You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Glen Mazza (JIRA)" <ji...@apache.org> on 2008/07/29 03:00:34 UTC
[jira] Created: (CXF-1726) Upgrade from CXF 2.1 to CXF 2.1.1
results in two BouncyCastle JARs being used
Upgrade from CXF 2.1 to CXF 2.1.1 results in two BouncyCastle JARs being used
-----------------------------------------------------------------------------
Key: CXF-1726
URL: https://issues.apache.org/jira/browse/CXF-1726
Project: CXF
Issue Type: Bug
Reporter: Glen Mazza
Updating this dependency:
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-ws-security</artifactId>
<version>${cxf.version}</version>
</dependency>
>From CXF 2.1 to 2.1.1 results into two Bouncy Castle jars being placed into the web service provider's WAR-- the usual bcprov-jdk14-136.jar from CXF 2.1 and bcprov-jdk13-132.jar. I don't know why both are being loaded--maybe OpenSAML (which is not in 2.1) is the culprit, or xmlsec's upgrade from 1.3 to 1.4 or WSS4J's from 1.5.2 to 1.5.4--but either of the latter two causing this is rather doubtful.
(It might be nice also to upgrade to BC's 1.5 or 1.6 library at this time.)
Test case: Download my DoubleIt sample[1], place this dependency in the trunk/pom.xml, and from that run "mvn clean install" -- you'll see the two BC libs in the service-war/target folder.
[1] http://glen.mazza.blog.googlepages.com/20080418DoubleIt.zip
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (CXF-1726) Upgrade from CXF 2.1 to CXF 2.1.1
results in two BouncyCastle JARs being used
Posted by "Daniel Kulp (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-1726?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12621677#action_12621677 ]
Daniel Kulp commented on CXF-1726:
----------------------------------
Looks like it's a java6 thing. Doesn't appear with java 5, but does with java 6. :-(
> Upgrade from CXF 2.1 to CXF 2.1.1 results in two BouncyCastle JARs being used
> -----------------------------------------------------------------------------
>
> Key: CXF-1726
> URL: https://issues.apache.org/jira/browse/CXF-1726
> Project: CXF
> Issue Type: Bug
> Reporter: Glen Mazza
>
> Updating this dependency:
> <dependency>
> <groupId>org.apache.cxf</groupId>
> <artifactId>cxf-rt-ws-security</artifactId>
> <version>${cxf.version}</version>
> </dependency>
> From CXF 2.1 to 2.1.1 results into two Bouncy Castle jars being placed into the web service provider's WAR-- the usual bcprov-jdk14-136.jar from CXF 2.1 and bcprov-jdk13-132.jar. I don't know why both are being loaded--maybe OpenSAML (which is not in 2.1) is the culprit, or xmlsec's upgrade from 1.3 to 1.4 or WSS4J's from 1.5.2 to 1.5.4--but either of the latter two causing this is rather doubtful.
> (It might be nice also to upgrade to BC's 1.5 or 1.6 library at this time.)
> Test case: Download my DoubleIt sample[1], place this dependency in the trunk/pom.xml, and from that run "mvn clean install" -- you'll see the two BC libs in the service-war/target folder.
> [1] http://glen.mazza.blog.googlepages.com/20080418DoubleIt.zip
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (CXF-1726) Upgrade from CXF 2.1 to CXF 2.1.1
results in two BouncyCastle JARs being used
Posted by "Daniel Kulp (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-1726?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Daniel Kulp resolved CXF-1726.
------------------------------
Resolution: Fixed
Fix Version/s: 2.1.2
Assignee: Daniel Kulp
> Upgrade from CXF 2.1 to CXF 2.1.1 results in two BouncyCastle JARs being used
> -----------------------------------------------------------------------------
>
> Key: CXF-1726
> URL: https://issues.apache.org/jira/browse/CXF-1726
> Project: CXF
> Issue Type: Bug
> Reporter: Glen Mazza
> Assignee: Daniel Kulp
> Fix For: 2.1.2
>
>
> Updating this dependency:
> <dependency>
> <groupId>org.apache.cxf</groupId>
> <artifactId>cxf-rt-ws-security</artifactId>
> <version>${cxf.version}</version>
> </dependency>
> From CXF 2.1 to 2.1.1 results into two Bouncy Castle jars being placed into the web service provider's WAR-- the usual bcprov-jdk14-136.jar from CXF 2.1 and bcprov-jdk13-132.jar. I don't know why both are being loaded--maybe OpenSAML (which is not in 2.1) is the culprit, or xmlsec's upgrade from 1.3 to 1.4 or WSS4J's from 1.5.2 to 1.5.4--but either of the latter two causing this is rather doubtful.
> (It might be nice also to upgrade to BC's 1.5 or 1.6 library at this time.)
> Test case: Download my DoubleIt sample[1], place this dependency in the trunk/pom.xml, and from that run "mvn clean install" -- you'll see the two BC libs in the service-war/target folder.
> [1] http://glen.mazza.blog.googlepages.com/20080418DoubleIt.zip
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (CXF-1726) Upgrade from CXF 2.1 to CXF 2.1.1
results in two BouncyCastle JARs being used
Posted by "Glen Mazza (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-1726?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12621668#action_12621668 ]
Glen Mazza commented on CXF-1726:
---------------------------------
No--I'm still getting two jars in /WEB-INF/lib -- bcprov-jdk13-132.jar and bcprov-jdk14-136.jar. And it isn't just me[1]. I nearly always run "mvn clean install", and certainly did below when duplicating the issue. (I don't think that would be it anyway, because 2.1 doesn't import BC 1.3 -- it uses only 1.4 anyway.)
My exact steps (I'm using Ubuntu, if it matters):
1.) Download and extract the zip file.
2.) In the DoubleIt/trunk/pom.xml, add the dependency listed I gave earlier into the *CXF Profile's* dependency section (not the Metro profile)
3.) from the DoubleIt/trunk folder, run "mvn clean install"
4.) Navigate to the service-war/target/doubleit.war, and open up the "lib" folder. You should see those two files.
Glen
[1] http://tinyurl.com/596h2v
> Upgrade from CXF 2.1 to CXF 2.1.1 results in two BouncyCastle JARs being used
> -----------------------------------------------------------------------------
>
> Key: CXF-1726
> URL: https://issues.apache.org/jira/browse/CXF-1726
> Project: CXF
> Issue Type: Bug
> Reporter: Glen Mazza
>
> Updating this dependency:
> <dependency>
> <groupId>org.apache.cxf</groupId>
> <artifactId>cxf-rt-ws-security</artifactId>
> <version>${cxf.version}</version>
> </dependency>
> From CXF 2.1 to 2.1.1 results into two Bouncy Castle jars being placed into the web service provider's WAR-- the usual bcprov-jdk14-136.jar from CXF 2.1 and bcprov-jdk13-132.jar. I don't know why both are being loaded--maybe OpenSAML (which is not in 2.1) is the culprit, or xmlsec's upgrade from 1.3 to 1.4 or WSS4J's from 1.5.2 to 1.5.4--but either of the latter two causing this is rather doubtful.
> (It might be nice also to upgrade to BC's 1.5 or 1.6 library at this time.)
> Test case: Download my DoubleIt sample[1], place this dependency in the trunk/pom.xml, and from that run "mvn clean install" -- you'll see the two BC libs in the service-war/target folder.
