We have upgraded Spring Security to 4.0.3. However we see that cxf-api and cxf bundle is not upgraded to use it.
cxf-core is upgraded to support Spring Security
However we require cxf-core as well as cxf-bundle(for cxf stubbing wsdl2Java)
The issue is that StringBeanDefinitionParser is present in both the these jars with same package name and contents. with one major difference
StringBeanDefinitionParser in cxf-core has below line
StringBeanDefinitionParser in cxf-bundle has below line
Always the StringBeanDefinitionParser in cxf-bindle takes precedence and the war deployment fails.
cxf should make these method calls consistent to cope up with upgraded spring security version
Don't understand why this was missed.