Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
-
Novice
Description
Updating this dependency:
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-ws-security</artifactId>
<version>${cxf.version}</version>
</dependency>
From CXF 2.1 to 2.1.1 results into two Bouncy Castle jars being placed into the web service provider's WAR-- the usual bcprov-jdk14-136.jar from CXF 2.1 and bcprov-jdk13-132.jar. I don't know why both are being loaded-maybe OpenSAML (which is not in 2.1) is the culprit, or xmlsec's upgrade from 1.3 to 1.4 or WSS4J's from 1.5.2 to 1.5.4-but either of the latter two causing this is rather doubtful.
(It might be nice also to upgrade to BC's 1.5 or 1.6 library at this time.)
Test case: Download my DoubleIt sample[1], place this dependency in the trunk/pom.xml, and from that run "mvn clean install" – you'll see the two BC libs in the service-war/target folder.
[1] http://glen.mazza.blog.googlepages.com/20080418DoubleIt.zip