You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by "Wolf, Chris (IDEAS)" <Ch...@morganstanley.com> on 2009/03/10 22:25:10 UTC
WS-Security interop with WCF
Are there examples of CXF interoperating with WCF clients?
Specifically, I'm interested in encryption of both request and repsonse,
preferably with the option to
only encrypt parts (which, according to a post from today, seems
possible, thanks for that)
However we need such a secure service to be consumed by a .NET (WCF)
client. From this posting,
I see that such testing has been done with 2.2.x, but can we use 2.1.x?
http://mail-archives.apache.org/mod_mbox/cxf-dev/200902.mbox/%3C20090209
1648.57822.dkulp@apache.org%3E
thanks,
-Chris W.
--------------------------------------------------------------------------
NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
Re: WS-Security interop with WCF
Posted by Bryan Kearney <bk...@redhat.com>.
Wolf, Chris (IDEAS) wrote:
> Are there examples of CXF interoperating with WCF clients?
>
> Specifically, I'm interested in encryption of both request and repsonse,
> preferably with the option to
> only encrypt parts (which, according to a post from today, seems
> possible, thanks for that)
>
> However we need such a secure service to be consumed by a .NET (WCF)
> client. From this posting,
> I see that such testing has been done with 2.2.x, but can we use 2.1.x?
>
> http://mail-archives.apache.org/mod_mbox/cxf-dev/200902.mbox/%3C20090209
> 1648.57822.dkulp@apache.org%3E
>
We are currently beginning to test a partial integration. We have
Relianble Messaging, Addressing, and Session tracking on the Java side
and need to test it on the .Net side. What I have not seen yet is how to
implement the duplex mode from tcp transport.
Have you seen anything along those lines?
-- bk
Re: WS-Security interop with WCF
Posted by Bryan Kearney <bk...@redhat.com>.
Eoghan Glynn wrote:
>
> Hi Bryan,
>
> > OK.. I was able to get it to work with some configurations. Here is a
> > writeup on what I had to do:
> >
> >
> http://kearneyville.com/2009/03/13/connecting-jboss-web-service-with-a-wcf-client/
>
>
> So you can force WCF to revert to WS-A version 2004/08 with the
> messageVersion="Soap11WSAddressingAugust2004" attribute in the config?
>
> Well that's good to know, thanks!
>
>
> > I am still getting an occasional error, however. Have you seen anything
> > like this:
> > ...
> >
> > Unhandled Exception: System.ServiceModel.ProtocolException: The remote
> > endpoint failed to include a required SequenceAck
> > nowledgement header on a reliable reply message. The reliable session
> > was faulted.
>
>
> This smells like a mismatch in terms of the acknowledgement frequency of
> the CXF RM layer versus the expectation in the WCF client.
>
> One possibility is that you just need to tweak the configuration. For
> example, you can force CXF to send the ACKs sooner by adding a
> <wsrm-policy:AcknowledgementInterval Milliseconds="N"/> child element to
> the <wsrmp:RMAssertion> assertion in your jboss-cxf.xml, where N is some
> number less than the default 2000. Conversely, increase the
> retransmission interval on the WCF side, or the inactivity timeout by
> up'ing the inactivityTimeout attribute on <reliableSession> from the
> current "00:15:00" in your client-side app.config.
>
So.. I updated the jboss-cxf.xml file to be this:
<wsp:Policy wsu:Id="wsrm10policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wswa:UsingAddressing
xmlns:wswa="http://www.w3.org/2006/05/addressing/wsdl" />
<wsrmp:RMAssertion
xmlns:wsrmp="http://schemas.xmlsoap.org/ws/2005/02/rm/policy" >
<wsrmp:AcknowledgementInterval Milliseconds="1000"/>
</wsrmp:RMAssertion>
</wsp:Policy>
I am not seeing the error, but it was pretty intermittant. If I keep
seeing it again I will dig into the rest of your message.
Thanks for you help! On to security and full duplex :)
-- bk
RE: WS-Security interop with WCF
Posted by Eoghan Glynn <eo...@progress.com>.
Hi Bryan,
> OK.. I was able to get it to work with some configurations. Here is a
> writeup on what I had to do:
>
> http://kearneyville.com/2009/03/13/connecting-jboss-web-service-with-a-wcf-client/
So you can force WCF to revert to WS-A version 2004/08 with the messageVersion="Soap11WSAddressingAugust2004" attribute in the config?
Well that's good to know, thanks!
> I am still getting an occasional error, however. Have you seen anything
> like this:
> ...
>
> Unhandled Exception: System.ServiceModel.ProtocolException: The remote
> endpoint failed to include a required SequenceAck
> nowledgement header on a reliable reply message. The reliable session
> was faulted.
This smells like a mismatch in terms of the acknowledgement frequency of the CXF RM layer versus the expectation in the WCF client.
One possibility is that you just need to tweak the configuration. For example, you can force CXF to send the ACKs sooner by adding a <wsrm-policy:AcknowledgementInterval Milliseconds="N"/> child element to the <wsrmp:RMAssertion> assertion in your jboss-cxf.xml, where N is some number less than the default 2000. Conversely, increase the retransmission interval on the WCF side, or the inactivity timeout by up'ing the inactivityTimeout attribute on <reliableSession> from the current "00:15:00" in your client-side app.config.
Another more serious possibility is that deferred ACKs are not sendable from the CXF side. This would be the case if the client-side acksTo was set to anonymous. I assume though that the WCF <reliableSession> in your custom binding is sufficient for this non-anonymous asksTo endpoint to be created implicitly? Or maybe you have to explicitly configure a <compositeDuplex/> element in your custom binding to make this happen, as in this MSDN example:
http://msdn.microsoft.com/en-us/library/ms731302.aspx
Either way, it would be useful to have a snoop at the message flow to check that the client-side acksTo is non-anonymous, and whether spurious resends are occurring before ACKs are sent etc. For this sort of thing, I usually just fire up tcpmon.
Cheers,
Eoghan
-----Original Message-----
From: Bryan Kearney [mailto:bkearney@redhat.com]
Sent: Fri 13/03/2009 13:58
To: Eoghan Glynn
Cc: users@cxf.apache.org; Daniel Kulp; Wolf, Chris (IDEAS)
Subject: Re: WS-Security interop with WCF
Eoghan Glynn wrote:
>
> > I want to dig into the stack trace I am seeing
> > onthe server side before I answer that. It could be that the stack trace
> > is causing the response message to be garbled.
>
> Well the NPE in VersionTransformer.convert() is related to the version
> mismatch.
>
> The CXF RM layer wants to unmarshall an incoming CreateSequence message
> containing an AcksTo element, which itself contains a
> wsa:EndpointReferenceType where the wsa namespace of the 2004/08 variety.
>
> Whereas the WCF client is sending a CreateSequence conatining an AcksTo
> of the 2005/08 vintage.
>
>
OK.. I was able to get it to work with some configurations. Here is a
writeup on what I had to do:
http://kearneyville.com/2009/03/13/connecting-jboss-web-service-with-a-wcf-client/
I am still getting an occasional error, however. Have you seen anything
like this:
C:\Documents and Settings\Administrator\My Documents\Visual Studio
2008\Projects\ConsoleApplication1\ConsoleApplication1
\bin\Debug>ConsoleApplication1.exe
Unhandled Exception: System.ServiceModel.ProtocolException: The remote
endpoint failed to include a required SequenceAck
nowledgement header on a reliable reply message. The reliable session
was faulted.
Server stack trace:
at
System.ServiceModel.Channels.ReliableRequestSessionChannel.SyncRequest.WaitForReply(TimeSpan
timeout)
at System.ServiceModel.Channels.RequestChannel.Request(Message
message, TimeSpan timeout)
at
System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message
message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action,
Boolean oneway, ProxyOperationRuntime operation, O
bject[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action,
Boolean oneway, ProxyOperationRuntime operation, O
bject[] ins, Object[] outs)
at
System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntim
e operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message)
Re: WS-Security interop with WCF
Posted by Bryan Kearney <bk...@redhat.com>.
Eoghan Glynn wrote:
>
> > I want to dig into the stack trace I am seeing
> > onthe server side before I answer that. It could be that the stack trace
> > is causing the response message to be garbled.
>
> Well the NPE in VersionTransformer.convert() is related to the version
> mismatch.
