Dear all, I pray that you are well.
Executive Summary of my question: How important is the OpenSAML library to an average WS client? Detail: I am trying to write a JAX-WS client use CXF and WSS4J. Specifically, I'm using the WSS4JOutInterceptor to add the Username token to outgoing requests as this is a requirement of the service I'm using. I'm using 2.2.4 of the following artifacts from the org.apache.wss4j group in Maven Central (all are prefixed with wss4j): -bindings -policy -ws-security-common -ws-security-dom -ws-security-policy-stax -ws-security-stax I'm also using 3.3.1 of org.apache.cxf:cxf-rt-ws-security and of the rest of the cxf stack. My question: I have a client that seems to works as a plain Java application. However, I'm having trouble getting this to deploy as an OSGi bundle. It seems that cxf-rt-ws-security's OSGi manifest declares a non-optional Import-Package requirement on org.opensaml.common. I do not have that dependency available on my system. For the standalone Java application, this missing dependency doesn't seem to matter - the client is able to contact the server and make service requests no problem. However, when I try and bundle this up and use it in my OSGi platform, the bundle fails to start because of the missing dependency. It seems there are two solutions to this problem: 1. Try and install the OpenSAML library. This is non-trivial because a) it doesn't appear to have been bundled for OSGi and I would need to do that manually, and b) it also seems to have a high dependency fanout of its own. 2. Re-write cxf-rt-ws-security's manifest to declare the dependency on OpenSAML to be optional. At this stage, I'd like to implement the second option because I started trying the first and found OpenSAML's own dependency fanout to be an issue. Also, although I don't 100% understand what OpenSAML is (or 100% understand web services for that matter), it seems to me that if your web service isn't using SAML, then it is unnecessary to have Open SAML on your classpath at all. Are there any seasoned CXF users out there that can comment on whether this is a problem? If it is not a problem taking OpenSAML off of the classpath, perhaps the next question should be asked: should the manifest for cxf-rt-ws-security be changed to make the opensaml dependencies optional? Blessings, [logo-blue (version 2 cut out)]Fr Jeremy Krieg Chief Executive Officer Greek Welfare Centre SA St Philothei Greek Orthodox Archdiocese of Australia 213 Henley Beach Road TORRENSVILLE SA 5031 Phone: (08) 8212 5100 [email protected]<mailto:[email protected]> www.greekwelfaresa.org.au<http://www.greekwelfaresa.org.au/>
