[
https://issues.redhat.com/browse/WFLY-13059?page=com.atlassian.jira.plugi...
]
Brian Stansberry reassigned WFLY-13059:
---------------------------------------
Component/s: Web Services
(was: XML Frameworks)
Assignee: Jim Ma (was: Brian Stansberry)
org.apache.ws.security exports Jasypt
-------------------------------------
Key: WFLY-13059
URL:
https://issues.redhat.com/browse/WFLY-13059
Project: WildFly
Issue Type: Bug
Components: Web Services
Reporter: Philippe Marschall
Assignee: Jim Ma
Priority: Major
The {{org.apache.ws.security}} module contains the Jasypt JAR and exports it. Jasypt is
only used internally by {{org.apache.wss4j.common.crypto.JasyptPasswordEncryptor}} and not
used externally.
Our application has a dependency on {{org.jboss.ws.cxf.jbossws-cxf-client}} which has an
exported dependency on {{org.apache.ws.security}} which exports Jasypt. As a consequence
the Jasypt from the {{org.apache.ws.security}} module is used instead of the Jasypt from
our application.
We would be willing to work on a patch. We see two possible options:
# Introduce a dedicated Jasypt module and make {{org.apache.ws.security}} depend on it
without exporting it
# Add a resource filter to the {{org.apache.ws.security}} module like this {code}
<exports>
<exclude path="org/jasypt/**"/>
</exports>
{code}
--
This message was sent by Atlassian Jira
(v7.13.8#713008)