You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Claus Ibsen (Jira)" <ji...@apache.org> on 2023/08/15 04:59:00 UTC

[jira] [Created] (CXF-8913) Avoid 3rd party maven repository for OpenSAML

Claus Ibsen created CXF-8913:
--------------------------------

             Summary: Avoid 3rd party maven repository for OpenSAML
                 Key: CXF-8913
                 URL: https://issues.apache.org/jira/browse/CXF-8913
             Project: CXF
          Issue Type: Improvement
          Components: WS-* Components
    Affects Versions: 4.0.2
            Reporter: Claus Ibsen


Apache CXF depends on OpenSAML from Apache WSSJ project

However this commit causes wss4j to download JARs from NOT maven central but from
https://build.shibboleth.net/nexus/content/groups/public

https://github.com/apache/ws-wss4j/commit/e4a33efcb2b474a1da2b2c08f815b2718e111823

Is there a way for Apache CXF to only use JARs from maven central. There is a trust issue when JARs are NOT downloaded from central.

At Apache Camel we only download from maven central - except for camel-jira which sadly had to download from Atlassian. We are considering deprecating and removing this component for that reason.





--
This message was sent by Atlassian Jira
(v8.20.10#820010)