Skip to content

JKNS-859: Replace jbcrypt with Spring Security BCryptPasswordEncoder#2340

Merged
openshift-merge-bot[bot] merged 1 commit intoopenshift:release-rhel9from
kunalmemane:JKNS-859-fix-jbcrypt-with-spring-security-rhel9
Mar 20, 2026
Merged

JKNS-859: Replace jbcrypt with Spring Security BCryptPasswordEncoder#2340
openshift-merge-bot[bot] merged 1 commit intoopenshift:release-rhel9from
kunalmemane:JKNS-859-fix-jbcrypt-with-spring-security-rhel9

Conversation

@kunalmemane
Copy link
Copy Markdown
Member

@kunalmemane kunalmemane commented Feb 27, 2026
edited
Loading

Jenkins LTS 2.516.1 removed the jbcrypt library from the WAR, breaking password hashing in OpenShift Jenkins. Updated password encoding to use Spring Security's BCryptPasswordEncoder instead.

  • Added Java source files for PasswordEncoder and PasswordChecker under jenkins-bcrypt-util/ (replaces the prebuilt password-encoder.jar)
  • Build password-encoder.jar at container startup from these sources using spring-security-crypto from the Jenkins WAR
  • Update classpath in jenkins-common.sh to use WAR lib jars for runtime dependencies

Ref:

@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Feb 27, 2026
@openshift-ci-robot
Copy link
Copy Markdown
Contributor

openshift-ci-robot commented Feb 27, 2026
edited by openshift-ci Bot
Loading

@kunalmemane: This pull request references JKNS-859 which is a valid jira issue.

Details

In response to this:

Jenkins 2.509 removed the jbcrypt library from the WAR. Updated password-encoder.jar to use Spring Security's BCryptPasswordEncoder and adjust the classpath in jenkins-common.sh to resolve dependencies from the WAR lib directory.

Ref:

Also see:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 27, 2026
@kunalmemane kunalmemane force-pushed the JKNS-859-fix-jbcrypt-with-spring-security-rhel9 branch from 823904e to afc2623 Compare February 27, 2026 12:33
@kunalmemane
Copy link
Copy Markdown
Member Author

kunalmemane commented Feb 27, 2026

/retest

@kunalmemane
Replace jbcrypt with Spring Security BCryptPasswordEncoder
030d924 
Jenkins LTS 2.516.1 removed the jbcrypt library from the WAR, breaking
password hashing in OpenShift Jenkins. Updated password encoding to
use Spring Security's BCryptPasswordEncoder instead.

- Added Java source files for PasswordEncoder and PasswordChecker
  under jenkins-bcrypt-util/ (replaces the prebuilt password-encoder.jar)
- Build password-encoder.jar at container startup from these sources
  using spring-security-crypto from the Jenkins WAR
- Update classpath in jenkins-common.sh to use WAR lib jars for
  runtime dependencies
@kunalmemane kunalmemane force-pushed the JKNS-859-fix-jbcrypt-with-spring-security-rhel9 branch from afc2623 to 030d924 Compare March 9, 2026 13:01
@openshift-ci-robot
Copy link
Copy Markdown
Contributor

openshift-ci-robot commented Mar 9, 2026
edited by openshift-ci Bot
Loading

@kunalmemane: This pull request references JKNS-859 which is a valid jira issue.

Details

In response to this:

Jenkins LTS 2.516.1 removed the jbcrypt library from the WAR, breaking password hashing in OpenShift Jenkins. Updated password encoding to use Spring Security's BCryptPasswordEncoder instead.

  • Added Java source files for PasswordEncoder and PasswordChecker under jenkins-bcrypt-util/ (replaces the prebuilt password-encoder.jar)
  • Build password-encoder.jar at container startup from these sources using spring-security-crypto from the Jenkins WAR
  • Update classpath in jenkins-common.sh to use WAR lib jars for runtime dependencies

Ref:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Mar 9, 2026

@kunalmemane: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/security 030d924 link false /test security

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@prdhamdh
Copy link
Copy Markdown
Contributor

prdhamdh commented Mar 20, 2026

/lgtm
/approve
/label backport-risk-assessed
/label px-approved
/label docs-approved
/label qe-approved

@openshift-ci openshift-ci Bot added backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. px-approved Signifies that Product Support has signed off on this PR docs-approved Signifies that Docs has signed off on this PR qe-approved Signifies that QE has signed off on this PR labels Mar 20, 2026
@openshift-ci-robot
Copy link
Copy Markdown
Contributor

openshift-ci-robot commented Mar 20, 2026
edited by openshift-ci Bot
Loading

@kunalmemane: This pull request references JKNS-859 which is a valid jira issue.

Details

In response to this:

Jenkins LTS 2.516.1 removed the jbcrypt library from the WAR, breaking password hashing in OpenShift Jenkins. Updated password encoding to use Spring Security's BCryptPasswordEncoder instead.

  • Added Java source files for PasswordEncoder and PasswordChecker under jenkins-bcrypt-util/ (replaces the prebuilt password-encoder.jar)
  • Build password-encoder.jar at container startup from these sources using spring-security-crypto from the Jenkins WAR
  • Update classpath in jenkins-common.sh to use WAR lib jars for runtime dependencies

Ref:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label Mar 20, 2026
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Mar 20, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: kunalmemane, prdhamdh

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:
  • OWNERS [kunalmemane,prdhamdh]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-bot openshift-merge-bot Bot merged commit ecadfde into openshift:release-rhel9 Mar 20, 2026
7 of 10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@divyansh42 divyansh42 Awaiting requested review from divyansh42

@sayan-biswas sayan-biswas Awaiting requested review from sayan-biswas

Assignees

@prdhamdh prdhamdh

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. docs-approved Signifies that Docs has signed off on this PR jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged. px-approved Signifies that Product Support has signed off on this PR qe-approved Signifies that QE has signed off on this PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kunalmemane @openshift-ci-robot @prdhamdh