geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Bohn <>
Subject CXF 2.0.7 for G 2.1.2? - [Fwd: Re: Re: Re: Using WS-Security with Geronimo 2.1.1]
Date Tue, 08 Jul 2008 18:21:44 GMT
Should we be considering CXF 2.0.7 for Geronimo 2.1.2? Does anybody know 
of specific reasons to move to 2.0.7 or hold at 2.0.6?


Reference this portion of post by Dan Kulp on the user list:

-------- Original Message --------
Subject: Re: Re: Re: Using WS-Security with Geronimo 2.1.1
Date: Tue, 8 Jul 2008 11:10:07 -0700 (PDT)
From: Daniel Kulp <>

Geronimo pretty much includes just the parts of CXF that are needed to pass
the JAX-WS parts of the TCK.   It doesn't include the "extra" things like
ws-addressing, ws-security, ws-rm, aegis databinding, etc....    Geronimo
didn't need them so they didn't pull them in.

When adding the jar like that, keep in mind that you may need other
dependencies like wss4j, xml-sec, etc.. that ws-security requires that might
not be shipped with Geronimo.

One thing to keep in mind is that the CXF ws-security implementation (and
the Axis2/Rampart implementation as well) is based on WSS4J which isn't up
to WS-Security 1.1 level yet.   Some of the profiles it supports are "close"
to 1.1 levels, but for the most part, it's 1.0.   A note to the wss4j dev
list ( would probably a good start to figure out
what wss4j supports.

That said, it would be great if Geronimo could update to CXF 2.0.7
(non-incubator) for a 2.1.2 release.


View raw message