cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Carma Robot (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CXF-5601) Blueprint property placeholder does not work with http conduit configuration.
Date Tue, 11 Mar 2014 05:38:43 GMT

     [ https://issues.apache.org/jira/browse/CXF-5601?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Carma Robot updated CXF-5601:
-----------------------------

    Attachment: sts-test-system-2.zip

This test attempts to use the CXF STS. However, if I use the blueprint property placeholder
configurer it fails to even get the WSDL for the STS with the error below. If I explicitly
configure the trust store parameters for the HTTP conduit in my blueprint configuration then
the conduit works and it gets the WSDL for the STS, successfully constructs the STS client
and executes the request for security token against the STS.

It seems that blueprint property placeholders do not work with the trust store configuration
of the CXF http conduit.

2014-03-10 22:23:32,903 | ERROR | l Console Thread | StsClientTests                   | e.sts.test.system.StsClientTests
 152 | 208 - com.example.auth.sts-test-system-2 - 0.0.1.SNAPSHOT | getSamlTokenWithUsernameTokenTest
FAILED.
org.apache.cxf.service.factory.ServiceConstructionException: Failed to create service.
        at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:100)[117:org.apache.cxf.cxf-rt-core:2.7.7]
        at org.apache.cxf.ws.security.trust.AbstractSTSClient.createClient(AbstractSTSClient.java:557)[156:org.apache.cxf.cxf-rt-ws-security:2.7.7]
        at org.apache.cxf.ws.security.trust.AbstractSTSClient.getClient(AbstractSTSClient.java:457)[156:org.apache.cxf.cxf-rt-ws-security:2.7.7]
        at com.example.sts.test.system.StsClientTests.getSamlTokenWithUsernameTokenTest(StsClientTests.java:132)[208:com.example.auth.sts-test-system-2:0.0.1.SNAPSHOT]
        at com.example.sts.test.system.StsClientTestsCommand.doExecute(StsClientTestsCommand.java:22)[208:com.example.auth.sts-test-system-2:0.0.1.SNAPSHOT]
        at org.apache.karaf.shell.console.OsgiCommandSupport.execute(OsgiCommandSupport.java:38)[14:org.apache.karaf.shell.console:2.3.2]
        at org.apache.felix.gogo.commands.basic.AbstractCommand.execute(AbstractCommand.java:35)[14:org.apache.karaf.shell.console:2.3.2]
        at org.apache.felix.gogo.runtime.CommandProxy.execute(CommandProxy.java:78)[14:org.apache.karaf.shell.console:2.3.2]
        at org.apache.felix.gogo.runtime.Closure.executeCmd(Closure.java:474)[14:org.apache.karaf.shell.console:2.3.2]
        at org.apache.felix.gogo.runtime.Closure.executeStatement(Closure.java:400)[14:org.apache.karaf.shell.console:2.3.2]
        at org.apache.felix.gogo.runtime.Pipe.run(Pipe.java:108)[14:org.apache.karaf.shell.console:2.3.2]
        at org.apache.felix.gogo.runtime.Closure.execute(Closure.java:183)[14:org.apache.karaf.shell.console:2.3.2]
        at org.apache.felix.gogo.runtime.Closure.execute(Closure.java:120)[14:org.apache.karaf.shell.console:2.3.2]
        at org.apache.felix.gogo.runtime.CommandSessionImpl.execute(CommandSessionImpl.java:89)[14:org.apache.karaf.shell.console:2.3.2]
        at org.apache.karaf.shell.console.jline.Console.run(Console.java:173)[14:org.apache.karaf.shell.console:2.3.2]
        at java.lang.Thread.run(Thread.java:744)[:1.7.0_51]
Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing
'https://localhost:10443/sts/transport/ut?wsdl'.: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
        at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2198)[113:org.apache.servicemix.bundles.wsdl4j:1.6.3.1]
        at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2390)[113:org.apache.servicemix.bundles.wsdl4j:1.6.3.1]
        at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2422)[113:org.apache.servicemix.bundles.wsdl4j:1.6.3.1]
        at org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.java:263)[117:org.apache.cxf.cxf-rt-core:2.7.7]
        at org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.java:206)[117:org.apache.cxf.cxf-rt-core:2.7.7]
        at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:98)[117:org.apache.cxf.cxf-rt-core:2.7.7]
        ... 15 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)[:1.7.0_51]
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)[:1.7.0_51]
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)[:1.7.0_51]
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)[:1.7.0_51]
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)[:1.7.0_51]
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)[:1.7.0_51]
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)[:1.7.0_51]
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)[:1.7.0_51]
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)[:1.7.0_51]
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)[:1.7.0_51]
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)[:1.7.0_51]
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)[:1.7.0_51]
        at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)[:1.7.0_51]
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)[:1.7.0_51]
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1300)[:1.7.0_51]
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)[:1.7.0_51]
        at org.apache.xerces.impl.XMLEntityManager.setupCurrentEntity(Unknown Source)[150:org.apache.servicemix.bundles.xerces:2.11.0.1]
        at org.apache.xerces.impl.XMLVersionDetector.determineDocVersion(Unknown Source)[150:org.apache.servicemix.bundles.xerces:2.11.0.1]
        at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)[150:org.apache.servicemix.bundles.xerces:2.11.0.1]
        at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)[150:org.apache.servicemix.bundles.xerces:2.11.0.1]
        at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)[150:org.apache.servicemix.bundles.xerces:2.11.0.1]
        at org.apache.xerces.parsers.DOMParser.parse(Unknown Source)[150:org.apache.servicemix.bundles.xerces:2.11.0.1]
        at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source)[150:org.apache.servicemix.bundles.xerces:2.11.0.1]
        at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2188)[113:org.apache.servicemix.bundles.wsdl4j:1.6.3.1]
        ... 20 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)[:1.7.0_51]
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)[:1.7.0_51]
        at sun.security.validator.Validator.validate(Validator.java:260)[:1.7.0_51]
        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)[:1.7.0_51]
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)[:1.7.0_51]
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)[:1.7.0_51]
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)[:1.7.0_51]
        ... 39 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid
certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)[:1.7.0_51]
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)[:1.7.0_51]
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)[:1.7.0_51]
        ... 45 more


> Blueprint property placeholder does not work with http conduit configuration.
> -----------------------------------------------------------------------------
>
>                 Key: CXF-5601
>                 URL: https://issues.apache.org/jira/browse/CXF-5601
>             Project: CXF
>          Issue Type: Bug
>    Affects Versions: 2.7.7
>         Environment: Linux, Karaf 2.3.2
>            Reporter: Carma Robot
>         Attachments: sts-test-system-2.zip
>
>
> I cannot setup an HTTP conduit configuration that uses the Apache Aries Blueprint property-placeholder
to inject trust store parameters. The conduit works when I explicitly configure the trust
store properties. Unfortunately, when I use placeholders it fails.
> Please see.
> http://cxf.547215.n5.nabble.com/Blueprint-property-placeholder-does-not-work-with-HTTP-conduit-configuration-td5740946.html#a5741062
> I will also attach my code.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message