On Tuesday 28 September 2010 3:38:36 pm haipeng du wrote: > Which one I should use? They are both from Apache. What is big difference? > Thank.
Funny this wasn't asked on the CXF lists as well... :-) See: http://stackoverflow.com/questions/1243247/difference-between-apache-cxf-and-axis/1245386#1245386 I would recommend CXF. It's more stable, generally easier to work with, performs just as good if not better, has a MUCH better track record of supporting their users (aka: getting fixes to bugs released) and is much more "standards based" from an API standpoint. Regarding the rampart response, the CXF WS-SecPol runtime is a bit more advanced than Rampart and is definitely better tested. It started out as a port of the Rampart runtime so pretty much anything Rampart could do at that time, it can as well. However, it's been furthur developed and tested to hit more use cases and have identified several bugs in both the runtime as well as the underlying WSS4J library. We've also added a lot more INCOMING policy validation (rampart concentrates mostly on creating messages per policy, but does little to make sure the incoming message matches the policy). CXF can pass much more of the MS InteropPlugFest tests related to the ws-security things than Rampart can, mostly due to much of that work. In addition, CXF performs better. See: http://www.ibm.com/developerworks/java/library/j-jws14/index.html http://www.ibm.com/developerworks/java/library/j-jws16/index.html Then again, I'm the PMC Chair for CXF, so I'm obviously biased. My suggestion is to try them both and find the one that suites you best. -- Daniel Kulp [email protected] http://dankulp.com/blog --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
