Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-1726

Upgrade from CXF 2.1 to CXF 2.1.1 results in two BouncyCastle JARs being used

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.1.2
    • Component/s: None
    • Labels:
      None
    • Estimated Complexity:
      Novice

      Description

      Updating this dependency:

      <dependency>
      <groupId>org.apache.cxf</groupId>
      <artifactId>cxf-rt-ws-security</artifactId>
      <version>${cxf.version}</version>
      </dependency>

      From CXF 2.1 to 2.1.1 results into two Bouncy Castle jars being placed into the web service provider's WAR-- the usual bcprov-jdk14-136.jar from CXF 2.1 and bcprov-jdk13-132.jar. I don't know why both are being loaded-maybe OpenSAML (which is not in 2.1) is the culprit, or xmlsec's upgrade from 1.3 to 1.4 or WSS4J's from 1.5.2 to 1.5.4-but either of the latter two causing this is rather doubtful.

      (It might be nice also to upgrade to BC's 1.5 or 1.6 library at this time.)

      Test case: Download my DoubleIt sample[1], place this dependency in the trunk/pom.xml, and from that run "mvn clean install" – you'll see the two BC libs in the service-war/target folder.

      [1] http://glen.mazza.blog.googlepages.com/20080418DoubleIt.zip

        Attachments

          Activity

            People

            • Assignee:
              dkulp Daniel Kulp
              Reporter:
              gmazza Glen Mazza
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: