spring-cloud-commons icon indicating copy to clipboard operation
spring-cloud-commons copied to clipboard
verified publisher icon spring-cloud

ConfigServerConfigDataLocationResolver still has reference to "spring-security-rsa"

Open hviranicitco opened this issue 9 months ago • 0 comments

Describe the bug As part of https://github.com/spring-cloud/spring-cloud-commons/issues/1398 the dependency for "spring-security-rsa" was removed.

However, ConfigServerConfigDataLocationResolver class still refers to RsaSecretEncryptor from spring-security-rsa package.

   static final boolean RSA_IS_PRESENT = ClassUtils.isPresent("org.springframework.security.rsa.crypto.RsaSecretEncryptor", (ClassLoader)null);

Note that org.springframework.security.rsa.crypto.RsaSecretEncryptor is part of "spring-security-rsa". I think it should change to use org.springframework.security.crypto.encrypt.RsaSecretEncryptor which is from "spring-security-crypto"

The above bug causes, RSA_IS_PRESENT to be false and then fails to decrypt the secret from cloud-config server and causes NullPointerException since it goes to branch which uses EncryptorFactory instead of using TextEncryptorUtils

hviranicitco avatar Mar 06 '25 18:03 hviranicitco