Question
I'd like to use spring-ws-security in order to secure my web service with Wss4jSecurityInterceptor and signatures. But there is a dependency conflict which make this system unworkable. The spring-ws-security:2.1.2.RELEASE seems to be not workable as well.
https://stackoverflow.com/questions/18084060
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianspring-ws-security : 2.1.3.RELEASE [compile]
- wss4j : 1.6.5 [compile]
- xmlsec : 1.5.1 [compile]
- opensaml : 2.5.1-1 [compile]
- openws : 1.4.2-1 [compile]
- xmltooling : 1.3.2-1 [compile]
- xmlsec : 1.4.4 [compile] (omitted for conflict with 1.5.1)
Is there any way to solve this problem?
Many thanks in advance.
Solution
Problem is you are already including a the same dependency witha newer version I think something in the lines of this would solve it. Add it to your spring-ws-security dependency declaration.
<exclusions>
<exclusion>
<groupId>org.apache.santuario</groupId>
<artifactId>xmlsec</artifactId>
</exclusion>
</exclusions>
OTHER TIPS
There is actually no problem here. wss4j has a direct dependency on xmlsec and it simply overrides the version of the transitive dependency. WSS4J is sufficiently tested to ensure that replacing 1.4.4 with 1.5.1 doesn't cause any issues in OpenSAML.
