[
https://issues.apache.org/jira/browse/CXF-6237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14304138#comment-14304138
]
Sergey Beryozkin edited comment on CXF-6237 at 2/3/15 10:22 PM:
----------------------------------------------------------------
If this issue is related to the fact that OpenSaml or Spring gets whatever it
needs from XmlSec 1.5 via one of the XmlSec 1.5 methods but fails to do so when
interacting with the same method in XmlSec 2.0.2 then it would identify a
possible XmlSec 2.0.2 backward compatibility issue and it can be addressed at
XmlSec level, with the XmlSec project being very much alive.
See what I mean ?
This is the only reason IMHO, the possible XmlSec issue, which may keep this
issue open - because you are right that in some complex mix ups, should XmlSec
2.0.2 indeed have some backward compatibility issues, then it might have
side-effects. Please do not get distracted by CXF - as I mentioned a couple of
reasons why CXF may be working with OpenSaml 2.6.1 and XmlSec 2.0.2.
Have I convinced you ? Try to find what exactly is causing the issue in a case
where CXF is not even used (as I suggested earlier) - if XmlSec 2.0.2 has
something to do with it then there's a chance it will be fixed in XmlSec
was (Author: sergey_beryozkin):
If this issue is related to the fact that OpenSaml or Spring gets whatever it
needs from XmlSec 1.5 via one of the XmlSec 1.5 methods but fails to do so when
interacting with the same method in XmlSec 2.0.2 then it would identify a
possible XmlSec 2.0.2 backward compatibility issue and it can be addressed at
XmlSec level, with the XmlSec project being very much alive.
See what I mean ?
This is the only reason IMHO, the possible XmlSec issue, which may keep this
issue open - because you are right that in some complex mix ups, should XmlSec
2.0.2 indeed have some backward compatibility issues, then it might have
side-effects. Please do not get distracted by CXF - as I mentioned a couple of
reasons why CXF may be working with OpenSaml 2.6.1 and XmlSec 2.0.2.
Have I convinced you ? Try to find what exactly is causing the issue in a case
where non CXF is not even used (as I suggested earlier) - if XmlSec 2.0.2 has
something to do with it then there's a chance it will be fixed in XmlSec
> CXF 3.0.3 rt-security has problems working with latest open saml version
> (2.6.1)
> --------------------------------------------------------------------------------
>
> Key: CXF-6237
> URL: https://issues.apache.org/jira/browse/CXF-6237
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS Security, WS-* Components
> Affects Versions: 3.0.3
> Reporter: moshiko kasirer
> Assignee: Colm O hEigeartaigh
>
> Hi,
> CXF-rt-ws-security 3.0.3 is working with wss4j of version:
> <cxf.wss4j.version>2.0.2</cxf.wss4j.version>
> an xmlsec version of version:
> <cxf.xmlsec.bundle.version>2.0.2</cxf.xmlsec.bundle.version>
> and open SAML of version:
> <cxf.opensaml.version>2.6.1</cxf.opensaml.version>
> that is problematic as from one hand CXF 3.0.3 is dependent on XMLSEC version
> 2.*+ and throws multiple no method exist exceptions when working with 1.5.5*
> XMLSEC versions
> and on the other hand the latest open SAML which is the CXF open saml version
> (2.6.1) fails on validating the SAML token when working with XMLSEC version
> 2.*
> so actually when working with both CXF 3 and OPEN SAML 2.6.1
> this will happen
> when working with xmlsec 1.5.* OPEN SAML works CXF fails
> when working with xmlsec 2.0.* CXF works OPEN SAML fails...
> you can see under open saml 2.6.1 that it holds xmlsec version 1.5.6 which is
> overrided by CXF and wss4j (2.0.2)
> can you please help me figure out a way to overcome this issue?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
