You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ws.apache.org by "Ivica Loncar (JIRA)" <ji...@apache.org> on 2012/10/29 16:40:12 UTC
[jira] [Created] (WSS-410) Reduce dependency on xmlsec library
Ivica Loncar created WSS-410:
--------------------------------
Summary: Reduce dependency on xmlsec library
Key: WSS-410
URL: https://issues.apache.org/jira/browse/WSS-410
Project: WSS4J
Issue Type: Sub-task
Components: WSS4J Core
Affects Versions: 1.6.7
Environment: WAS 8.5
Reporter: Ivica Loncar
Assignee: Colm O hEigeartaigh
I've replaced static call to the org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI with
addJceProvider("ApacheXMLDSig", "org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI");
but there is another dependency. Namely, setXmlSecIgnoreLineBreak initializes org.apache.xml.security.Init
Of course I've got: java.lang.NoClassDefFoundError: org.apache.xml.security.Init
Since I don't want to use org.apache.xml.security but IBM provided classes I have added another option useApacheXmlSecurity. It is modeled after addJceProviders.
Afterwards I have met another issue:
29.10.12. 16:32:39:512 CET] 0000029a servlet E com.ibm.ws.webcontainer.servlet.ServletWrapper service Uncaught service() exception thrown by servlet InvestFundsServlet: java.lang.NoClassDefFoundError: org.apache.xml.security.utils.RFC2253Parser
at org.apache.ws.security.message.token.DOMX509IssuerSerial.<init>(DOMX509IssuerSerial.java:76)
at org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:221)
at org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:69)
at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:230)
at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52)
at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:260)
at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:136)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
...
Caused by: java.lang.ClassNotFoundException: org.apache.xml.security.utils.RFC2253Parser
at java.net.URLClassLoader.findClass(URLClassLoader.java:434)
This is an isolated utility class which can be safely transfered to project.
After I have copied org.apache.xml.security.utils.RFC2253Parser from Santuario I was able to invoke web service that required signed request using CXF client running on IBM WAS 8.5 without adding extra JCE providers.
All I had to do is creat servlet listener that enabled two properties in question:
WSSConfig.setUseApacheXmlSecurity(false);
WSSConfig.setAddJceProviders(false);
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[jira] [Updated] (WSS-410) Reduce dependency on xmlsec library
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-410?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh updated WSS-410:
------------------------------------
Fix Version/s: 1.6.8
> Reduce dependency on xmlsec library
> -----------------------------------
>
> Key: WSS-410
> URL: https://issues.apache.org/jira/browse/WSS-410
> Project: WSS4J
> Issue Type: Sub-task
> Components: WSS4J Core
> Affects Versions: 1.6.7
> Environment: WAS 8.5
> Reporter: Ivica Loncar
> Assignee: Colm O hEigeartaigh
> Labels: santuario, was, websphere, xmlsec
> Fix For: 1.6.8
>
> Attachments: wss4j_patch.diff
>
> Original Estimate: 2h
> Remaining Estimate: 2h
>
> I've replaced static call to the org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI with
> addJceProvider("ApacheXMLDSig", "org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI");
> but there is another dependency. Namely, setXmlSecIgnoreLineBreak initializes org.apache.xml.security.Init
> Of course I've got: java.lang.NoClassDefFoundError: org.apache.xml.security.Init
> Since I don't want to use org.apache.xml.security but IBM provided classes I have added another option useApacheXmlSecurity. It is modeled after addJceProviders.
> Afterwards I have met another issue:
> 29.10.12. 16:32:39:512 CET] 0000029a servlet E com.ibm.ws.webcontainer.servlet.ServletWrapper service Uncaught service() exception thrown by servlet InvestFundsServlet: java.lang.NoClassDefFoundError: org.apache.xml.security.utils.RFC2253Parser
> at org.apache.ws.security.message.token.DOMX509IssuerSerial.<init>(DOMX509IssuerSerial.java:76)
> at org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:221)
> at org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:69)
> at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:230)
> at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52)
> at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:260)
> at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:136)
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
> ...
> Caused by: java.lang.ClassNotFoundException: org.apache.xml.security.utils.RFC2253Parser
> at java.net.URLClassLoader.findClass(URLClassLoader.java:434)
> This is an isolated utility class which can be safely transfered to project.
> After I have copied org.apache.xml.security.utils.RFC2253Parser from Santuario I was able to invoke web service that required signed request using CXF client running on IBM WAS 8.5 without adding extra JCE providers.
> All I had to do is creat servlet listener that enabled two properties in question:
> WSSConfig.setUseApacheXmlSecurity(false);
> WSSConfig.setAddJceProviders(false);
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[jira] [Commented] (WSS-410) Reduce dependency on xmlsec library
Posted by "Ivica Loncar (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-410?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13486857#comment-13486857 ]
Ivica Loncar commented on WSS-410:
----------------------------------
Hi,
Signing works.
OTOH it fails if I use IBM provided SAAJ. I don't have time to trace this issue right now so I have just bundled servicemix bundle with my app.
I don't have a ready example that tests encryption, but quick grep shows that some classes used in the process rely on org.apache.xml.security and I feel that (de/en)cryption would fail.
Btw. Is there a plan/work in progress for WSS4J to completely rely on JSR-105 API?
> Reduce dependency on xmlsec library
> -----------------------------------
>
> Key: WSS-410
> URL: https://issues.apache.org/jira/browse/WSS-410
> Project: WSS4J
> Issue Type: Sub-task
> Components: WSS4J Core
> Affects Versions: 1.6.7
> Environment: WAS 8.5
> Reporter: Ivica Loncar
> Assignee: Colm O hEigeartaigh
> Labels: santuario, was, websphere, xmlsec
> Fix For: 1.6.8
>
> Attachments: wss4j_patch.diff
>
> Original Estimate: 2h
> Remaining Estimate: 2h
>
> I've replaced static call to the org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI with
> addJceProvider("ApacheXMLDSig", "org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI");
> but there is another dependency. Namely, setXmlSecIgnoreLineBreak initializes org.apache.xml.security.Init
> Of course I've got: java.lang.NoClassDefFoundError: org.apache.xml.security.Init
> Since I don't want to use org.apache.xml.security but IBM provided classes I have added another option useApacheXmlSecurity. It is modeled after addJceProviders.
> Afterwards I have met another issue:
> 29.10.12. 16:32:39:512 CET] 0000029a servlet E com.ibm.ws.webcontainer.servlet.ServletWrapper service Uncaught service() exception thrown by servlet InvestFundsServlet: java.lang.NoClassDefFoundError: org.apache.xml.security.utils.RFC2253Parser
> at org.apache.ws.security.message.token.DOMX509IssuerSerial.<init>(DOMX509IssuerSerial.java:76)
> at org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:221)
> at org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:69)
> at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:230)
> at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52)
> at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:260)
> at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:136)
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
> ...
> Caused by: java.lang.ClassNotFoundException: org.apache.xml.security.utils.RFC2253Parser
> at java.net.URLClassLoader.findClass(URLClassLoader.java:434)
> This is an isolated utility class which can be safely transfered to project.
> After I have copied org.apache.xml.security.utils.RFC2253Parser from Santuario I was able to invoke web service that required signed request using CXF client running on IBM WAS 8.5 without adding extra JCE providers.
> All I had to do is creat servlet listener that enabled two properties in question:
> WSSConfig.setUseApacheXmlSecurity(false);
> WSSConfig.setAddJceProviders(false);
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[jira] [Commented] (WSS-410) Reduce dependency on xmlsec library
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-410?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13486773#comment-13486773 ]
Colm O hEigeartaigh commented on WSS-410:
-----------------------------------------
Hi,
I have applied a modified version of your patch. I have not added an extra "useApacheXMLSecurity" flag to WSSConfig, but instead just placed the call to set the line breaks inside the "addJCEProviders" flag. Could you try with a SNAPSHOT version and let me know if it works?
Colm.
> Reduce dependency on xmlsec library
> -----------------------------------
>
> Key: WSS-410
> URL: https://issues.apache.org/jira/browse/WSS-410
> Project: WSS4J
> Issue Type: Sub-task
> Components: WSS4J Core
> Affects Versions: 1.6.7
> Environment: WAS 8.5
> Reporter: Ivica Loncar
> Assignee: Colm O hEigeartaigh
> Labels: santuario, was, websphere, xmlsec
> Fix For: 1.6.8
>
> Attachments: wss4j_patch.diff
>
> Original Estimate: 2h
> Remaining Estimate: 2h
>
> I've replaced static call to the org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI with
> addJceProvider("ApacheXMLDSig", "org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI");
> but there is another dependency. Namely, setXmlSecIgnoreLineBreak initializes org.apache.xml.security.Init
> Of course I've got: java.lang.NoClassDefFoundError: org.apache.xml.security.Init
> Since I don't want to use org.apache.xml.security but IBM provided classes I have added another option useApacheXmlSecurity. It is modeled after addJceProviders.
> Afterwards I have met another issue:
> 29.10.12. 16:32:39:512 CET] 0000029a servlet E com.ibm.ws.webcontainer.servlet.ServletWrapper service Uncaught service() exception thrown by servlet InvestFundsServlet: java.lang.NoClassDefFoundError: org.apache.xml.security.utils.RFC2253Parser
> at org.apache.ws.security.message.token.DOMX509IssuerSerial.<init>(DOMX509IssuerSerial.java:76)
> at org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:221)
> at org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:69)
> at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:230)
> at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52)
> at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:260)
> at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:136)
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
> ...
> Caused by: java.lang.ClassNotFoundException: org.apache.xml.security.utils.RFC2253Parser
> at java.net.URLClassLoader.findClass(URLClassLoader.java:434)
> This is an isolated utility class which can be safely transfered to project.
> After I have copied org.apache.xml.security.utils.RFC2253Parser from Santuario I was able to invoke web service that required signed request using CXF client running on IBM WAS 8.5 without adding extra JCE providers.
> All I had to do is creat servlet listener that enabled two properties in question:
> WSSConfig.setUseApacheXmlSecurity(false);
> WSSConfig.setAddJceProviders(false);
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[jira] [Closed] (WSS-410) Reduce dependency on xmlsec library
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-410?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh closed WSS-410.
-----------------------------------
> Reduce dependency on xmlsec library
> -----------------------------------
>
> Key: WSS-410
> URL: https://issues.apache.org/jira/browse/WSS-410
> Project: WSS4J
> Issue Type: Sub-task
> Components: WSS4J Core
> Affects Versions: 1.6.7
> Environment: WAS 8.5
> Reporter: Ivica Loncar
> Assignee: Colm O hEigeartaigh
> Labels: santuario, was, websphere, xmlsec
> Fix For: 1.6.8
>
> Attachments: wss4j_patch.diff
>
> Original Estimate: 2h
> Remaining Estimate: 2h
>
> I've replaced static call to the org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI with
> addJceProvider("ApacheXMLDSig", "org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI");
> but there is another dependency. Namely, setXmlSecIgnoreLineBreak initializes org.apache.xml.security.Init
> Of course I've got: java.lang.NoClassDefFoundError: org.apache.xml.security.Init
> Since I don't want to use org.apache.xml.security but IBM provided classes I have added another option useApacheXmlSecurity. It is modeled after addJceProviders.
> Afterwards I have met another issue:
> 29.10.12. 16:32:39:512 CET] 0000029a servlet E com.ibm.ws.webcontainer.servlet.ServletWrapper service Uncaught service() exception thrown by servlet InvestFundsServlet: java.lang.NoClassDefFoundError: org.apache.xml.security.utils.RFC2253Parser
> at org.apache.ws.security.message.token.DOMX509IssuerSerial.<init>(DOMX509IssuerSerial.java:76)
> at org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:221)
> at org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:69)
> at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:230)
> at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52)
> at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:260)
> at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:136)
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
> ...
> Caused by: java.lang.ClassNotFoundException: org.apache.xml.security.utils.RFC2253Parser
> at java.net.URLClassLoader.findClass(URLClassLoader.java:434)
> This is an isolated utility class which can be safely transfered to project.
> After I have copied org.apache.xml.security.utils.RFC2253Parser from Santuario I was able to invoke web service that required signed request using CXF client running on IBM WAS 8.5 without adding extra JCE providers.
> All I had to do is creat servlet listener that enabled two properties in question:
> WSSConfig.setUseApacheXmlSecurity(false);
> WSSConfig.setAddJceProviders(false);
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[jira] [Resolved] (WSS-410) Reduce dependency on xmlsec library
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-410?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh resolved WSS-410.
-------------------------------------
Resolution: Fixed
> Reduce dependency on xmlsec library
> -----------------------------------
>
> Key: WSS-410
> URL: https://issues.apache.org/jira/browse/WSS-410
> Project: WSS4J
> Issue Type: Sub-task
> Components: WSS4J Core
> Affects Versions: 1.6.7
> Environment: WAS 8.5
> Reporter: Ivica Loncar
> Assignee: Colm O hEigeartaigh
> Labels: santuario, was, websphere, xmlsec
> Fix For: 1.6.8
>
> Attachments: wss4j_patch.diff
>
> Original Estimate: 2h
> Remaining Estimate: 2h
>
> I've replaced static call to the org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI with
> addJceProvider("ApacheXMLDSig", "org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI");
> but there is another dependency. Namely, setXmlSecIgnoreLineBreak initializes org.apache.xml.security.Init
> Of course I've got: java.lang.NoClassDefFoundError: org.apache.xml.security.Init
> Since I don't want to use org.apache.xml.security but IBM provided classes I have added another option useApacheXmlSecurity. It is modeled after addJceProviders.
