Should we be considering CXF 2.0.7 for Geronimo 2.1.2? Does anybody know
of specific reasons to move to 2.0.7 or hold at 2.0.6?
Joe
Reference this portion of post by Dan Kulp on the user list:
-------- Original Message --------
Subject: Re: Re: Re: Using WS-Security with Geronimo 2.1.1
Date: Tue, 8 Jul 2008 11:10:07 -0700 (PDT)
From: Daniel Kulp <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
References:
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
Geronimo pretty much includes just the parts of CXF that are needed to pass
the JAX-WS parts of the TCK. It doesn't include the "extra" things like
ws-addressing, ws-security, ws-rm, aegis databinding, etc.... Geronimo
didn't need them so they didn't pull them in.
When adding the jar like that, keep in mind that you may need other
dependencies like wss4j, xml-sec, etc.. that ws-security requires that might
not be shipped with Geronimo.
One thing to keep in mind is that the CXF ws-security implementation (and
the Axis2/Rampart implementation as well) is based on WSS4J which isn't up
to WS-Security 1.1 level yet. Some of the profiles it supports are "close"
to 1.1 levels, but for the most part, it's 1.0. A note to the wss4j dev
list ([EMAIL PROTECTED]) would probably a good start to figure out
what wss4j supports.
That said, it would be great if Geronimo could update to CXF 2.0.7
(non-incubator) for a 2.1.2 release.
<snip/>
