[jira] [Commented] (METRON-1545) Upgrade Spring and Spring Boot

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/METRON-1545?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16462844#comment-16462844
 ] 

ASF GitHub Bot commented on METRON-1545:
----------------------------------------

Github user merrimanr commented on a diff in the pull request:

    https://github.com/apache/metron/pull/1008#discussion_r185883201
  
    --- Diff: 
metron-interface/metron-rest/src/main/java/org/apache/metron/rest/config/WebSecurityConfig.java
 ---
    @@ -87,13 +91,18 @@ public void configureJdbc(AuthenticationManagerBuilder 
auth) throws Exception {
             List<String> activeProfiles = 
Arrays.asList(environment.getActiveProfiles());
             if (activeProfiles.contains(MetronRestConstants.DEV_PROFILE) ||
                     activeProfiles.contains(MetronRestConstants.TEST_PROFILE)) 
{
    -            auth.jdbcAuthentication().dataSource(dataSource)
    -                    
.withUser("user").password("password").roles(SECURITY_ROLE_USER).and()
    -                    
.withUser("user1").password("password").roles(SECURITY_ROLE_USER).and()
    -                    
.withUser("user2").password("password").roles(SECURITY_ROLE_USER).and()
    -                    
.withUser("admin").password("password").roles(SECURITY_ROLE_USER, 
SECURITY_ROLE_ADMIN);
    +          auth.jdbcAuthentication().dataSource(dataSource)
    +                  
.withUser("user").password("password").roles(SECURITY_ROLE_USER).and()
    +                  
.withUser("user1").password("password").roles(SECURITY_ROLE_USER).and()
    +                  
.withUser("user2").password("password").roles(SECURITY_ROLE_USER).and()
    +                  
.withUser("admin").password("password").roles(SECURITY_ROLE_USER, 
SECURITY_ROLE_ADMIN);
             } else {
                 auth.jdbcAuthentication().dataSource(dataSource);
             }
         }
    +
    +    @Bean
    +    public PasswordEncoder passwordEncoder() {
    +        return NoOpPasswordEncoder.getInstance();
    --- End diff --
    
    The reason I used that particular encoder is to keep the system working the 
same way it does now.  Using a different encoder would significantly alter the 
way we manage users and passwords.  It will also force people to migrate all 
passwords to a new encoding when upgrading.
    
    I would like to see a broader discussion on our authentication strategy 
outside of this PR.  I suspect we will end up moving away from JDBC 
authentication anyways and more towards a unified architecture that aligns with 
other components in our stack.


> Upgrade Spring and Spring Boot
> ------------------------------
>
>                 Key: METRON-1545
>                 URL: https://issues.apache.org/jira/browse/METRON-1545
>             Project: Metron
>          Issue Type: Improvement
>            Reporter: Ryan Merriman
>            Assignee: Ryan Merriman
>            Priority: Major
>
> The metron-rest module depends on old versions of Spring and Spring Boot.  We 
> should upgrade these to the latest release.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)