> Afterwards I have met another issue:
> 29.10.12. 16:32:39:512 CET] 0000029a servlet E com.ibm.ws.webcontainer.servlet.ServletWrapper service Uncaught service() exception thrown by servlet InvestFundsServlet: java.lang.NoClassDefFoundError: org.apache.xml.security.utils.RFC2253Parser
> at org.apache.ws.security.message.token.DOMX509IssuerSerial.<init>(DOMX509IssuerSerial.java:76)
> at org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:221)
> at org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:69)
> at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:230)
> at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52)
> at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:260)
> at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:136)
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
> ...
> Caused by: java.lang.ClassNotFoundException: org.apache.xml.security.utils.RFC2253Parser
> at java.net.URLClassLoader.findClass(URLClassLoader.java:434)
> This is an isolated utility class which can be safely transfered to project.
> After I have copied org.apache.xml.security.utils.RFC2253Parser from Santuario I was able to invoke web service that required signed request using CXF client running on IBM WAS 8.5 without adding extra JCE providers.
> All I had to do is creat servlet listener that enabled two properties in question:
> WSSConfig.setUseApacheXmlSecurity(false);
> WSSConfig.setAddJceProviders(false);
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[jira] [Commented] (WSS-410) Reduce dependency on xmlsec library
Posted by "Ivica Loncar (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-410?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13486865#comment-13486865 ]
Ivica Loncar commented on WSS-410:
----------------------------------
Ouch. JSR-106 is dead? I'm sooo out of time.
> Reduce dependency on xmlsec library
> -----------------------------------
>
> Key: WSS-410
> URL: https://issues.apache.org/jira/browse/WSS-410
> Project: WSS4J
> Issue Type: Sub-task
> Components: WSS4J Core
> Affects Versions: 1.6.7
> Environment: WAS 8.5
> Reporter: Ivica Loncar
> Assignee: Colm O hEigeartaigh
> Labels: santuario, was, websphere, xmlsec
> Fix For: 1.6.8
>
> Attachments: wss4j_patch.diff
>
> Original Estimate: 2h
> Remaining Estimate: 2h
>
> I've replaced static call to the org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI with
> addJceProvider("ApacheXMLDSig", "org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI");
> but there is another dependency. Namely, setXmlSecIgnoreLineBreak initializes org.apache.xml.security.Init
> Of course I've got: java.lang.NoClassDefFoundError: org.apache.xml.security.Init
> Since I don't want to use org.apache.xml.security but IBM provided classes I have added another option useApacheXmlSecurity. It is modeled after addJceProviders.
> Afterwards I have met another issue:
> 29.10.12. 16:32:39:512 CET] 0000029a servlet E com.ibm.ws.webcontainer.servlet.ServletWrapper service Uncaught service() exception thrown by servlet InvestFundsServlet: java.lang.NoClassDefFoundError: org.apache.xml.security.utils.RFC2253Parser
> at org.apache.ws.security.message.token.DOMX509IssuerSerial.<init>(DOMX509IssuerSerial.java:76)
> at org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:221)
> at org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:69)
> at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:230)
> at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52)
> at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:260)
> at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:136)
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
> ...
> Caused by: java.lang.ClassNotFoundException: org.apache.xml.security.utils.RFC2253Parser
> at java.net.URLClassLoader.findClass(URLClassLoader.java:434)
> This is an isolated utility class which can be safely transfered to project.
> After I have copied org.apache.xml.security.utils.RFC2253Parser from Santuario I was able to invoke web service that required signed request using CXF client running on IBM WAS 8.5 without adding extra JCE providers.
> All I had to do is creat servlet listener that enabled two properties in question:
> WSSConfig.setUseApacheXmlSecurity(false);
> WSSConfig.setAddJceProviders(false);
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[jira] [Commented] (WSS-410) Reduce dependency on xmlsec library
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-410?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13486863#comment-13486863 ]
Colm O hEigeartaigh commented on WSS-410:
-----------------------------------------
JSR-105 just covers XML Signature, and so we will always need compile time support for Apache Santuario for XML Encryption.
WSS4J does use the JSR-105 API completely (afaik) for XML Signature. OpenSAML still uses the proprietary Santuario API for signing SAML Tokens though.
Colm.
