content/docs/24-migration-guide.html - cxf-site - Git at Google


 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--

     Licensed to the Apache Software Foundation (ASF) under one or more
     contributor license agreements.  See the NOTICE file distributed with
     this work for additional information regarding copyright ownership.
     The ASF licenses this file to You under the Apache License, Version 2.0
     (the "License"); you may not use this file except in compliance with
     the License.  You may obtain a copy of the License at

        http://www.apache.org/licenses/LICENSE-2.0

     Unless required by applicable law or agreed to in writing, software
     distributed under the License is distributed on an "AS IS" BASIS,
     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     See the License for the specific language governing permissions and
     limitations under the License.
 -->
 <html>
   <head>

 <link type="text/css" rel="stylesheet" href="/resources/site.css">
 <script src='/resources/space.js'></script>

 <meta http-equiv="Content-type" content="text/html;charset=UTF-8">
 <meta name="keywords" content="business integration, EAI, SOA, Service Oriented Architecture, web services, SOAP, JBI, JMS, WSDL, XML, EDI, Electronic Data Interchange, standards support, integration standards, application integration, middleware, software, solutions, services, CXF, open source">
 <meta name="description" content="Apache CXF, Services Framework - 2.4 Migration Guide">


     <title>
 Apache CXF -- 2.4 Migration Guide
     </title>
   </head>
 <body onload="init()">


 <table width="100%" cellpadding="0" cellspacing="0">
   <tr>
     <td id="cell-0-0" colspan="2">&nbsp;</td>
     <td id="cell-0-1">&nbsp;</td>
     <td id="cell-0-2" colspan="2">&nbsp;</td>
   </tr>
   <tr>
     <td id="cell-1-0">&nbsp;</td>
     <td id="cell-1-1">&nbsp;</td>
     <td id="cell-1-2">
       <!-- Banner -->
 <div class="banner" id="banner"><div><table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td align="left" colspan="1" nowrap>
 <a shape="rect" href="http://cxf.apache.org/" title="Apache CXF"><span style="font-weight: bold; font-size: 170%; color: white">Apache CXF</span></a>
 </td><td align="right" colspan="1" nowrap>
 <a shape="rect" href="http://www.apache.org/" title="The Apache Sofware Foundation"><img border="0" alt="ASF Logo" src="http://cxf.apache.org/images/asf-logo.png"></a>
 </td></tr></table></div></div>
       <!-- Banner -->
       <div id="top-menu">
         <table border="0" cellpadding="1" cellspacing="0" width="100%">
           <tr>
             <td>
               <div align="left">
                 <!-- Breadcrumbs -->
 <a href="index.html">Index</a>&nbsp;&gt;&nbsp;<a href="how-tos.html">How-Tos</a>&nbsp;&gt;&nbsp;<a href="migration-guides.html">Migration Guides</a>&nbsp;&gt;&nbsp;<a href="24-migration-guide.html">2.4 Migration Guide</a>
                 <!-- Breadcrumbs -->
               </div>
             </td>
             <td>
               <div align="right">
                 <!-- Quicklinks -->
 <div id="quicklinks"><p><a shape="rect" href="http://cxf.apache.org/download.html">Download</a> | <a shape="rect" href="http://cxf.apache.org/docs/index.html">Documentation</a></p></div>
                 <!-- Quicklinks -->
               </div>
             </td>
           </tr>
         </table>
       </div>
     </td>
     <td id="cell-1-3">&nbsp;</td>
     <td id="cell-1-4">&nbsp;</td>
   </tr>
   <tr>
     <td id="cell-2-0" colspan="2">&nbsp;</td>
     <td id="cell-2-1">
       <table>
         <tr valign="top">
           <td height="100%">
             <div id="wrapper-menu-page-right">
               <div id="wrapper-menu-page-top">
                 <div id="wrapper-menu-page-bottom">
                   <div id="menu-page">
                     <!-- NavigationBar -->
 <div id="navigation"><ul class="alternate"><li><a shape="rect" href="overview.html">Overview</a></li><li><a shape="rect" href="how-tos.html">How-Tos</a></li><li><a shape="rect" href="frontends.html">Frontends</a></li><li><a shape="rect" href="databindings.html">DataBindings</a></li><li><a shape="rect" href="transports.html">Transports</a></li><li><a shape="rect" href="configuration.html">Configuration</a></li><li><a shape="rect" href="debugging-and-logging.html">Debugging and Logging</a></li><li><a shape="rect" href="tools.html">Tools</a></li><li><a shape="rect" href="restful-services.html">RESTful Services</a></li><li><a shape="rect" href="wsdl-bindings.html">WSDL Bindings</a></li><li><a shape="rect" href="service-routing.html">Service Routing</a></li><li><a shape="rect" href="dynamic-languages.html">Dynamic Languages</a></li><li><a shape="rect" href="ws-support.html">WS-* Support</a></li><li><a shape="rect" href="advanced-integration.html">Advanced Integration</a></li><li><a shape="rect" href="deployment.html">Deployment</a></li><li><a shape="rect" href="schemas-and-namespaces.html">Use of Schemas and Namespaces</a></li></ul><hr><ul class="alternate"><li><p>Search</p></li></ul><form enctype="application/x-www-form-urlencoded" method="get" id="cse-search-box" action="http://www.google.com/cse">
   <div>
     <input type="hidden" name="cx" value="002890367768291051730:o99qiwa09y4">
     <input type="hidden" name="ie" value="UTF-8">
     <input type="text" name="q" size="21">
     <input type="submit" name="sa" value="Search">
   </div>
 </form>
 <script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&amp;lang=en"></script><hr><ul class="alternate"><li><a shape="rect" href="http://cxf.apache.org/javadoc/latest/">API 3.2.x (Javadoc)</a></li><li><a shape="rect" href="http://cxf.apache.org/javadoc/latest-3.1.x/">API 3.1.x (Javadoc)</a></li><li><a shape="rect" href="http://cxf.apache.org/">CXF Website</a></li></ul><p>&#160;</p><p><a shape="rect" class="external-link" href="http://www.apache.org/events/current-event.html"><span class="confluence-embedded-file-wrapper"><img class="confluence-embedded-image confluence-external-resource" src="http://www.apache.org/events/current-event-125x125.png" data-image-src="http://www.apache.org/events/current-event-125x125.png"></span></a></p></div>
                     <!-- NavigationBar -->
                   </div>
               </div>
             </div>
           </div>
          </td>
          <td height="100%">
            <!-- Content -->
            <div class="wiki-content">
 <div id="ConfluenceContent"><h3 id="id-2.4MigrationGuide-NewFeatures">New Features</h3>

 <ul><li><a shape="rect" href="http://cxf.apache.org/docs/logbrowser.html">LogBrowser</a> console</li><li>Transformation feature provides for a fast and effective way to transform inbound and/or outbound XML messages, please see the <a shape="rect" href="transformationfeature.html">TransformationFeature</a> page for more information.</li><li>JIBX databinding</li><li>Faster startup and reduced spring configuration.  The Spring support has been redone to be based on the ExtensionManagerBus.  This results in much faster startup.   It also means that all of the imports of META-INF/cxf/cxf-extension-*.xml are no longer needed and are deprecated.</li><li>WSS4J has been updated from 1.5.x to 1.6. See <a shape="rect" class="external-link" href="http://ws.apache.org/wss4j/wss4j16.html">here</a> (not yet live) for the list of new features and upgrade notes for Apache WSS4J 1.6. Also see <a shape="rect" class="external-link" href="http://coheigea.blogspot.com/" rel="nofollow">Colm's blog</a> for an ongoing list of things that are happening in WSS4J 1.6. Some notable new features for CXF users include:
 	<ul><li>SAML2 support: WSS4J 1.6 includes full support for creating, manipulating and parsing SAML2 assertions, via the Opensaml2 library. See <a shape="rect" class="external-link" href="http://coheigea.blogspot.com/2011/02/support-for-saml2-assertions-in-wss4j.html" rel="nofollow">here</a> for more information.</li><li>Performance work: A general code-rewrite has been done with a focus on improving performance.</li><li>Support for Crypto trust-stores: WSS4J 1.6 separates the concept of keystore and truststores. See <a shape="rect" class="external-link" href="http://coheigea.blogspot.com/2011/01/wss4j-16-crypto-property-change.html" rel="nofollow">here</a> and <a shape="rect" class="external-link" href="http://coheigea.blogspot.com/2011/02/wss4j-16-changes-to-crypto-interface.html" rel="nofollow">here</a> for more information.</li></ul>
 	</li><li>WS-SecurityPolicy support for SAML tokens.</li><li>Initial Apache Aries Blueprint support.  This is a work in progress, but many of the Spring namespace handlers that are used with Spring to start/create/configure clients and services now have Blueprint versions as well.   See <a shape="rect" href="http://cxf.apache.org/schemas/blueprint/">http://cxf.apache.org/schemas/blueprint/</a> for some of the schemas that have been ported to Blueprint.</li></ul>


 <h3 id="id-2.4MigrationGuide-Removedmodules">Removed modules</h3>

 <p>The osgi http transport has been removed (cxf-rt-transports-http-osgi) the cxf-rt-transport-http now also supports the osgi case. As the OSGi bundles are separate anyway there are no required changes in the container.</p>

 <h3 id="id-2.4MigrationGuide-APIChanges">API Changes</h3>

 <ul><li>GZIP related interceptors/features have been moved out  of the http module so they are usable with other transports such as JMS.  As such, their package has changed from org.apache.cxf.transport.http.gzip to org.apache.cxf.transport.common.gzip</li></ul>


 <ul><li>XmlSchema has been updated from 1.4.x to 2.0.   As such, any use of XmlSchema classes may have changed.  In particular, XmlSchema 2.0 uses Java 5 collections which changes how it's used.   Also, many static utility methods that existed in org.apache.cxf.common.xmlschema.XmlSchemaUtils have now been merged directly into the XmlSchema API's and are no longer needed or available.</li></ul>


 <ul><li>WSS4J has been updated from 1.5.x to 1.6. WSS4J 1.6 has dropped the requirement of JDK 1.4, and as such has been upgraded to use Java 5 collections, etc. Some API changes to be aware of include:
 	<ul><li>The SAMLTokenProcessor no longer saves all tokens as an "WSConstants.ST_UNSIGNED" action. It saves tokens that do not have an enveloped signature as this action, and token which do have an enveloped signature are saved as a "WSConstants.ST_SIGNED" action. The object that is saved has changed from an Opensaml1 specific Assertion object, to an AssertionWrapper instance, which is a WSS4J specific object which encapsulates an Assertion, as well as some information corresponding to signature verification, etc.</li><li>Some changes have been made to the WSPasswordCallback identifiers that are used in a CallbackHandler implementation. See <a shape="rect" class="external-link" href="http://coheigea.blogspot.com/2011/02/wspasswordcallback-changes-in-wss4j-16.html" rel="nofollow">here</a> for more information.</li></ul>
 	</li></ul>


 <ul><li>Neethi has been upgraded from 2.0.x to 3.0.    Due to deficiencies and restrictions in the Neethi 2.0.x API's, CXF has maintained a semi-fork of various parts of Neethi in the org.apache.cxf.ws.policy packages.   With CXF 2.4.x and Neethi 3.0, the deficiencies in Neethi have been addressed and the forked changes have been pushed down into Neethi and CXF can better leverage enhancements and new functionality in Neethi directly without duplicating functionality.    If you write custom policies for CXF, some changes will be required.  These include:
 	<ul><li>The CXF AssertionBuilder interface has been removed.   We now use the Neethi AssertionBuilders and Assertions directly.</li><li>The "getPolicy()" method of PolicyAssertion has been removed.  Policies that can contain nested policies should implement the Neethi PolicyContainingAssertion interface directly.</li><li>Neethi has been updated to be able to process WS-Policy 1.5 policies.  Thus, the Assertion interface now has a isIgnorable() method that must be implemented.  An implementation of returning false should be adequate and compatible with previous behavior.</li><li>With the removal of the CXF AssertionBuilder and the implementation if the intersection algorithm in Neethi, the "buildCompatible" method that was on the CXF AssertionBuilder is no longer needed.   If a policy needs a custom intersect algorithm, they can now implement the Neethi IntersectableAssertion interface.</li><li>All locations in CXF that expected the CXF specific PolicyAssertion now expect a normal Neethi Assertion.   If the Assertion needs specific logic to determine if it's been asserted, it can implement the CXF PolicyAssertion interface, otherwise the default logic will be used.</li><li>Since Neethi has been updated to use Java 5 generics, you may need to update and casts and warnings that may occur when calling the new methods that are now typed.</li></ul>
 	</li></ul>


 <ul><li>JAX-RS Search extensions: org.apache.cxf.jaxrs.ext.search.SearchContext has a new getSearchExpression method returning the raw search query; org.apache.cxf.jaxrs.ext.search.SearchCondition has its toSQL method deprecated and a new accept method added. Please see <a shape="rect" href="http://cxf.apache.org/docs/jax-rs-advanced-features.html#JAX-RSAdvancedFeatures-FIQLsearchqueries">this page</a> for more information.</li></ul>


 <ul><li>JAX-RS WADL generation: org.apache.cxf.jaxrs.ext.Description and org.apache.cxf.jaxrs.ext.xml.XMLName have been moved to org.apache.cxf.jaxrs.model.wadl package given that their purpose is to improve the WADL generation. Also, org.apache.cxf.jaxrs.model.wadl.WadlElement has been renamed to 'ElementClass'.</li></ul>


 <h3 id="id-2.4MigrationGuide-RuntimeChanges">Runtime Changes</h3>

 <ul><li>The ExtensionManagerBus (mostly used when Spring is not available) has been updated to completely support all the features including the WS-SecurityPolicy, WS-RM, etc... features.   Previous WSDL documents that contained policy fragments may now behave differently as the policies will be enforced.</li></ul>


 <ul><li>The default CA certs that ship with the JDK are now not loaded by default by the WS-Security Crypto implementation, which is used for encryption/decryption and signature creation/verification.</li></ul>


 <ul><li>WSS4J 1.5.x ignored (enveloped) signatures on SAML (1.1) assertions - this is no longer the case, so deployments which do not set the correct keystore/truststore config for dealing with signature verification will fail.</li></ul>


 <ul><li>The way that UsernameTokens are processed by WSS4J has been changed. See <a shape="rect" class="external-link" href="http://coheigea.blogspot.com/2011/02/usernametoken-processing-changes-in.html" rel="nofollow">here</a> for more information. The callbackhandler identifier for plaintext passwords is now WSPasswordCallback.USERNAME_TOKEN, the same as for the digest case. The CallbackHandler implementation only sets the password on the callback, and never does any validation of the password.</li></ul>


 <h3 id="id-2.4MigrationGuide-PropertyChanges">Property Changes</h3>

 <ul><li>The "ws-security.ut.no-callbacks" property has been renamed to "ws-security.validate.token" and thus in order to configure the CXF WS-Security interceptors to postpone the validation of the current (UT) token one needs to set a "ws-security.validate.token" to false.<br clear="none">
 Please see this <a shape="rect" href="securing-cxf-services.html">section</a> for more information.</li></ul>


 <ul><li>WSS4J 1.6 has added support for separating keystore and truststores. See <a shape="rect" class="external-link" href="http://coheigea.blogspot.com/2011/01/wss4j-16-crypto-property-change.html" rel="nofollow">here</a> and <a shape="rect" class="external-link" href="http://coheigea.blogspot.com/2011/02/wss4j-16-changes-to-crypto-interface.html" rel="nofollow">here</a> for more information. The changes are 100% backwards compatible (aside from not loading the default CA certs).</li></ul>


 <ul><li>The way of creating SAML assertions via a properties file has completely changed. See <a shape="rect" class="external-link" href="http://coheigea.blogspot.com/2011/03/wss4j-16-saml-property-changes.html" rel="nofollow">here</a> and <a shape="rect" class="external-link" href="http://ws.apache.org/wss4j/config.html">here</a> for more information.</li></ul></div>
            </div>
            <!-- Content -->
          </td>
         </tr>
       </table>
    </td>
    <td id="cell-2-2" colspan="2">&nbsp;</td>
   </tr>
   <tr>
    <td id="cell-3-0">&nbsp;</td>
    <td id="cell-3-1">&nbsp;</td>
    <td id="cell-3-2">
      <div id="footer">
        <!-- Footer -->
        <div id="site-footer">
          <a href="http://cxf.apache.org/privacy-policy.html">Privacy Policy</a> -
          (<a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=24190088">edit page</a>)
 	 (<a href="https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=24190088&amp;showComments=true&amp;showCommentArea=true#addcomment">add comment</a>)<br>
 	Apache CXF, CXF, Apache, the Apache feather logo are trademarks of The Apache Software Foundation.<br>
         All other marks mentioned may be trademarks or registered trademarks of their respective owners.
        </div>
        <!-- Footer -->
      </div>
    </td>
    <td id="cell-3-3">&nbsp;</td>
    <td id="cell-3-4">&nbsp;</td>
   </tr>
   <tr>
     <td id="cell-4-0" colspan="2">&nbsp;</td>
     <td id="cell-4-1">&nbsp;</td>
     <td id="cell-4-2" colspan="2">&nbsp;</td>
   </tr>
 </table>

