[
https://issues.apache.org/jira/browse/CXF-8913?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17755729#comment-17755729
]
Andriy Redko edited comment on CXF-8913 at 8/17/23 11:20 PM:
-------------------------------------------------------------
AFAIK, as you also posted, opensaml is transitive dependency of
wss4j-ws-security-common (but also used by cxf-rt-ws-security), [~coheigea]
could you advice please if opensaml could be made optional? Or if split make
sense (as we have for cxf-rt-security)?
was (Author: reta):
AFAIK, as you also posted, opensaml is transitive dependency of
wss4j-ws-security-common, [~coheigea] could you advice please if opensaml could
be made optional? Or if split make sense (as we have for cxf-rt-security)?
> Avoid 3rd party maven repository for OpenSAML
> ---------------------------------------------
>
> Key: CXF-8913
> URL: https://issues.apache.org/jira/browse/CXF-8913
> Project: CXF
> Issue Type: Improvement
> Components: WS-* Components
> Affects Versions: 4.0.2
> Reporter: Claus Ibsen
> Priority: Major
>
> Apache CXF depends on OpenSAML from Apache WSSJ project
> However this commit causes wss4j to download JARs from NOT maven central but
> from
> https://build.shibboleth.net/nexus/content/groups/public
> https://github.com/apache/ws-wss4j/commit/e4a33efcb2b474a1da2b2c08f815b2718e111823
> Is there a way for Apache CXF to only use JARs from maven central. There is a
> trust issue when JARs are NOT downloaded from central.
> At Apache Camel we only download from maven central - except for camel-jira
> which sadly had to download from Atlassian. We are considering deprecating
> and removing this component for that reason.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
