[jboss-jira] [JBoss JIRA] (WFLY-13059) org.apache.ws.security exports Jasypt
Philippe Marschall (Jira)
issues at jboss.org
Tue Feb 4 09:47:28 EST 2020
Philippe Marschall created WFLY-13059:
-----------------------------------------
Summary: org.apache.ws.security exports Jasypt
Key: WFLY-13059
URL: https://issues.redhat.com/browse/WFLY-13059
Project: WildFly
Issue Type: Bug
Components: XML Frameworks
Reporter: Philippe Marschall
Assignee: Brian Stansberry
The {{org.apache.ws.security}} module contains the Jasypt JAR and exports it. Jasypt is only used internally by {{org.apache.wss4j.common.crypto.JasyptPasswordEncryptor}} and not used externally.
Our application has a dependency on {{org.jboss.ws.cxf.jbossws-cxf-client}} which has an exported dependency on {{org.apache.ws.security}} which exports Jasypt. As a consequence the Jasypt from the {{org.apache.ws.security}} module is used instead of the Jasypt from our application.
We would be willing to work on a patch. We see two possible options:
# Introduce a dedicated Jasypt module and make {{org.apache.ws.security}} depend on it without exporting it
# Add a resource filter to the {{org.apache.ws.security}} module like this {code}
<exports>
<exclude path="org/jasypt/**"/>
</exports>
{code}
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list