You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by yulinxp <yu...@gmail.com> on 2008/02/04 22:08:53 UTC
WebSecurity error when using Simple Frontend / Aegis binding
Web Security works for my example A, using JAX-WS Frontend / JAXB binding.
If client sets the wrong password, server will return "Security processing
failed." to the client.
Now I want to add WebSecurity to another example B, using Simple Frontend /
Aegis binding.
I use the same ServerPasswordCallback & ClientPasswordCallback as in example
A.
My xml is like this:
<simple:server id="helloWorld" serviceClass="demo.spring.HelloWorld"
address="/ServerEndPoint">
<simple:dataBinding>
<bean class="org.apache.cxf.aegis.databinding.AegisDatabinding" />
</simple:dataBinding>
<simple:serviceBean>
<bean class="demo.spring.HelloWorldImpl" />
</simple:serviceBean>
<simple:inInterceptors>
<bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"/>
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<property name="properties">
<!-- constructor-arg -->
<map>
<entry key="action" value="UsernameToken"/>
<entry key="passwordType" value="PasswordDigest" />
<entry key="passwordCallbackClass"
value="demo.spring.security.ServerPasswordCallback"/>
</map>
<!-- constructor-arg -->
</property>
</bean>
</simple:inInterceptors>
</simple:server>
If client sets the password right, everything is fine. But if client sets
the wrong password,
server tomcat will have the following exception. And because of it, the
client doesn't receive any response,
and the client will have something like
Caused by: com.ctc.wstx.exc.WstxEOFException: Unexpected EOF in prolog
at [row,col {unknown-source}]: [1,0]
///////tomcat CXF server exception
INFO: Interceptor has thrown exception, unwinding now
java.lang.NullPointerException
at
org.apache.cxf.interceptor.FaultOutInterceptor.getFaultForClass(FaultOutInterceptor.java:
128)
at
org.apache.cxf.interceptor.FaultOutInterceptor.handleMessage(FaultOutInterceptor.java:61)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:207)
at
org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultCha
inInitiatorObserver.java:90)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:224)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:7
3)
at
org.apache.cxf.transport.servlet.ServletDestination.doMessage(ServletDestination.java:79)
at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.ja
va:256)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
at
org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:170)
at
org.apache.cxf.transport.servlet.AbstractCXFServlet.doPost(AbstractCXFServlet.java:148)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j
ava:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:263)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.ja
va:584)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:595)
What's working for JAX-WS Frontend / JAXB binding does not work for Simple
Frontend / Aegis binding.
Is there anything wrong with my xml? How to fix it?
--
View this message in context: http://www.nabble.com/WebSecurity-error-when-using-Simple-Frontend---Aegis-binding-tp15277618p15277618.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: WebSecurity error when using Simple Frontend / Aegis binding
Posted by Daniel Kulp <dk...@apache.org>.
Interesting issue. Definitely a bug in the FaultOutInterceptor. It
should definitely be able to work OK if the bop is null. Basically,
just return if no BOP should be the right behavior.
Basically, with JAXWS, we have to look at the incoming SOAP message
earlier to deterine the operation information so by the time the WS
security stuff is called, the BOP may be filled in. With simple, we
probably don't so it's not there yet. (it may also have to do with
SOAPAction things as we may be grabbing the BOP based on a unique
soapaction)
The only workaround I can think of right now is to write an interceptor
that would sit just before the FaultOutInterceptor and checks to see if
the bop is null. If it is, grab the service out of the
message/exchange and just pick a random one to make sure the NPE doesn't
occur.
Dan
On Monday 04 February 2008, yulinxp wrote:
> Looking at src for FaultOutInterceptor.java, BindingOperationInfo op
> is null! This only happens for Simple Frontend/Aegis binding, not for
> JAX-WS Frontend/JAXB binding.
> Is there a way to let it work? I am using cxf-2.0.3.
>
>
> public FaultInfo getFaultForClass(BindingOperationInfo op, Class
> class1) { for (BindingFaultInfo bfi : op.getFaults()) {
>
> FaultInfo faultInfo = bfi.getFaultInfo();
> Class<?> c =
> (Class)faultInfo.getProperty(Class.class.getName());
> if (c.isAssignableFrom(class1)) {
> return faultInfo;
> }
> }
>
> return null;
> }
>
> -----------------------------------
>
> ///////tomcat CXF server exception
>
> INFO: Interceptor has thrown exception, unwinding now
> java.lang.NullPointerException
> at
> org.apache.cxf.interceptor.FaultOutInterceptor.getFaultForClass(FaultO
>utInterceptor.java: 128)
> at
> org.apache.cxf.interceptor.FaultOutInterceptor.handleMessage(FaultOutI
>nterceptor.java:61)
>
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIntercepto
>rChain.java:207) at
> org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessa
>ge(AbstractFaultCha inInitiatorObserver.java:90)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIntercepto
>rChain.java:224) at
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitia
>tionObserver.java:7 3)
> at
> org.apache.cxf.transport.servlet.ServletDestination.doMessage(ServletD
>estination.java:79)
>
> at
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(S
>ervletController.ja va:256)
> at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletContr
>oller.java:160) at
> org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXF
>Servlet.java:170) at
> org.apache.cxf.transport.servlet.AbstractCXFServlet.doPost(AbstractCXF
>Servlet.java:148) at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:710) at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
>cationFilterChain.j ava:290)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
>lterChain.java:206)
>
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperVa
>lve.java:233) at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextVa
>lve.java:175) at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.ja
>va:128) at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.ja
>va:102) at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValv
>e.java:109) at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java
>:263) at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:
>844) at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.proces
>s(Http11Protocol.ja va:584)
> at
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447
>) at java.lang.Thread.run(Thread.java:595)
>
> What's working for JAX-WS Frontend / JAXB binding does not work for
> Simple Frontend / Aegis binding.
> Is there anything wrong with my xml? How to fix it?
--
J. Daniel Kulp
Principal Engineer, IONA
dkulp@apache.org
http://www.dankulp.com/blog
Re: WebSecurity error when using Simple Frontend / Aegis binding
Posted by yulinxp <yu...@gmail.com>.
But the exception is thrown in
UsernameTokenProcessor.handleUsernameToken()
throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION);
-------------------------
willem.jiang wrote:
>
>
> Hi ,
>
> There are some difference between the simple front end and jaxws front
> end to detail with the fault message.
>
> The WebFault annotation will take effect when you are using the jaxws
> front end ,
> but when you using simple front you need let the exception class
> inherit the org.apache.cxf.frontend.FaultInfoException class.
>
> You can find some more information by digging the
> RefactionServiceFactoryBean [1] 's initializeFaults() method.
>
> [1]
> https://svn.apache.org/repos/asf/incubator/cxf/trunk/rt/frontend/simple/src/main/java/org/apache/cxf/service/factory/ReflectionServiceFactoryBean.java
>
> Willem.
>
> yulinxp wrote:
>> Looking at src for FaultOutInterceptor.java, BindingOperationInfo op is
>> null!
>> This only happens for Simple Frontend/Aegis binding, not for JAX-WS
>> Frontend/JAXB binding.
>> Is there a way to let it work? I am using cxf-2.0.3.
>>
>>
>> public FaultInfo getFaultForClass(BindingOperationInfo op, Class
>> class1) {
>> for (BindingFaultInfo bfi : op.getFaults()) {
>>
>> FaultInfo faultInfo = bfi.getFaultInfo();
>> Class<?> c =
>> (Class)faultInfo.getProperty(Class.class.getName());
>> if (c.isAssignableFrom(class1)) {
>> return faultInfo;
>> }
>> }
>>
>> return null;
>> }
>>
>> -----------------------------------
>>
>> ///////tomcat CXF server exception
>>
>> INFO: Interceptor has thrown exception, unwinding now
>> java.lang.NullPointerException
>> at
>> org.apache.cxf.interceptor.FaultOutInterceptor.getFaultForClass(FaultOutInterceptor.java:
>> 128)
>> at
>> org.apache.cxf.interceptor.FaultOutInterceptor.handleMessage(FaultOutInterceptor.java:61)
>>
>> at
>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:207)
>> at
>> org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultCha
>> inInitiatorObserver.java:90)
>> at
>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:224)
>> at
>> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:7
>> 3)
>> at
>> org.apache.cxf.transport.servlet.ServletDestination.doMessage(ServletDestination.java:79)
>>
>> at
>> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.ja
>> va:256)
>> at
>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
>> at
>> org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:170)
>> at
>> org.apache.cxf.transport.servlet.AbstractCXFServlet.doPost(AbstractCXFServlet.java:148)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j
>> ava:290)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>
>> at
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>> at
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
>> at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
>> at
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>> at
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>> at
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:263)
>> at
>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
>> at
>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.ja
>> va:584)
>> at
>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>> at java.lang.Thread.run(Thread.java:595)
>>
>> What's working for JAX-WS Frontend / JAXB binding does not work for
>> Simple
>> Frontend / Aegis binding.
>> Is there anything wrong with my xml? How to fix it?
>>
>>
>>
>
>
>
--
View this message in context: http://www.nabble.com/WebSecurity-error-when-using-Simple-Frontend---Aegis-binding-tp15277618p15291433.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: WebSecurity error when using Simple Frontend / Aegis binding
Posted by Willem Jiang <wi...@gmail.com>.
Hi ,
There are some difference between the simple front end and jaxws front
end to detail with the fault message.
The WebFault annotation will take effect when you are using the jaxws
front end ,
but when you using simple front you need let the exception class
inherit the org.apache.cxf.frontend.FaultInfoException class.
You can find some more information by digging the
RefactionServiceFactoryBean [1] 's initializeFaults() method.
[1]
https://svn.apache.org/repos/asf/incubator/cxf/trunk/rt/frontend/simple/src/main/java/org/apache/cxf/service/factory/ReflectionServiceFactoryBean.java
Willem.
yulinxp wrote:
> Looking at src for FaultOutInterceptor.java, BindingOperationInfo op is null!
> This only happens for Simple Frontend/Aegis binding, not for JAX-WS
> Frontend/JAXB binding.
> Is there a way to let it work? I am using cxf-2.0.3.
>
>
> public FaultInfo getFaultForClass(BindingOperationInfo op, Class class1) {
> for (BindingFaultInfo bfi : op.getFaults()) {
>
> FaultInfo faultInfo = bfi.getFaultInfo();
> Class<?> c =
> (Class)faultInfo.getProperty(Class.class.getName());
> if (c.isAssignableFrom(class1)) {
> return faultInfo;
> }
> }
>
> return null;
> }
>
> -----------------------------------
>
> ///////tomcat CXF server exception
>
> INFO: Interceptor has thrown exception, unwinding now
> java.lang.NullPointerException
> at
> org.apache.cxf.interceptor.FaultOutInterceptor.getFaultForClass(FaultOutInterceptor.java:
> 128)
> at
> org.apache.cxf.interceptor.FaultOutInterceptor.handleMessage(FaultOutInterceptor.java:61)
>
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:207)
> at
> org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultCha
> inInitiatorObserver.java:90)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:224)
> at
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:7
> 3)
> at
> org.apache.cxf.transport.servlet.ServletDestination.doMessage(ServletDestination.java:79)
>
> at
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.ja
> va:256)
> at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
> at
> org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:170)
> at
> org.apache.cxf.transport.servlet.AbstractCXFServlet.doPost(AbstractCXFServlet.java:148)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j
> ava:290)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:263)
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.ja
> va:584)
> at
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Thread.java:595)
>
> What's working for JAX-WS Frontend / JAXB binding does not work for Simple
> Frontend / Aegis binding.
> Is there anything wrong with my xml? How to fix it?
>
>
>
Re: WebSecurity error when using Simple Frontend / Aegis binding
Posted by yulinxp <yu...@gmail.com>.
Looking at src for FaultOutInterceptor.java, BindingOperationInfo op is null!
This only happens for Simple Frontend/Aegis binding, not for JAX-WS
Frontend/JAXB binding.
Is there a way to let it work? I am using cxf-2.0.3.
public FaultInfo getFaultForClass(BindingOperationInfo op, Class class1) {
for (BindingFaultInfo bfi : op.getFaults()) {
FaultInfo faultInfo = bfi.getFaultInfo();
Class<?> c =
(Class)faultInfo.getProperty(Class.class.getName());
if (c.isAssignableFrom(class1)) {
return faultInfo;
}
}
return null;
}
-----------------------------------
///////tomcat CXF server exception
INFO: Interceptor has thrown exception, unwinding now
java.lang.NullPointerException
at
org.apache.cxf.interceptor.FaultOutInterceptor.getFaultForClass(FaultOutInterceptor.java:
128)
at
org.apache.cxf.interceptor.FaultOutInterceptor.handleMessage(FaultOutInterceptor.java:61)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:207)
at
org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultCha
inInitiatorObserver.java:90)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:224)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:7
3)
at
org.apache.cxf.transport.servlet.ServletDestination.doMessage(ServletDestination.java:79)
at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.ja
va:256)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
at
org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:170)
at
org.apache.cxf.transport.servlet.AbstractCXFServlet.doPost(AbstractCXFServlet.java:148)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j
ava:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:263)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.ja
va:584)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:595)
What's working for JAX-WS Frontend / JAXB binding does not work for Simple
Frontend / Aegis binding.
Is there anything wrong with my xml? How to fix it?
--
View this message in context: http://www.nabble.com/WebSecurity-error-when-using-Simple-Frontend---Aegis-binding-tp15277618p15278251.html
Sent from the cxf-user mailing list archive at Nabble.com.