axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tim Williams" <william...@gmail.com>
Subject Re: Rampart/Rahas problems
Date Fri, 27 Jun 2008 14:05:07 GMT
On Fri, Jun 27, 2008 at 9:48 AM, Tim Williams <williamstw@gmail.com> wrote:
> On Fri, Jun 27, 2008 at 7:53 AM, Tim Williams <williamstw@gmail.com> wrote:
>> So I've essentially taken Rampart sample6 and split it across three
>> machines with my own web service instead of SimpleService.  Here's
>> what happens:
>>
>> 1) client makes Mex request to Service : Service responds.
>>
>> 2) Client makes token request to STS - STS responds
>>
>> 3) Client attempts to make the actual call the Service.
>>
>> Service then responds with "axisFault: Missing wsse:Security header in request"
>>
>> The server logs show something different:
>>
>>  ERROR org.apache.ws.security.components.crypto.CryptoFactory  -
>> Unable to instantiate (1):
>> org.apache.ws.security.components.crypto.Merlin
>> java.lang.reflect.InvocationTargetException
>>
>> So, I checked and made sure I had BouncyCastle jar in lib directory.
>> I check that security provider is updated (though I haven't a clue why
>> i'm doing this).  And, now, I've run out of things to check.  i'd
>> appreciate any help.
>
> This one turned out to be a keystore problem.  Need to always double
> check their locations!  Anyway, so I've gotten a bit further and now
> get another exception.
>
> 2008-06-27 09:39:20,915 [http-8080-1] ERROR
> org.apache.axis2.transport.http.AxisServlet  -
> java.lang.NoClassDefFoundError
>        at javax.crypto.Cipher.getInstance(DashoA12275)
>
> Google turns up several references to this problem and they all lead
> back to the bouncy castle/java.security thing.  I have double checked
> that.  One thing about my environment is that it's Solaris, and the
> apps are being run from different zones.  I made the java.security
> change in the global zone and when I log into each zone it seems the
> settings are indeed there.  The thing is, the STS (also in a zone) is
> having no trouble issuing/signing tokens and it's under the same
> configuration.  I'll keep poking around but would greatly appreciate
> any pointers.

It turns out the exception is what i get after the first failed call
after a restart.  I halt/boot the zone and attempt it and I get the
exception below.  After the initial exception, subsequent calls give
me the NoClassDefFoundError as I describe above.


java.lang.ExceptionInInitializerError
        at javax.crypto.Cipher.getInstance(DashoA12275)
        at org.apache.ws.security.util.WSSecurityUtil.getCipherInstance(WSSecurityUtil.java:677)
 ...
        at java.lang.Thread.run(Thread.java:595)
Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
        at javax.crypto.SunJCE_b.<clinit>(DashoA12275)
        ... 29 more
Caused by: java.security.PrivilegedActionException:
java.security.InvalidKeyException: Public key presented not for
certificate signature
        at java.security.AccessController.doPrivileged(Native Method)
        ... 30 more
Caused by: java.security.InvalidKeyException: Public key presented not
for certificate signature
...
        at javax.crypto.SunJCE_r.run(DashoA12275)

Any clues?
Thanks,
--tim

---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org


Mime
View raw message