Hi Philippe,

I think this would be good that we provide a dedicated module for Jasypt and still export to ws security module. This will allow the old application with jbossws-cxf-client module dependency added can still access jasypt classes and work. If other application likes yours doesn't want this jasypt exported dependency , it can be excluded with one line exclusion config in jboss-deployment-structure.xml. Does this work for you ?

BTW, upgrade jasypt to 1.9.3 is the missing part in wildfly. I'll fix this soon. I added this discussion to WFLY-13059 too. If you like, let's add comment/discuss there.

Cheers,

Jim

On Sat, Mar 14, 2020 at 1:32 AM Philippe Marschall <kustos@gmx.net> wrote:

On 13.03.20 14:43, Jim Ma wrote:
> Hi Philippe,
> Did you try to provide a jboss-deployment-structure.xml to exclude
> org.apache.ws.security module and add all the jars you need in your
> application ?

Yes, we found a workaround but we would like to get rid of it and see
the underlying issue fixed. Otherwise other users could be affected as
well and have a bad experience using WildFly.

Cheers
Philippe