geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Josef.Eis...@bgs-ag.de
Subject Antwort: Re: Antwort: Re: Change Version of Apache CXF for Geronimo
Date Thu, 07 Aug 2008 07:39:22 GMT
Hi all,

this is an issue on the new version 2.1.2 using Webservices. Our 
application works (without WS-Security) under G 2.1.1, but under G 2.1.2 I 
can't even deploy.

-Josef





Daniel Kulp <dkulp@apache.org> 
06.08.2008 19:34

An
users@cxf.apache.org
Kopie
Josef.Eisele@bgs-ag.de
Thema
Re: Antwort: Re: Change Version of Apache CXF for Geronimo







That's something you may need to ask on the geronimo list.   I'm not 
familliar 
with all the classloading details there.

Dan


On Wednesday 06 August 2008 3:57:59 am Josef.Eisele@bgs-ag.de wrote:
> Hi Dan,
>
> cool, this is the newest Version of Apache CXF :-)
>
> So I took my EAR added the new libs (not contained in Geronimo 2.1.2,
> why?)
>        cxf-rt-ws-security-2.0.8.jar
>        wss4j-1.5.4.jar
> and tried to deploy to the new Geronimo:
>
> ...
> 09:25:28,770 ERROR [GBeanInstanceState] Error while starting; GBean is 
now
> in the FAILED state:
> abstractName="myapp/app/1.0/ear?configurationName=myapp/app/1.0/ear"
> org.apache.geronimo.kernel.config.InvalidConfigException: Class not
> loadable in classloader:
> [org.apache.geronimo.kernel.config.MultiParentClassLoader
> id=myapp/app/1.0/ear]
>         at
> org.apache.geronimo.kernel.config.SerializedGBeanState.loadGBeans(Seria
> ...
> Caused by: java.lang.ClassNotFoundException: Unable to find class used 
in
> GBeanData
> 
myapp/app/1.0/ear?J2EEApplication=myapp/app/1.0/ear,j2eeType=EJBModule,name
>=MyAppEJB.jar, attribute: ejbJarInfo
>         at
> 
org.apache.geronimo.gbean.GBeanData$V0Externalizable.readExternal(GBeanData
>.java:293) ... 33 more
> Caused by: java.lang.ClassNotFoundException: Could not load class
> javax.xml.namespace.QName from classloader: myapp/app/1.0/ear, destroyed
> state: false
>         at
> org.apache.geronimo.kernel.ClassLoading.loadClass(ClassLoading.java:213)
> ...
>
> So I thought maybe "xml-apis-1.3.02.jar" is missing, but adding to the 
EAR
> leads to:
>
> ...
> Caused by: java.io.InvalidClassException: javax.xml.namespace.QName; 
local
> class incompatible: stream classdesc serialVersionUID =
> -9120448754896609940, local class serialVersionUID = 4418622981026545151
>         at
> java.io.ObjectStreamClass.initNonProxy(ObjectStreamClass.java:546)
>         at
> java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1552)
> ...
>
> I need the QName in my Webservice. What can I do to get my App deployed?
> Thanx in advance.
>
> -Josef
>
>
>
>
> Daniel Kulp <dkulp@apache.org>
> 05.08.2008 16:42
> Bitte antworten an
> users@cxf.apache.org
>
>
> An
> users@cxf.apache.org
> Kopie
>
> Thema
> Re: Change Version of Apache CXF for Geronimo
>
>
>
>
>
>
>
> You might want to just try Geronimo 2.1.2.   The vote apparently passed
> last
> night:
> 
http://www.nabble.com/-VOTE--Geronimo-Server-2.1.2-Release-to18746852s134.h

