cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From conflue...@apache.org
Subject [CONF] Apache CXF Documentation > 2.4 Migration Guide
Date Fri, 11 Mar 2011 11:05:00 GMT
<html>
<head>
    <base href="https://cwiki.apache.org/confluence">
            <link rel="stylesheet" href="/confluence/s/2036/9/1/_/styles/combined.css?spaceKey=CXF20DOC&amp;forWysiwyg=true"
type="text/css">
    </head>
<body style="background: white;" bgcolor="white" class="email-body">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
    <h2><a href="https://cwiki.apache.org/confluence/display/CXF20DOC/2.4+Migration+Guide">2.4
Migration Guide</a></h2>
    <h4>Page <b>edited</b> by             <a href="https://cwiki.apache.org/confluence/display/~coheigea@apache.org">Colm
O hEigeartaigh</a>
    </h4>
        <br/>
                         <h4>Changes (3)</h4>
                                 
    
<div id="page-diffs">
                    <table class="diff" cellpadding="0" cellspacing="0">
    
            <tr><td class="diff-snipped" >...<br></td></tr>
            <tr><td class="diff-unchanged" >* JIBX databinding <br>* Faster
startup and reduced spring configuration.  The Spring support has been redone to be based
on the ExtensionManagerBus.  This results in much faster startup.   It also means that all
of the imports of META-INF/cxf/cxf-extension-*.xml are no longer needed and are deprecated.
<br></td></tr>
            <tr><td class="diff-added-lines" style="background-color: #dfd;">*
Improved SAML support, including support for SAML2 tokens. <br></td></tr>
            <tr><td class="diff-unchanged" > <br> <br></td></tr>
            <tr><td class="diff-snipped" >...<br></td></tr>
            <tr><td class="diff-unchanged" >* WSS4J has been updated from 1.5.x
to 1.6. <br> <br></td></tr>
            <tr><td class="diff-deleted-lines" style="color:#999;background-color:#fdd;text-decoration:line-through;">See
[Colm&#39;s blog|http://coheigea.blogspot.com/] for and ongoing list of things that are
happening in WSS4J 1.6.   This page will be updated as that solidifies. <br></td></tr>
            <tr><td class="diff-added-lines" style="background-color: #dfd;">See
[here|http://ws.apache.org/wss4j/wss4j16.html] (not yet live) for the list of new features
and upgrade notes for Apache WSS4J 1.6. Also <br>see [Colm&#39;s blog|http://coheigea.blogspot.com/]
for an ongoing list of things that are happening in WSS4J 1.6. Some notable new features for
CXF users include: <br> ** SAML2 support: WSS4J 1.6 includes full support for creating,
manipulating and parsing SAML2 assertions, via the Opensaml2 library. See [here|http://coheigea.blogspot.com/2011/02/support-for-saml2-assertions-in-wss4j.html]
for more information. <br> ** Performance work: A general code-rewrite has been done
with a focus on improving performance.  <br> ** Support for Crypto trust-stores: WSS4J
1.6 separates the concept of keystore and truststores. See [here|http://coheigea.blogspot.com/2011/01/wss4j-16-crypto-property-change.html]
and [here|http://coheigea.blogspot.com/2011/02/wss4j-16-changes-to-crypto-interface.html]
for more information. <br>Some upgrade notes to be aware of include: <br> ** The
default CA certs that ship with the JDK are now not loaded by default by the Crypto implementation.
<br> ** The way of creating SAML assertions via a properties file has completely changed.
 <br> ** WSS4J 1.5.x ignored (enveloped) signatures on SAML (1.1) assertions - this
is no longer the case, so deployments which do not set the correct keystore/truststore config
for dealing with signature verification will fail.  <br> ** The SAMLTokenProcessor no
longer saves all tokens as an &quot;WSConstants.ST_UNSIGNED&quot; action. It saves
tokens that do not have an enveloped signature as this action, and token which do have an
enveloped signature are saved as a &quot;WSConstants.ST_SIGNED&quot; action. The object
that is saved has changed from an Opensaml1 specific Assertion object, to an AssertionWrapper
instance, which is a WSS4J specific object which encapsulates an Assertion, as well as some
information corresponding to signature verification, etc.  <br> ** The way that UsernameTokens
are processed has been changed. See [here|http://coheigea.blogspot.com/2011/02/usernametoken-processing-changes-in.html]
for more information. The callbackhandler identifier for plaintext passwords is now WSPasswordCallback.USERNAME_TOKEN,
the same as the digest case. The CallbackHandler implementation only sets the password on
the callback, and never does any validation of the password. <br> ** Some changes have
been made to the WSPasswordCallback identifiers. See [here|http://coheigea.blogspot.com/2011/02/wspasswordcallback-changes-in-wss4j-16.html]
for more information. <br></td></tr>
            <tr><td class="diff-unchanged" > <br>* Neethi has been upgraded
from 2.0.x to 3.0.    Due to deficiencies and restrictions in the Neethi 2.0.x API&#39;s,
CXF has maintained a semi-fork of various parts of Neethi in the org.apache.cxf.ws.policy
packages.   With CXF 2.4.x and Neethi 3.0, the deficiencies in Neethi have been addressed
and the forked changes have been pushed down into Neethi and CXF can better leverage enhancements
and new functionality in Neethi directly without duplicating functionality.    If you write
custom policies for CXF, some changes will be required.  These include: <br></td></tr>
            <tr><td class="diff-snipped" >...<br></td></tr>
    