>
> The CXF RM layer wants to unmarshall an incoming CreateSequence message
> containing an AcksTo element, which itself contains a
> wsa:EndpointReferenceType where the wsa namespace of the 2004/08 variety.
>
> Whereas the WCF client is sending a CreateSequence conatining an AcksTo
> of the 2005/08 vintage.
>
>
OK.. I was able to get it to work with some configurations. Here is a
writeup on what I had to do:
http://kearneyville.com/2009/03/13/connecting-jboss-web-service-with-a-wcf-client/
I am still getting an occasional error, however. Have you seen anything
like this:
C:\Documents and Settings\Administrator\My Documents\Visual Studio
2008\Projects\ConsoleApplication1\ConsoleApplication1
\bin\Debug>ConsoleApplication1.exe
Unhandled Exception: System.ServiceModel.ProtocolException: The remote
endpoint failed to include a required SequenceAck
nowledgement header on a reliable reply message. The reliable session
was faulted.
Server stack trace:
at
System.ServiceModel.Channels.ReliableRequestSessionChannel.SyncRequest.WaitForReply(TimeSpan
timeout)
at System.ServiceModel.Channels.RequestChannel.Request(Message
message, TimeSpan timeout)
at
System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message
message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action,
Boolean oneway, ProxyOperationRuntime operation, O
bject[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action,
Boolean oneway, ProxyOperationRuntime operation, O
bject[] ins, Object[] outs)
at
System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntim
e operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message)
RE: WS-Security interop with WCF
Posted by Eoghan Glynn <eo...@progress.com>.
> I want to dig into the stack trace I am seeing
> onthe server side before I answer that. It could be that the stack trace
> is causing the response message to be garbled.
Well the NPE in VersionTransformer.convert() is related to the version mismatch.
The CXF RM layer wants to unmarshall an incoming CreateSequence message containing an AcksTo element, which itself contains a wsa:EndpointReferenceType where the wsa namespace of the 2004/08 variety.
Whereas the WCF client is sending a CreateSequence conatining an AcksTo of the 2005/08 vintage.
So the unmarshalled AcksTo ends up being null, which causes VersionTransformer.convert() to blow up with the NPE.
Now of course the VersionTransformer should be coded more defensively. But the underlying issue is still the version mismatch AFAICS.
Cheers,
Eoghan
Eoghan Glynn wrote:
>
> Hi Bryan,
>
> CXF supports WS-RM 1.0, AKA 2005/02[1]. As you probably know, this is based on the 2004/08 version of WS-A.
>
> In fact, the CXF support for multiple WS-A versions was added specifically to facilitate WS-RM, whereas previously we supported only the then-current 2005/08 version of WS-A.
>
> So currently we support WS-A 2005/08 natively throughout, and use this version also by default on the wire. In addition, we provide a programmatic mechanism to use 2004/08 as the "exposed" version of WS-A, i.e. the version tranformed to before encoding in the outgoing payload (or transformed from after decoding from the incoming payload).
>
> Now as things currently stand, the CXF WS-RM layer is hard-coded to set this exposed WS-A version to 2004/08 (as required by the RM 1.0 spec). As Dan mentioned earlier in this thread, we took part in an MS WS-* interop plugfest in Redmond back in the summer of 2007. At that point WCF was perfectly happy with WS-A 2004/08 alongside WS-RM 2005/02. In fact I just dug out the reliable messaging test plan distributed to participants before the event, and it explicitly calls for WS-A version 2004/08 to be used.
>
> Now obviously things have changed in the meantime with WCF. While I think WCF is acting ultra-vires in this respect, in the interest of maximizing interoperability, I guess we could allow CXF WS-RM to work around the issue, by configurably falling back on WS-A 2005/08. Let me know if you would be interested in such a work-around.
>
> Cheers,
> Eoghan
Thanks for the reply. I want to dig into the stack trace I am seeing
onthe server side before I answer that. It could be that the stack trace
is causing the response message to be garbled.