>tml
>
> so it should be made available shortly.   You can download the 
candidates.
>
> 2.1.2 is using CXF 2.0.8.
>
>
> Dan
>
> On Tuesday 05 August 2008 6:03:51 am Josef.Eisele@bgs-ag.de wrote:
> > Hi Glen,
> >
> > because I got stuck in solving the problem with Geronimo 2.1.1 and
> > included CXF 2.0.2 I thought maybe CXF 2.0.8 solves my problem?
> >
> > So I tried to change the WS-Stack of my Geronimo from the old version 
to
> > CXF 2.0.8. I had certain essays:
> >
> > 1) http://www.jroller.com/gmazza/date/20080612:
> > -> In Geronimo is no <prefer-application-packages> available, I tried
>
> with
>
> > <inverse-classloading/> but I got a lot of problems with the
>
> classloader.
>
> > If I added all JARS necessary - see file WHICH_JARS - I got class cast
> > exceptions, adding a certain minimum leads to NoClassDefError.
> > <hidden-classes> or <non-overridable-classes>  won't help?
> > 2) Adding CXF under Services - Repository with a dependency-entry in 
the
> > deployment plan:
> >             <dependency>
> >                 <groupId>org.apache.cxf</groupId>
> >                 <artifactId>cxf</artifactId>
> >                 <version>2.0.8</version>
> >                 <type>jar</type>
> >             </dependency>
> > changed nothing.
> > 3) ???
> >
> > Can you please help?
> >
> > -Josef
> >
> >
> >
> >
> > Josef.Eisele@bgs-ag.de
> > 04.08.2008 16:09
> > Bitte antworten an
> > users@cxf.apache.org
> >
> >
> > An
> > users@cxf.apache.org
> > Kopie
> >
> > Thema
> > Antwort: Re: Antwort: Re: Antwort: Re: WS-Stack Apache CXF asks for
> > Axis2-Classes
> >
> >
> >
> >
> >
> >
> > Hi Dan,
> >
> > I checked your blog and I didn't found big differences in the
> > code(Server-Part is in my case more JEE5 like - see
>
> 
http://depressedprogrammer.wordpress.com/2007/07/31/cxf-ws-security-using-j

>
> >sr-181-interceptor-annotations-xfire-migration/
> >
> > ).
> >
> > The difference I see compared with your blog-example is in the request
> > itself:
> >
> > 1) from http://cwiki.apache.org/CXF20DOC/ws-security.html:
> >      <wsse:Security
> >          xmlns:wsse="
>
> 
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1

>
> >.0.xsd
> >
> > "
> >          soap:mustUnderstand="1">
> >          <wsse:UsernameToken
> >             xmlns:wsse="
>
> 
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1

>
> >.0.xsd
> >
> > "
> >             xmlns:wsu="
>
> 
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-

>
> >1.0.xsd
> >
> > "
> >             wsu:Id="UsernameToken-25268096">
> >             <wsse:Username
> >                xmlns:wsse="
>
> 
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1

>
> >.0.xsd
> >
> > ">
> >                joe
> >             </wsse:Username>
> >             <wsse:Password
> >                xmlns:wsse="
>
> 
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1

>
> >.0.xsd
> >
> > "
> >                Type="
>
> 
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-prof

>
> >ile-1.0#PasswordDigest
> >
> > ">
> >                ymyLPVTLrQMBJo82akcw4aBSlJQ=
> >             </wsse:Password>
> >             <wsse:Nonce
> >                xmlns:wsse="
>
> 
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1

>
> >.0.xsd
> >
> > ">
> >                MK3TTlJxaevzcFaxV/oKyw==
> >             </wsse:Nonce>
> >             <wsu:Created
> >                xmlns:wsu="
>
> 
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-

>
> >1.0.xsd
> >
> > ">
> >                2008-07-16T23:05:07.300Z
> >             </wsu:Created>
> >          </wsse:UsernameToken>
> >       </wsse:Security>
> >
> > 2) my request:
> > <wsse:Security
> >     xmlns:wsse="
>
> 
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1

>
> >.0.xsd
> >
> > "
> >     soap:mustUnderstand="1">
> >     <wsse:UsernameToken
> >         xmlns:wsu="
>
> 
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-

>
> >1.0.xsd
> >
> > "
> >         wsu:Id="UsernameToken-12189822">
> >     <wsse:Username>
> >          blabla
> >     </wsse:Username>
> >     <wsse:Password
> >        Type="
>
> 
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-prof

>
> >ile-1.0#PasswordDigest
> >
> > ">
> >        uIqdbKqsp5VCvM4bPTps1PmnMZI=</wsse:Password>
> >     <wsse:Nonce>YmoBKVpJrAjM2P3ss7MUNg==</wsse:Nonce>
> >     <wsu:Created>
> >        2008-08-04T10:08:15.245Z
> >     </wsu:Created>
> >    </wsse:UsernameToken>
> > </wsse:Security>
> >
> >
> > I miss the namespace
> > xmlns:wsse="
>
> 
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1

>
> >.0.xsd
> >
> > "
> > and not only me but also the WSSecurityUtil.class in line 92:
> >
> >         list =
> > soapHeaderElement.getElementsByTagNameNS(WSConstants.WSSE_NS,
> >                 WSConstants.WSSE_LN);
> >
> > And therefore the method
> > public static Element getSecurityHeader(Document doc, String actor,
> > SOAPConstants sc) {
> >
> > results in an null-Element. The class WSSecurityEngine and in the end
> > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor throws the error:
> >
> > WARNUNG: Request does not contain required Security header
> >
> > What am I doing wrong with WS-Security 1.1 ???? I have now the sources
>
> for
>
> > apacche-cxf-2.0.2 and wss4j-1.5.1, if I can debug to a certain step 
let
>
> me
>
> > know.
> >
> > -Josef
> >
> >
> >
> >
> >
> > Glen Mazza <glen.mazza@gmail.com>
> > 26.07.2008 03:03
> > Bitte antworten an
> > users@cxf.apache.org
> >
> >
> > An
> > users@cxf.apache.org
> > Kopie
> >
> > Thema
> > Re: Antwort: Re: Antwort: Re: WS-Stack Apache CXF asks for 
Axis2-Classes
> >
> >
> >
> >
> >
> >
> >
> > Have you checked our documentation on this:
> > http://cwiki.apache.org/CXF20DOC/ws-security.html
> >
> > Also I blogged about this recently, maybe something you can use:
> > http://www.jroller.com/gmazza/entry/using_cxf_and_wss4j_to
> >
> > HTH,
> > Glen
> >
> > Josef.Eisele wrote:
> > > Hi Dan,
> > >
> > > I solved the last problem copying libraries (xmlsec-1.3.0.jar,
> > > wss4j-1.5.1.jar, cxr-rt-ws-securitity-2.0.2-...) from the WAR-Part 
to
> >
> > the
> >
> > > EAR-Part:
> > > (WebContent/WEB-INF/lib -> EarContent/lib)
> > >
> > > One Problem solved another arises:
> > >
> > > Client writes the SecurityHeader:
> > > ..
> > > <wsse:Security xmlns:wsse="
>
> 
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1

>
> >.0.xsd
> >
> > > " soap:mustUnderstand="1">
> > > <wsse:UsernameToken xmlns:wsu="
>
> 
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-

>
> >1.0.xsd
> >
> > > " wsu:Id="UsernameToken-12189822">
> > > <wsse:Username>chef</wsse:Username>
> > > <wsse:Password Type="
>
> 
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-prof