> Reduce dependency on xmlsec library
> -----------------------------------
>
> Key: WSS-410
> URL: https://issues.apache.org/jira/browse/WSS-410
> Project: WSS4J
> Issue Type: Sub-task
> Components: WSS4J Core
> Affects Versions: 1.6.7
> Environment: WAS 8.5
> Reporter: Ivica Loncar
> Assignee: Colm O hEigeartaigh
> Labels: santuario, was, websphere, xmlsec
> Fix For: 1.6.8
>
> Attachments: wss4j_patch.diff
>
> Original Estimate: 2h
> Remaining Estimate: 2h
>
> I've replaced static call to the org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI with
> addJceProvider("ApacheXMLDSig", "org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI");
> but there is another dependency. Namely, setXmlSecIgnoreLineBreak initializes org.apache.xml.security.Init
> Of course I've got: java.lang.NoClassDefFoundError: org.apache.xml.security.Init
> Since I don't want to use org.apache.xml.security but IBM provided classes I have added another option useApacheXmlSecurity. It is modeled after addJceProviders.
> Afterwards I have met another issue:
> 29.10.12. 16:32:39:512 CET] 0000029a servlet E com.ibm.ws.webcontainer.servlet.ServletWrapper service Uncaught service() exception thrown by servlet InvestFundsServlet: java.lang.NoClassDefFoundError: org.apache.xml.security.utils.RFC2253Parser
> at org.apache.ws.security.message.token.DOMX509IssuerSerial.<init>(DOMX509IssuerSerial.java:76)
> at org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:221)
> at org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:69)
> at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:230)
> at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52)
> at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:260)
> at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:136)
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
> ...
> Caused by: java.lang.ClassNotFoundException: org.apache.xml.security.utils.RFC2253Parser
> at java.net.URLClassLoader.findClass(URLClassLoader.java:434)
> This is an isolated utility class which can be safely transfered to project.
> After I have copied org.apache.xml.security.utils.RFC2253Parser from Santuario I was able to invoke web service that required signed request using CXF client running on IBM WAS 8.5 without adding extra JCE providers.
> All I had to do is creat servlet listener that enabled two properties in question:
> WSSConfig.setUseApacheXmlSecurity(false);
> WSSConfig.setAddJceProviders(false);
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[jira] [Updated] (WSS-410) Reduce dependency on xmlsec library
Posted by "Ivica Loncar (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-410?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ivica Loncar updated WSS-410:
-----------------------------
Attachment: wss4j_patch.diff
Patch against 1_6_x branch.
> Reduce dependency on xmlsec library
> -----------------------------------
>
> Key: WSS-410
> URL: https://issues.apache.org/jira/browse/WSS-410
> Project: WSS4J
> Issue Type: Sub-task
> Components: WSS4J Core
> Affects Versions: 1.6.7
> Environment: WAS 8.5
> Reporter: Ivica Loncar
> Assignee: Colm O hEigeartaigh
> Labels: santuario, was, websphere, xmlsec
> Attachments: wss4j_patch.diff
>
> Original Estimate: 2h
> Remaining Estimate: 2h
>
> I've replaced static call to the org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI with
> addJceProvider("ApacheXMLDSig", "org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI");
> but there is another dependency. Namely, setXmlSecIgnoreLineBreak initializes org.apache.xml.security.Init
> Of course I've got: java.lang.NoClassDefFoundError: org.apache.xml.security.Init
> Since I don't want to use org.apache.xml.security but IBM provided classes I have added another option useApacheXmlSecurity. It is modeled after addJceProviders.
> Afterwards I have met another issue:
> 29.10.12. 16:32:39:512 CET] 0000029a servlet E com.ibm.ws.webcontainer.servlet.ServletWrapper service Uncaught service() exception thrown by servlet InvestFundsServlet: java.lang.NoClassDefFoundError: org.apache.xml.security.utils.RFC2253Parser
> at org.apache.ws.security.message.token.DOMX509IssuerSerial.<init>(DOMX509IssuerSerial.java:76)
> at org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:221)
> at org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:69)
> at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:230)
> at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52)
> at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:260)
> at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:136)
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
> ...
> Caused by: java.lang.ClassNotFoundException: org.apache.xml.security.utils.RFC2253Parser
> at java.net.URLClassLoader.findClass(URLClassLoader.java:434)
> This is an isolated utility class which can be safely transfered to project.
> After I have copied org.apache.xml.security.utils.RFC2253Parser from Santuario I was able to invoke web service that required signed request using CXF client running on IBM WAS 8.5 without adding extra JCE providers.
> All I had to do is creat servlet listener that enabled two properties in question:
> WSSConfig.setUseApacheXmlSecurity(false);
> WSSConfig.setAddJceProviders(false);
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org