Right now, I get the following on the server when a WCF client sends a
message:
2009-03-12 08:51:55,066 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1)
java.lang.NullPointerException
2009-03-12 08:51:55,067 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.ws.addressing.VersionTransformer.convert(VersionTransformer.java:137)
2009-03-12 08:51:55,067 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.ws.addressing.VersionTransformer.convert(VersionTransformer.java:248)
2009-03-12 08:51:55,067 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.ws.rm.Servant.createSequence(Servant.java:142)
2009-03-12 08:51:55,067 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.ws.rm.Servant.invoke(Servant.java:68)
2009-03-12 08:51:55,067 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:56)
2009-03-12 08:51:55,067 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.workqueue.SynchronousExecutor.execute(SynchronousExecutor.java:37)
2009-03-12 08:51:55,067 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:92)
2009-03-12 08:51:55,067 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:226)
2009-03-12 08:51:55,068 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:89)
2009-03-12 08:51:55,068 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:99)
2009-03-12 08:51:55,068 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:305)
-- bk
Re: WS-Security interop with WCF
Posted by Bryan Kearney <bk...@redhat.com>.
Eoghan Glynn wrote:
>
> Hi Bryan,
>
> CXF supports WS-RM 1.0, AKA 2005/02[1]. As you probably know, this is based on the 2004/08 version of WS-A.
>
> In fact, the CXF support for multiple WS-A versions was added specifically to facilitate WS-RM, whereas previously we supported only the then-current 2005/08 version of WS-A.
>
> So currently we support WS-A 2005/08 natively throughout, and use this version also by default on the wire. In addition, we provide a programmatic mechanism to use 2004/08 as the "exposed" version of WS-A, i.e. the version tranformed to before encoding in the outgoing payload (or transformed from after decoding from the incoming payload).
>
> Now as things currently stand, the CXF WS-RM layer is hard-coded to set this exposed WS-A version to 2004/08 (as required by the RM 1.0 spec). As Dan mentioned earlier in this thread, we took part in an MS WS-* interop plugfest in Redmond back in the summer of 2007. At that point WCF was perfectly happy with WS-A 2004/08 alongside WS-RM 2005/02. In fact I just dug out the reliable messaging test plan distributed to participants before the event, and it explicitly calls for WS-A version 2004/08 to be used.
>
> Now obviously things have changed in the meantime with WCF. While I think WCF is acting ultra-vires in this respect, in the interest of maximizing interoperability, I guess we could allow CXF WS-RM to work around the issue, by configurably falling back on WS-A 2005/08. Let me know if you would be interested in such a work-around.
>
> Cheers,
> Eoghan
Thanks for the reply. I want to dig into the stack trace I am seeing
onthe server side before I answer that. It could be that the stack trace
is causing the response message to be garbled.
Right now, I get the following on the server when a WCF client sends a
message:
2009-03-12 08:51:55,066 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1)
java.lang.NullPointerException
2009-03-12 08:51:55,067 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.ws.addressing.VersionTransformer.convert(VersionTransformer.java:137)
2009-03-12 08:51:55,067 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.ws.addressing.VersionTransformer.convert(VersionTransformer.java:248)
2009-03-12 08:51:55,067 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.ws.rm.Servant.createSequence(Servant.java:142)
2009-03-12 08:51:55,067 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.ws.rm.Servant.invoke(Servant.java:68)
2009-03-12 08:51:55,067 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:56)
2009-03-12 08:51:55,067 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.workqueue.SynchronousExecutor.execute(SynchronousExecutor.java:37)
2009-03-12 08:51:55,067 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:92)
2009-03-12 08:51:55,067 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:226)
2009-03-12 08:51:55,068 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:89)
2009-03-12 08:51:55,068 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:99)
2009-03-12 08:51:55,068 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:305)
-- bk
RE: WS-Security interop with WCF
Posted by Eoghan Glynn <eo...@progress.com>.
Hi Bryan,
CXF supports WS-RM 1.0, AKA 2005/02[1]. As you probably know, this is based on the 2004/08 version of WS-A.
In fact, the CXF support for multiple WS-A versions was added specifically to facilitate WS-RM, whereas previously we supported only the then-current 2005/08 version of WS-A.
So currently we support WS-A 2005/08 natively throughout, and use this version also by default on the wire. In addition, we provide a programmatic mechanism to use 2004/08 as the "exposed" version of WS-A, i.e. the version tranformed to before encoding in the outgoing payload (or transformed from after decoding from the incoming payload).
Now as things currently stand, the CXF WS-RM layer is hard-coded to set this exposed WS-A version to 2004/08 (as required by the RM 1.0 spec). As Dan mentioned earlier in this thread, we took part in an MS WS-* interop plugfest in Redmond back in the summer of 2007. At that point WCF was perfectly happy with WS-A 2004/08 alongside WS-RM 2005/02. In fact I just dug out the reliable messaging test plan distributed to participants before the event, and it explicitly calls for WS-A version 2004/08 to be used.
Now obviously things have changed in the meantime with WCF. While I think WCF is acting ultra-vires in this respect, in the interest of maximizing interoperability, I guess we could allow CXF WS-RM to work around the issue, by configurably falling back on WS-A 2005/08. Let me know if you would be interested in such a work-around.
Cheers,
Eoghan
[1] http://specs.xmlsoap.org/ws/2005/02/rm/ws-reliablemessaging.pdf
-----Original Message-----
From: Bryan Kearney [mailto:bkearney@redhat.com]
Sent: Thu 12/03/2009 13:25
To: Daniel Kulp
Cc: users@cxf.apache.org; Wolf, Chris (IDEAS)
Subject: Re: WS-Security interop with WCF
Daniel Kulp wrote:
>
> On Wed March 11 2009 3:06:33 pm Bryan Kearney wrote:
>> have you gotten Reliable messaging ond addressing working yet?
>
> Honestly, I PERSONALLY haven't done any testing with RM. Eoghan may have, I'm
> not really sure.
>
> That said, a couple years ago, IONA did participate in one of the MS plugfest
> things [1] and supposedly got the RM tests to pass. That said, I THINK it
> was just the wsrm2004 stuff, at least that's the name of the directory with
> the code in it. :-)
>
> Unfortunately, all the test code and configuration is "owned" by Progress
> right now so I cannot distribute it. I'm going to see what I can do about
> that, but no promises. First step is trying to find the right people to ask.
> :-(
>
> Specifically, that error looks like the wsa:Action isn't being set correctly
> from ws-rm. That should definitely be looked at/fixed. (and patches are
> most welcome)
>
It appears to be related to the namespace of wsAddresing. The M$ stuff
is sending in the following:
<a:Action s:mustUnderstand="1">
http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
</a:Action>
where
xmlns:a="http://www.w3.org/2005/08/addressing"
Where a cxf client sends in:
<Action xmlns="http://schemas.xmlsoap.org/ws/2004/08/addressing">
http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
</Action>
I dont see that I have control over this setting in either CXF of M$. Is
that something I can control?
What I see when the M$ client calls in is the following stack trace on
the server (related to converting):
2009-03-12 08:51:55,066 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1)
java.lang.NullPointerException
2009-03-12 08:51:55,067 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.ws.addressing.VersionTransformer.convert(VersionTransformer.java:137)
2009-03-12 08:51:55,067 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.ws.addressing.VersionTransformer.convert(VersionTransformer.java:248)
2009-03-12 08:51:55,067 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.ws.rm.Servant.createSequence(Servant.java:142)
2009-03-12 08:51:55,067 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.ws.rm.Servant.invoke(Servant.java:68)
2009-03-12 08:51:55,067 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:56)
2009-03-12 08:51:55,067 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.workqueue.SynchronousExecutor.execute(SynchronousExecutor.java:37)
2009-03-12 08:51:55,067 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:92)
2009-03-12 08:51:55,067 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:226)
2009-03-12 08:51:55,068 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:89)
2009-03-12 08:51:55,068 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:99)
2009-03-12 08:51:55,068 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:305)
2009-03-12 08:51:55,068 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.jboss.wsf.stack.cxf.ServletControllerExt.invoke(ServletControllerExt.java:160)
2009-03-12 08:51:55,068 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:61)
2009-03-12 08:51:55,068 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:134)
2009-03-12 08:51:55,068 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
javax.servlet.http.HttpSe
-- bk
Re: WS-Security interop with WCF
Posted by Bryan Kearney <bk...@redhat.com>.
Daniel Kulp wrote:
>
> On Wed March 11 2009 3:06:33 pm Bryan Kearney wrote:
>> have you gotten Reliable messaging ond addressing working yet?
>
> Honestly, I PERSONALLY haven't done any testing with RM. Eoghan may have, I'm
> not really sure.
>
> That said, a couple years ago, IONA did participate in one of the MS plugfest
> things [1] and supposedly got the RM tests to pass. That said, I THINK it
> was just the wsrm2004 stuff, at least that's the name of the directory with
> the code in it. :-)
>
> Unfortunately, all the test code and configuration is "owned" by Progress
> right now so I cannot distribute it. I'm going to see what I can do about
> that, but no promises. First step is trying to find the right people to ask.
> :-(
>
> Specifically, that error looks like the wsa:Action isn't being set correctly
> from ws-rm. That should definitely be looked at/fixed. (and patches are
> most welcome)
>
It appears to be related to the namespace of wsAddresing. The M$ stuff
is sending in the following:
<a:Action s:mustUnderstand="1">
http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
</a:Action>
where
xmlns:a="http://www.w3.org/2005/08/addressing"
Where a cxf client sends in:
<Action xmlns="http://schemas.xmlsoap.org/ws/2004/08/addressing">
http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
</Action>
I dont see that I have control over this setting in either CXF of M$. Is
that something I can control?
What I see when the M$ client calls in is the following stack trace on
the server (related to converting):
2009-03-12 08:51:55,066 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1)
java.lang.NullPointerException
2009-03-12 08:51:55,067 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.ws.addressing.VersionTransformer.convert(VersionTransformer.java:137)
2009-03-12 08:51:55,067 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.ws.addressing.VersionTransformer.convert(VersionTransformer.java:248)
2009-03-12 08:51:55,067 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.ws.rm.Servant.createSequence(Servant.java:142)
2009-03-12 08:51:55,067 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.ws.rm.Servant.invoke(Servant.java:68)
2009-03-12 08:51:55,067 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:56)
2009-03-12 08:51:55,067 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.workqueue.SynchronousExecutor.execute(SynchronousExecutor.java:37)
2009-03-12 08:51:55,067 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:92)
2009-03-12 08:51:55,067 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:226)
2009-03-12 08:51:55,068 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:89)
2009-03-12 08:51:55,068 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:99)
2009-03-12 08:51:55,068 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:305)
2009-03-12 08:51:55,068 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.jboss.wsf.stack.cxf.ServletControllerExt.invoke(ServletControllerExt.java:160)
2009-03-12 08:51:55,068 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:61)
2009-03-12 08:51:55,068 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:134)
2009-03-12 08:51:55,068 ERROR [STDERR]
(http-hattrick.usersys.redhat.com%2F10.11.231.22-8080-1) at
javax.servlet.http.HttpSe
-- bk
Re: WS-Security interop with WCF
Posted by Daniel Kulp <dk...@apache.org>.
On Wed March 11 2009 3:06:33 pm Bryan Kearney wrote:
> have you gotten Reliable messaging ond addressing working yet?
Honestly, I PERSONALLY haven't done any testing with RM. Eoghan may have, I'm
not really sure.
That said, a couple years ago, IONA did participate in one of the MS plugfest
things [1] and supposedly got the RM tests to pass. That said, I THINK it
was just the wsrm2004 stuff, at least that's the name of the directory with
the code in it. :-)
Unfortunately, all the test code and configuration is "owned" by Progress
right now so I cannot distribute it. I'm going to see what I can do about
that, but no promises. First step is trying to find the right people to ask.
:-(
Specifically, that error looks like the wsa:Action isn't being set correctly
from ws-rm. That should definitely be looked at/fixed. (and patches are
most welcome)
Dan
[1]http://mssoapinterop.org/ilab/
> I planned
> to test WCF -> CXF in the following steps:
>
> 1) "Bare" Web Service
> 2) WSRM+Addressing ontop of (1)
> 3) Security on top of (2)
>
> 1) worked with basicHttpBinding
>
> I am failing on (2) using both a custom binding as well as
> wsHttpBinding. Both give me the following exception:
>
>
> http://pastebin.com/m4523a449
>
> C:\Documents and Settings\Administrator\My Documents\Visual Studio
> 2008\Projects\ConsoleApplication1\ConsoleApplication1
> \bin\Debug>ConsoleApplication1.exe
>
> Unhandled Exception: System.ServiceModel.ProtocolException: The remote
> endpoint responded to the CreateSequence request
> with a response with action . The response must be a
> CreateSequenceResponse with action http://schemas.xmlsoap.org/ws/20
> 05/02/rm/CreateSequenceResponse. The channel could not be opened.
