You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Tim Williams <wi...@gmail.com> on 2008/06/27 13:53:17 UTC
Rampart/Rahas problems
So I've essentially taken Rampart sample6 and split it across three
machines with my own web service instead of SimpleService. Here's
what happens:
1) client makes Mex request to Service : Service responds.
2) Client makes token request to STS - STS responds
3) Client attempts to make the actual call the Service.
Service then responds with "axisFault: Missing wsse:Security header in request"
The server logs show something different:
ERROR org.apache.ws.security.components.crypto.CryptoFactory -
Unable to instantiate (1):
org.apache.ws.security.components.crypto.Merlin
java.lang.reflect.InvocationTargetException
So, I checked and made sure I had BouncyCastle jar in lib directory.
I check that security provider is updated (though I haven't a clue why
i'm doing this). And, now, I've run out of things to check. i'd
appreciate any help.
Thanks,
--tim
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: Rampart/Rahas problems
Posted by Nandana Mihindukulasooriya <na...@gmail.com>.
I still think the issue is boncycastle not being picked up as the JCE
provider. Please check
http://issues.apache.org/jira/browse/WSS-99
http://issues.apache.org/jira/browse/WSS-82
thanks,
nandana
On Fri, Jun 27, 2008 at 8:05 PM, Tim Williams <wi...@gmail.com> wrote:
> On Fri, Jun 27, 2008 at 9:48 AM, Tim Williams <wi...@gmail.com>
> wrote:
> > On Fri, Jun 27, 2008 at 7:53 AM, Tim Williams <wi...@gmail.com>
> wrote:
> >> So I've essentially taken Rampart sample6 and split it across three
> >> machines with my own web service instead of SimpleService. Here's
> >> what happens:
> >>
> >> 1) client makes Mex request to Service : Service responds.
> >>
> >> 2) Client makes token request to STS - STS responds
> >>
> >> 3) Client attempts to make the actual call the Service.
> >>
> >> Service then responds with "axisFault: Missing wsse:Security header in
> request"
> >>
> >> The server logs show something different:
> >>
> >> ERROR org.apache.ws.security.components.crypto.CryptoFactory -
> >> Unable to instantiate (1):
> >> org.apache.ws.security.components.crypto.Merlin
> >> java.lang.reflect.InvocationTargetException
> >>
> >> So, I checked and made sure I had BouncyCastle jar in lib directory.
> >> I check that security provider is updated (though I haven't a clue why
> >> i'm doing this). And, now, I've run out of things to check. i'd
> >> appreciate any help.
> >
> > This one turned out to be a keystore problem. Need to always double
> > check their locations! Anyway, so I've gotten a bit further and now
> > get another exception.
> >
> > 2008-06-27 09:39:20,915 [http-8080-1] ERROR
> > org.apache.axis2.transport.http.AxisServlet -
> > java.lang.NoClassDefFoundError
> > at javax.crypto.Cipher.getInstance(DashoA12275)
> >
> > Google turns up several references to this problem and they all lead
> > back to the bouncy castle/java.security thing. I have double checked
> > that. One thing about my environment is that it's Solaris, and the
> > apps are being run from different zones. I made the java.security
> > change in the global zone and when I log into each zone it seems the
> > settings are indeed there. The thing is, the STS (also in a zone) is
> > having no trouble issuing/signing tokens and it's under the same
> > configuration. I'll keep poking around but would greatly appreciate
> > any pointers.
>
> It turns out the exception is what i get after the first failed call
> after a restart. I halt/boot the zone and attempt it and I get the
> exception below. After the initial exception, subsequent calls give
> me the NoClassDefFoundError as I describe above.
>
>
> java.lang.ExceptionInInitializerError
> at javax.crypto.Cipher.getInstance(DashoA12275)
> at
> org.apache.ws.security.util.WSSecurityUtil.getCipherInstance(WSSecurityUtil.java:677)
> ...
> at java.lang.Thread.run(Thread.java:595)
> Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
> at javax.crypto.SunJCE_b.<clinit>(DashoA12275)
> ... 29 more
> Caused by: java.security.PrivilegedActionException:
> java.security.InvalidKeyException: Public key presented not for
> certificate signature
> at java.security.AccessController.doPrivileged(Native Method)
> ... 30 more
> Caused by: java.security.InvalidKeyException: Public key presented not
> for certificate signature
> ...
> at javax.crypto.SunJCE_r.run(DashoA12275)
>
> Any clues?
> Thanks,
> --tim
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
Re: Rampart/Rahas problems
Posted by Tim Williams <wi...@gmail.com>.
