1.5.5 release?

[Fred Dushin <fa...@apache.org>]

Dan Kulp spotted a problem with the 1.5.4 release, which I'd like to  
fix ASAP.  Apparently this is causing a lot of problems for CXF and  
ServiceMix, though there will likely be others.

The issue comes down to a dependency on OpenSAML libraries at init  
time.  As part of the work to make processors replaceable, I changed  
the hard-coded class names (string constants) to XXX.class.getName().   
This static code gets loaded at load time of the WSSConfig class,  
which is central to the toolkit, and one of the class names is a  
processor, which appears to have a static dependency on an openSAML  
type.  If the openSAML JAR can't be found, then toolkit initialization  
fails.

Currently, the opensaml JARs are not deployed into central, which is a  
problem for projects that can't find the JARs elsewhere (such as a  
local mirror of central).

So one thing I'd like to do is fix the immediate problem, so that we  
can avoid reliance on opensaml as a deployemnt requirement.  We can  
also work on deploying the opensaml JAR and POM to central, and I've  
got an email out to Scott Cantor on that.  But I'd prefer to make the  
fix, as well.

There are a few other misc issues that could go into a 1.5.5 release.   
Can anyone identify any others?  And would we be open for a 1.5.5  
release, hot on the heels of 1.5.4?  I'd be willing to spin the  
release (though I did loose a script I wrote as a result of a disk  
failure, so I'd have to make up some lost ground).

Let me know what you all think.  This opensaml issue could be a  
problem for other mavenized projects that depend on WSS4J.

-Fred

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

Re: 1.5.5 release?

[Daniel Kulp <dk...@apache.org>]

On Jun 10, 2008, at 3:05 PM, Nandana Mihindukulasooriya wrote:

> On Tue, Jun 10, 2008 at 2:40 PM, O hEigeartaigh, Colm <Colm.OhEigeartaigh@iona.com 
> > wrote:
>
> > There are a few other misc issues that could go into a 1.5.5  
> release.
>
> > Can anyone identify any others?
>
> Currently there are 5 issues marked as "fix for 1.5.5":
>
> http://issues.apache.org/jira/secure/IssueNavigator.jspa?reset=true&mode
> =hide&sorter/order=DESC&sorter/ 
> field=priority&resolution=-1&pid=12310063
> &fixfor=12313215
>
> We should possibly look into upgrading bouncycastle (WSS-125) and
> xmlsec?
>
> +1,  we use xml-sec 1.4.1 with WSS4J 1.5.4 in Rampart and works  
> fine. We haven't tested yet with bouncycastle 1.36/1.39 but will do  
> soon.
>

I'm only OK with 1.4.1 if it can get put into central before then.   
opensaml not being there is already causing issues for me.


Dan


> I think we can also close the following issues:
>
> http://issues.apache.org/jira/browse/WSS-23
> http://issues.apache.org/jira/browse/WSS-64
> http://issues.apache.org/jira/browse/WSS-42
> http://issues.apache.org/jira/browse/WSS-99
>
>
> > And would we be open for a 1.5.5 release, hot on the heels of 1.5.4?
>
> +1 from me, forcing projects to have the opensaml jar available is
> something we should fix asap.
>
> What would be the time line for 1.5.5 release ?
>
> thanks,
> nandana
>
>
> -----Original Message-----
> From: Fred Dushin [mailto:fadushin@apache.org]
> Sent: 09 June 2008 22:24
> To: wss4j-dev
> Subject: 1.5.5 release?
>
> Dan Kulp spotted a problem with the 1.5.4 release, which I'd like to
> fix ASAP.  Apparently this is causing a lot of problems for CXF and
> ServiceMix, though there will likely be others.
>
> The issue comes down to a dependency on OpenSAML libraries at init
> time.  As part of the work to make processors replaceable, I changed
> the hard-coded class names (string constants) to XXX.class.getName().
> This static code gets loaded at load time of the WSSConfig class,
> which is central to the toolkit, and one of the class names is a
> processor, which appears to have a static dependency on an openSAML
> type.  If the openSAML JAR can't be found, then toolkit initialization
> fails.
>
> Currently, the opensaml JARs are not deployed into central, which is a
> problem for projects that can't find the JARs elsewhere (such as a
> local mirror of central).
>
> So one thing I'd like to do is fix the immediate problem, so that we
> can avoid reliance on opensaml as a deployemnt requirement.  We can
> also work on deploying the opensaml JAR and POM to central, and I've
> got an email out to Scott Cantor on that.  But I'd prefer to make the
> fix, as well.
>
> There are a few other misc issues that could go into a 1.5.5 release.
> Can anyone identify any others?  And would we be open for a 1.5.5
> release, hot on the heels of 1.5.4?  I'd be willing to spin the
> release (though I did loose a script I wrote as a result of a disk
> failure, so I'd have to make up some lost ground).
>
> Let me know what you all think.  This opensaml issue could be a
> problem for other mavenized projects that depend on WSS4J.
>
> -Fred
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
> ----------------------------
> IONA Technologies PLC (registered in Ireland)
> Registered Number: 171387
> Registered Address: The IONA Building, Shelbourne Road, Dublin 4,  
> Ireland
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
>
>
> -- 
> Nandana Mihindukulasooriya
> WSO2 inc.
>
> http://nandana83.blogspot.com/

---
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog





---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

Re: 1.5.5 release?

[Nandana Mihindukulasooriya <na...@gmail.com>]

On Tue, Jun 10, 2008 at 2:40 PM, O hEigeartaigh, Colm <
Colm.OhEigeartaigh@iona.com> wrote:

>
> > There are a few other misc issues that could go into a 1.5.5 release.
>
> > Can anyone identify any others?
>
> Currently there are 5 issues marked as "fix for 1.5.5":
>
> http://issues.apache.org/jira/secure/IssueNavigator.jspa?reset=true&mode
> =hide&sorter/order=DESC&sorter/field=priority&resolution=-1&pid=12310063
> &fixfor=12313215<http://issues.apache.org/jira/secure/IssueNavigator.jspa?reset=true&mode=hide&sorter/order=DESC&sorter/field=priority&resolution=-1&pid=12310063&fixfor=12313215>
>
> We should possibly look into upgrading bouncycastle (WSS-125) and
> xmlsec?


+1,  we use xml-sec 1.4.1 with WSS4J 1.5.4 in Rampart and works fine. We
haven't tested yet with bouncycastle 1.36/1.39 but will do soon.

I think we can also close the following issues:
>
> http://issues.apache.org/jira/browse/WSS-23
> http://issues.apache.org/jira/browse/WSS-64
> http://issues.apache.org/jira/browse/WSS-42
> http://issues.apache.org/jira/browse/WSS-99
>


> > And would we be open for a 1.5.5 release, hot on the heels of 1.5.4?
>
> +1 from me, forcing projects to have the opensaml jar available is
> something we should fix asap.


What would be the time line for 1.5.5 release ?

thanks,
nandana



> -----Original Message-----
> From: Fred Dushin [mailto:fadushin@apache.org]
> Sent: 09 June 2008 22:24
> To: wss4j-dev
> Subject: 1.5.5 release?
>
> Dan Kulp spotted a problem with the 1.5.4 release, which I'd like to
> fix ASAP.  Apparently this is causing a lot of problems for CXF and
> ServiceMix, though there will likely be others.
>
> The issue comes down to a dependency on OpenSAML libraries at init
> time.  As part of the work to make processors replaceable, I changed
> the hard-coded class names (string constants) to XXX.class.getName().
> This static code gets loaded at load time of the WSSConfig class,
> which is central to the toolkit, and one of the class names is a
> processor, which appears to have a static dependency on an openSAML
> type.  If the openSAML JAR can't be found, then toolkit initialization
> fails.
>
> Currently, the opensaml JARs are not deployed into central, which is a
> problem for projects that can't find the JARs elsewhere (such as a
> local mirror of central).
>
> So one thing I'd like to do is fix the immediate problem, so that we
> can avoid reliance on opensaml as a deployemnt requirement.  We can
> also work on deploying the opensaml JAR and POM to central, and I've
> got an email out to Scott Cantor on that.  But I'd prefer to make the
> fix, as well.
>
> There are a few other misc issues that could go into a 1.5.5 release.
> Can anyone identify any others?  And would we be open for a 1.5.5
> release, hot on the heels of 1.5.4?  I'd be willing to spin the
> release (though I did loose a script I wrote as a result of a disk
> failure, so I'd have to make up some lost ground).
>
> Let me know what you all think.  This opensaml issue could be a
> problem for other mavenized projects that depend on WSS4J.
>
> -Fred
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
> ----------------------------
> IONA Technologies PLC (registered in Ireland)
> Registered Number: 171387
> Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>


-- 
Nandana Mihindukulasooriya
WSO2 inc.

http://nandana83.blogspot.com/

RE: 1.5.5 release?

["O hEigeartaigh, Colm" <Co...@iona.com>]

> There are a few other misc issues that could go into a 1.5.5 release.

> Can anyone identify any others? 

Currently there are 5 issues marked as "fix for 1.5.5":

http://issues.apache.org/jira/secure/IssueNavigator.jspa?reset=true&mode
=hide&sorter/order=DESC&sorter/field=priority&resolution=-1&pid=12310063
&fixfor=12313215

We should possibly look into upgrading bouncycastle (WSS-125) and
xmlsec?

I think we can also close the following issues:

http://issues.apache.org/jira/browse/WSS-23
http://issues.apache.org/jira/browse/WSS-64
http://issues.apache.org/jira/browse/WSS-42
http://issues.apache.org/jira/browse/WSS-99

> And would we be open for a 1.5.5 release, hot on the heels of 1.5.4?

+1 from me, forcing projects to have the opensaml jar available is
something we should fix asap.

Colm.

-----Original Message-----
From: Fred Dushin [mailto:fadushin@apache.org] 
Sent: 09 June 2008 22:24
To: wss4j-dev
Subject: 1.5.5 release?

Dan Kulp spotted a problem with the 1.5.4 release, which I'd like to  
fix ASAP.  Apparently this is causing a lot of problems for CXF and  
ServiceMix, though there will likely be others.

The issue comes down to a dependency on OpenSAML libraries at init  
time.  As part of the work to make processors replaceable, I changed  
the hard-coded class names (string constants) to XXX.class.getName().   
This static code gets loaded at load time of the WSSConfig class,  
which is central to the toolkit, and one of the class names is a  
processor, which appears to have a static dependency on an openSAML  
type.  If the openSAML JAR can't be found, then toolkit initialization  
fails.

Currently, the opensaml JARs are not deployed into central, which is a  
problem for projects that can't find the JARs elsewhere (such as a  
local mirror of central).

So one thing I'd like to do is fix the immediate problem, so that we  
can avoid reliance on opensaml as a deployemnt requirement.  We can  
also work on deploying the opensaml JAR and POM to central, and I've  
got an email out to Scott Cantor on that.  But I'd prefer to make the  
fix, as well.

There are a few other misc issues that could go into a 1.5.5 release.   
Can anyone identify any others?  And would we be open for a 1.5.5  
release, hot on the heels of 1.5.4?  I'd be willing to spin the  
release (though I did loose a script I wrote as a result of a disk  
failure, so I'd have to make up some lost ground).

Let me know what you all think.  This opensaml issue could be a  
problem for other mavenized projects that depend on WSS4J.

-Fred

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

----------------------------
IONA Technologies PLC (registered in Ireland)
Registered Number: 171387
Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org