cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Glen Mazza (JIRA)" <j...@apache.org>
Subject [jira] Commented: (CXF-1726) Upgrade from CXF 2.1 to CXF 2.1.1 results in two BouncyCastle JARs being used
Date Tue, 12 Aug 2008 01:54:44 GMT

    [ https://issues.apache.org/jira/browse/CXF-1726?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12621668#action_12621668
] 

Glen Mazza commented on CXF-1726:
---------------------------------

No--I'm still getting two jars in /WEB-INF/lib -- bcprov-jdk13-132.jar and bcprov-jdk14-136.jar.
 And it isn't just me[1].  I nearly always run "mvn clean install", and certainly did below
when duplicating the issue.  (I don't think that would be it anyway, because 2.1 doesn't import
BC 1.3 -- it uses only 1.4 anyway.)

My exact steps (I'm using Ubuntu, if it matters):

1.) Download and extract the zip file.
2.) In the DoubleIt/trunk/pom.xml, add the dependency listed I gave earlier into the *CXF
Profile's* dependency section (not the Metro profile)
3.) from the DoubleIt/trunk folder, run "mvn clean install"
4.) Navigate to the service-war/target/doubleit.war, and open up the "lib" folder.  You should
see those two files.

Glen

[1] http://tinyurl.com/596h2v

> Upgrade from CXF 2.1 to CXF 2.1.1 results in two BouncyCastle JARs being used
> -----------------------------------------------------------------------------
>
>                 Key: CXF-1726
>                 URL: https://issues.apache.org/jira/browse/CXF-1726
>             Project: CXF
>          Issue Type: Bug
>            Reporter: Glen Mazza
>
> Updating this dependency:
> <dependency>
>    <groupId>org.apache.cxf</groupId>
>    <artifactId>cxf-rt-ws-security</artifactId>
>    <version>${cxf.version}</version>
> </dependency>
> From CXF 2.1 to 2.1.1 results into two Bouncy Castle jars being placed into the web service
provider's WAR-- the usual bcprov-jdk14-136.jar from CXF 2.1 and bcprov-jdk13-132.jar.  I
don't know why both are being loaded--maybe OpenSAML (which is not in 2.1) is the culprit,
or xmlsec's upgrade from 1.3 to 1.4 or WSS4J's from 1.5.2 to 1.5.4--but either of the latter
two causing this is rather doubtful.
> (It might be nice also to upgrade to BC's 1.5 or 1.6 library at this time.)
> Test case:  Download my DoubleIt sample[1], place this dependency in the trunk/pom.xml,
and from that run "mvn clean install" -- you'll see the two BC libs in the service-war/target
folder.
> [1] http://glen.mazza.blog.googlepages.com/20080418DoubleIt.zip

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message