cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (CXF-6237) CXF 3.0.3 rt-security has problems working with latest open saml version (2.6.1)
Date Tue, 03 Feb 2015 22:22:34 GMT

    [ https://issues.apache.org/jira/browse/CXF-6237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14304138#comment-14304138
] 

Sergey Beryozkin edited comment on CXF-6237 at 2/3/15 10:22 PM:
----------------------------------------------------------------

If this issue is related to the fact that OpenSaml or Spring gets whatever it needs from XmlSec
1.5 via one of the XmlSec 1.5 methods but fails to do so when interacting with the same method
in XmlSec 2.0.2 then it would identify a possible XmlSec 2.0.2 backward compatibility issue
and it can be addressed at XmlSec level, with the XmlSec project being very much alive.
See what I mean ? 

This is the only reason IMHO, the possible XmlSec issue, which may keep this issue open -
because you are right that in some complex mix ups, should XmlSec 2.0.2 indeed have some backward
compatibility issues, then it might have side-effects. Please do not get distracted by CXF
- as I mentioned a couple of reasons why CXF may be working with OpenSaml 2.6.1 and XmlSec
2.0.2. 

Have I convinced you ? Try to find what exactly is causing the issue in a case where CXF is
not even used (as I suggested earlier) - if XmlSec 2.0.2 has something to do with it then
there's a chance it will be fixed in XmlSec  


was (Author: sergey_beryozkin):
If this issue is related to the fact that OpenSaml or Spring gets whatever it needs from XmlSec
1.5 via one of the XmlSec 1.5 methods but fails to do so when interacting with the same method
in XmlSec 2.0.2 then it would identify a possible XmlSec 2.0.2 backward compatibility issue
and it can be addressed at XmlSec level, with the XmlSec project being very much alive.
See what I mean ? 

This is the only reason IMHO, the possible XmlSec issue, which may keep this issue open -
because you are right that in some complex mix ups, should XmlSec 2.0.2 indeed have some backward
compatibility issues, then it might have side-effects. Please do not get distracted by CXF
- as I mentioned a couple of reasons why CXF may be working with OpenSaml 2.6.1 and XmlSec
2.0.2. 

Have I convinced you ? Try to find what exactly is causing the issue in a case where non CXF
is not even used (as I suggested earlier) - if XmlSec 2.0.2 has something to do with it then
there's a chance it will be fixed in XmlSec  

> CXF 3.0.3 rt-security has problems working with latest open saml version (2.6.1)
> --------------------------------------------------------------------------------
>
>                 Key: CXF-6237
>                 URL: https://issues.apache.org/jira/browse/CXF-6237
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS Security, WS-* Components
>    Affects Versions: 3.0.3
>            Reporter: moshiko kasirer
>            Assignee: Colm O hEigeartaigh
>
> Hi, 
> CXF-rt-ws-security 3.0.3 is working with wss4j of version: 
> <cxf.wss4j.version>2.0.2</cxf.wss4j.version>
> an xmlsec version of version:
> <cxf.xmlsec.bundle.version>2.0.2</cxf.xmlsec.bundle.version>
> and open SAML of version:
> <cxf.opensaml.version>2.6.1</cxf.opensaml.version>
> that is problematic as from one hand CXF 3.0.3 is dependent on XMLSEC version 2.*+ and
throws multiple no method exist exceptions when working with 1.5.5*  XMLSEC versions
> and on the other hand the latest open SAML which is the CXF open saml version (2.6.1)
fails on validating the SAML token when working with XMLSEC version 2.*
> so actually when working with both CXF 3 and OPEN SAML 2.6.1 
> this will happen 
> when working with xmlsec 1.5.*  OPEN SAML works CXF fails   
> when working with xmlsec 2.0.*  CXF works OPEN SAML fails...
> you can see under open saml 2.6.1 that it holds xmlsec version 1.5.6 which is overrided
by CXF and wss4j (2.0.2)
> can you please help me figure out a way to overcome this issue?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message