[jbossws-issues] [JBoss JIRA] (JBWS-3981) Remove requirement of org.apache.cxf.impl module dependency for STS deployments

Alessio Soldano (JIRA) issues at jboss.org
Tue Feb 16 19:15:00 EST 2016 

    [ https://issues.jboss.org/browse/JBWS-3981?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13163980#comment-13163980 ] 

Alessio Soldano commented on JBWS-3981:
---------------------------------------

I've added a new org.jboss.ws.cxf.sts module to be used for STS deployment dependencies. Now, I could not simply export a filtered set of packages from org.apache.cxf.impl in there, basically because WFCORE-1372. So, I've split cxf-rt-ws-security.jar and cxf-services-sts-core.jar into separate cxf sub-modules and re-exported them in org.jboss.ws.cxf.sts. This way the cxf submodules act as filters and the org.jboss.ws.cxf.sts module do not need to filter anything and hence avoid the bug.

> Remove requirement of org.apache.cxf.impl module dependency for STS deployments
> -------------------------------------------------------------------------------
>
>                 Key: JBWS-3981
>                 URL: https://issues.jboss.org/browse/JBWS-3981
>             Project: JBoss Web Services
>          Issue Type: Enhancement
>          Components: jbossws-cxf, productization
>            Reporter: Alessio Soldano
>            Assignee: Alessio Soldano
>             Fix For: jbossws-cxf-5.2.0.Final
>
>
> We currently expect users deploying a WS-Trust STS endpoint to set a dependency to org.apache.cxf.impl module, to gain visibility on the org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider class as well as misc utility classes from cxf-services-sts-core.jar.
> This has the side effect of exposing impl details of the whole Apache CXF to the deployment, as well as generating a warning in the logs as that module is private.
> Moreover, should JAX-RS annotations be added to any of the jars we have in the cxf module, the STS deployment would fail due to the way jaxrs subsystem works on WildFly.
> We should hence set a dependency to an independent module which should filter the exported classes (at least we should only expose the contents of the cxf-services-sts-core and cxf-rt-ws-security jars).



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jbossws-issues mailing list