ppalaga commented on issue #8148:
URL: https://github.com/apache/camel-quarkus/issues/8148#issuecomment-3783237597
As @jamesnetherton pointed out, there is still the issue with missing
`sun.security.util.resources.security` in native mode in three CXF tests.
As far as I can see all of execution paths requesting
`sun.security.util.resources.security` go from
`org.apache.camel.component.cxf.jaxws.DefaultCxfBinding` and do not pass any
Quarkus CXF code. Here is an example:
```
[INFO] [stdout] 2026-01-22 09:32:16,313 terpistone
/home/ppalaga/orgs/cq/camel-quarkus/integration-test-groups/cxf-soap/cxf-soap-ws-trust/target/camel-quarkus-integration-test-cxf-soap-ws-trust-3.31.0-SNAPSHOT-runner[172847]
WARN [org.apa.cxf.pha.PhaseInterceptorChain] (executor-thread-1) Interceptor
for
{https://quarkiverse.github.io/quarkiverse-docs/quarkus-cxf/test/ws-trust}TrustHelloService#{https://quarkiverse.github.io/quarkiverse-docs/quarkus-cxf/test/ws-trust}sayHello
has thrown exception, unwinding now: java.util.MissingResourceException: Can't
find bundle for base name sun.security.util.resources.security, locale en_US
[INFO] [stdout] at
[email protected]/java.util.ResourceBundle.throwMissingResourceException(ResourceBundle.java:2012)
[INFO] [stdout] at
[email protected]/java.util.ResourceBundle.getBundleImpl(ResourceBundle.java:1664)
[INFO] [stdout] at
org.graalvm.nativeimage.builder/com.oracle.svm.core.jdk.localization.substitutions.Target_java_util_ResourceBundle$1.get(Target_java_util_ResourceBundle.java:123)
[INFO] [stdout] at
org.graalvm.nativeimage.builder/com.oracle.svm.core.jdk.localization.substitutions.Target_java_util_ResourceBundle$1.get(Target_java_util_ResourceBundle.java:120)
[INFO] [stdout] at
org.graalvm.nativeimage.builder/com.oracle.svm.core.MissingRegistrationUtils.runIgnoringMissingRegistrations(MissingRegistrationUtils.java:143)
[INFO] [stdout] at
[email protected]/java.util.ResourceBundle.getBundleImpl(ResourceBundle.java:120)
[INFO] [stdout] at
[email protected]/java.util.ResourceBundle.getBundleImpl(ResourceBundle.java:1529)
[INFO] [stdout] at
[email protected]/java.util.ResourceBundle.getBundle(ResourceBundle.java:848)
[INFO] [stdout] at
[email protected]/java.util.concurrent.ConcurrentHashMap.computeIfAbsent(ConcurrentHashMap.java:1724)
[INFO] [stdout] at
[email protected]/sun.security.util.ResourcesMgr.getBundle(ResourcesMgr.java:54)
[INFO] [stdout] at
[email protected]/sun.security.util.ResourcesMgr.getString(ResourcesMgr.java:40)
[INFO] [stdout] at
[email protected]/javax.security.auth.Subject$SecureSet.add(Subject.java:1037)
[INFO] [stdout] at
[email protected]/java.util.Collections$SynchronizedCollection.add(Collections.java:2332)
[INFO] [stdout] at
org.apache.camel.component.cxf.jaxws.DefaultCxfBinding.propagateSecuritySubject(DefaultCxfBinding.java:377)
```
So based on the existing evidence, it would not be wrong to fix it in Camel
Quarkus.
BUT: not hitting this kind of issue in Quarkus CXF might also mean that
there is just not enough coverage. When googling and GPT-ing for ways to hit
`sun.security.util.resources.security`, one hears primarily of
`javax.security.auth.*` APIs. In fact there is a bunch of
`javax.security.auth.*` in `cxf-core`. So I guess I should register the bundle
in `quarkus-cxf` core module (rather than `-security` or `-santuario`) in spite
of not having any direct evidence for that.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
