Bartosz Baranowski created JBWS-4015:
Summary: Remove requirement of org.apache.cxf.impl module dependency for STS
Project: JBoss Web Services
Issue Type: Enhancement
Components: jbossws-cxf, productization
Reporter: Bartosz Baranowski
Assignee: Alessio Soldano
Fix For: jbossws-cxf-5.1.4.Final
We currently expect users deploying a WS-Trust STS endpoint to set a dependency to
org.apache.cxf.impl module, to gain visibility on the
org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider class as well as misc
utility classes from cxf-services-sts-core.jar.
This has the side effect of exposing impl details of the whole Apache CXF to the
deployment, as well as generating a warning in the logs as that module is private.
Moreover, should JAX-RS annotations be added to any of the jars we have in the cxf module,
the STS deployment would fail due to the way jaxrs subsystem works on WildFly.
We should hence set a dependency to an independent module which should filter the exported
classes (at least we should only expose the contents of the cxf-services-sts-core and
This message was sent by Atlassian JIRA