>
> Server stack trace:
> at
> System.ServiceModel.Channels.ClientReliableSession.ProcessCreateSequenceRes
>ponse(Message response, DateTime start)
>
> at System.ServiceModel.Channels.ClientReliableSession.Open(TimeSpan
> timeout)
> at
> System.ServiceModel.Channels.ReliableRequestSessionChannel.OnOpen(TimeSpan
> timeout)
> at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan
> timeout)
> at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
> at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan
> timeout)
> at
> System.ServiceModel.Channels.ServiceChannel.CallOpenOnce.System.ServiceMode
>l.Channels.ServiceChannel.ICallOnce.Cal
>
> l(ServiceChannel channel, TimeSpan timeout)
> at
> System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSp
>an timeout, CallOnceManager cascade)
> at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan
> timeout)
> at System.ServiceModel.Channels.ServiceChannel.Call(String action,
> Boolean oneway, ProxyOperationRuntime operation, O
> bject[] ins, Object[] outs, TimeSpan timeout)
> at System.ServiceModel.Channels.ServiceChannel.Call(String action,
> Boolean oneway, ProxyOperationRuntime operation, O
> bject[] ins, Object[] outs)
> at
> System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallM
>essage methodCall, ProxyOperationRuntim
> e operation)
> at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
> message)
>
> Exception rethrown at [0]:
> at
> System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
> reqMsg, IMessage retMsg)
> at
> System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
> msgData, Int32 type)
> at
> ConsoleApplication1.ServiceReferenceWCF.WCFBackendBean.runAction(runActionR
>equest request)
> at
> ConsoleApplication1.ServiceReferenceWCF.WCFBackendBeanClient.ConsoleApplica
>tion1.ServiceReferenceWCF.WCFBackendBea
>
> n.runAction(runActionRequest request) in C:\Documents and
> Settings\Administrator\My Documents\Visual Studio 2008\Project
> s\ConsoleApplication1\ConsoleApplication1\Service
> References\ServiceReferenceWCF\Reference.cs:line 1132
> at
> ConsoleApplication1.ServiceReferenceWCF.WCFBackendBeanClient.runAction(vdcA
>ctionType actionType, vdcActionParamete
> rs parameters) in C:\Documents and Settings\Administrator\My
> Documents\Visual Studio 2008\Projects\ConsoleApplication1\C
> onsoleApplication1\Service
> References\ServiceReferenceWCF\Reference.cs:line 1139
> at ConsoleApplication1.Program.Main(String[] args) in C:\Documents
> and Settings\Administrator\My Documents\Visual Stu
> dio
> 2008\Projects\ConsoleApplication1\ConsoleApplication1\Program.cs:line 13
>
> C:\Documents and Settings\Administrator\My Documents\Visual Studio
> 2008\Projects\ConsoleApplication1\ConsoleApplication1
> \bin\Debug>ConsoleApplication1.exe
--
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog
Re: WS-Security interop with WCF
Posted by Bryan Kearney <bk...@redhat.com>.
Daniel Kulp wrote:
> It can be done with 2.1.x, but it requires quite a bit more work on your part
> to setup the WSS4J interceptors and mapping policies into wss4j properties and
> a vice-versa.
>
> If you look at the wssec10 stuff in the sandbox/interopfest:
> http://svn.apache.org:80/viewvc/cxf/sandbox/interopfest/wssec10/
> and go back to the original version I committed in Dec, the server side parts
> are the original stuff we had when testing with the 2.1 (actually, 2.0
> probably) code base.
>
>
> Dan
>
have you gotten Reliable messaging ond addressing working yet? I planned
to test WCF -> CXF in the following steps:
1) "Bare" Web Service
2) WSRM+Addressing ontop of (1)
3) Security on top of (2)
1) worked with basicHttpBinding
I am failing on (2) using both a custom binding as well as
wsHttpBinding. Both give me the following exception:
http://pastebin.com/m4523a449
C:\Documents and Settings\Administrator\My Documents\Visual Studio
2008\Projects\ConsoleApplication1\ConsoleApplication1
\bin\Debug>ConsoleApplication1.exe
Unhandled Exception: System.ServiceModel.ProtocolException: The remote
endpoint responded to the CreateSequence request
with a response with action . The response must be a
CreateSequenceResponse with action http://schemas.xmlsoap.org/ws/20
05/02/rm/CreateSequenceResponse. The channel could not be opened.
