <artifactId>spring-jdbc</artifactId>
         </dependency>
         <dependency>
+            <!--Justification: Transaction management support in Spring -->
             <groupId>org.springframework</groupId>
             <artifactId>spring-tx</artifactId>
         </dependency>
         <dependency>
+            <!--Justification: Factory for creating DAO objects with JDBC -->
             <artifactId>jdbc-proc-daofactory</artifactId>
             <groupId>com.googlecode.jdbc-proc.jdbc-proc</groupId>
         </dependency>
         <dependency>
+            <!--Justification: Logging API for the application -->
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
         </dependency>
         <dependency>
+            <!--Justification: Logback implementation for SLF4J, provides logging capabilities -->
             <groupId>ch.qos.logback</groupId>
             <artifactId>logback-classic</artifactId>
         </dependency>
         <dependency>
+            <!--Justification: Allows the use of SLF4J API with legacy Commons Logging applications -->
             <groupId>org.slf4j</groupId>
             <artifactId>jcl-over-slf4j</artifactId>
         </dependency>
         <dependency>
+            <!--Justification: Provides Aspect-Oriented Programming features for Java, allowing for modularization of cross-cutting concerns -->
             <groupId>org.aspectj</groupId>
             <artifactId>aspectjweaver</artifactId>
         </dependency>
         <dependency>
+            <!--Justification: HTTP requests handling library. -->
             <groupId>commons-httpclient</groupId>
             <artifactId>commons-httpclient</artifactId>
         </dependency>
         <dependency>
+            <!--Justification: Quartz is a powerful and flexible job scheduling library, used for executing background tasks in Java applications -->
             <groupId>org.quartz-scheduler</groupId>
             <artifactId>quartz</artifactId>
         </dependency>
         <dependency>
+            <!--Justification: Velocity template engine support-->
             <groupId>org.apache.velocity</groupId>
             <artifactId>velocity-engine-core</artifactId>
         </dependency>
         <dependency>
+            <!--Justification: For sending emails-->
             <groupId>javax.mail</groupId>
             <artifactId>mail</artifactId>
         </dependency>
         <dependency>
+            <!--Justification: Google 2FA library. -->
             <groupId>com.warrenstrange</groupId>
             <artifactId>googleauth</artifactId>
         </dependency>
         <dependency>
+            <!--Justification: Encoders and decoders library. -->
             <groupId>commons-codec</groupId>
             <artifactId>commons-codec</artifactId>
         </dependency>
         <dependency>
+            <!--Justification: Library for validating passwords and implementing password policies -->
             <groupId>org.passay</groupId>
             <artifactId>passay</artifactId>
         </dependency>

superfly-spi-support/pom.xml

@@ -11,10 +11,12 @@
 
     <dependencies>
         <dependency>
+            <!--Justification: Factory for creating DAO objects with JDBC -->
             <groupId>com.googlecode.jdbc-proc.jdbc-proc</groupId>
             <artifactId>jdbc-proc-daofactory</artifactId>
         </dependency>
         <dependency>
+            <!--Justification: Remote API for interacting with SuperFly services -->
             <groupId>com.payneteasy.superfly</groupId>
             <artifactId>superfly-remote-api</artifactId>
         </dependency>

superfly-spi/pom.xml

@@ -11,6 +11,7 @@
     <description>Interfaces for implementations of internal matters like HOTP processing</description>
     <dependencies>
         <dependency>
+            <!--Justification: SPI support for integrating SuperFly with other services/components -->
             <groupId>com.payneteasy.superfly</groupId>
             <artifactId>superfly-spi-support</artifactId>
         </dependency>