yotommy
commented
8 months ago I posted a similar question to the Play discussion boards: Using play-secret-rotation in a Java server
I got the helpful answer that ApplicationComponents should not be required in our server because we use Guice for dependency injection.
However, I am still not sure what binding I need to set up in order to "activate" RotatingSecretComponents.
Also I tried creating a Java class that implements SnapshotProvider, but I get compilation errors suggesting that my approach may be flawed:
modules.CiviFormSecretSnapshotProvider is not abstract and does not override abstract method com$gu$play$secretrotation$SnapshotProvider$_setter_$logger_$eq(com.typesafe.scalalogging.Logger) in com.gu.play.secretrotation.SnapshotProvider
Is it feasible to use play-secret-rotation in a Java server that uses Guice?
rtyley
Apologies for raising an issue: if there is a better place to ask my question, please let me know.
In CiviForm, we use the Play framework in Java. I would love to use your package for rotating server secrets, but am having a bit of trouble understanding the required steps.
Note that I would like to use my own
secretStateSupplier, rather than use the AWS parameter store.The
READMEfor the parameter store option provides a clue how I might do this. In Updating ApplicationComponents with the rotating secret, it says:This sounds very promising! However, our project does not currently have a custom
ApplicationComponentssubclass. Some experimenting with subclassingplay.BuiltInComponentsFromContexthas revealed complications since we want to maintain the current default handling of therouter()andhttpFilters()methods, but these areabstractin the superclass.I also haven't had any success trying to find examples on the web.
Can you point to any guides for integrating your package in a Java project that doesn't (yet) have its own
ApplicationComponentssubclass?