Upgrade WSS4J to 2.3.0

[mpreziuso]

Upgrading WSS4J to 2.3.0 would bring the following improvements:

• Private key caching enabled which greatly speeds up private key retrieval for PKCS12 keys
• OpenSAML 3.4.x upgrade
• Santuario 2.2.x upgrade
• EhCache 3.x upgrade
• JDK 14 officially supported
  and would get rid of a CVE in cryptacular.

JDK 14 does become supported but also required at least JDK 8: see the migration guide (https://ws.apache.org/wss4j/migration.html)

I've got a PR ready, just waiting for a Jira ticket ID to be assigned to this GH issue.

[gregturn]

To apply such an upgrade to 3.0.x would require no change to Spring WS APIs. Otherwise, it's a breaking change.

We also have to deal with 3rd party dependencies.

If you wished to show me your efforts, we could properly assess the impact, and figure out whether or not this is seamless or not, and thus able to be merged to 3.0 or if it must wait for 3.1.

[mpreziuso]

I've had to make no code changes and all tests are green.

This is the only change required: mpreziuso@3865d91.

However I do think this is a breaking change, since it drops support for Java 7 which appears to be supported by Spring WS (docs - is this correct?).

[gregturn]

Indeed it is correct. We need to hold onto Java 7 in 3.0.

3.1 could drop that and upgrade to whatever the current minimum is for Spring Framework. So despite the low usage of Java 7 today, we can't do that (yet).

We could start plotting the release of 3.1, thought. I'll converse with the Boot team and the Spring Integration team as well. They are my primary points of integration within the portfolio.

[gregturn]

@mpreziuso Okay, the project's master branch has been bumped to Spring WS 3.1.0-SNAPSHOT. I've upgraded the Spring projects along with some others to more recent versions.

If you'd like to revise your PR against these changes, we are open to reviewing and merging the changes.

[mpreziuso]

Great news @gregturn! I've just revised my PR.

[gregturn]

Looks like there are some version conflicts both with Java 8 as well as Java 11 and 15.

I need to look closer to ensure we have this operational before pushing the changes on through.

[gregturn]

Finally!

@mpreziuso, I was able to resolve all the conflicts that pop up between JDK 8 and JDK 11 regarding SOAP libraries and get the build to pass.