            </table>
    </div>                            <h4>Full Content</h4>
                    <div class="notificationGreySide">
        <h3><a name="2.4MigrationGuide-NewFeatures"></a>New Features</h3>

<ul>
	<li>LogBrowser console</li>
	<li>Transformation feature provides for a fast and effective way to transform inbound
and/or outbound XML messages, please see the <a href="/confluence/display/CXF20DOC/TransformationFeature"
title="TransformationFeature">TransformationFeature</a> page for more information.</li>
	<li>JIBX databinding</li>
	<li>Faster startup and reduced spring configuration.  The Spring support has been redone
to be based on the ExtensionManagerBus.  This results in much faster startup.   It also means
that all of the imports of META-INF/cxf/cxf-extension-*.xml are no longer needed and are deprecated.</li>
	<li>Improved SAML support, including support for SAML2 tokens.</li>
</ul>



<h3><a name="2.4MigrationGuide-APIChanges"></a>API Changes</h3>

<ul>
	<li>GZIP related interceptors/features have been moved out  of the http module so they
are usable with other transports such as JMS.  As such, their package has changed from org.apache.cxf.transport.http.gzip
to org.apache.cxf.transport.common.gzip</li>
</ul>


<ul>
	<li>XmlSchema has been updated from 1.4.x to 2.0.   As such, any use of XmlSchema classes
may have changed.  In particular, XmlSchema 2.0 uses Java 5 collections which changes how
it's used.   Also, many static utility methods that existed in org.apache.cxf.common.xmlschema.XmlSchemaUtils
have now been merged directly into the XmlSchema API's and are no longer needed or available.</li>
</ul>


<ul>
	<li>WSS4J has been updated from 1.5.x to 1.6.</li>
</ul>


<p>See <a href="http://ws.apache.org/wss4j/wss4j16.html" class="external-link" rel="nofollow">here</a>
(not yet live) for the list of new features and upgrade notes for Apache WSS4J 1.6. Also<br/>
see <a href="http://coheigea.blogspot.com/" class="external-link" rel="nofollow">Colm's
blog</a> for an ongoing list of things that are happening in WSS4J 1.6. Some notable
new features for CXF users include:</p>
<ul>
	<li>
	<ul>
		<li>SAML2 support: WSS4J 1.6 includes full support for creating, manipulating and
parsing SAML2 assertions, via the Opensaml2 library. See <a href="http://coheigea.blogspot.com/2011/02/support-for-saml2-assertions-in-wss4j.html"
class="external-link" rel="nofollow">here</a> for more information.</li>
		<li>Performance work: A general code-rewrite has been done with a focus on improving
performance.</li>
		<li>Support for Crypto trust-stores: WSS4J 1.6 separates the concept of keystore and
truststores. See <a href="http://coheigea.blogspot.com/2011/01/wss4j-16-crypto-property-change.html"
class="external-link" rel="nofollow">here</a> and <a href="http://coheigea.blogspot.com/2011/02/wss4j-16-changes-to-crypto-interface.html"
class="external-link" rel="nofollow">here</a> for more information.<br/>
Some upgrade notes to be aware of include:</li>
		<li>The default CA certs that ship with the JDK are now not loaded by default by the
Crypto implementation.</li>
		<li>The way of creating SAML assertions via a properties file has completely changed.</li>
		<li>WSS4J 1.5.x ignored (enveloped) signatures on SAML (1.1) assertions - this is
no longer the case, so deployments which do not set the correct keystore/truststore config
for dealing with signature verification will fail.</li>
		<li>The SAMLTokenProcessor no longer saves all tokens as an "WSConstants.ST_UNSIGNED"
action. It saves tokens that do not have an enveloped signature as this action, and token
which do have an enveloped signature are saved as a "WSConstants.ST_SIGNED" action. The object
that is saved has changed from an Opensaml1 specific Assertion object, to an AssertionWrapper
instance, which is a WSS4J specific object which encapsulates an Assertion, as well as some
information corresponding to signature verification, etc.</li>
		<li>The way that UsernameTokens are processed has been changed. See <a href="http://coheigea.blogspot.com/2011/02/usernametoken-processing-changes-in.html"
class="external-link" rel="nofollow">here</a> for more information. The callbackhandler
identifier for plaintext passwords is now WSPasswordCallback.USERNAME_TOKEN, the same as the
digest case. The CallbackHandler implementation only sets the password on the callback, and
never does any validation of the password.</li>
		<li>Some changes have been made to the WSPasswordCallback identifiers. See <a href="http://coheigea.blogspot.com/2011/02/wspasswordcallback-changes-in-wss4j-16.html"
class="external-link" rel="nofollow">here</a> for more information.</li>
	</ul>
	</li>
</ul>


<ul>
	<li>Neethi has been upgraded from 2.0.x to 3.0.    Due to deficiencies and restrictions
in the Neethi 2.0.x API's, CXF has maintained a semi-fork of various parts of Neethi in the
org.apache.cxf.ws.policy packages.   With CXF 2.4.x and Neethi 3.0, the deficiencies in Neethi
have been addressed and the forked changes have been pushed down into Neethi and CXF can better
leverage enhancements and new functionality in Neethi directly without duplicating functionality.
   If you write custom policies for CXF, some changes will be required.  These include:
	<ul>
		<li>The CXF AssertionBuilder interface has been removed.   We now use the Neethi AssertionBuilders
and Assertions directly.</li>
		<li>The "getPolicy()" method of PolicyAssertion has been removed.  Policies that can
contain nested policies should implement the Neethi PolicyContainingAssertion interface directly.</li>
		<li>Neethi has been updated to be able to process WS-Policy 1.5 policies.  Thus, the
Assertion interface now has a isIgnorable() method that must be implemented.  An implementation
of returning false should be adequate and compatible with previous behavior.</li>
		<li>With the removal of the CXF AssertionBuilder and the implementation if the intersection
algorithm in Neethi, the "buildCompatible" method that was on the CXF AssertionBuilder is
no longer needed.   If a policy needs a custom intersect algorithm, they can now implement
the Neethi IntersectableAssertion interface.</li>
		<li>All locations in CXF that expected the CXF specific PolicyAssertion now expect
a normal Neethi Assertion.   If the Assertion needs specific logic to determine if it's been
asserted, it can implement the CXF PolicyAssertion interface, otherwise the default logic
will be used.</li>
		<li>Since Neethi has been updated to use Java 5 generics, you may need to update and
casts and warnings that may occur when calling the new methods that are now typed.</li>
	</ul>
	</li>
</ul>


<ul>
	<li>CXF JAX-RS Search extensions: org.apache.cxf.jaxrs.ext.search.SearchContext has
a new getSearchExpression method returning the raw search query; org.apache.cxf.jaxrs.ext.search.SearchCondition
has its toSQL method deprecated and a new accept method added. Please see <a href="http://cxf.apache.org/docs/jax-rs-advanced-features.html#JAX-RSAdvancedFeatures-FIQLsearchqueries"
class="external-link" rel="nofollow">this page</a> for more information.</li>
</ul>



<h3><a name="2.4MigrationGuide-RuntimeChanges"></a>Runtime Changes</h3>

<ul>
	<li>The ExtensionManagerBus (mostly used when Spring is not available) has been updated
to completely support all the features including the WS-SecurityPolicy, WS-RM, etc... features.
  Previous WSDL documents that contained policy fragments may now behave differently as the
policies will be enforced.</li>
</ul>


<h3><a name="2.4MigrationGuide-PropertyChanges"></a>Property Changes</h3>

<p>The "ws-security.ut.no-callbacks" property has been renamed to "ws-security.validate.token"
and thus in order to configure the CXF WS-Security interceptors to postpone the validation
of the current (UT) token one needs to set a "ws-security.validate.token" to false. <br/>
Please see this <a href="/confluence/display/CXF20DOC/Security#Security-WSSecurityUsernameTokenandCustomAuthentication">section</a>
for more information.</p>
    </div>
        <div id="commentsSection" class="wiki-content pageSection">
        <div style="float: right;">
            <a href="https://cwiki.apache.org/confluence/users/viewnotifications.action"
class="grey">Change Notification Preferences</a>
        </div>
        <a href="https://cwiki.apache.org/confluence/display/CXF20DOC/2.4+Migration+Guide">View
Online</a>
        |
        <a href="https://cwiki.apache.org/confluence/pages/diffpagesbyversion.action?pageId=24190088&revisedVersion=12&originalVersion=11">View
Changes</a>
                |
        <a href="https://cwiki.apache.org/confluence/display/CXF20DOC/2.4+Migration+Guide?showComments=true&amp;showCommentArea=true#addcomment">Add
Comment</a>
            </div>
</div>
</div>
</div>
</div>
</body>
</html>

Mime
View raw message