>
> >ile-1.0#PasswordDigest
> >
> > > ">MxsuASsgtCzGlTTif0kcbqXIHxM=</wsse:Password>
> > > <wsse:Nonce>HAYlnYvfdo0dddeYXGsxdw==</wsse:Nonce>
> > > <wsu:Created>2008-07-25T11:22:20.886Z</wsu:Created>
> > > </wsse:UsernameToken>
> > > </wsse:Security>
> > > ...
> > >
> > > Server is configured with the interceptor:
> > > @InInterceptors(interceptors={ "de.mypath.WSSecurityInterceptor" })
> > >
> > > In this class I configure 3 Interceptors:
> > >         public void handleMessage(Message message) throws Fault {
> > >                 Map<String, Object> props = new HashMap<String,
> >
> > Object>();
> >
> > >                 props.put(WSHandlerConstants.ACTION,
> > > WSHandlerConstants.USERNAME_TOKEN);
> > >                 props.put(WSHandlerConstants.PASSWORD_TYPE,
> > > WSConstants.PW_DIGEST);
> > >                 props.put(WSHandlerConstants.PW_CALLBACK_CLASS,
> > > ServerPasswordCallback.class.getName());
> > >
> > >                 WSS4JInInterceptor           wss4jInInterceptor   =
>
> new
>
> > > WSS4JInInterceptor(props);
> > >                 ValidateUserTokenInterceptor userTokenInterceptor =
>
> new
>
> > > ValidateUserTokenInterceptor(Phase.POST_PROTOCOL);
> > >
> > > message.getInterceptorChain().add(wss4jInInterceptor);
> > >                 //org.apache.cxf.binding.soap.SoapFault: No
>
> SOAPMessage
>
> > > DOM was found. Please enable the SAAJInInterceptor.
> > >                 message.getInterceptorChain().add(new
> > > SAAJInInterceptor());
> > >  message.getInterceptorChain().add(userTokenInterceptor);
> > >         }
> > >
> > > UserTokenInterceptor works fine, SAAJInInterceptor is necessary
> >
> > otherwise
> >
> > > excepton but now I get an exception on the wss4jInInterceptor:
> > >
> > > 25.07.2008 13:03:44
>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
>
> > > handleMessage
> > > WARNUNG: Request does not contain required Security header
> > > 25.07.2008 13:03:44 org.apache.cxf.phase.PhaseInterceptorChain
> >
> > doIntercept
> >
> > > INFO: Interceptor has thrown exception, unwinding now
> > > org.apache.cxf.binding.soap.SoapFault: Request does not contain
>
> required
>
> > > Security header.
> > >         at
>
> 
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInIn
>
> >terceptor.java:153)
> >
> > >         at
>
> 
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInIn
>
> >terceptor.java:60)
> >
> > >         at
>
> 
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
>
> >n.java:208)
> >
> > >         at
> > > org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:429)
> > >         at
>
> 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleRespons
>
> >e(HTTPConduit.java:1955)
> >
> > >         at
>
> 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPCon
>
> >duit.java:1791)
> >
> > >         at
>
> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
>
> > >         at
> > > 
org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:575)
> > >         at
>
> 
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInte
>
> >rceptor.handleMessage(MessageSenderInterceptor.java:62)
> >
> > >         at
>
> 
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
>
> >n.java:208)
> >
> > >         at
> >
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:276)
> >
> > >         at
> >
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:222)
> >
> > >         at
> > > org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
> > >         at
>
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135)
>
> > > How do I know what is wrong with my SecurityHeader?
> > >
> > > -Josef
> > >
> > >
> > >
> > >
> > > Daniel Kulp <dkulp@apache.org>
> > > 23.07.2008 14:42
> > > Bitte antworten an
> > > users@cxf.apache.org
> > >
> > >
> > > An
> > > users@cxf.apache.org
> > > Kopie
> > > user@geronimo.apache.org
> > > Thema
> > > Re: Antwort: Re: WS-Stack Apache CXF asks for Axis2-Classes
> > >
> > > On Jul 23, 2008, at 7:24 AM, Josef.Eisele@bgs-ag.de wrote:
> > >> Hi Kevin, Lin, Daniel, Glen,
> > >>
> > >> @Daniel: Your VM-Parameters solved this problem. Thank you very 
much
> > >> for
> > >> your help.
> > >
> > > Yea, but it definitely shouldn't have been necessary.
> > >
> > >> @Glen: Thank you very much for your tipp, we will wait for Geronimo
> > >> 2.1.2
> > >> and then we have Apache CXF2.0.6...
> > >
> > > Actually, CXF 2.0.8.    :-)
> > >
> > >> @All: Now I have two new issues ;-)
> > >> 1) The client is written like described in
> > >> http://cwiki.apache.org/CXF20DOC/ws-security.html. For the server
> > >> part -
> > >> because of JavaEE5 - we choose
>
> 
http://depressedprogrammer.wordpress.com/2007/07/31/cxf-ws-security-using-j

