Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-13059

org.apache.ws.security exports Jasypt

XMLWordPrintable

      The org.apache.ws.security module contains the Jasypt JAR and exports it. Jasypt is only used internally by org.apache.wss4j.common.crypto.JasyptPasswordEncryptor and not used externally.

      Our application has a dependency on org.jboss.ws.cxf.jbossws-cxf-client which has an exported dependency on org.apache.ws.security which exports Jasypt. As a consequence the Jasypt from the org.apache.ws.security module is used instead of the Jasypt from our application.

      We would be willing to work on a patch. We see two possible options:

      1. Introduce a dedicated Jasypt module and make org.apache.ws.security depend on it without exporting it
      2. Add a resource filter to the org.apache.ws.security module like this
            <exports>
        	    <exclude path="org/jasypt/**"/>
            </exports>
          

              rhn-engineering-ema Jim Ma
              pmarscha Philippe Marschall (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: