spring-ws-security dependency conflict

1.6k views Asked by At

I'd like to use spring-ws-security in order to secure my web service with Wss4jSecurityInterceptor and signatures. But there is a dependency conflict which make this system unworkable. The spring-ws-security:2.1.2.RELEASE seems to be not workable as well.

spring-ws-security : 2.1.3.RELEASE [compile]
 - wss4j : 1.6.5                   [compile]
   - xmlsec : 1.5.1                [compile]
   - opensaml : 2.5.1-1            [compile]
     - openws : 1.4.2-1            [compile]
       - xmltooling : 1.3.2-1      [compile]
         - xmlsec : 1.4.4          [compile] (omitted for conflict with 1.5.1)

Is there any way to solve this problem?

Many thanks in advance.

2

There are 2 answers

0
Stefan Rasmusson On BEST ANSWER

Problem is you are already including a the same dependency witha newer version I think something in the lines of this would solve it. Add it to your spring-ws-security dependency declaration.

<exclusions>
     <exclusion>
          <groupId>org.apache.santuario</groupId>
          <artifactId>xmlsec</artifactId>
     </exclusion>
</exclusions>
0
Andreas Veithen On

There is actually no problem here. wss4j has a direct dependency on xmlsec and it simply overrides the version of the transitive dependency. WSS4J is sufficiently tested to ensure that replacing 1.4.4 with 1.5.1 doesn't cause any issues in OpenSAML.