GH-242: Remove jasypt dependency
Fixes https://github.com/spring-projects/spring-integration-samples/issues/242 Since `jasypt` is not compatible with Spring Security and recommendation is to use BCrypt or NO-OP instead, remove its dependency and appropriate bean definitions in favor of NO-OP password encoding. The purpose of this `http-rest` application is out of Spring Security encoding capabilities
This commit is contained in:
@@ -191,7 +191,6 @@ subprojects { subproject ->
|
||||
hsqldbVersion = '2.3.2'
|
||||
h2Version = '1.4.194'
|
||||
jacksonVersion = '2.9.8'
|
||||
jasyptVersion = '1.7'
|
||||
javaxInjectVersion = '1'
|
||||
javaxMailVersion = '1.5.5'
|
||||
jodaTimeVersion = '1.6'
|
||||
@@ -1149,7 +1148,6 @@ project('rest-http') {
|
||||
compile "com.fasterxml.jackson.core:jackson-databind:$jacksonVersion"
|
||||
compile "org.springframework.security:spring-security-web:$springSecurityVersion"
|
||||
compile "org.springframework.security:spring-security-config:$springSecurityVersion"
|
||||
compile "org.jasypt:jasypt:$jasyptVersion"
|
||||
compile "org.apache.logging.log4j:log4j-core:$log4jVersion"
|
||||
}
|
||||
|
||||
|
||||
@@ -165,18 +165,6 @@
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.jasypt</groupId>
|
||||
<artifactId>jasypt</artifactId>
|
||||
<version>1.7</version>
|
||||
<scope>compile</scope>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
<artifactId>jackson-module-kotlin</artifactId>
|
||||
<groupId>com.fasterxml.jackson.module</groupId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.apache.logging.log4j</groupId>
|
||||
<artifactId>log4j-core</artifactId>
|
||||
|
||||
@@ -1,2 +1 @@
|
||||
#REST HTTP User - Password is 'spring'
|
||||
SPRING=gI/OZ3yejUtSxsF9XySg5TfFJFo=,ROLE_REST_HTTP_USER,enabled
|
||||
SPRING={noop}spring,ROLE_REST_HTTP_USER,enabled
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd
|
||||
@@ -11,40 +12,17 @@
|
||||
secured-annotations="enabled" />
|
||||
|
||||
<!-- Configure Spring Security -->
|
||||
<security:http auto-config="true" use-expressions="true" realm="REST HTTP Web Service" create-session="never">
|
||||
<security:http use-expressions="true" realm="REST HTTP Web Service" create-session="never">
|
||||
<security:http-basic />
|
||||
<security:form-login />
|
||||
<security:intercept-url pattern='/services/employee/*' access="hasRole('ROLE_REST_HTTP_USER')" />
|
||||
</security:http>
|
||||
|
||||
<!-- In this example, we are using in memory authentication. The password encoder depends on
|
||||
Jasypt's String Digester to digest the password stored in users.properties -->
|
||||
<!-- In this example, we are using in memory authentication. -->
|
||||
<security:authentication-manager alias="authenticationManager">
|
||||
<security:authentication-provider>
|
||||
<security:password-encoder ref="passwordEncoder"/>
|
||||
<security:user-service properties="classpath:users.properties" />
|
||||
</security:authentication-provider>
|
||||
</security:authentication-manager>
|
||||
|
||||
<!--
|
||||
Use the StringDigester to create uni-directional password encryption.
|
||||
All uni-directional encryption methods supported in jasypt is integrated into
|
||||
Spring Security
|
||||
-->
|
||||
<bean id="jasyptStringDigester" class="org.jasypt.digest.StandardStringDigester" >
|
||||
<property name="algorithm" value="SHA-1" />
|
||||
<property name="iterations" value="100000" />
|
||||
<property name="saltGenerator">
|
||||
<bean id="zeroSaltGenerator" class="org.jasypt.salt.ZeroSaltGenerator"/>
|
||||
</property>
|
||||
<property name="saltSizeBytes" value="10"/>
|
||||
</bean>
|
||||
|
||||
<!--
|
||||
This Spring Security-friendly PasswordEncoder implementation will
|
||||
wrap the StringDigester instance so that it can be used from
|
||||
the security framework.
|
||||
-->
|
||||
<bean id="passwordEncoder" class="org.jasypt.spring.security3.PasswordEncoder">
|
||||
<property name="stringDigester" ref="jasyptStringDigester"/>
|
||||
</bean>
|
||||
</beans>
|
||||
|
||||
@@ -1,19 +1,19 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_5.xsd"
|
||||
version="2.5">
|
||||
|
||||
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
|
||||
version="3.0">
|
||||
|
||||
<display-name>Spring Integration Rest HTTP Path Usage Demo</display-name>
|
||||
|
||||
|
||||
<context-param>
|
||||
<param-name>contextConfigLocation</param-name>
|
||||
<param-value>
|
||||
<!-- Spring application context declaration -->
|
||||
/WEB-INF/config/web-application-config.xml
|
||||
/WEB-INF/config/web-application-config.xml
|
||||
</param-value>
|
||||
</context-param>
|
||||
|
||||
|
||||
<!--
|
||||
Key of the system property that should specify the root directory of this
|
||||
web app. Applied by WebAppRootListener or Log4jConfigListener.
|
||||
@@ -22,7 +22,7 @@
|
||||
<param-name>webAppRootKey</param-name>
|
||||
<param-value>rest-http.root</param-value>
|
||||
</context-param>
|
||||
|
||||
|
||||
<!--
|
||||
Location of the Log4J config file, for initialization and refresh checks.
|
||||
Applied by Log4jConfigListener.
|
||||
@@ -31,25 +31,7 @@
|
||||
<param-name>log4jConfigLocation</param-name>
|
||||
<param-value>/WEB-INF/classes/log4j.properties</param-value>
|
||||
</context-param>
|
||||
|
||||
<!--
|
||||
- Configures Log4J for this web app.
|
||||
- As this context specifies a context-param "log4jConfigLocation", its file path
|
||||
- is used to load the Log4J configuration, including periodic refresh checks.
|
||||
-
|
||||
- Would fall back to default Log4J initialization (non-refreshing) if no special
|
||||
- context-params are given.
|
||||
-
|
||||
- Exports a "web app root key", i.e. a system property that specifies the root
|
||||
- directory of this web app, for usage in log file paths.
|
||||
- This web app specifies "rest-http.root" (see log4j.properties file).
|
||||
-->
|
||||
<!-- Leave the listener commented-out if using JBoss -->
|
||||
|
||||
<listener>
|
||||
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
|
||||
</listener>
|
||||
|
||||
|
||||
<!--
|
||||
- Loads the root application context of this web app at startup,
|
||||
- by default from "/WEB-INF/applicationContext.xml".
|
||||
@@ -66,7 +48,7 @@
|
||||
<listener>
|
||||
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
|
||||
</listener>
|
||||
|
||||
|
||||
<filter>
|
||||
<filter-name>charEncodingFilter</filter-name>
|
||||
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
|
||||
@@ -91,7 +73,7 @@
|
||||
<filter-name>springSecurityFilterChain</filter-name>
|
||||
<url-pattern>/*</url-pattern>
|
||||
</filter-mapping>
|
||||
|
||||
|
||||
<servlet>
|
||||
<servlet-name>Spring Integration Rest HTTP Path Usage</servlet-name>
|
||||
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
|
||||
@@ -105,5 +87,5 @@
|
||||
<servlet-name>Spring Integration Rest HTTP Path Usage</servlet-name>
|
||||
<url-pattern>/*</url-pattern>
|
||||
</servlet-mapping>
|
||||
|
||||
</web-app>
|
||||
|
||||
</web-app>
|
||||
|
||||
Reference in New Issue
Block a user