You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Daniel Kulp (JIRA)" <ji...@apache.org> on 2008/08/11 21:34:46 UTC
[jira] Commented: (CXF-1726) Upgrade from CXF 2.1 to CXF 2.1.1
results in two BouncyCastle JARs being used
[ https://issues.apache.org/jira/browse/CXF-1726?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12621563#action_12621563 ]
Daniel Kulp commented on CXF-1726:
----------------------------------
Glen,
I just tried this and I'm not seeing a duplicate jar with either 2.1.1 or 2.1.2-SNAPSHOT.
dkulp@dilbert ~/tmp/DoubleIt/trunk/service-war/target/doubleit/WEB-INF/lib $ ls
FastInfoset-1.2.2.jar geronimo-stax-api_1.0_spec-1.0.1.jar
XmlSchema-1.4.2.jar geronimo-ws-metadata_2.0_spec-1.1.2.jar
activation-1.1.jar jaxb-api-2.1.jar
aopalliance-1.0.jar jaxb-impl-2.1.7.jar
asm-2.2.3.jar jaxb-xjc-2.1.7.jar
avalon-framework-4.1.3.jar log4j-1.2.12.jar
bcprov-jdk14-136.jar logkit-1.0.1.jar
commons-lang-2.4.jar neethi-2.0.4.jar
commons-logging-1.1.jar opensaml-1.1.jar
cxf-api-2.1.2-SNAPSHOT.jar saaj-api-1.3.jar
cxf-common-schemas-2.1.2-SNAPSHOT.jar saaj-impl-1.3.jar
cxf-common-utilities-2.1.2-SNAPSHOT.jar servlet-api-2.3.jar
cxf-rt-bindings-soap-2.1.2-SNAPSHOT.jar spring-beans-2.0.8.jar
cxf-rt-bindings-xml-2.1.2-SNAPSHOT.jar spring-context-2.0.8.jar
cxf-rt-core-2.1.2-SNAPSHOT.jar spring-core-2.0.8.jar
cxf-rt-databinding-jaxb-2.1.2-SNAPSHOT.jar spring-web-2.0.8.jar
cxf-rt-frontend-jaxws-2.1.2-SNAPSHOT.jar stax-api-1.0-2.jar
cxf-rt-frontend-simple-2.1.2-SNAPSHOT.jar velocity-1.4.jar
cxf-rt-transports-http-2.1.2-SNAPSHOT.jar velocity-dep-1.4.jar
cxf-rt-ws-addr-2.1.2-SNAPSHOT.jar wsdl4j-1.6.2.jar
cxf-rt-ws-security-2.1.2-SNAPSHOT.jar wss4j-1.5.4.jar
cxf-tools-common-2.1.2-SNAPSHOT.jar wstx-asl-3.2.4.jar
geronimo-activation_1.1_spec-1.0.2.jar xalan-2.7.0.jar
geronimo-annotation_1.0_spec-1.1.1.jar xml-resolver-1.2.jar
geronimo-javamail_1.4_spec-1.3.jar xmlsec-1.4.0.jar
geronimo-jaxws_2.1_spec-1.0.jar
Is it possible you didn't do a "clean" between switching from 2.1 to 2.1.1?
> Upgrade from CXF 2.1 to CXF 2.1.1 results in two BouncyCastle JARs being used
> -----------------------------------------------------------------------------
>
> Key: CXF-1726
> URL: https://issues.apache.org/jira/browse/CXF-1726
> Project: CXF
> Issue Type: Bug
> Reporter: Glen Mazza
>
> Updating this dependency:
> <dependency>
> <groupId>org.apache.cxf</groupId>
> <artifactId>cxf-rt-ws-security</artifactId>
> <version>${cxf.version}</version>
> </dependency>
> From CXF 2.1 to 2.1.1 results into two Bouncy Castle jars being placed into the web service provider's WAR-- the usual bcprov-jdk14-136.jar from CXF 2.1 and bcprov-jdk13-132.jar. I don't know why both are being loaded--maybe OpenSAML (which is not in 2.1) is the culprit, or xmlsec's upgrade from 1.3 to 1.4 or WSS4J's from 1.5.2 to 1.5.4--but either of the latter two causing this is rather doubtful.
> (It might be nice also to upgrade to BC's 1.5 or 1.6 library at this time.)
> Test case: Download my DoubleIt sample[1], place this dependency in the trunk/pom.xml, and from that run "mvn clean install" -- you'll see the two BC libs in the service-war/target folder.
> [1] http://glen.mazza.blog.googlepages.com/20080418DoubleIt.zip
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.