search

SAP / cloud-security-services-integration-library

Integration libraries and samples for authenticating users and clients bound to XSUAA authentication and authorization service or Identity authentication service.
Apache License 2.0
151 stars 136 forks source link

identical package and class names in different java-container-security libraries #119

Closed d021248 closed 5 years ago

d021248 commented 5 years ago

We have switched the security library from com.sap.xs2.security/java-container-security-api (old) to com.sap.cloud.security.xsuaa/java-container-security (new) .

We have excluded all implicite references to the old library in our pom.xml.

However, some cloud foundry runtime components still use the older version of the library (e.g. Buildpack).

The problem is now, that both libraries (old and new) have identical package names and identical class names. This makes consumption of the desired library difficult and makes debugging cumbersome, since we cannot easily determine which version of the lib we are confronted with.

We are forced to implement hacks to get this resolved: 

    private boolean isOldVersion = false;

    private String getSubaccountId() throws UserInfoException {
        String subaccountId = null;

        // we first tryout getSubaccountId()
        // in case the method does not yet exist, we have to fallback to the old version getIdentityZone()
        if (!isOldVersion) {
            try {
                subaccountId = SecurityContext.getUserInfo().getSubaccountId();
            } catch (AbstractMethodError e) {
                logger.error("uh, oh....... new version of java-container-security not available");
                isOldVersion = true;
            }
        }

        // getSubaccountId() does not yet exist --> fall back to getIdentityZone()
        if (isOldVersion) {
            logger.error("falling back to older version of java-container-security");
            subaccountId = SecurityContext.getUserInfo().getIdentityZone();
        }
        return subaccountId;

    }

Would it be possible to have different package names for the libraries, which would allow a co-existence of both libs and allow a unequivocal usage of the desired version?

Please don't hesitate to contact me in case of questions.

nenaraab commented 5 years ago

Dear @d021248

This issue is solved with version 2.0.0: https://search.maven.org/search?q=com.sap.cloud.security

Please consider the release notes: https://github.com/SAP/cloud-security-xsuaa-integration/releases/tag/2.0.0

Best regards, Nena