You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Blair Jennings <bj...@alifemedical.com> on 2009/07/01 00:56:19 UTC
Connecting CXF 2.2 client to a WCF webservice
Hello everyone,
I have a CXF client which was working fine against a WCF 3.0 webservice
which uses both SSL and message encryption. The IIS server was slightly
reconfigured in the way it was doing SSL, and now my client is throwing
these errors:
INFO: The cipher suite filters have not been configured, falling back to
default filters.
Jun 30, 2009 3:19:41 PM org.apache.cxf.transport.https.SSLUtils
getCiphersFromList
INFO: The cipher suites have been set to SSL_RSA_WITH_RC4_128_MD5,
SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA,
SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA,
SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_KRB5_WITH_RC4_128_SHA,
TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA,
TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_DES_CBC_SHA,
TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA,
TLS_KRB5_EXPORT_WITH_RC4_40_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA,
TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5.
Jun 30, 2009 3:19:41 PM org.apache.cxf.phase.PhaseInterceptorChain
doIntercept
INFO: Interceptor has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: No username available
at
org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.
handleBinding(TransportBindingHandler.java:211)
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBa
sedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutIntercep
tor.java:127)
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBa
sedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutIntercep
tor.java:73)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC
hain.java:236)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:471)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:301)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:253)
at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClien
t.java:404)
at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClien
t.java:311)
at
org.apache.cxf.ws.security.policy.interceptors.SecureConversationOutInte
rceptor.issueToken(SecureConversationOutInterceptor.java:156)
at
org.apache.cxf.ws.security.policy.interceptors.SecureConversationOutInte
rceptor.handleMessage(SecureConversationOutInterceptor.java:68)
at
org.apache.cxf.ws.security.policy.interceptors.SecureConversationOutInte
rceptor.handleMessage(SecureConversationOutInterceptor.java:43)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC
hain.java:236)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:471)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:301)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:253)
at
org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:121)
at $Proxy41.ping(Unknown Source)
at com.alifemedical.JavaTest.main(JavaTest.java:21)
Caused by: org.apache.cxf.ws.policy.PolicyException: No username
available
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.p
olicyNotAsserted(AbstractBindingBuilder.java:277)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.a
ddUsernameToken(AbstractBindingBuilder.java:600)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.
addUsernameTokens(TransportBindingHandler.java:80)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.
handleBinding(TransportBindingHandler.java:127)
... 19 more
I am at a loss why is it looking for a username now when it seemed to be
able to find it before? I have looked through the mailing list and other
places for any possible help but nothing seems to address this issue.
FYI I have a .NET client which still connects perfectly fine to the
service.
Any suggestions are appreciated.
Thanks,
Blair Jennings
Sr. Software Engineer
A-Life Medical
Re: Connecting CXF 2.2 client to a WCF webservice
Posted by Daniel Kulp <dk...@apache.org>.
How is the client configured? From the stacktrace, the policy states that it
needs to output a UsernameToken into the security header. However, it's not
finding configuration that can provide a username. That suggests that a
username isn't being passed in (either via config or via the RequestContext).
Dan
On Tue June 30 2009 6:56:19 pm Blair Jennings wrote:
> Hello everyone,
>
>
>
> I have a CXF client which was working fine against a WCF 3.0 webservice
> which uses both SSL and message encryption. The IIS server was slightly
> reconfigured in the way it was doing SSL, and now my client is throwing
> these errors:
>
>
>
> INFO: The cipher suite filters have not been configured, falling back to
> default filters.
>
> Jun 30, 2009 3:19:41 PM org.apache.cxf.transport.https.SSLUtils
> getCiphersFromList
>
> INFO: The cipher suites have been set to SSL_RSA_WITH_RC4_128_MD5,
> SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
> SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA,
> SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA,
> SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
> SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
> SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_KRB5_WITH_RC4_128_SHA,
> TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA,
> TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_DES_CBC_SHA,
> TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA,
> TLS_KRB5_EXPORT_WITH_RC4_40_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA,
> TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5.
>
> Jun 30, 2009 3:19:41 PM org.apache.cxf.phase.PhaseInterceptorChain
> doIntercept
>
> INFO: Interceptor has thrown exception, unwinding now
>
> org.apache.cxf.interceptor.Fault: No username available
>
> at
> org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.
> handleBinding(TransportBindingHandler.java:211)
>
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBa
> sedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutIntercep
> tor.java:127)
>
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBa
> sedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutIntercep
> tor.java:73)
>
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC
> hain.java:236)
>
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:471)
>
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:301)
>
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:253)
>
> at
> org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClien
> t.java:404)
>
> at
> org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClien
> t.java:311)
>
> at
> org.apache.cxf.ws.security.policy.interceptors.SecureConversationOutInte
> rceptor.issueToken(SecureConversationOutInterceptor.java:156)
>
> at
> org.apache.cxf.ws.security.policy.interceptors.SecureConversationOutInte
> rceptor.handleMessage(SecureConversationOutInterceptor.java:68)
>
> at
> org.apache.cxf.ws.security.policy.interceptors.SecureConversationOutInte
> rceptor.handleMessage(SecureConversationOutInterceptor.java:43)
>
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC
> hain.java:236)
>
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:471)
>
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:301)
>
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:253)
>
> at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
>
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:121)
>
> at $Proxy41.ping(Unknown Source)
>
> at com.alifemedical.JavaTest.main(JavaTest.java:21)
>
> Caused by: org.apache.cxf.ws.policy.PolicyException: No username
> available
>
> at
> org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.p
> olicyNotAsserted(AbstractBindingBuilder.java:277)
>
> at
> org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.a
> ddUsernameToken(AbstractBindingBuilder.java:600)
>
> at
> org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.
> addUsernameTokens(TransportBindingHandler.java:80)
>
> at
> org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.
> handleBinding(TransportBindingHandler.java:127)
>
> ... 19 more
>
>
>
> I am at a loss why is it looking for a username now when it seemed to be
> able to find it before? I have looked through the mailing list and other
> places for any possible help but nothing seems to address this issue.
> FYI I have a .NET client which still connects perfectly fine to the
> service.
>
>
>
> Any suggestions are appreciated.
>
> Thanks,
>
>
>
> Blair Jennings
>
> Sr. Software Engineer
>
> A-Life Medical
--
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog