Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Web Services
    • Labels:
      None

      Description

      The org.apache.ws.security module contains the Jasypt JAR and exports it. Jasypt is only used internally by org.apache.wss4j.common.crypto.JasyptPasswordEncryptor and not used externally.

      Our application has a dependency on org.jboss.ws.cxf.jbossws-cxf-client which has an exported dependency on org.apache.ws.security which exports Jasypt. As a consequence the Jasypt from the org.apache.ws.security module is used instead of the Jasypt from our application.

      We would be willing to work on a patch. We see two possible options:

      1. Introduce a dedicated Jasypt module and make org.apache.ws.security depend on it without exporting it
      2. Add a resource filter to the org.apache.ws.security module like this
            <exports>
        	    <exclude path="org/jasypt/**"/>
            </exports>
          

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                jim.ma Jim Ma
                Reporter:
                pmm Philippe Marschall
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: