[ https://issues.apache.org/jira/browse/METRON-1545?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16462844#comment-16462844 ]
ASF GitHub Bot commented on METRON-1545: ---------------------------------------- Github user merrimanr commented on a diff in the pull request: https://github.com/apache/metron/pull/1008#discussion_r185883201 --- Diff: metron-interface/metron-rest/src/main/java/org/apache/metron/rest/config/WebSecurityConfig.java --- @@ -87,13 +91,18 @@ public void configureJdbc(AuthenticationManagerBuilder auth) throws Exception { List<String> activeProfiles = Arrays.asList(environment.getActiveProfiles()); if (activeProfiles.contains(MetronRestConstants.DEV_PROFILE) || activeProfiles.contains(MetronRestConstants.TEST_PROFILE)) { - auth.jdbcAuthentication().dataSource(dataSource) - .withUser("user").password("password").roles(SECURITY_ROLE_USER).and() - .withUser("user1").password("password").roles(SECURITY_ROLE_USER).and() - .withUser("user2").password("password").roles(SECURITY_ROLE_USER).and() - .withUser("admin").password("password").roles(SECURITY_ROLE_USER, SECURITY_ROLE_ADMIN); + auth.jdbcAuthentication().dataSource(dataSource) + .withUser("user").password("password").roles(SECURITY_ROLE_USER).and() + .withUser("user1").password("password").roles(SECURITY_ROLE_USER).and() + .withUser("user2").password("password").roles(SECURITY_ROLE_USER).and() + .withUser("admin").password("password").roles(SECURITY_ROLE_USER, SECURITY_ROLE_ADMIN); } else { auth.jdbcAuthentication().dataSource(dataSource); } } + + @Bean + public PasswordEncoder passwordEncoder() { + return NoOpPasswordEncoder.getInstance(); --- End diff -- The reason I used that particular encoder is to keep the system working the same way it does now. Using a different encoder would significantly alter the way we manage users and passwords. It will also force people to migrate all passwords to a new encoding when upgrading. I would like to see a broader discussion on our authentication strategy outside of this PR. I suspect we will end up moving away from JDBC authentication anyways and more towards a unified architecture that aligns with other components in our stack. > Upgrade Spring and Spring Boot > ------------------------------ > > Key: METRON-1545 > URL: https://issues.apache.org/jira/browse/METRON-1545 > Project: Metron > Issue Type: Improvement > Reporter: Ryan Merriman > Assignee: Ryan Merriman > Priority: Major > > The metron-rest module depends on old versions of Spring and Spring Boot. We > should upgrade these to the latest release. -- This message was sent by Atlassian JIRA (v7.6.3#76005)