You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Jose María Zaragoza <de...@gmail.com> on 2013/06/24 17:04:49 UTC
[FIXED] Re: NullPointerException when redeploy webapp, possible WSS4J leak

Hello:

For you information , I could solve this issue . I was talking about this
in Tomcat mail list and we found 2 solutions:

a) upgrading to Tomcat 7.0.41
b) setting

-Dorg.apache.catalina.loader.WebappClassLoader.ENABLE_CLEAR_REFERENCES=false


in Tomcat 6.x


But I couldn't find the root cause for memory leak
I don't understand why the log reference in DOMReference.java is setted to
null by Tomcat
I use sl4j + logback + jcl-over-slf4j . I tried to upgrade to the lastest
release of this libraries , but it fails again




Regards




2013/6/18 Jose María Zaragoza <de...@gmail.com>

>
> Hello:
>
> I've crossposted this email to WSS4J mailist, but I know a lot of CXF
> users use WSS4J for WS-Security implementation, so I hope someone can help
> me.
>
>
> I'm using WSS4J with Apache CXF 2.7.3, for signing SOAP messages
> So, I'm using WSS4J 1.6.9
>
> These SOAP messages are sent by my WAR application to a remote webservice
>
> When I redeploy my WAR into Tomcat server *without restart it*  , I always
> get the next exception:
>
> Caused by: org.apache.ws.security.WSSecurityException: Error during
> Signature:
>  at
> org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:105)
> ~[wss4j-1.6.9.jar:1.6.9]
> at
> org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:230)
> ~[wss4j-1.6.9.jar:1.6.9]
>  at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52)
> ~[cxf-rt-ws-security-2.7.3.jar:2.7.3]
> at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:260)
> ~[cxf-rt-ws-security-2.7.3.jar:2.7.3]
>  at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:136)
> ~[cxf-rt-ws-security-2.7.3.jar:2.7.3]
>  at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
> [cxf-api-2.7.3.jar:2.7.3]
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530)
> ~[cxf-api-2.7.3.jar:2.7.3]
>  at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> ~[cxf-api-2.7.3.jar:2.7.3]
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> ~[cxf-api-2.7.3.jar:2.7.3]
>  at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> ~[cxf-api-2.7.3.jar:2.7.3]
> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> ~[cxf-rt-frontend-simple-2.7.3.jar:2.7.3]
>  at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:133)
> ~[cxf-rt-frontend-jaxws-2.7.3.jar:2.7.3]
> ... 41 common frames omitted
> Caused by: org.apache.ws.security.WSSecurityException: Signature creation
> failed
> at
> org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:558)
> ~[wss4j-1.6.9.jar:1.6.9]
>  at
> org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:99)
> ~[wss4j-1.6.9.jar:1.6.9]
> ... 52 common frames omitted
> Caused by: java.lang.NullPointerException: null
> at
> org.apache.jcp.xml.dsig.internal.dom.DOMReference.marshal(DOMReference.java:297)
> ~[xmlsec-1.5.3.jar:1.5.3]
>  at
> org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo.marshal(DOMSignedInfo.java:268)
> ~[xmlsec-1.5.3.jar:1.5.3]
> at
> org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.marshal(DOMXMLSignature.java:216)
> ~[xmlsec-1.5.3.jar:1.5.3]
>  at
> org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:329)
> ~[xmlsec-1.5.3.jar:1.5.3]
> at
> org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:553)
> ~[wss4j-1.6.9.jar:1.6.9]
>  ... 53 common frames omitted
>
>
> Any idea ?
> I've to restart Tomcat server and all works fine again
> Looks like a leak
>
> When fails, if  I enable debug logging level, I don't see the the log
> message in DOMReference.java , line 297
>
> if (log.isDebugEnabled())
> {
>   log.debug("Marshalling Reference");
>
>  }
>
> When I restart Tomcat, this log message is shown
>
> My CXF client configuration is
>
> <http-conf:conduit name="https://.*">
>      <http-conf:tlsClientParameters>
>       <sec:trustManagers>
>               <sec:keyStore type="JKS" password="xxx"
> resource="truststore.jks"/>
>           </sec:trustManagers>
>      </http-conf:tlsClientParameters>
>        <http-conf:client ConnectionTimeout="5000" ReceiveTimeout="10000" />
>     </http-conf:conduit>
>
> <jaxws:outInterceptors>
> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
>          <constructor-arg>
>             <map>
>                 <entry key="action" value="Signature"/>
>                 <entry key="user" value="xxx"/>
>                 <entry key="signatureUser" value="xxxx"/>
>                 <entry key="passwordCallbackClass"
> value="com.test.KeystorePasswordCallback"/>
>                 <entry key="signaturePropFile"
> value="keystore.properties"/>
>                 <entry key="signatureKeyIdentifier"
> value="DirectReference"/>
>                 <entry key="signatureAlgorithm" value="
> http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>                 <entry key="sigCanonicalization" value="
> http://www.w3.org/2001/10/xml-exc-c14n#"/>
>                 <entry key="signatureDigestAlgorithm" value="
> http://www.w3.org/2000/09/xmldsig#sha1"/>
>              </map>
>         </constructor-arg>
>         </bean>
> </jaxws:outInterceptors>
>
> </jaxws:client>
>