ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ivica Loncar (JIRA)" <j...@apache.org>
Subject [jira] [Created] (WSS-410) Reduce dependency on xmlsec library
Date Mon, 29 Oct 2012 15:40:12 GMT
Ivica Loncar created WSS-410:
--------------------------------

             Summary: Reduce dependency on xmlsec library
                 Key: WSS-410
                 URL: https://issues.apache.org/jira/browse/WSS-410
             Project: WSS4J
          Issue Type: Sub-task
          Components: WSS4J Core
    Affects Versions: 1.6.7
         Environment: WAS 8.5
            Reporter: Ivica Loncar
            Assignee: Colm O hEigeartaigh


I've replaced static call to the org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI with
   addJceProvider("ApacheXMLDSig", "org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI");

but there is another dependency. Namely, setXmlSecIgnoreLineBreak initializes org.apache.xml.security.Init
Of course I've got: java.lang.NoClassDefFoundError: org.apache.xml.security.Init 

Since I don't want to use org.apache.xml.security but IBM provided classes I have added another
option  useApacheXmlSecurity. It is modeled after addJceProviders.

Afterwards I have met another issue: 

29.10.12. 16:32:39:512 CET] 0000029a servlet       E com.ibm.ws.webcontainer.servlet.ServletWrapper
service Uncaught service() exception thrown by servlet InvestFundsServlet: java.lang.NoClassDefFoundError:
org.apache.xml.security.utils.RFC2253Parser
	at org.apache.ws.security.message.token.DOMX509IssuerSerial.<init>(DOMX509IssuerSerial.java:76)
	at org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:221)
	at org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:69)
	at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:230)
	at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52)
	at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:260)
	at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:136)
	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
	at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)
	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
	at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
...
Caused by: java.lang.ClassNotFoundException: org.apache.xml.security.utils.RFC2253Parser
	at java.net.URLClassLoader.findClass(URLClassLoader.java:434)


This is an isolated utility class which can be safely transfered to project. 
After I have copied org.apache.xml.security.utils.RFC2253Parser from Santuario I was able
to invoke web service that required signed request using CXF client running on IBM WAS 8.5
without adding extra JCE providers.
All I had to do is creat servlet listener that enabled two properties in question:

    	WSSConfig.setUseApacheXmlSecurity(false);
        WSSConfig.setAddJceProviders(false);





--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message