Hi Jason, It looks like a bug that has been introduced. As far as I'm aware, there were no changes in the security-specific code relating to this, and we have many tests in CXF for custom UsernameTokenValidators.
Could you submit a test-case to a new JIRA? Colm. On Fri, Nov 22, 2013 at 7:42 AM, Jason Wang <[email protected]>wrote: > Oh, forgot to say that the serviceUsernameTokenValidator is managed by > spring via @Component configuration. No code or config change at all. > > > On Fri, Nov 22, 2013 at 8:33 PM, Jason Wang <[email protected] > >wrote: > > > Hi all, > > > > After upgrade from CXF from 2.6.2 to 2.7.7, I found that my customer > > UsernameTokenValidator is no longer invoked. > > > > Anyone know why? Another compatibility issue? > > > > It is configured through applicationContext: > > > > <cxf:bus> > > ..... > > > > <cxf:properties> > > <entry key="ws-security.ut.validator" > > value-ref="serviceUsernameTokenValidator" /> > > > > <entry key="ws-security.callback-handler" > > value-ref="servicePasswordCallbackHandler"/> > > <entry key="ws-security.signature.properties" > > value="serviceKeystore.properties"/> > > <entry key="ws-security.timestamp.validator" > > value="org.apache.ws.security.validate.NoOpValidator" /> > > <entry key="ws-security.enable.nonce.cache" value="false" /> > > <entry key="ws-security.enable.timestamp.cache" value="false" > > /> > > <entry key="timeToLive" value="1147483"/> > > <entry key="futureTimeToLive" value="1147483"/> > > <entry key="timestampStrict" value="false"/> > > > > <entry key="ws-security.is-bsp-compliant" value="false"/> > > </cxf:properties> > > </cxf:bus> > > > > Thanks, > > Jason > > > > > > > > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
