How to force CUBA platform 7.x to use lowe Spring Security Version spring-security-core-4.2.3.RELEASE

Support
#1

Hi ,

We are migrating from legacy system to new CUBA based system, basically we want to retain the passwords from legacy system in new platform. Legacy system using Spring 3.x version. We would like to re use the passwords and continue with same encrytion logic. Problem here is compile time I can force CUBA to use spring-security-core:4.2.3.RELEASE but run time is not loading these classes. hence facing class not found error on Legacy Classes.(org.springframework.security.authentication.dao.ReflectionSaltSource, org.springframework.security.authentication.encoding.MessageDigestPasswordEncoder)

Can you please throw some light on this how to handle this in CUBA 7.x version.

dependencies {
** compile(globalModule)**
** compileOnly(servletApi)**
** jdbc(mysql)**
** testRuntime(mysql)**
** compile ‘org.springframework.security:spring-security-core:4.2.3.RELEASE’**
** }**

#2

You can use the Gradle dependency forcing feature as follows:

configure(webModule) {
    configurations {
        webcontent
    }

    dependencies {
        compileOnly(servletApi)
        compile(globalModule)
        compile('org.springframework.security:spring-security-core:4.2.3.RELEASE') {
            force = true
        }
        compile('org.springframework.security:spring-security-web:4.2.3.RELEASE') {
            force = true
        }
        compile('org.springframework.security:spring-security-config:4.2.3.RELEASE') {
            force = true
        }
// ...

But obviously we cannot guarantee that everything will work as expected with this older version.

#3

Thanks for quick revert. will check.

#4

we have taken alternate approach to migrate legacy passwords to spring security 5.x. Password validation working fine now. can close the thread

1 Like