This is an automated email from the ASF dual-hosted git repository. ilgrosso pushed a commit to branch 4_0_X in repository https://gitbox.apache.org/repos/asf/syncope.git
commit ce9e1dccef0fe9388e9c185d443df3e434b24da6 Author: Francesco Chicchiriccò <[email protected]> AuthorDate: Fri Nov 21 11:44:41 2025 +0100 Better explanation for security.groovyBlacklist Core property --- core/starter/src/main/resources/core.properties | 2 ++ src/main/asciidoc/reference-guide/concepts/implementations.adoc | 3 +++ .../reference-guide/configuration/configurationparameters.adoc | 5 +++-- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/core/starter/src/main/resources/core.properties b/core/starter/src/main/resources/core.properties index 59b6e05dd8..950bf0c65c 100644 --- a/core/starter/src/main/resources/core.properties +++ b/core/starter/src/main/resources/core.properties @@ -100,6 +100,8 @@ security.jwsKey=${jwsKey} # Shorter keys will be padded to the nearest longer option available; keys > 32 will be trucated security.aesSecretKey=${secretKey} +security.groovyBlacklist=classpath:META-INF/groovy.blacklist + # default for LDAP / RFC2307 SSHA security.digester.saltIterations=1 security.digester.saltSizeBytes=8 diff --git a/src/main/asciidoc/reference-guide/concepts/implementations.adoc b/src/main/asciidoc/reference-guide/concepts/implementations.adoc index d74ed98c1d..ae75c890c3 100644 --- a/src/main/asciidoc/reference-guide/concepts/implementations.adoc +++ b/src/main/asciidoc/reference-guide/concepts/implementations.adoc @@ -44,4 +44,7 @@ ifeval::["{snapshotOrRelease}" == "snapshot"] https://github.com/ilgrosso/syncope/blob/4_0_X/core/spring/src/main/resources/META-INF/groovy.blacklist[groovy.blacklist^] endif::[] . + +The default Groovy sandbox controls can be tweaked by configuring a local copy of `groovy.blacklist`, which will then +have to be referenced by adjusting the value of the `security.groovyBlacklist` property in the `core.properties` file. ==== diff --git a/src/main/asciidoc/reference-guide/configuration/configurationparameters.adoc b/src/main/asciidoc/reference-guide/configuration/configurationparameters.adoc index 0bfb7b5088..bfb339bdb2 100644 --- a/src/main/asciidoc/reference-guide/configuration/configurationparameters.adoc +++ b/src/main/asciidoc/reference-guide/configuration/configurationparameters.adoc @@ -24,9 +24,10 @@ Most run-time configuration options are available as parameters and can be tuned * `password.cipher.algorithm` - which cipher algorithm shall be used for encrypting password values; supported algorithms include `SHA-1`, `SHA-256`, `SHA-512`, `AES`, `S-MD5`, `S-SHA-1`, `S-SHA-256`, `S-SHA-512` and `BCRYPT`; salting options are available in the `core.properties` file; -* `security.aesSecretKey` - used for AES-based encryption / decryption: besides password values, this is also used -whenever reversible encryption is needed, throughout the whole system; [WARNING] +The value of the `security.aesSecretKey` property in the `core.properties` file is used for AES-based encryption / +decryption: besides password values, this is also used whenever reversible encryption is needed, throughout the whole +system. + The actual length of the `security.aesSecretKey` value is used to drive the AES algorithm variant selection: 16 characters implies `AES-128`, 24 selects `AES-192` and 32 configures `AES-256`. + When the `security.aesSecretKey` value has length less than 16, between 17 and 23 or between 25 and 31, it is
