Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-13059

org.apache.ws.security exports Jasypt

    XMLWordPrintable

Details

    Description

      The org.apache.ws.security module contains the Jasypt JAR and exports it. Jasypt is only used internally by org.apache.wss4j.common.crypto.JasyptPasswordEncryptor and not used externally.

      Our application has a dependency on org.jboss.ws.cxf.jbossws-cxf-client which has an exported dependency on org.apache.ws.security which exports Jasypt. As a consequence the Jasypt from the org.apache.ws.security module is used instead of the Jasypt from our application.

      We would be willing to work on a patch. We see two possible options:

      1. Introduce a dedicated Jasypt module and make org.apache.ws.security depend on it without exporting it
      2. Add a resource filter to the org.apache.ws.security module like this 
            <exports>
	    <exclude path="org/jasypt/**"/>
    </exports>

      Attachments

        Issue Links

          is incorporated by

          Task - Represents a small unit of work that is not end-user facing. WFLY-14939 Review and change some webservice dependent module to private

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              rhn-engineering-ema Jim Ma
              pmarscha Philippe Marschall (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: