[jboss-jira] [JBoss JIRA] (WFLY-13059) org.apache.ws.security exports Jasypt
Brian Stansberry (Jira)
issues at jboss.org
Tue Feb 4 13:35:53 EST 2020
[ https://issues.redhat.com/browse/WFLY-13059?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brian Stansberry reassigned WFLY-13059:
---------------------------------------
Component/s: Web Services
(was: XML Frameworks)
Assignee: Jim Ma (was: Brian Stansberry)
> org.apache.ws.security exports Jasypt
> -------------------------------------
>
> Key: WFLY-13059
> URL: https://issues.redhat.com/browse/WFLY-13059
> Project: WildFly
> Issue Type: Bug
> Components: Web Services
> Reporter: Philippe Marschall
> Assignee: Jim Ma
> Priority: Major
>
> The {{org.apache.ws.security}} module contains the Jasypt JAR and exports it. Jasypt is only used internally by {{org.apache.wss4j.common.crypto.JasyptPasswordEncryptor}} and not used externally.
> Our application has a dependency on {{org.jboss.ws.cxf.jbossws-cxf-client}} which has an exported dependency on {{org.apache.ws.security}} which exports Jasypt. As a consequence the Jasypt from the {{org.apache.ws.security}} module is used instead of the Jasypt from our application.
> We would be willing to work on a patch. We see two possible options:
> # Introduce a dedicated Jasypt module and make {{org.apache.ws.security}} depend on it without exporting it
> # Add a resource filter to the {{org.apache.ws.security}} module like this {code}
> <exports>
> <exclude path="org/jasypt/**"/>
> </exports>
> {code}
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list