On Fri, Jun 27, 2008 at 9:48 AM, Tim Williams <wi...@gmail.com> wrote:
> On Fri, Jun 27, 2008 at 7:53 AM, Tim Williams <wi...@gmail.com> wrote:
>> So I've essentially taken Rampart sample6 and split it across three
>> machines with my own web service instead of SimpleService. Here's
>> what happens:
>>
>> 1) client makes Mex request to Service : Service responds.
>>
>> 2) Client makes token request to STS - STS responds
>>
>> 3) Client attempts to make the actual call the Service.
>>
>> Service then responds with "axisFault: Missing wsse:Security header in request"
>>
>> The server logs show something different:
>>
>> ERROR org.apache.ws.security.components.crypto.CryptoFactory -
>> Unable to instantiate (1):
>> org.apache.ws.security.components.crypto.Merlin
>> java.lang.reflect.InvocationTargetException
>>
>> So, I checked and made sure I had BouncyCastle jar in lib directory.
>> I check that security provider is updated (though I haven't a clue why
>> i'm doing this). And, now, I've run out of things to check. i'd
>> appreciate any help.
>
> This one turned out to be a keystore problem. Need to always double
> check their locations! Anyway, so I've gotten a bit further and now
> get another exception.
>
> 2008-06-27 09:39:20,915 [http-8080-1] ERROR
> org.apache.axis2.transport.http.AxisServlet -
> java.lang.NoClassDefFoundError
> at javax.crypto.Cipher.getInstance(DashoA12275)
>
> Google turns up several references to this problem and they all lead
> back to the bouncy castle/java.security thing. I have double checked
> that. One thing about my environment is that it's Solaris, and the
> apps are being run from different zones. I made the java.security
> change in the global zone and when I log into each zone it seems the
> settings are indeed there. The thing is, the STS (also in a zone) is
> having no trouble issuing/signing tokens and it's under the same
> configuration. I'll keep poking around but would greatly appreciate
> any pointers.
It turns out the exception is what i get after the first failed call
after a restart. I halt/boot the zone and attempt it and I get the
exception below. After the initial exception, subsequent calls give
me the NoClassDefFoundError as I describe above.
java.lang.ExceptionInInitializerError
at javax.crypto.Cipher.getInstance(DashoA12275)
at org.apache.ws.security.util.WSSecurityUtil.getCipherInstance(WSSecurityUtil.java:677)
...
at java.lang.Thread.run(Thread.java:595)
Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
at javax.crypto.SunJCE_b.<clinit>(DashoA12275)
... 29 more
Caused by: java.security.PrivilegedActionException:
java.security.InvalidKeyException: Public key presented not for
certificate signature
at java.security.AccessController.doPrivileged(Native Method)
... 30 more
Caused by: java.security.InvalidKeyException: Public key presented not
for certificate signature
...
at javax.crypto.SunJCE_r.run(DashoA12275)
Any clues?
Thanks,
--tim
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: Rampart/Rahas problems
Posted by Tim Williams <wi...@gmail.com>.
On Fri, Jun 27, 2008 at 7:53 AM, Tim Williams <wi...@gmail.com> wrote:
> So I've essentially taken Rampart sample6 and split it across three
> machines with my own web service instead of SimpleService. Here's
> what happens:
>
> 1) client makes Mex request to Service : Service responds.
>
> 2) Client makes token request to STS - STS responds
>
> 3) Client attempts to make the actual call the Service.
>
> Service then responds with "axisFault: Missing wsse:Security header in request"
>
> The server logs show something different:
>
> ERROR org.apache.ws.security.components.crypto.CryptoFactory -
> Unable to instantiate (1):
> org.apache.ws.security.components.crypto.Merlin
> java.lang.reflect.InvocationTargetException
>
> So, I checked and made sure I had BouncyCastle jar in lib directory.
> I check that security provider is updated (though I haven't a clue why
> i'm doing this). And, now, I've run out of things to check. i'd
> appreciate any help.
This one turned out to be a keystore problem. Need to always double
check their locations! Anyway, so I've gotten a bit further and now
get another exception.
2008-06-27 09:39:20,915 [http-8080-1] ERROR
org.apache.axis2.transport.http.AxisServlet -
java.lang.NoClassDefFoundError
at javax.crypto.Cipher.getInstance(DashoA12275)
Google turns up several references to this problem and they all lead
back to the bouncy castle/java.security thing. I have double checked
that. One thing about my environment is that it's Solaris, and the
apps are being run from different zones. I made the java.security
change in the global zone and when I log into each zone it seems the
settings are indeed there. The thing is, the STS (also in a zone) is
having no trouble issuing/signing tokens and it's under the same
configuration. I'll keep poking around but would greatly appreciate
any pointers.
Thanks,
--tim
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org