Versions Compared

Old Version 13

changes.mady.by.user Colm O hEigeartaigh

Saved on

compared with

New Version 14

changes.mady.by.user Colm O hEigeartaigh

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • LogBrowser console
  • Transformation feature provides for a fast and effective way to transform inbound and/or outbound XML messages, please see the TransformationFeature page for more information.
  • JIBX databinding
  • Faster startup and reduced spring configuration. The Spring support has been redone to be based on the ExtensionManagerBus. This results in much faster startup. It also means that all of the imports of META-INF/cxf/cxf-extension-*.xml are no longer needed and are deprecated.
  • WSS4J has been updated from 1.5.x to 1.6. See here (not yet live) for the list of new features and upgrade notes for Apache WSS4J 1.6. Also see Colm's blog for an ongoing list of things that are happening in WSS4J 1.6. Some notable new features for CXF users include:
    • SAML2 support: WSS4J 1.6 includes full support for creating, manipulating and parsing SAML2 assertions, via the Opensaml2 library. See here for more information.
    • Performance work: A general code-rewrite has been done with a focus on improving performance.
    • Support for Crypto trust-stores: WSS4J 1.6 separates the concept of keystore and truststores. See here and here for more information
    Improved SAML support, including support for SAML2 tokens
    • .

API Changes

  • GZIP related interceptors/features have been moved out of the http module so they are usable with other transports such as JMS. As such, their package has changed from org.apache.cxf.transport.http.gzip to org.apache.cxf.transport.common.gzip

...

  • WSS4J has been updated from 1.5.x to 1.6. See here (not yet live) for the list of new features and upgrade notes for Apache WSS4J 1.6 . Also see Colm's blog for an ongoing list of things that are happening in WSS4J 1.6. Some notable new features for CXF users include:
  • SAML2 support: WSS4J 1.6 includes full support for creating, manipulating and parsing SAML2 assertions, via the Opensaml2 library. See here for more information.
  • Performance work: A general code-rewrite has been done with a focus on improving performance.
    • Support for Crypto trust-stores: WSS4J 1.6 separates the concept of keystore and truststores. See here and here for more information.
    Some upgrade notes has dropped the requirement of JDK 1.4, and as such has been upgraded to use Java 5 collections, etc. Some API changes to be aware of include:
    • The default CA certs that ship with the JDK are now not loaded by default by the Crypto implementation.
    • The way of creating SAML assertions via a properties file has completely changed.
    • WSS4J 1.5.x ignored (enveloped) signatures on SAML (1.1) assertions - this is no longer the case, so deployments which do not set the correct keystore/truststore config for dealing with signature verification will fail.
    • The SAMLTokenProcessor no longer saves all tokens as an "WSConstants.ST_UNSIGNED" action. It saves tokens that do not have an enveloped signature as this action, and token which do have an enveloped signature are saved as a "WSConstants.ST_SIGNED" action. The object that is saved has changed from an Opensaml1 specific Assertion object, to an AssertionWrapper instance, which is a WSS4J specific object which encapsulates an Assertion, as well as some information corresponding to signature verification, etc.
    • The way that UsernameTokens are processed has been changed. See here for more information. The callbackhandler identifier for plaintext passwords is now WSPasswordCallback.USERNAME_TOKEN, the same as the digest case. The CallbackHandler implementation only sets the password on the callback, and never does any validation of the password.
    • Some changes have been made to the WSPasswordCallback identifiers that are used in a CallbackHandler implementation. See here for more information.

...

  • The ExtensionManagerBus (mostly used when Spring is not available) has been updated to completely support all the features including the WS-SecurityPolicy, WS-RM, etc... features. Previous WSDL documents that contained policy fragments may now behave differently as the policies will be enforced.
  • The default CA certs that ship with the JDK are now not loaded by default by the WS-Security Crypto implementation, which is used for encryption/decryption and signature creation/verification.
  • WSS4J 1.5.x ignored (enveloped) signatures on SAML (1.1) assertions - this is no longer the case, so deployments which do not set the correct keystore/truststore config for dealing with signature verification will fail.
  • The way that UsernameTokens are processed by WSS4J has been changed. See here for more information. The callbackhandler identifier for plaintext passwords is now WSPasswordCallback.USERNAME_TOKEN, the same as for the digest case. The CallbackHandler implementation only sets the password on the callback, and never does any validation of the password.

Property Changes

  • The "ws-security.ut.no-callbacks" property has been renamed to "ws-security.validate.token" and thus in order to configure the CXF WS-Security interceptors to postpone the validation of the current (UT) token one needs to set a "ws-security.validate.token" to false.
    Please see this section for more information.
  • WSS4J 1.6 has added support for separating keystore and truststores. See here and here for more information. The changes are 100% backwards compatible (aside from not loading the default CA certs).
  • The way of creating SAML assertions via a properties file has completely changed.