> [1] http://glen.mazza.blog.googlepages.com/20080418DoubleIt.zip
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (CXF-1726) Upgrade from CXF 2.1 to CXF 2.1.1
results in two BouncyCastle JARs being used
Posted by "Daniel Kulp (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-1726?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12621563#action_12621563 ]
Daniel Kulp commented on CXF-1726:
----------------------------------
Glen,
I just tried this and I'm not seeing a duplicate jar with either 2.1.1 or 2.1.2-SNAPSHOT.
dkulp@dilbert ~/tmp/DoubleIt/trunk/service-war/target/doubleit/WEB-INF/lib $ ls
FastInfoset-1.2.2.jar geronimo-stax-api_1.0_spec-1.0.1.jar
XmlSchema-1.4.2.jar geronimo-ws-metadata_2.0_spec-1.1.2.jar
activation-1.1.jar jaxb-api-2.1.jar
aopalliance-1.0.jar jaxb-impl-2.1.7.jar
asm-2.2.3.jar jaxb-xjc-2.1.7.jar
avalon-framework-4.1.3.jar log4j-1.2.12.jar
bcprov-jdk14-136.jar logkit-1.0.1.jar
commons-lang-2.4.jar neethi-2.0.4.jar
commons-logging-1.1.jar opensaml-1.1.jar
cxf-api-2.1.2-SNAPSHOT.jar saaj-api-1.3.jar
cxf-common-schemas-2.1.2-SNAPSHOT.jar saaj-impl-1.3.jar
cxf-common-utilities-2.1.2-SNAPSHOT.jar servlet-api-2.3.jar
cxf-rt-bindings-soap-2.1.2-SNAPSHOT.jar spring-beans-2.0.8.jar
cxf-rt-bindings-xml-2.1.2-SNAPSHOT.jar spring-context-2.0.8.jar
cxf-rt-core-2.1.2-SNAPSHOT.jar spring-core-2.0.8.jar
cxf-rt-databinding-jaxb-2.1.2-SNAPSHOT.jar spring-web-2.0.8.jar
cxf-rt-frontend-jaxws-2.1.2-SNAPSHOT.jar stax-api-1.0-2.jar
cxf-rt-frontend-simple-2.1.2-SNAPSHOT.jar velocity-1.4.jar
cxf-rt-transports-http-2.1.2-SNAPSHOT.jar velocity-dep-1.4.jar
cxf-rt-ws-addr-2.1.2-SNAPSHOT.jar wsdl4j-1.6.2.jar
cxf-rt-ws-security-2.1.2-SNAPSHOT.jar wss4j-1.5.4.jar
cxf-tools-common-2.1.2-SNAPSHOT.jar wstx-asl-3.2.4.jar
geronimo-activation_1.1_spec-1.0.2.jar xalan-2.7.0.jar
geronimo-annotation_1.0_spec-1.1.1.jar xml-resolver-1.2.jar
geronimo-javamail_1.4_spec-1.3.jar xmlsec-1.4.0.jar
geronimo-jaxws_2.1_spec-1.0.jar
Is it possible you didn't do a "clean" between switching from 2.1 to 2.1.1?
> Upgrade from CXF 2.1 to CXF 2.1.1 results in two BouncyCastle JARs being used
> -----------------------------------------------------------------------------
>
> Key: CXF-1726
> URL: https://issues.apache.org/jira/browse/CXF-1726
> Project: CXF
> Issue Type: Bug
> Reporter: Glen Mazza
>
> Updating this dependency:
> <dependency>
> <groupId>org.apache.cxf</groupId>
> <artifactId>cxf-rt-ws-security</artifactId>
> <version>${cxf.version}</version>
> </dependency>
> From CXF 2.1 to 2.1.1 results into two Bouncy Castle jars being placed into the web service provider's WAR-- the usual bcprov-jdk14-136.jar from CXF 2.1 and bcprov-jdk13-132.jar. I don't know why both are being loaded--maybe OpenSAML (which is not in 2.1) is the culprit, or xmlsec's upgrade from 1.3 to 1.4 or WSS4J's from 1.5.2 to 1.5.4--but either of the latter two causing this is rather doubtful.
> (It might be nice also to upgrade to BC's 1.5 or 1.6 library at this time.)
> Test case: Download my DoubleIt sample[1], place this dependency in the trunk/pom.xml, and from that run "mvn clean install" -- you'll see the two BC libs in the service-war/target folder.
> [1] http://glen.mazza.blog.googlepages.com/20080418DoubleIt.zip
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.