Server stack trace:
at
System.ServiceModel.Channels.ClientReliableSession.ProcessCreateSequenceResponse(Message
response, DateTime start)
at System.ServiceModel.Channels.ClientReliableSession.Open(TimeSpan
timeout)
at
System.ServiceModel.Channels.ReliableRequestSessionChannel.OnOpen(TimeSpan
timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan
timeout)
at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan
timeout)
at
System.ServiceModel.Channels.ServiceChannel.CallOpenOnce.System.ServiceModel.Channels.ServiceChannel.ICallOnce.Cal
l(ServiceChannel channel, TimeSpan timeout)
at
System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan
timeout, CallOnceManager cascade)
at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan
timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action,
Boolean oneway, ProxyOperationRuntime operation, O
bject[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action,
Boolean oneway, ProxyOperationRuntime operation, O
bject[] ins, Object[] outs)
at
System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntim
e operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message)
Exception rethrown at [0]:
at
System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg)
at
System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type)
at
ConsoleApplication1.ServiceReferenceWCF.WCFBackendBean.runAction(runActionRequest
request)
at
ConsoleApplication1.ServiceReferenceWCF.WCFBackendBeanClient.ConsoleApplication1.ServiceReferenceWCF.WCFBackendBea
n.runAction(runActionRequest request) in C:\Documents and
Settings\Administrator\My Documents\Visual Studio 2008\Project
s\ConsoleApplication1\ConsoleApplication1\Service
References\ServiceReferenceWCF\Reference.cs:line 1132
at
ConsoleApplication1.ServiceReferenceWCF.WCFBackendBeanClient.runAction(vdcActionType
actionType, vdcActionParamete
rs parameters) in C:\Documents and Settings\Administrator\My
Documents\Visual Studio 2008\Projects\ConsoleApplication1\C
onsoleApplication1\Service
References\ServiceReferenceWCF\Reference.cs:line 1139
at ConsoleApplication1.Program.Main(String[] args) in C:\Documents
and Settings\Administrator\My Documents\Visual Stu
dio
2008\Projects\ConsoleApplication1\ConsoleApplication1\Program.cs:line 13
C:\Documents and Settings\Administrator\My Documents\Visual Studio
2008\Projects\ConsoleApplication1\ConsoleApplication1
\bin\Debug>ConsoleApplication1.exe
Re: WS-Security interop with WCF
Posted by Daniel Kulp <dk...@apache.org>.
It can be done with 2.1.x, but it requires quite a bit more work on your part
to setup the WSS4J interceptors and mapping policies into wss4j properties and
a vice-versa.
If you look at the wssec10 stuff in the sandbox/interopfest:
http://svn.apache.org:80/viewvc/cxf/sandbox/interopfest/wssec10/
and go back to the original version I committed in Dec, the server side parts
are the original stuff we had when testing with the 2.1 (actually, 2.0
probably) code base.
Dan
On Tue March 10 2009 5:25:10 pm Wolf, Chris (IDEAS) wrote:
> Are there examples of CXF interoperating with WCF clients?
>
> Specifically, I'm interested in encryption of both request and repsonse,
> preferably with the option to
> only encrypt parts (which, according to a post from today, seems
> possible, thanks for that)
>
> However we need such a secure service to be consumed by a .NET (WCF)
> client. From this posting,
> I see that such testing has been done with 2.2.x, but can we use 2.1.x?
>
> http://mail-archives.apache.org/mod_mbox/cxf-dev/200902.mbox/%3C20090209
> 1648.57822.dkulp@apache.org%3E
>
> thanks,
>
> -Chris W.
>
> --------------------------------------------------------------------------
> NOTICE: If received in error, please destroy and notify sender. Sender does
> not intend to waive confidentiality or privilege. Use of this email is
> prohibited when received in error.
--
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog