Hi Hua Jie
The certificates are used for different purposes. On the one hand, there are
web server certificates for https (idp, application) and on the other hand the
signer certificate for the SAML token.
Glen did a great job in giving the background where which certificate is used:
I'm -1 to this change (and to the similar change done to the wsn stuff). I
KNOW the latest sts stuff doesn't work with 2.6.0 due to the security
enhancements done in 2.6.1. As we move forward, I'm 95% confident that other
security related things will prevent it from working in the future.
I'm also wondering why its importing org.apache.cxf.sts.provider which
it's also exporting.Isn't that something it shouldn't be
doing? Colm, know why?
No idea. At a guess it was put there to add the STS provider framework
(should be org.apache.cxf.ws.security.sts.provider) in the
Colm,
We have a utility for this:
ReflectionUtil.setAccessible(….)
Ideally, the calls to cls.getDeclaredField would be replaced with calls to
ReflectionUtil.getDeclaredField(…) as well for the same reason.
Dan
On Oct 19, 2012, at 9:14 AM, cohei...@apache.org wrote:
Author: coheigea
Hi team, I'm wondering if we should delete these two pages that are listed in
the CXF Table of Contents here:
https://cwiki.apache.org/confluence/display/CXF20DOC/Index:
Aegis Databinding (2.0.x) — For CXF up to 2.0.x
Maven Java2WSDL plugin (CXF 2.0.x only. Removed in 2.1 and replaced with