I don't want to give up on this topic.... ;-)

We want to use WS-Security with USERNAME_TOKEN, SIGNATURE and ENCRYPT all on SSL.

The positive in the beginning: SSL is working :-)

Everything is tested under Geronimo 2.1.1 (Apache CXF 2.02) and on Geronimo 2.1.2 (Apache CXF 2.08)

*Activating USERNAME_TOKEN leads to the error described in:


*Activating USERNAME_TOKEN and SIGNATURE under Geronimo 2.1.1 leads to the error:

08:40:25,172 INFO  [SAAJFactoryFinder] Default SAAJ universe: SUN
08:40:26,732 ERROR [CoyoteAdapter] An exception or error occurred in the container during the request processing
java.lang.NoClassDefFoundError: org/apache/xml/utils/URI$MalformedURIException
        at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:158)

Adding xalan-2.7.0.jar into Application-EAR leads to another error:

10:24:26,451 ERROR [TomcatEJBWebServiceContext] org.apache.xml.serializer.utils.WrappedRuntimeException: org.apache.xml.serializer.ToXMLSAXHandler

* Additional activating ENCRYPT leads to
WSHandler: Encryption: error during message processingorg.apache.ws.security.WSSecurityException:
        An unsupported signature or encryption algorithm was used (unsupported key transport encryption algorithm:
        No such algorithm: http://www.w3.org/2001/04/xmlenc#rsa-1_5)

Anyone using this WS-Security functionalty successfully in a JavaEE5 Environment using EJB Annotations?


BGS Beratungsgesellschaft
Software Systemplanung AG
  Niederlassung Rhein/Main
Robert-Koch-Straße 41
55129 Mainz
Fon: +49 (0) 6131 / 914-0
Fax: +49 (0) 6131 / 914-400
Geschäftssitz Mainz
Amtsgericht Mainz
HRB 62 50
Klaus Hellwig
Hanspeter Gau
Hermann Kiefer
Nils Manegold
BGS Systemplanung AG

 Ein Unternehmen der nextevolution consulting group