 <script type="text/javascript">
 var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
 document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
 </script>
 <script type="text/javascript">
 try {
 var pageTracker = _gat._getTracker("UA-4458903-1");
 pageTracker._trackPageview();
 } catch(err) {}</script>

 </body>
 </html>

	<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
	<!--

	Licensed to the Apache Software Foundation (ASF) under one or more
	contributor license agreements. See the NOTICE file distributed with
	this work for additional information regarding copyright ownership.
	The ASF licenses this file to You under the Apache License, Version 2.0
	(the "License"); you may not use this file except in compliance with
	the License. You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing, software
	distributed under the License is distributed on an "AS IS" BASIS,
	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	See the License for the specific language governing permissions and
	limitations under the License.
	-->
	<html>
	<head>

	<link type="text/css" rel="stylesheet" href="/resources/site.css">
	<script src='/resources/space.js'></script>

	<meta http-equiv="Content-type" content="text/html;charset=UTF-8">
	<meta name="keywords" content="business integration, EAI, SOA, Service Oriented Architecture, web services, SOAP, JBI, JMS, WSDL, XML, EDI, Electronic Data Interchange, standards support, integration standards, application integration, middleware, software, solutions, services, CXF, open source">
	<meta name="description" content="Apache CXF, Services Framework - 2.4 Migration Guide">




	<title>
	Apache CXF -- 2.4 Migration Guide
	</title>
	</head>
	<body onload="init()">


	<table width="100%" cellpadding="0" cellspacing="0">
	<tr>
	<td id="cell-0-0" colspan="2"> </td>
	<td id="cell-0-1"> </td>
	<td id="cell-0-2" colspan="2"> </td>
	</tr>
	<tr>
	<td id="cell-1-0"> </td>
	<td id="cell-1-1"> </td>
	<td id="cell-1-2">
	<!-- Banner -->
	<div class="banner" id="banner"><div><table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td align="left" colspan="1" nowrap>
	<a shape="rect" href="http://cxf.apache.org/" title="Apache CXF"><span style="font-weight: bold; font-size: 170%; color: white">Apache CXF</span></a>
	</td><td align="right" colspan="1" nowrap>
	<a shape="rect" href="http://www.apache.org/" title="The Apache Sofware Foundation"><img border="0" alt="ASF Logo" src="http://cxf.apache.org/images/asf-logo.png"></a>
	</td></tr></table></div></div>
	<!-- Banner -->
	<div id="top-menu">
	<table border="0" cellpadding="1" cellspacing="0" width="100%">
	<tr>
	<td>
	<div align="left">
	<!-- Breadcrumbs -->
	<a href="index.html">Index</a> > <a href="how-tos.html">How-Tos</a> > <a href="migration-guides.html">Migration Guides</a> > <a href="24-migration-guide.html">2.4 Migration Guide</a>
	<!-- Breadcrumbs -->
	</div>
	</td>
	<td>
	<div align="right">
	<!-- Quicklinks -->
	<div id="quicklinks"><p><a shape="rect" href="http://cxf.apache.org/download.html">Download</a> \| <a shape="rect" href="http://cxf.apache.org/docs/index.html">Documentation</a></p></div>
	<!-- Quicklinks -->
	</div>
	</td>
	</tr>
	</table>
	</div>
	</td>
	<td id="cell-1-3"> </td>
	<td id="cell-1-4"> </td>
	</tr>
	<tr>
	<td id="cell-2-0" colspan="2"> </td>
	<td id="cell-2-1">
	<table>
	<tr valign="top">
	<td height="100%">
	<div id="wrapper-menu-page-right">
	<div id="wrapper-menu-page-top">
	<div id="wrapper-menu-page-bottom">
	<div id="menu-page">
	<!-- NavigationBar -->
	<div id="navigation"><ul class="alternate"><li><a shape="rect" href="overview.html">Overview</a></li><li><a shape="rect" href="how-tos.html">How-Tos</a></li><li><a shape="rect" href="frontends.html">Frontends</a></li><li><a shape="rect" href="databindings.html">DataBindings</a></li><li><a shape="rect" href="transports.html">Transports</a></li><li><a shape="rect" href="configuration.html">Configuration</a></li><li><a shape="rect" href="debugging-and-logging.html">Debugging and Logging</a></li><li><a shape="rect" href="tools.html">Tools</a></li><li><a shape="rect" href="restful-services.html">RESTful Services</a></li><li><a shape="rect" href="wsdl-bindings.html">WSDL Bindings</a></li><li><a shape="rect" href="service-routing.html">Service Routing</a></li><li><a shape="rect" href="dynamic-languages.html">Dynamic Languages</a></li><li><a shape="rect" href="ws-support.html">WS-* Support</a></li><li><a shape="rect" href="advanced-integration.html">Advanced Integration</a></li><li><a shape="rect" href="deployment.html">Deployment</a></li><li><a shape="rect" href="schemas-and-namespaces.html">Use of Schemas and Namespaces</a></li></ul><hr><ul class="alternate"><li><p>Search</p></li></ul><form enctype="application/x-www-form-urlencoded" method="get" id="cse-search-box" action="http://www.google.com/cse">
	<div>
	<input type="hidden" name="cx" value="002890367768291051730:o99qiwa09y4">
	<input type="hidden" name="ie" value="UTF-8">
	<input type="text" name="q" size="21">
	<input type="submit" name="sa" value="Search">
	</div>
	</form>
	<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script><hr><ul class="alternate"><li><a shape="rect" href="http://cxf.apache.org/javadoc/latest/">API 3.2.x (Javadoc)</a></li><li><a shape="rect" href="http://cxf.apache.org/javadoc/latest-3.1.x/">API 3.1.x (Javadoc)</a></li><li><a shape="rect" href="http://cxf.apache.org/">CXF Website</a></li></ul><p> </p><p><a shape="rect" class="external-link" href="http://www.apache.org/events/current-event.html"><span class="confluence-embedded-file-wrapper"><img class="confluence-embedded-image confluence-external-resource" src="http://www.apache.org/events/current-event-125x125.png" data-image-src="http://www.apache.org/events/current-event-125x125.png"></span></a></p></div>
	<!-- NavigationBar -->
	</div>
	</div>
	</div>
	</div>
	</td>
	<td height="100%">
	<!-- Content -->
	<div class="wiki-content">
	<div id="ConfluenceContent"><h3 id="id-2.4MigrationGuide-NewFeatures">New Features</h3>

	<ul><li><a shape="rect" href="http://cxf.apache.org/docs/logbrowser.html">LogBrowser</a> console</li><li>Transformation feature provides for a fast and effective way to transform inbound and/or outbound XML messages, please see the <a shape="rect" href="transformationfeature.html">TransformationFeature</a> page for more information.</li><li>JIBX databinding</li><li>Faster startup and reduced spring configuration. The Spring support has been redone to be based on the ExtensionManagerBus. This results in much faster startup. It also means that all of the imports of META-INF/cxf/cxf-extension-*.xml are no longer needed and are deprecated.</li><li>WSS4J has been updated from 1.5.x to 1.6. See <a shape="rect" class="external-link" href="http://ws.apache.org/wss4j/wss4j16.html">here</a> (not yet live) for the list of new features and upgrade notes for Apache WSS4J 1.6. Also see <a shape="rect" class="external-link" href="http://coheigea.blogspot.com/" rel="nofollow">Colm's blog</a> for an ongoing list of things that are happening in WSS4J 1.6. Some notable new features for CXF users include:
	<ul><li>SAML2 support: WSS4J 1.6 includes full support for creating, manipulating and parsing SAML2 assertions, via the Opensaml2 library. See <a shape="rect" class="external-link" href="http://coheigea.blogspot.com/2011/02/support-for-saml2-assertions-in-wss4j.html" rel="nofollow">here</a> for more information.</li><li>Performance work: A general code-rewrite has been done with a focus on improving performance.</li><li>Support for Crypto trust-stores: WSS4J 1.6 separates the concept of keystore and truststores. See <a shape="rect" class="external-link" href="http://coheigea.blogspot.com/2011/01/wss4j-16-crypto-property-change.html" rel="nofollow">here</a> and <a shape="rect" class="external-link" href="http://coheigea.blogspot.com/2011/02/wss4j-16-changes-to-crypto-interface.html" rel="nofollow">here</a> for more information.</li></ul>
	</li><li>WS-SecurityPolicy support for SAML tokens.</li><li>Initial Apache Aries Blueprint support. This is a work in progress, but many of the Spring namespace handlers that are used with Spring to start/create/configure clients and services now have Blueprint versions as well. See <a shape="rect" href="http://cxf.apache.org/schemas/blueprint/">http://cxf.apache.org/schemas/blueprint/</a> for some of the schemas that have been ported to Blueprint.</li></ul>


	<h3 id="id-2.4MigrationGuide-Removedmodules">Removed modules</h3>

	<p>The osgi http transport has been removed (cxf-rt-transports-http-osgi) the cxf-rt-transport-http now also supports the osgi case. As the OSGi bundles are separate anyway there are no required changes in the container.</p>

	<h3 id="id-2.4MigrationGuide-APIChanges">API Changes</h3>

	<ul><li>GZIP related interceptors/features have been moved out of the http module so they are usable with other transports such as JMS. As such, their package has changed from org.apache.cxf.transport.http.gzip to org.apache.cxf.transport.common.gzip</li></ul>


	<ul><li>XmlSchema has been updated from 1.4.x to 2.0. As such, any use of XmlSchema classes may have changed. In particular, XmlSchema 2.0 uses Java 5 collections which changes how it's used. Also, many static utility methods that existed in org.apache.cxf.common.xmlschema.XmlSchemaUtils have now been merged directly into the XmlSchema API's and are no longer needed or available.</li></ul>


	<ul><li>WSS4J has been updated from 1.5.x to 1.6. WSS4J 1.6 has dropped the requirement of JDK 1.4, and as such has been upgraded to use Java 5 collections, etc. Some API changes to be aware of include:
	<ul><li>The SAMLTokenProcessor no longer saves all tokens as an "WSConstants.ST_UNSIGNED" action. It saves tokens that do not have an enveloped signature as this action, and token which do have an enveloped signature are saved as a "WSConstants.ST_SIGNED" action. The object that is saved has changed from an Opensaml1 specific Assertion object, to an AssertionWrapper instance, which is a WSS4J specific object which encapsulates an Assertion, as well as some information corresponding to signature verification, etc.</li><li>Some changes have been made to the WSPasswordCallback identifiers that are used in a CallbackHandler implementation. See <a shape="rect" class="external-link" href="http://coheigea.blogspot.com/2011/02/wspasswordcallback-changes-in-wss4j-16.html" rel="nofollow">here</a> for more information.</li></ul>
	</li></ul>


	<ul><li>Neethi has been upgraded from 2.0.x to 3.0. Due to deficiencies and restrictions in the Neethi 2.0.x API's, CXF has maintained a semi-fork of various parts of Neethi in the org.apache.cxf.ws.policy packages. With CXF 2.4.x and Neethi 3.0, the deficiencies in Neethi have been addressed and the forked changes have been pushed down into Neethi and CXF can better leverage enhancements and new functionality in Neethi directly without duplicating functionality. If you write custom policies for CXF, some changes will be required. These include:
	<ul><li>The CXF AssertionBuilder interface has been removed. We now use the Neethi AssertionBuilders and Assertions directly.</li><li>The "getPolicy()" method of PolicyAssertion has been removed. Policies that can contain nested policies should implement the Neethi PolicyContainingAssertion interface directly.</li><li>Neethi has been updated to be able to process WS-Policy 1.5 policies. Thus, the Assertion interface now has a isIgnorable() method that must be implemented. An implementation of returning false should be adequate and compatible with previous behavior.</li><li>With the removal of the CXF AssertionBuilder and the implementation if the intersection algorithm in Neethi, the "buildCompatible" method that was on the CXF AssertionBuilder is no longer needed. If a policy needs a custom intersect algorithm, they can now implement the Neethi IntersectableAssertion interface.</li><li>All locations in CXF that expected the CXF specific PolicyAssertion now expect a normal Neethi Assertion. If the Assertion needs specific logic to determine if it's been asserted, it can implement the CXF PolicyAssertion interface, otherwise the default logic will be used.</li><li>Since Neethi has been updated to use Java 5 generics, you may need to update and casts and warnings that may occur when calling the new methods that are now typed.</li></ul>
	</li></ul>


	<ul><li>JAX-RS Search extensions: org.apache.cxf.jaxrs.ext.search.SearchContext has a new getSearchExpression method returning the raw search query; org.apache.cxf.jaxrs.ext.search.SearchCondition has its toSQL method deprecated and a new accept method added. Please see <a shape="rect" href="http://cxf.apache.org/docs/jax-rs-advanced-features.html#JAX-RSAdvancedFeatures-FIQLsearchqueries">this page</a> for more information.</li></ul>


	<ul><li>JAX-RS WADL generation: org.apache.cxf.jaxrs.ext.Description and org.apache.cxf.jaxrs.ext.xml.XMLName have been moved to org.apache.cxf.jaxrs.model.wadl package given that their purpose is to improve the WADL generation. Also, org.apache.cxf.jaxrs.model.wadl.WadlElement has been renamed to 'ElementClass'.</li></ul>


	<h3 id="id-2.4MigrationGuide-RuntimeChanges">Runtime Changes</h3>

	<ul><li>The ExtensionManagerBus (mostly used when Spring is not available) has been updated to completely support all the features including the WS-SecurityPolicy, WS-RM, etc... features. Previous WSDL documents that contained policy fragments may now behave differently as the policies will be enforced.</li></ul>


	<ul><li>The default CA certs that ship with the JDK are now not loaded by default by the WS-Security Crypto implementation, which is used for encryption/decryption and signature creation/verification.</li></ul>


	<ul><li>WSS4J 1.5.x ignored (enveloped) signatures on SAML (1.1) assertions - this is no longer the case, so deployments which do not set the correct keystore/truststore config for dealing with signature verification will fail.</li></ul>


	<ul><li>The way that UsernameTokens are processed by WSS4J has been changed. See <a shape="rect" class="external-link" href="http://coheigea.blogspot.com/2011/02/usernametoken-processing-changes-in.html" rel="nofollow">here</a> for more information. The callbackhandler identifier for plaintext passwords is now WSPasswordCallback.USERNAME_TOKEN, the same as for the digest case. The CallbackHandler implementation only sets the password on the callback, and never does any validation of the password.</li></ul>



	<h3 id="id-2.4MigrationGuide-PropertyChanges">Property Changes</h3>

	<ul><li>The "ws-security.ut.no-callbacks" property has been renamed to "ws-security.validate.token" and thus in order to configure the CXF WS-Security interceptors to postpone the validation of the current (UT) token one needs to set a "ws-security.validate.token" to false.<br clear="none">
	Please see this <a shape="rect" href="securing-cxf-services.html">section</a> for more information.</li></ul>


	<ul><li>WSS4J 1.6 has added support for separating keystore and truststores. See <a shape="rect" class="external-link" href="http://coheigea.blogspot.com/2011/01/wss4j-16-crypto-property-change.html" rel="nofollow">here</a> and <a shape="rect" class="external-link" href="http://coheigea.blogspot.com/2011/02/wss4j-16-changes-to-crypto-interface.html" rel="nofollow">here</a> for more information. The changes are 100% backwards compatible (aside from not loading the default CA certs).</li></ul>


	<ul><li>The way of creating SAML assertions via a properties file has completely changed. See <a shape="rect" class="external-link" href="http://coheigea.blogspot.com/2011/03/wss4j-16-saml-property-changes.html" rel="nofollow">here</a> and <a shape="rect" class="external-link" href="http://ws.apache.org/wss4j/config.html">here</a> for more information.</li></ul></div>
	</div>
	<!-- Content -->
	</td>
	</tr>
	</table>
	</td>
	<td id="cell-2-2" colspan="2"> </td>
	</tr>
	<tr>
	<td id="cell-3-0"> </td>
	<td id="cell-3-1"> </td>
	<td id="cell-3-2">
	<div id="footer">
	<!-- Footer -->
	<div id="site-footer">
	<a href="http://cxf.apache.org/privacy-policy.html">Privacy Policy</a> -
	(<a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=24190088">edit page</a>)
	(<a href="https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=24190088&showComments=true&showCommentArea=true#addcomment">add comment</a>)<br>
	Apache CXF, CXF, Apache, the Apache feather logo are trademarks of The Apache Software Foundation.<br>
	All other marks mentioned may be trademarks or registered trademarks of their respective owners.
	</div>
	<!-- Footer -->
	</div>
	</td>
	<td id="cell-3-3"> </td>
	<td id="cell-3-4"> </td>
	</tr>
	<tr>
	<td id="cell-4-0" colspan="2"> </td>
	<td id="cell-4-1"> </td>
	<td id="cell-4-2" colspan="2"> </td>
	</tr>
	</table>

	<script type="text/javascript">
	var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
	document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
	</script>
	<script type="text/javascript">
	try {
	var pageTracker = _gat._getTracker("UA-4458903-1");
	pageTracker._trackPageview();
	} catch(err) {}</script>

	</body>
	</html>