[AMBARI-23123] Fixing BlackDuck found security issues in Ambari Server

[smolnar82]

What changes were proposed in this pull request?

During BlackDuck check there were several security vulnerabilities found which we needed to eliminate (or at least mitigate). All of these changes have been reviewed/tested one-by-one on branch-2.6 earlier in the past weeks:

• Eliminated the org.apache.zookeeper:zookeeper dependency due to security concerns ([AMBARI-23093] Eliminated the org.apache.zookeeper:zookeeper dependency due to security concerns #493)
• Upgrading org.apache.httpcomponents:httpclient dependecy to v4.5.5 and removing commons-httpclient:commons-httpclient dependency due to security reasons ([AMBARI-23065] Upgrading org.apache.httpcomponents:httpclient dependecy to v4.5.5 and removing commons-httpclient:commons-httpclient dependency due to security reasons #454)
• Upgrading commons-collections to 3.2.2 due to security concerns ([AMBARI-23067] Upgrading commons-collections to 3.2.2 due to security concerns #468)
• Upgrading jackson-databind (plus jackson-annotations and jackson-core) to 2.9.4 due to security concerns ([AMBARI-23064] Upgrading jackson-databind (plus jackson-annotations and jackson-core) to 2.9.4 due to security concerns #453)
• Removing commons-beanutils-core dependency from ambari-server too since in 1.9.x there is no more JAR split within commons-beanutils ([AMBARI-23054] Upgrading commons-beanutils dependency in ambari-server to 1.9.3 #442)
• Upgaring commons-beanutils dependency in ambari-server to 1.9.3 ([AMBARI-23054] Upgrading commons-beanutils dependency in ambari-server to 1.9.3 #442)

How was this patch tested?

Latest uni test results in ambari-server:

[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 27:20 min
[INFO] Finished at: 2018-03-04T17:07:30+01:00
[INFO] Final Memory: 212M/916M
[INFO] ------------------------------------------------------------------------

In addition to uni testing I checked Maven's dependency resolution and executed integration testing in my local test environment:
I replaced the content of usr/lib/ambari-server in my vagrant host with the content from ambari-server/target/ambari-server-2.6.0.0.0-dist/usr/lib/ambari-server (where the relevant JAR(s) were replaced/removed with their expected version) and restarted the server; logged in and did some actions (in this case I used the REST API to create a cluster via BPs); there were no any issues.

[smolnar82]

@rlevas @adoroszlai @zeroflag @dlysnichenko Could you please review this PR? As I mentioned those changes have already been reviewed and tested. However - due to the large amount of changes on trunk - it was not possible to simply cherry-pick the commits in question.

Thanks!

[asfgit]

Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/Ambari-Github-PullRequest-Builder/951/
Test FAILed.
Test FAILured.

[rlevas]

retest this please

[asfgit]

Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/Ambari-Github-PullRequest-Builder/962/
Test PASSed.