Versions Compared

Old Version 43

changes.mady.by.user Andrew Janke

Saved on

compared with

New Version Current

changes.mady.by.user Dennis Kieselhorst

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: fixed links

...

  • JAX-RS 2.0 has been completely implemented.
  • JAX-RS WADL auto-generation code has been moved to a new cxf-rt-rs-service-description module.
  • JAX-RS 2.0 Client API and CXF specific WebClient and Proxy client code is now available in a new cxf-rt-rs-client module. Important: the namespace for jaxrs:client elements has changed from "http://cxf.apache.org/jaxrs" to "http://cxf.apache.org/jaxrs-client"
  • CXF RequestHandler and ResponseHandler filters have been removed, please use JAX-RS 2.0 ContainerRequestFilter and ContainerResponseFilter and also WriterInterceptor and ReaderInterceptor when needed.
  • CXF JAX-RS Form extension has been dropped, please use JAX-RS 2.0 Form.
  • CXF JAX-RS ParameterHandler has been dropped, please use JAX-RS 2.0 ParamConverterProvider.
  • javax.annotation.Resource annotation can no longer be used to annotate JAX-RS context properties. Only javax.ws.rs.core.Context annotation is supported from now on.

JAX-WS/Soap

  • Add new code generator frontend to add CXF specific constructors and methods. (pass "-fe cxf" to wsdl2java)
  • Make AbstractFeature subclass WebServiceFeature and update the JAX-WS frontend to look for them.
  • "jaxb-validation-event-handler"s now apply for both Reading and Writing. (previously only applied to Reading). There are separate jaxb-(reader|writer)-validation-event-handler properties if you need it set for only one direction.
  • If the WSDL location that is passed into CXF is not valid, previous versions of CXF *MAY* ignore the error and proceed as if "null" was passed for the WSDL.   3.0 will now throw an exception.
  • ClientProxy.getClient(proxy) is no longer needed for most use cases.  The client proxy instances now implement the Client API directly.   A direct cast to Client should work.

...

  • The DefaultCryptoCoverageChecker now contains boolean properties to easily check if a WSS UsernameToken was signed and/or encrypted. The default is now that a UsernameToken must be encrypted.
  • CXF 3.0.x picks up a new major version of Apache WSS4J (2.0.0). There are some changes in this release which will impact on existing CXF users. These changes are extensively summarized in the WSS4J 2.0.0 Migration Guide. The major changes are as follows:
    • If you have implemented a CallbackHandler to set/retrieve passwords for UsernameTokens/Signatures/Decryption/etc., then the namespace of the WSPasswordCallback Object has changed from "org.apache.ws.security" to "org.apache.wss4j.common.ext".
    • If you have implemented a CallbackHandler to create SAML Assertions, then the namespace of the SAML bean objects has changed from "org.apache.ws.security.saml.ext" to "org.apache.wss4j.common.saml". 
    • WSS4J 1.6.x used a saml properties file to sign a SAML Assertion. This has been removed in WSS4J 2.0.0. Instead the SAMLCallback Object contains additional properties that can be set to sign the Assertion. Please see the section entitled "SAML Assertion changes" in the WSS4J 2.0.0 Migration Guide for more information on this.
    • A small number of configuration tags have been removed in WSS4J 2.0.0. Please see the section entitled "Removed Configuration Tags in WSS4J 2.0.0" in the WSS4J 2.0.0 Migration Guide for more information on this.
    • The default namespace for derived keys and secure conversation is now  "http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512". The older namespace can be used instead via a new configuration tag.
    • The RSA v1.5 Key Transport algorithm is no longer allowed by default. This can be changed via a configuration tag.
    • Turning off BSP (Basic Security Profile) Compliance (Basic Security Profile) on the outbound side no longer has the effect of disabling the addition of a InclusiveNamespaces PrefixList when signing a portion of the message. This is now controlled by a separate configuration tag in WSS4J 2.0.0.
  • In addition to the changes above, CXF 3.0.0 fully supports the new streaming (StAX-based) WS-Security implementation in WSS4J 2.0.0.
  • To switch to use the streaming code for the manual "Action" based approach, simply change the outbound and inbound interceptors as follows:
    • "org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor" to "org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor".
    • "org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor" to "org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor".
  • For the WS-SecurityPolicy based approach of configuring WS-Security, simply set the JAX-WS property SecurityConstants.ENABLE_STREAMING_SECURITY ("ws-security.enable.streaming") to "true". For more information on the streaming functionality available in WSS4J 2.0.0, please see the streaming documentation page of WSS4J.

...