>
> >sr-181-interceptor-annotations-xfire-migration/
> >
> > >> .
> > >> In the first run I added
> > >> @InInterceptors
> > >> (interceptors={   "de.myapp.WSSecurityInterceptor" })  to
> > >> the WS-Implementation-Class and nothing happend. Afterwards I had a
> > >> try
> > >> with the interface class and added the same
> > >> @InInterceptors(interceptors={   "de.myapp.WSSecurityInterceptor" 
}).
> > >> After this changed the class de.myapp.WSSecurityInterceptor was
> > >> accessed.
> > >> Why do I have to add @... in implementation AND interface?
> > >
> > > Not sure on that.   Feel free to log a CXF bug.    It should be
> > > possible to just put it on the implementation.   The interface 
should
> > > be shareable between clients/servers and having interceptors defined
> > > on it that should just be there for the server is not a good thing.
> > >
> > >> 2) In the handleMessage(Message message) I receive after:
> > >> ...
> > >>                props.put(WSHandlerConstants.PASSWORD_TYPE,
> > >> WSConstants.PW_TEXT);
> > >>                props.put(WSHandlerConstants.PW_CALLBACK_CLASS,
> > >> ServerPasswordCallback.class.getName());
> > >>
> > >>                WSS4JInInterceptor wss4jInHandler = new
> > >> WSS4JInInterceptor(props);
> > >> ...
> > >>
> > >> .........................
> > >>
> > >> Caused by: com.ctc.wstx.exc.WstxEOFException: Unexpected EOF in
>
> prolog
>
> > >> at [row,col {unknown-source}]: [1,0]
> > >>        at
> > >> 
com.ctc.wstx.sr.StreamScanner.throwUnexpectedEOF(StreamScanner.java:
> > >> 661)
> > >>        at
> > >> com.ctc.wstx.sr.BasicStreamReader.handleEOF(BasicStreamReader.java:
> > >> 2134)
> > >>        at
> > >
> > > With CXF 2.0.2, that stack could result from a BUNCH of things.  We
> > > actually would get that stack if the server sent back and html error
> > > page without setting a 404 or similar.   Several things can cause
> > > it.   If you can tcpdump or wireshark the wire transfers to see 
what's
> > > going on, that would be helpful.    Good news is that this changed 
in
> > > 2.0.5 to get a better error message.   :-)
> > >
> > >
> > > ---
> > > Daniel Kulp
> > > dkulp@apache.org
> > > http://www.dankulp.com/blog
> > >
> > >
> > >
> > >
> > >
> > >
> > > BGS Beratungsgesellschaft
> > > Software Systemplanung AG
> > >
> > >
> > >
> > >
> > > Niederlassung Rhein/Main
> > > Robert-Koch-Straße 41
> > > 55129 Mainz
> > > Fon: +49 (0) 6131 / 914-0
> > > Fax: +49 (0) 6131 / 914-400
> > > www.bgs-ag.de
> > > Geschäftssitz Mainz
> > > Registergericht
> > > Amtsgericht Mainz
> > > HRB 62 50
> > >
> > > Aufsichtsratsvorsitzender
> > > Klaus Hellwig
> > > Vorstand
> > > Hanspeter Gau
> > > Hermann Kiefer
> > > Nils Manegold



-- 
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog


BGS Beratungsgesellschaft 
Software Systemplanung AG         Niederlassung Rhein/Main 
Robert-Koch-Straße 41 
55129 Mainz 
Fon: +49 (0) 6131 / 914-0 
Fax: +49 (0) 6131 / 914-400 
www.bgs-ag.de Geschäftssitz Mainz 
Registergericht 
Amtsgericht Mainz 
HRB 62 50 
  Aufsichtsratsvorsitzender 
Klaus Hellwig 
Vorstand 
Hanspeter Gau 
Hermann Kiefer 
Nils Manegold 


  
Mime
View raw message