You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by PrSd <si...@yahoo.com> on 2010/02/24 20:33:14 UTC
local part cannot be "null" when creating a QName
Hello,
I am injecting a SAML Assertion in a SOAP Header from the SOAPClient and
then issuing a service request to a CXF webservice. On the service end I
have a JAX WS SOAP Handler that intercepts and unmarshals the header. The
client and service handlers are from Glen Mazza's weblog.
http://www.jroller.com/gmazza/entry/using_the_opensaml_library_in
I am still including them incase any customary changes I may have made
messed up something. So here it is
------------------------------------------------------------------------------------------------------
SOAPClient:
------------------------------------------------------------------------------------------------------
package com.hsc.security.saml.soap;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPElement;
import javax.xml.soap.SOAPEnvelope;
import javax.xml.soap.SOAPHeader;
import javax.xml.soap.SOAPMessage;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.Service;
import javax.xml.ws.handler.MessageContext;
import javax.xml.ws.handler.soap.SOAPHandler;
import javax.xml.ws.handler.soap.SOAPMessageContext;
import javax.xml.ws.soap.SOAPBinding;
import com.syscom.hsc.web.IBpmService;
public class SpringWSClient {
String wsdlString =
"http://localhost:9088/bpm-servicesCXF/services/IBpmService";
//String wsdlString =
"http://localhost:9088/bpm-servicesCXF/services/IBpmService?wsdl=IBpmService.wsdl";
private static final QName SERVICE_NAME
= new QName("http://web.hsc.syscom.com", "BPMWebService");
private static final QName PORT_NAME
= new QName("http://web.hsc.syscom.com", "BpmServicePort");
public static String xmlFileNamePath = "BpmServices.xml";
public static void main(String [] args){
SpringWSClient ws = new SpringWSClient();
System.out.println("Starting SOAP request");
Service service = Service.create(SERVICE_NAME);
//BPMWebService bpmServices = new BPMWebService(SERVICE_NAME);
HeaderHandlerResolver handlerResolver = new HeaderHandlerResolver();
service.setHandlerResolver(handlerResolver);
// Endpoint Address
String endpointAddress =
"http://localhost:9088/bpm-servicesCXF/services/IBpmService";
try {
java.net.URL url = new URL(endpointAddress);
} catch (MalformedURLException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}
// Add a port to the Service
IBpmService client = service.getPort(IBpmService.class);
Map<String, Object> requestContext =
((BindingProvider)client).getRequestContext();
requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
endpointAddress);
requestContext.put(BindingProvider.SESSION_MAINTAIN_PROPERTY,
Boolean.TRUE);
String username = "kpham";
String password = "hdfuhgdg";
String category = "GETFULLEOPINWRK";
int max = -1;
Properties arguments = null;
String response =null;
try {
response = client.findTaskListUsingLoginCreds(username, password,
category, arguments, max);
//response = client.findTaskList(category, arguments, max);
System.out.println("Response: " + response);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
------------------------------------------------------------------------------------------------------
ClientSAMLHandler
------------------------------------------------------------------------------------------------------
public class ClientSAMLHandler implements SOAPHandler<SOAPMessageContext> {
// change this to redirect output if desired
private static PrintStream out = System.out;
public static final String WS_SECURITY_NS_URI =
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
private static final Set<QName> HEADERS = new HashSet<QName>();
/* static {
HEADERS.add(new QName(WSConstants.WSSE_NS, "Security"));
HEADERS.add(new QName(WSConstants.WSSE11_NS, "Security"));
HEADERS.add(new QName(WSConstants.ENC_NS, "EncryptedData"));
}
*/
public Set getHeaders() {
//return HEADERS;
return null;
}
public boolean handleMessage(SOAPMessageContext smc) {
Boolean outboundProperty = (Boolean)
smc.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
if (outboundProperty.booleanValue()) {
out.println("(debug) Adding SAML token to outbound message from
client");
System.out.println("(debug) Adding SAML token to outbound message
from client");
try {
DefaultBootstrap.bootstrap();
SOAPMessage message = smc.getMessage();
SOAPPart soapPart = message.getSOAPPart();
SOAPEnvelope soapEnvelope = soapPart.getEnvelope();
Name wsseHeaderName = soapEnvelope.createName("Security",
"wsse", WS_SECURITY_NS_URI);
if (soapEnvelope.getHeader() == null) {
soapEnvelope.addHeader();
}
SOAPHeaderElement securityElement = soapEnvelope.getHeader()
.addHeaderElement(wsseHeaderName);
AssertionBuilder ab = new AssertionBuilder();
Assertion assertion = ab.buildObject();
assertion.setVersion(SAMLVersion.VERSION_20);
assertion.setID("123"); // in reality, must be unique for all
assertions
assertion.setIssueInstant(new DateTime());
IssuerBuilder ib = new IssuerBuilder();
Issuer myIssuer = ib.buildObject();
myIssuer.setValue("http://localhost:9088");
assertion.setIssuer(myIssuer);
SubjectBuilder sb = new SubjectBuilder();
Subject mySubject = sb.buildObject();
NameIDBuilder nb = new NameIDBuilder();
NameID myNameID = nb.buildObject();
myNameID.setValue("p8admin");
myNameID.setFormat(NameIdentifier.X509_SUBJECT);
mySubject.setNameID(myNameID);
assertion.setSubject(mySubject);
// user authenticated via X509 token
AuthnStatementBuilder asb = new AuthnStatementBuilder();
AuthnStatement myAuthnStatement = asb.buildObject();
myAuthnStatement.setAuthnInstant(new DateTime());
AuthnContextBuilder acb = new AuthnContextBuilder();
AuthnContext myACI = acb.buildObject();
AuthnContextClassRefBuilder accrb = new
AuthnContextClassRefBuilder();
AuthnContextClassRef accr = accrb.buildObject();
accr.setAuthnContextClassRef(AuthnContext.X509_AUTHN_CTX);
myACI.setAuthnContextClassRef(accr);
myAuthnStatement.setAuthnContext(myACI);
assertion.getAuthnStatements().add(myAuthnStatement);
// user can double even numbers
AuthzDecisionStatementBuilder adsb = new
AuthzDecisionStatementBuilder();
AuthzDecisionStatement ads = adsb.buildObject();
ads.setDecision(DecisionTypeEnumeration.PERMIT);
ads.setResource("DoubleIt");
ActionBuilder actb = new ActionBuilder();
Action act = actb.buildObject();
// arbitrary unique tag to define "namespace" of action
// note SAML actions not defined in an XSD -- XAMCL normally
used instead
act.setNamespace("urn:doubleit:doubleitactions");
act.setAction("DoubleEvenNumbers");
ads.getActions().add(act);
assertion.getAuthzDecisionStatements().add(ads);
// user has math degree
AttributeStatementBuilder attstmtb = new
AttributeStatementBuilder();
AttributeStatement attstmt = attstmtb.buildObject();
AttributeBuilder attbldr = new AttributeBuilder();
Attribute attr = attbldr.buildObject();
attr.setName("degree");
attr.setNameFormat("http://www.example.org/DoubleIt/Security");
XSStringBuilder stringBuilder = (XSStringBuilder) Configuration
.getBuilderFactory().getBuilder(XSString.TYPE_NAME);
XSString stringValue = stringBuilder
.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME,
XSString.TYPE_NAME);
stringValue.setValue("Mathematics");
attr.getAttributeValues().add(stringValue);
attstmt.getAttributes().add(attr);
assertion.getAttributeStatements().add(attstmt);
// marshall Assertion Java class into XML
MarshallerFactory marshallerFactory = Configuration
.getMarshallerFactory();
Marshaller marshaller = marshallerFactory
.getMarshaller(assertion);
Element assertionElement = marshaller.marshall(assertion);
securityElement.appendChild(soapPart.importNode(
assertionElement, true));
//Print out the outbound SOAP message to System.out
message.writeTo(System.out);
System.out.println("");
} catch (Exception e) {
e.printStackTrace();
}
}
else{
try {
//This handler does nothing with the response from the Web
Service so
//we just print out the SOAP message.
SOAPMessage message = smc.getMessage();
message.writeTo(System.out);
System.out.println("");
} catch (Exception ex) {
ex.printStackTrace();
}
}
return true;
}
public boolean handleFault(SOAPMessageContext smc) {
out.println("Exception in Client handler: ");
SOAPMessage message = smc.getMessage();
try {
message.writeTo(out);
out.println(""); // just to add a newline
} catch (Exception e) {
out.println("Unable to write exception for exception: "
+ e.toString());
}
return true;
}
// nothing to clean up
public void close(MessageContext messageContext) {
}
}
}
The SOAP Client then issues the service request, the Service JAX WS Handler
intercepts the incoming message. The handleMessage is invoked, however I see
a SOAPFaultException being thrown -
------------------------------------------------------------------------------------------------------
[2/24/10 14:10:33:974 EST] 00000022 HandlerChainI 1 invoking handlers,
direction: inbound
[2/24/10 14:10:33:974 EST] 00000022 HandlerChainI 1 invoking handler of
type com.syscom.hsc.web.soap.ServiceSAMLHandler
[2/24/10 14:10:33:974 EST] 00000022 SystemOut O Inside handleMessage
---->
[2/24/10 14:10:33:974 EST] 00000022 SystemOut O Inside handleMessage
----> outboundProperty.booleanValue() false
[2/24/10 14:10:33:974 EST] 00000022 SystemOut O Inside handleMessage
----> sh.toString()[soap:Header: null]
[2/24/10 14:10:33:974 EST] 00000022 SystemOut O Inside handleMessage
----> wsseElement.getLocalName()Security
[2/24/10 14:10:33:974 EST] 00000022 SystemOut O Inside handleMessage
---->
wsseElement.getNamespaceURI()http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
[2/24/10 14:10:33:974 EST] 00000022 SystemOut O Inside handleMessage
----> assertionElement.getLocalName()Assertion
[2/24/10 14:10:33:974 EST] 00000022 SystemOut O Inside handleMessage
---->
assertionElement.getNamespaceURI()urn:oasis:names:tc:SAML:2.0:assertion
[2/24/10 14:10:34:224 EST] 00000022 Configuration W
org.opensaml.xml.Configuration validateJCEProviders The JCE providers
currently configured in the JVM do not support
required capabilities for XML Encryption, either the 'AES' cipher algorithm
or the 'ISO10126Padding' padding scheme
handleMessage raised exception
javax.xml.ws.soap.SOAPFaultException:
Internal Error: local part cannot be "null" when creating a QName
at
com.syscom.hsc.web.soap.ServiceSAMLHandler.createSOAPFaultException(ServiceSAMLHandler.java:253)
at
com.syscom.hsc.web.soap.ServiceSAMLHandler.handleMessage(ServiceSAMLHandler.java:234)
at
com.syscom.hsc.web.soap.ServiceSAMLHandler.handleMessage(ServiceSAMLHandler.java:1)
at
org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeHandleMessage(HandlerChainInvoker.java:335)
at
org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeHandlerChain(HandlerChainInvoker.java:253)
at
org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeProtocolHandlers(HandlerChainInvoker.java:131)
.-----------------------------------------------------------------------------------------------------
Here is the ServiceHandler
------------------------------------------------------------------------------------------------------
SAMLServiceHandler
------------------------------------------------------------------------------------------------------
package com.syscom.hsc.web.soap;
import java.io.PrintStream;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.annotation.PostConstruct;
import javax.annotation.PreDestroy;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPBody;
import javax.xml.soap.SOAPConstants;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPFactory;
import javax.xml.soap.SOAPFault;
import javax.xml.soap.SOAPHeader;
import javax.xml.soap.SOAPMessage;
import javax.xml.ws.handler.MessageContext;
import javax.xml.ws.handler.soap.SOAPHandler;
import javax.xml.ws.handler.soap.SOAPMessageContext;
import javax.xml.ws.soap.SOAPFaultException;
import org.apache.ws.security.WSConstants;
import org.opensaml.Configuration;
import org.opensaml.DefaultBootstrap;
import org.opensaml.saml2.core.Action;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeStatement;
import org.opensaml.saml2.core.AuthnContext;
import org.opensaml.saml2.core.AuthnStatement;
import org.opensaml.saml2.core.AuthzDecisionStatement;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.io.Unmarshaller;
import org.opensaml.xml.io.UnmarshallerFactory;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.opensaml.common.xml.SAMLConstants;
import com.syscom.hsc.web.security.saml.SAMLCredential;
/*
* This sample SOAP Protocol Handler for DoubleIt checks for X.509
authentication,
* attribute of Math degree, and authorization to double even numbers.
*/
public class ServiceSAMLHandler implements SOAPHandler<SOAPMessageContext> {
// change this to redirect output if desired
private static PrintStream out = System.out;
private static String WS_SECURITY_URI =
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
private static final String HANDLER_NAME = "ServiceSAMLHandler";
private static final Set<QName> HEADERS = new HashSet<QName>();
/* static {
HEADERS.add(new QName(WSConstants.WSSE_NS, "Security"));
HEADERS.add(new QName(WSConstants.WSSE11_NS, "Security"));
HEADERS.add(new QName(WSConstants.ENC_NS, "EncryptedData"));
}
*/
@PostConstruct
public void init() {
out.println("------------------------------------");
out.println("In Handler " + HANDLER_NAME + ":init()");
out.println("Exiting Handler " + HANDLER_NAME + ":init()");
out.println("------------------------------------");
}
@PreDestroy
public void destroy() {
out.println("------------------------------------");
out.println("In Handler " + HANDLER_NAME + ":destroy()");
out.println("Exiting Handler " + HANDLER_NAME + ":destroy()");
out.println("------------------------------------");
}
public Set <QName> getHeaders() {
//return HEADERS;
return null;
}
public boolean handleMessage(SOAPMessageContext smc) {
out.println("Inside handleMessage ----> ");
Boolean outboundProperty = (Boolean) smc
.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
if (!outboundProperty.booleanValue()) {
out.println("Inside handleMessage ---->
outboundProperty.booleanValue() "+outboundProperty.booleanValue());
logToSystemOut(smc);
Element assertionElement;
try {
// check for SOAP Header
SOAPHeader sh = smc.getMessage().getSOAPHeader();
out.println("Inside handleMessage ---->
sh.toString()"+sh.toString());
if (sh == null) {
throw createSOAPFaultException("Missing SOAP Header", true);
}
// check for wsse:security element under SOAP Header
Node wsseElement = sh.getFirstChild();
out.println("Inside handleMessage ---->
wsseElement.getLocalName()"+wsseElement.getLocalName());
out.println("Inside handleMessage ---->
wsseElement.getNamespaceURI()"+wsseElement.getNamespaceURI());
if (wsseElement == null ||
!"Security".equals(wsseElement.getLocalName())
|| !WS_SECURITY_URI.equals(wsseElement.getNamespaceURI()))
{
throw createSOAPFaultException("Missing or invalid
WS-Security Header",
true);
}
// check for SAML assertion under wsse:security element
assertionElement = (Element) wsseElement.getFirstChild();
out.println("Inside handleMessage ---->
assertionElement.getLocalName()"+assertionElement.getLocalName());
out.println("Inside handleMessage ---->
assertionElement.getNamespaceURI()"+assertionElement.getNamespaceURI());
if (assertionElement == null
|| !"Assertion".equals(assertionElement.getLocalName())
||
!SAMLConstants.SAML20_NS.equals(assertionElement.getNamespaceURI())) {
throw createSOAPFaultException("Missing or invalid SAML
Assertion", true);
}
// Unmarshall SAML Assertion into an OpenSAML Java object.
DefaultBootstrap.bootstrap();
UnmarshallerFactory unmarshallerFactory = Configuration
.getUnmarshallerFactory();
Unmarshaller unmarshaller = unmarshallerFactory
.getUnmarshaller(assertionElement);
Assertion samlAssertion = (Assertion) unmarshaller
.unmarshall(assertionElement);
/*
* Below code works with OpenSAML API to check Authentication,
* Authorization, and attributes. Using the XPath API with the
* assertionElement above would probably be an easier and more
* readable option.
*/
//Check for Subject
out.println("Subject from Service
Handler"+samlAssertion.getSubject().getNameID().getValue());
//SAMLCredential samlCred = new
SAMLCredential(samlAssertion.getSubject().getNameID(), samlAssertion);
SAMLCredential.setNameID(samlAssertion.getSubject().getNameID());
SAMLCredential.setAuthenticationAssertion(samlAssertion);
// Check for X509 authentication, error otherwise
List authStmtList = samlAssertion.getAuthnStatements();
if (authStmtList == null || authStmtList.size() < 1
|| authStmtList.size() > 1) {
throw createSOAPFaultException("Missing Authentication
Statement.", true);
} else {
AuthnStatement authStmt = (AuthnStatement)
authStmtList.get(0);
if
(!AuthnContext.X509_AUTHN_CTX.equals(authStmt.getAuthnContext()
.getAuthnContextClassRef().getAuthnContextClassRef()))
{
throw createSOAPFaultException("Only X.509 authentication
supported.",
true);
}
}
// Check if math degree, error otherwise
List asList = samlAssertion.getAttributeStatements();
/* if (asList == null || asList.size() == 0) {
throw createSOAPFaultException("Degree/Major is missing.",
true);
} else {
boolean hasMathDegree = false;
for (Iterator it = asList.iterator(); it.hasNext();) {
AttributeStatement as = it.next();
List attList = as.getAttributes();
if (attList == null || attList.size() == 0) {
throw createSOAPFaultException("Degree/major is
missing.", true);
} else {
for (Iterator it2 = attList.iterator(); it2.hasNext();)
{
Attribute att = it2.next();
if (!att.getName().equals("degree")) {
continue;
} else {
List xoList = att.getAttributeValues();
if (xoList == null || xoList.size() < 1 ||
xoList.size() > 1) {
throw createSOAPFaultException("Degree/major
is missing.",
true);
} else {
XMLObject xmlObj = xoList.get(0);
if
(xmlObj.getDOM().getFirstChild().getTextContent()
.equals("Mathematics")) {
hasMathDegree = true;
}
}
}
}
}
}
if (hasMathDegree == false) {
throw createSOAPFaultException(
"Must have Mathematics degree to run DoubleIt.",
true);
}
}
*
// If even number being doubled, make sure user has permission
SOAPBody sb = smc.getMessage().getSOAPBody();
if (sb.getFirstChild() == null ||
sb.getFirstChild().getFirstChild() == null) {
throw createSOAPFaultException("Invalid SOAP Body", true);
} else {
Integer intValue = new
Integer(sb.getFirstChild().getFirstChild()
.getTextContent());
if ((intValue.intValue() % 2) == 0) { // if even
List adsList = samlAssertion
.getAuthzDecisionStatements();
if (adsList == null || adsList.size() < 1 ||
adsList.size() > 1) {
throw createSOAPFaultException(
"Missing or invalid Authorization Decision
Statement", true);
} else {
Boolean canDoubleEven = false;
AuthzDecisionStatement ads = (AuthzDecisionStatement)
adsList.get(0);
List actList = ads.getActions();
for (Iterator it = actList.iterator(); it.hasNext();) {
Action action = (Action) it.next();
if ("DoubleEvenNumbers".equals(action.getAction()))
{
canDoubleEven = true;
break;
}
}
if (canDoubleEven == false) {
throw createSOAPFaultException(
"Missing authorization to double even
numbers.", true);
}
}
}
}*/
} catch (Exception e) {
throw createSOAPFaultException("Internal Error: " +
e.getMessage(), false);
}
}
return true;
}
/*
* Convenience function used to generate a generic SOAPFaultException
*/
private SOAPFaultException createSOAPFaultException(String faultString,
Boolean clientFault) {
try {
System.out.println("*********clientFault***********"+clientFault);
String faultCode = clientFault ? "Client" : "Server";
System.out.println("*********faultCode***********"+faultCode);
SOAPFault fault = SOAPFactory.newInstance().createFault();
System.out.println("*********faultString***********"+faultString);
fault.setFaultString(faultString);
fault.setFaultCode(new QName(SOAPConstants.URI_NS_SOAP_ENVELOPE,
faultCode));
return new SOAPFaultException(fault);
} catch (SOAPException e) {
throw new RuntimeException("Error creating SOAP Fault message,
faultString: "
+ faultString);
}
}
public boolean handleFault(SOAPMessageContext smc) {
out.println("------------------------------------");
out.println("In Handler " + HANDLER_NAME + ":handleFault()");
logToSystemOut(smc);
out.println("Exiting Handler " + HANDLER_NAME + ":handleFault()");
out.println("------------------------------------");
return true;
}
// nothing to clean up
public void close(MessageContext messageContext) {
out.println("------------------------------------");
out.println("In Handler " + HANDLER_NAME + ":close()");
out.println("Exiting Handler " + HANDLER_NAME + ":close()");
out.println("------------------------------------");
}
/*
* Check the MESSAGE_OUTBOUND_PROPERTY in the context to see if this is
an
* outgoing or incoming message. Write a brief message to the print
stream
* and output the message. The writeTo() method can throw SOAPException
or
* IOException
*/
private void logToSystemOut(SOAPMessageContext smc) {
Boolean outboundProperty = (Boolean) smc
.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
if (outboundProperty.booleanValue()) {
out.println("\nIncoming message to web service provider:");
} else {
out.println("\nOutgoing message from web service provider:");
}
SOAPMessage message = smc.getMessage();
try {
message.writeTo(out);
out.println(""); // just to add a newline
} catch (Exception e) {
out.println("Exception in handler: " + e);
}
}
}
I am not sure what the local part here is and how can I circumvent it from
being Null. Any clue or suggestions will be well appreciated.
--
View this message in context: http://old.nabble.com/local-part-cannot-be-%22null%22-when-creating-a-QName-tp27714287p27714287.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: local part cannot be "null" when creating a QName
Posted by Daniel Kulp <dk...@apache.org>.
We'd probably need to see the real server side exception. In particular, in
SAMLServiceHandler where you do:
} catch (Exception e) {
throw createSOAPFaultException("Internal Error: " +
e.getMessage(), false);
}
I'd need the stack trace of the original exception there, not just the
message.
Dan
On Wed February 24 2010 4:09:36 pm PrSd wrote:
> Hello,
>
> I am injecting a SAML Assertion in a SOAP Header from the SOAPClient and
> then issuing a service request to a CXF webservice. On the service end I
> have a JAX WS SOAP Handler that intercepts and unmarshals the header. The
> client and service handlers are from Glen Mazza's weblog.
> http://www.jroller.com/gmazza/entry/using_the_opensaml_library_in
>
> I am still including them incase any customary changes I may have made
> messed up something. So here it is
>
> ---------------------------------------------------------------------------
> --------------------------- SOAPClient:
> ---------------------------------------------------------------------------
> --------------------------- package com.hsc.security.saml.soap;
>
> import java.io.IOException;
> import java.net.MalformedURLException;
> import java.net.URL;
>
> import java.util.ArrayList;
> import java.util.List;
> import java.util.Map;
> import java.util.Properties;
> import java.util.Set;
> import javax.xml.namespace.QName;
> import javax.xml.soap.SOAPElement;
> import javax.xml.soap.SOAPEnvelope;
> import javax.xml.soap.SOAPHeader;
> import javax.xml.soap.SOAPMessage;
> import javax.xml.ws.BindingProvider;
> import javax.xml.ws.Service;
> import javax.xml.ws.handler.MessageContext;
> import javax.xml.ws.handler.soap.SOAPHandler;
> import javax.xml.ws.handler.soap.SOAPMessageContext;
> import javax.xml.ws.soap.SOAPBinding;
>
> import com.syscom.hsc.web.IBpmService;
>
> public class SpringWSClient {
>
> String wsdlString =
> "http://localhost:9088/bpm-servicesCXF/services/IBpmService";
> //String wsdlString =
> "http://localhost:9088/bpm-servicesCXF/services/IBpmService?wsdl=IBpmServic
> e.wsdl"; private static final QName SERVICE_NAME
> = new QName("http://web.hsc.syscom.com", "BPMWebService");
>
> private static final QName PORT_NAME
> = new QName("http://web.hsc.syscom.com", "BpmServicePort");
>
>
>
>
> public static String xmlFileNamePath = "BpmServices.xml";
>
> public static void main(String [] args){
>
> SpringWSClient ws = new SpringWSClient();
> System.out.println("Starting SOAP request");
> Service service = Service.create(SERVICE_NAME);
>
> //BPMWebService bpmServices = new BPMWebService(SERVICE_NAME);
> HeaderHandlerResolver handlerResolver = new HeaderHandlerResolver();
> service.setHandlerResolver(handlerResolver);
>
>
> // Endpoint Address
> String endpointAddress =
> "http://localhost:9088/bpm-servicesCXF/services/IBpmService";
> try {
> java.net.URL url = new URL(endpointAddress);
> } catch (MalformedURLException e1) {
> // TODO Auto-generated catch block
> e1.printStackTrace();
> }
>
> // Add a port to the Service
>
> IBpmService client = service.getPort(IBpmService.class);
>
> Map<String, Object> requestContext =
> ((BindingProvider)client).getRequestContext();
> requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
> endpointAddress);
> requestContext.put(BindingProvider.SESSION_MAINTAIN_PROPERTY,
> Boolean.TRUE);
>
> String username = "kpham";
> String password = "hdfuhgdg";
> String category = "GETFULLEOPINWRK";
> int max = -1;
> Properties arguments = null;
> String response =null;
> try {
> response = client.findTaskListUsingLoginCreds(username, password,
> category, arguments, max);
> //response = client.findTaskList(category, arguments, max);
>
> System.out.println("Response: " + response);
> } catch (Exception e) {
> // TODO Auto-generated catch block
> e.printStackTrace();
> }
>
>
> }
>
> ---------------------------------------------------------------------------
> --------------------------- ClientSAMLHandler
> ---------------------------------------------------------------------------
> --------------------------- public class ClientSAMLHandler implements
> SOAPHandler<SOAPMessageContext> {
>
> // change this to redirect output if desired
> private static PrintStream out = System.out;
>
> public static final String WS_SECURITY_NS_URI =
>
> "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-
> 1.0.xsd";
>
> private static final Set<QName> HEADERS = new HashSet<QName>();
> /* static {
> HEADERS.add(new QName(WSConstants.WSSE_NS, "Security"));
> HEADERS.add(new QName(WSConstants.WSSE11_NS, "Security"));
> HEADERS.add(new QName(WSConstants.ENC_NS, "EncryptedData"));
>
> }
> */
> public Set getHeaders() {
> //return HEADERS;
> return null;
> }
>
> public boolean handleMessage(SOAPMessageContext smc) {
> Boolean outboundProperty = (Boolean)
> smc.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
>
> if (outboundProperty.booleanValue()) {
> out.println("(debug) Adding SAML token to outbound message from
> client");
> System.out.println("(debug) Adding SAML token to outbound message
> from client");
>
> try {
> DefaultBootstrap.bootstrap();
> SOAPMessage message = smc.getMessage();
> SOAPPart soapPart = message.getSOAPPart();
> SOAPEnvelope soapEnvelope = soapPart.getEnvelope();
> Name wsseHeaderName = soapEnvelope.createName("Security",
> "wsse", WS_SECURITY_NS_URI);
> if (soapEnvelope.getHeader() == null) {
> soapEnvelope.addHeader();
> }
> SOAPHeaderElement securityElement = soapEnvelope.getHeader()
> .addHeaderElement(wsseHeaderName);
>
> AssertionBuilder ab = new AssertionBuilder();
> Assertion assertion = ab.buildObject();
> assertion.setVersion(SAMLVersion.VERSION_20);
> assertion.setID("123"); // in reality, must be unique for all
> assertions
> assertion.setIssueInstant(new DateTime());
>
> IssuerBuilder ib = new IssuerBuilder();
> Issuer myIssuer = ib.buildObject();
> myIssuer.setValue("http://localhost:9088");
> assertion.setIssuer(myIssuer);
>
> SubjectBuilder sb = new SubjectBuilder();
> Subject mySubject = sb.buildObject();
> NameIDBuilder nb = new NameIDBuilder();
> NameID myNameID = nb.buildObject();
> myNameID.setValue("p8admin");
> myNameID.setFormat(NameIdentifier.X509_SUBJECT);
> mySubject.setNameID(myNameID);
> assertion.setSubject(mySubject);
>
> // user authenticated via X509 token
> AuthnStatementBuilder asb = new AuthnStatementBuilder();
> AuthnStatement myAuthnStatement = asb.buildObject();
> myAuthnStatement.setAuthnInstant(new DateTime());
> AuthnContextBuilder acb = new AuthnContextBuilder();
> AuthnContext myACI = acb.buildObject();
> AuthnContextClassRefBuilder accrb = new
> AuthnContextClassRefBuilder();
> AuthnContextClassRef accr = accrb.buildObject();
> accr.setAuthnContextClassRef(AuthnContext.X509_AUTHN_CTX);
> myACI.setAuthnContextClassRef(accr);
> myAuthnStatement.setAuthnContext(myACI);
> assertion.getAuthnStatements().add(myAuthnStatement);
>
> // user can double even numbers
> AuthzDecisionStatementBuilder adsb = new
> AuthzDecisionStatementBuilder();
> AuthzDecisionStatement ads = adsb.buildObject();
> ads.setDecision(DecisionTypeEnumeration.PERMIT);
> ads.setResource("DoubleIt");
> ActionBuilder actb = new ActionBuilder();
> Action act = actb.buildObject();
> // arbitrary unique tag to define "namespace" of action
> // note SAML actions not defined in an XSD -- XAMCL normally
> used instead
> act.setNamespace("urn:doubleit:doubleitactions");
> act.setAction("DoubleEvenNumbers");
> ads.getActions().add(act);
> assertion.getAuthzDecisionStatements().add(ads);
>
> // user has math degree
> AttributeStatementBuilder attstmtb = new
> AttributeStatementBuilder();
> AttributeStatement attstmt = attstmtb.buildObject();
> AttributeBuilder attbldr = new AttributeBuilder();
> Attribute attr = attbldr.buildObject();
> attr.setName("degree");
> attr.setNameFormat("http://www.example.org/DoubleIt/Security");
> XSStringBuilder stringBuilder = (XSStringBuilder) Configuration
> .getBuilderFactory().getBuilder(XSString.TYPE_NAME);
> XSString stringValue = stringBuilder
> .buildObject(AttributeValue.DEFAULT_ELEMENT_NAME,
> XSString.TYPE_NAME);
> stringValue.setValue("Mathematics");
> attr.getAttributeValues().add(stringValue);
> attstmt.getAttributes().add(attr);
> assertion.getAttributeStatements().add(attstmt);
>
> // marshall Assertion Java class into XML
> MarshallerFactory marshallerFactory = Configuration
> .getMarshallerFactory();
> Marshaller marshaller = marshallerFactory
> .getMarshaller(assertion);
> Element assertionElement = marshaller.marshall(assertion);
> securityElement.appendChild(soapPart.importNode(
> assertionElement, true));
>
> //Print out the outbound SOAP message to System.out
> message.writeTo(System.out);
> System.out.println("");
>
> } catch (Exception e) {
> e.printStackTrace();
> }
> }
> else{
> try {
>
> //This handler does nothing with the response from the Web
> Service so
> //we just print out the SOAP message.
> SOAPMessage message = smc.getMessage();
> message.writeTo(System.out);
> System.out.println("");
>
> } catch (Exception ex) {
> ex.printStackTrace();
> }
> }
> return true;
> }
>
> public boolean handleFault(SOAPMessageContext smc) {
> out.println("Exception in Client handler: ");
> SOAPMessage message = smc.getMessage();
> try {
> message.writeTo(out);
> out.println(""); // just to add a newline
> } catch (Exception e) {
> out.println("Unable to write exception for exception: "
> + e.toString());
> }
> return true;
> }
>
> // nothing to clean up
> public void close(MessageContext messageContext) {
> }
>
> }
>
>
> }
>
> The SOAP Client then issues the service request, the Service JAX WS Handler
> intercepts the incoming message. The handleMessage is invoked, however I
> see a SOAPFaultException being thrown -
> ---------------------------------------------------------------------------
> --------------------------- [2/24/10 14:10:33:974 EST] 00000022
> HandlerChainI 1 invoking handlers, direction: inbound
> [2/24/10 14:10:33:974 EST] 00000022 HandlerChainI 1 invoking handler of
> type com.syscom.hsc.web.soap.ServiceSAMLHandler
> [2/24/10 14:10:33:974 EST] 00000022 SystemOut O Inside handleMessage
> ---->
> [2/24/10 14:10:33:974 EST] 00000022 SystemOut O Inside handleMessage
> ----> outboundProperty.booleanValue() false
> [2/24/10 14:10:33:974 EST] 00000022 SystemOut O Inside handleMessage
> ----> sh.toString()[soap:Header: null]
> [2/24/10 14:10:33:974 EST] 00000022 SystemOut O Inside handleMessage
> ----> wsseElement.getLocalName()Security
> [2/24/10 14:10:33:974 EST] 00000022 SystemOut O Inside handleMessage
> ---->
> wsseElement.getNamespaceURI()http://docs.oasis-open.org/wss/2004/01/oasis-2
> 00401-wss-wssecurity-secext-1.0.xsd [2/24/10 14:10:33:974 EST] 00000022
> SystemOut O Inside handleMessage ---->
> assertionElement.getLocalName()Assertion
> [2/24/10 14:10:33:974 EST] 00000022 SystemOut O Inside handleMessage
> ---->
> assertionElement.getNamespaceURI()urn:oasis:names:tc:SAML:2.0:assertion
> [2/24/10 14:10:34:224 EST] 00000022 Configuration W
> org.opensaml.xml.Configuration validateJCEProviders The JCE providers
> currently configured in the JVM do not support
> required capabilities for XML Encryption, either the 'AES' cipher algorithm
> or the 'ISO10126Padding' padding scheme
>
> handleMessage raised exception
> javax.xml.ws.soap.SOAPFaultException:
> Internal Error: local part cannot be "null" when creating a QName
> at
> com.syscom.hsc.web.soap.ServiceSAMLHandler.createSOAPFaultException(Service
> SAMLHandler.java:253) at
> com.syscom.hsc.web.soap.ServiceSAMLHandler.handleMessage(ServiceSAMLHandler
> .java:234) at
> com.syscom.hsc.web.soap.ServiceSAMLHandler.handleMessage(ServiceSAMLHandler
> .java:1) at
> org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeHandleMessage(Handle
> rChainInvoker.java:335) at
> org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeHandlerChain(Handler
> ChainInvoker.java:253) at
> org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeProtocolHandlers(Han
> dlerChainInvoker.java:131)
> .-------------------------------------------------------------------------
> ----------------------------
>
>
>
>
> Here is the ServiceHandler
> ---------------------------------------------------------------------------
> --------------------------- SAMLServiceHandler
> ---------------------------------------------------------------------------
> --------------------------- package com.syscom.hsc.web.soap;
> import java.io.PrintStream;
> import java.util.HashSet;
> import java.util.Iterator;
> import java.util.List;
> import java.util.Set;
>
> import javax.annotation.PostConstruct;
> import javax.annotation.PreDestroy;
> import javax.xml.namespace.QName;
> import javax.xml.soap.SOAPBody;
> import javax.xml.soap.SOAPConstants;
> import javax.xml.soap.SOAPException;
> import javax.xml.soap.SOAPFactory;
> import javax.xml.soap.SOAPFault;
> import javax.xml.soap.SOAPHeader;
> import javax.xml.soap.SOAPMessage;
> import javax.xml.ws.handler.MessageContext;
> import javax.xml.ws.handler.soap.SOAPHandler;
> import javax.xml.ws.handler.soap.SOAPMessageContext;
> import javax.xml.ws.soap.SOAPFaultException;
>
> import org.apache.ws.security.WSConstants;
> import org.opensaml.Configuration;
> import org.opensaml.DefaultBootstrap;
> import org.opensaml.saml2.core.Action;
> import org.opensaml.saml2.core.Assertion;
> import org.opensaml.saml2.core.Attribute;
> import org.opensaml.saml2.core.AttributeStatement;
> import org.opensaml.saml2.core.AuthnContext;
> import org.opensaml.saml2.core.AuthnStatement;
> import org.opensaml.saml2.core.AuthzDecisionStatement;
> import org.opensaml.xml.XMLObject;
> import org.opensaml.xml.io.Unmarshaller;
> import org.opensaml.xml.io.UnmarshallerFactory;
> import org.w3c.dom.Element;
> import org.w3c.dom.Node;
>
> import org.opensaml.common.xml.SAMLConstants;
>
> import com.syscom.hsc.web.security.saml.SAMLCredential;
>
> /*
> * This sample SOAP Protocol Handler for DoubleIt checks for X.509
> authentication,
> * attribute of Math degree, and authorization to double even numbers.
> */
> public class ServiceSAMLHandler implements SOAPHandler<SOAPMessageContext>
> {
>
> // change this to redirect output if desired
> private static PrintStream out = System.out;
>
> private static String WS_SECURITY_URI =
>
> "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-
> 1.0.xsd"; private static final String HANDLER_NAME = "ServiceSAMLHandler";
>
>
> private static final Set<QName> HEADERS = new HashSet<QName>();
> /* static {
> HEADERS.add(new QName(WSConstants.WSSE_NS, "Security"));
> HEADERS.add(new QName(WSConstants.WSSE11_NS, "Security"));
> HEADERS.add(new QName(WSConstants.ENC_NS, "EncryptedData"));
> }
> */
> @PostConstruct
> public void init() {
> out.println("------------------------------------");
> out.println("In Handler " + HANDLER_NAME + ":init()");
> out.println("Exiting Handler " + HANDLER_NAME + ":init()");
> out.println("------------------------------------");
> }
>
> @PreDestroy
> public void destroy() {
> out.println("------------------------------------");
> out.println("In Handler " + HANDLER_NAME + ":destroy()");
> out.println("Exiting Handler " + HANDLER_NAME + ":destroy()");
> out.println("------------------------------------");
> }
>
>
> public Set <QName> getHeaders() {
> //return HEADERS;
> return null;
> }
>
> public boolean handleMessage(SOAPMessageContext smc) {
> out.println("Inside handleMessage ----> ");
> Boolean outboundProperty = (Boolean) smc
> .get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
>
>
> if (!outboundProperty.booleanValue()) {
> out.println("Inside handleMessage ---->
> outboundProperty.booleanValue() "+outboundProperty.booleanValue());
> logToSystemOut(smc);
> Element assertionElement;
>
> try {
> // check for SOAP Header
> SOAPHeader sh = smc.getMessage().getSOAPHeader();
> out.println("Inside handleMessage ---->
> sh.toString()"+sh.toString());
> if (sh == null) {
> throw createSOAPFaultException("Missing SOAP Header", true);
> }
>
> // check for wsse:security element under SOAP Header
> Node wsseElement = sh.getFirstChild();
> out.println("Inside handleMessage ---->
> wsseElement.getLocalName()"+wsseElement.getLocalName());
> out.println("Inside handleMessage ---->
> wsseElement.getNamespaceURI()"+wsseElement.getNamespaceURI());
>
> if (wsseElement == null ||
> !"Security".equals(wsseElement.getLocalName())
>
> || !WS_SECURITY_URI.equals(wsseElement.getNamespaceURI())
> || )
>
> {
> throw createSOAPFaultException("Missing or invalid
> WS-Security Header",
> true);
> }
>
> // check for SAML assertion under wsse:security element
> assertionElement = (Element) wsseElement.getFirstChild();
>
> out.println("Inside handleMessage ---->
> assertionElement.getLocalName()"+assertionElement.getLocalName());
> out.println("Inside handleMessage ---->
> assertionElement.getNamespaceURI()"+assertionElement.getNamespaceURI());
> if (assertionElement == null
>
> || !"Assertion".equals(assertionElement.getLocalName())
>
> !SAMLConstants.SAML20_NS.equals(assertionElement.getNamespaceURI())) {
> throw createSOAPFaultException("Missing or invalid SAML
> Assertion", true);
> }
>
> // Unmarshall SAML Assertion into an OpenSAML Java object.
> DefaultBootstrap.bootstrap();
> UnmarshallerFactory unmarshallerFactory = Configuration
> .getUnmarshallerFactory();
> Unmarshaller unmarshaller = unmarshallerFactory
> .getUnmarshaller(assertionElement);
> Assertion samlAssertion = (Assertion) unmarshaller
> .unmarshall(assertionElement);
>
> /*
> * Below code works with OpenSAML API to check Authentication,
> * Authorization, and attributes. Using the XPath API with the
> * assertionElement above would probably be an easier and more
> * readable option.
> */
> //Check for Subject
> out.println("Subject from Service
> Handler"+samlAssertion.getSubject().getNameID().getValue());
> //SAMLCredential samlCred = new
> SAMLCredential(samlAssertion.getSubject().getNameID(), samlAssertion);
>
> SAMLCredential.setNameID(samlAssertion.getSubject().getNameID());
> SAMLCredential.setAuthenticationAssertion(samlAssertion);
>
>
> // Check for X509 authentication, error otherwise
> List authStmtList = samlAssertion.getAuthnStatements();
> if (authStmtList == null || authStmtList.size() < 1
>
> || authStmtList.size() > 1) {
>
> throw createSOAPFaultException("Missing Authentication
> Statement.", true);
> } else {
> AuthnStatement authStmt = (AuthnStatement)
> authStmtList.get(0);
> if
> (!AuthnContext.X509_AUTHN_CTX.equals(authStmt.getAuthnContext()
> .getAuthnContextClassRef().getAuthnContextClassRef()))
> {
> throw createSOAPFaultException("Only X.509 authentication
> supported.",
> true);
> }
> }
>
> // Check if math degree, error otherwise
> List asList = samlAssertion.getAttributeStatements();
> /* if (asList == null || asList.size() == 0) {
> throw createSOAPFaultException("Degree/Major is missing.",
> true);
> } else {
> boolean hasMathDegree = false;
> for (Iterator it = asList.iterator(); it.hasNext();) {
> AttributeStatement as = it.next();
> List attList = as.getAttributes();
> if (attList == null || attList.size() == 0) {
> throw createSOAPFaultException("Degree/major is
> missing.", true);
> } else {
> for (Iterator it2 = attList.iterator();
> it2.hasNext();) {
> Attribute att = it2.next();
> if (!att.getName().equals("degree")) {
> continue;
> } else {
> List xoList = att.getAttributeValues();
> if (xoList == null || xoList.size() < 1 ||
> xoList.size() > 1) {
> throw createSOAPFaultException("Degree/major
> is missing.",
> true);
> } else {
> XMLObject xmlObj = xoList.get(0);
> if
> (xmlObj.getDOM().getFirstChild().getTextContent()
> .equals("Mathematics")) {
> hasMathDegree = true;
> }
> }
> }
> }
> }
> }
> if (hasMathDegree == false) {
> throw createSOAPFaultException(
> "Must have Mathematics degree to run DoubleIt.",
> true);
> }
> }
> *
> // If even number being doubled, make sure user has permission
> SOAPBody sb = smc.getMessage().getSOAPBody();
>
> if (sb.getFirstChild() == null ||
> sb.getFirstChild().getFirstChild() == null) {
> throw createSOAPFaultException("Invalid SOAP Body", true);
> } else {
> Integer intValue = new
> Integer(sb.getFirstChild().getFirstChild()
> .getTextContent());
> if ((intValue.intValue() % 2) == 0) { // if even
> List adsList = samlAssertion
> .getAuthzDecisionStatements();
> if (adsList == null || adsList.size() < 1 ||
> adsList.size() > 1) {
> throw createSOAPFaultException(
> "Missing or invalid Authorization Decision
> Statement", true);
> } else {
> Boolean canDoubleEven = false;
> AuthzDecisionStatement ads = (AuthzDecisionStatement)
> adsList.get(0);
> List actList = ads.getActions();
> for (Iterator it = actList.iterator(); it.hasNext();)
> { Action action = (Action) it.next();
> if ("DoubleEvenNumbers".equals(action.getAction()))
> {
> canDoubleEven = true;
> break;
> }
> }
> if (canDoubleEven == false) {
> throw createSOAPFaultException(
> "Missing authorization to double even
> numbers.", true);
> }
> }
> }
> }*/
> } catch (Exception e) {
> throw createSOAPFaultException("Internal Error: " +
> e.getMessage(), false);
> }
> }
> return true;
> }
>
> /*
> * Convenience function used to generate a generic SOAPFaultException
> */
> private SOAPFaultException createSOAPFaultException(String faultString,
> Boolean clientFault) {
> try {
> System.out.println("*********clientFault***********"+clientFault);
> String faultCode = clientFault ? "Client" : "Server";
> System.out.println("*********faultCode***********"+faultCode);
> SOAPFault fault = SOAPFactory.newInstance().createFault();
> System.out.println("*********faultString***********"+faultString);
> fault.setFaultString(faultString);
> fault.setFaultCode(new QName(SOAPConstants.URI_NS_SOAP_ENVELOPE,
> faultCode));
> return new SOAPFaultException(fault);
> } catch (SOAPException e) {
> throw new RuntimeException("Error creating SOAP Fault message,
> faultString: "
> + faultString);
> }
> }
>
> public boolean handleFault(SOAPMessageContext smc) {
>
> out.println("------------------------------------");
> out.println("In Handler " + HANDLER_NAME + ":handleFault()");
> logToSystemOut(smc);
> out.println("Exiting Handler " + HANDLER_NAME + ":handleFault()");
> out.println("------------------------------------");
>
> return true;
> }
>
> // nothing to clean up
> public void close(MessageContext messageContext) {
> out.println("------------------------------------");
> out.println("In Handler " + HANDLER_NAME + ":close()");
> out.println("Exiting Handler " + HANDLER_NAME + ":close()");
> out.println("------------------------------------");
>
> }
>
> /*
> * Check the MESSAGE_OUTBOUND_PROPERTY in the context to see if this is
> an
> * outgoing or incoming message. Write a brief message to the print
> stream
> * and output the message. The writeTo() method can throw SOAPException
> or
> * IOException
> */
> private void logToSystemOut(SOAPMessageContext smc) {
> Boolean outboundProperty = (Boolean) smc
> .get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
>
> if (outboundProperty.booleanValue()) {
> out.println("\nIncoming message to web service provider:");
> } else {
> out.println("\nOutgoing message from web service provider:");
> }
>
> SOAPMessage message = smc.getMessage();
> try {
> message.writeTo(out);
> out.println(""); // just to add a newline
> } catch (Exception e) {
> out.println("Exception in handler: " + e);
> }
> }
>
> }
>
> I am not sure what the local part here is and how can I circumvent it from
> being Null. Any clue or suggestions will be well appreciated.
>
>
>
> Here is the SAML Assertion that is being sent into the SOAP Header
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
>
> <soap:Header>
> <wsse:Security
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecur
> ity-secext-1.0.xsd">
>
> <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
> ID="123" IssueInstant="2010-02-24T19:10:32.724Z" Version="2.0">
>
> <saml2:Issuer>http://localhost:9088</saml2:Issuer>
>
> <saml2:Subject>
> <saml2:NameID
> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">p8admin<
> /saml2:NameID> </saml2:Subject>
>
> <saml2:AuthnStatement
> AuthnInstant="2010-02-24T19:10:32.787Z">
>
> <saml2:AuthnContext>
>
> <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509</sa
> ml2:AuthnContextClassRef> </saml2:AuthnContext>
> </saml2:AuthnStatement>
>
> <saml2:AuthzDecisionStatement Decision="Permit" Resource="DoubleIt">
>
> <saml2:Action
> Namespace="urn:doubleit:doubleitactions">DoubleEvenNumbers</saml2:Action>
> </saml2:AuthzDecisionStatement>
>
> <saml2:AttributeStatement>
>
> <saml2:Attribute Name="degree"
> NameFormat="http://www.example.org/DoubleIt/Security">
>
> <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:type="xs:string">Mathematics</saml2:AttributeValue>
> </saml2:Attribute></saml2:AttributeStatement>
>
> </saml2:Assertion></wsse:Security></soap:Header>
>
> <soap:Body><findTaskListUsingLoginCreds
> xmlns="http://web.hsc.syscom.com/"><username
> xmlns="http://web.hsc.syscom.com/">kpham</username><password
> xmlns="http://web.hsc.syscom.com/">hdfuhgdg</password><category
> xmlns="http://web.hsc.syscom.com/">GETFULLEOPINWRK</category><maxResults
> xmlns="http://web.hsc.syscom.com/">-1</maxResults></findTaskListUsingLoginC
> reds></soap:Body></soap:Envelope>
--
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog
Re: local part cannot be "null" when creating a QName
Posted by Daniel Kulp <dk...@apache.org>.
Any chance you can create a small test case and attach to a JIRA? Preferably
something that could run standalone or in tomcat. If I can get a test case,
I'd have a shot at debugging it.
Dan
On Thursday 11 March 2010 8:44:24 pm PrSd wrote:
> Dan,
>
> Things got so crazy in the past week I never got time to test your fix. But
> I did not have to. I got the error to go away by accidentally coming up
> with a bunch of jars in the web-inf/lib directory that fixed the issue. I
> got it to work with cxf-2.0-incubator jar and was very happy. However all
> of a sudden I am running into that issue again. I have changed nothing in
> the code or on the server. I am baffled. So today I tested your fix with
> the latest snapshot - cxf-2.2.7-SNAPSHOT.jar and I still getting the local
> part cannot be null error.
>
> By the way here are the bunch of jars on the WS client WEB-INF/lib that I
> got it working last week.
> aopalliance-1.0.jar
> cxf-2.0-incubator.jar
> geronimo-activation_1.1_spec-1.0-M1.jar
> geronimo-annotation_1.0_spec-1.1.jar
> geronimo-javamail_1.4_spec-1.0-M1.jar
> geronimo-ws-metadata_2.0_spec-1.1.1.jar
> jaxb-api-2.0.jar
> jaxb-impl-2.0.5.jar
> jaxws-api-2.0.jar
> jcifs-1.3.12.jar
> jetty-6.1.3.jar
> jetty-util-6.1.3.jar
> joda-time-1.6.jar
> ldapbp-1.0.jar
> neethi-2.0.jar
> opensaml-2.3.0.jar
> openws-1.3.0.jar
> saaj-api-1.3.jar
> saaj-impl-1.3.jar
> slf4j-api-1.5.10.jar
> slf4j-jdk14-1.5.10.jar
> spring.jar
> spring-beans-2.0.4.jar
> spring-context-2.0.4.jar
> spring-core-2.0.4.jar
> spring-web-2.0.4.jar
> spring-ws-core-1.5.8.jar
> spring-ws-core-tiger-1.5.8.jar
> spring-ws-security-1.5.8.jar
> spring-ws-support-1.5.8.jar
> spring-xml-1.5.8.jar
> velocity-1.5.jar
> wsdl4j-1.6.1.jar
> wss4j-1.5.1.jar
> wstx-asl-3.2.1.jar
> xmlParserAPIs.jar
> xml-resolver-1.2.jar
> XmlSchema-1.2.jar
> xmlsec-1.4.3.jar
> xmltooling-1.2.1.jar
>
> In the IBM WAS endorsed directory
> resolver-2.9.1.jar
> saaj-api.jar
> saaj-impl.jar
> serializer-2.9.1.jar
> wsdl4j-1.6.2.jar
> xalan-2.7.1.jar
> xercesImpl-2.9.1.jar
> xml-apis-2.9.1.jar
>
> Any thoughts on what the issue could be. It appears the fix did not work
> either. I will continue trying but it will need your expertise to resolve
> this.
>
> thanks
> Sid
>
> dkulp wrote:
> > Thanks for following up with them. Their hints helped me figure out
> > where to
> > look. I THINK I see what may be happening here on our side and I've
> > just committed a fix. If you could test tomorrows snapshots (or
> > checkout the source and build it) to see if that helps, that would be
> > great.
> >
> > Dan
> >
> > On Mon March 1 2010 11:20:28 pm PrSd wrote:
> >> Dan,
> >>
> >> I approached the folks at OpenSAML. As per Scott Cantor (one of the
> >> person
> >> heading that project), the issue is not at the SAML end, it is where DOM
> >> is
> >> first being created. The XML Parser is creating the DOM without
> >> namespace awareness which causes the SAML code to fail when it tries
> >> creating a QName(localpart). The localName of the DOM attribute is
> >> null.
> >>
> >> Following link is a detailed exchange I had with them
> >> https://mail.internet2.edu/wws/arc/mace-opensaml-users/2010-03/msg00025.
> >> htm l
> >>
> >>
> >>
> >> He clearly mentioned that I need to use a DOM2 or DOM3 Level
> >> specification.
> >> It is also possible that the CXF client or server side SOAP/SAAJ
> >> Interceptors are altering the DOM in a certain way that is causing the
> >> umarshalling process using the SAML to fail.
> >>
> >> I managed to catch hold of the stack trace on the client side.
> >>
> >> at
> >> org.apache.cxf.binding.soap.saaj.SAAJInInterceptor.handleMessage(SAAJInI
> >> nte rceptor.java:154) at
> >> org.apache.cxf.jaxws.handler.soap.SOAPMessageContextImpl.getMessage(SOAP
> >> Mes sageContextImpl.java:78) at
> >> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.createProtocolM
> >> ess ageContext(SOAPHandlerInterceptor.java:236) at
> >> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessageIn
> >> ter nal(SOAPHandlerInterceptor.java:144) at
> >> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(S
> >> OAP HandlerInterceptor.java:119) at
> >> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(S
> >> OAP HandlerInterceptor.java:69) at
> >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC
> >> hai n.java:243) at
> >> org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:672) at
> >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResp
> >> ons eInternal(HTTPConduit.java:2210) at
> >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResp
> >> ons e(HTTPConduit.java:2087) at
> >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTP
> >> Con duit.java:1985) at
> >> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
> >>
> >> at
> >>
> >> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:640) at
> >> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingI
> >> nte rceptor.handleMessage(MessageSenderInterceptor.java:62) at
> >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC
> >> hai n.java:243) at
> >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:484) at
> >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:310) at
> >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:262) at
> >> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) at
> >> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
> >>
> >> at $Proxy47.findTaskListUsingLoginCreds(Unknown Source)
> >> at
> >>
> >> com.hsc.security.saml.soap.SpringWSClient.main(SpringWSClient.java:77)
> >>
> >> Q1. Does CXF uses its own DOM Parser when building the SOAPMessages? Is
> >> there a way to turn on the namespace awareness at DOM parsing time.
> >> Q2. If not, can we turn off the CXF interceptors on both the client and
> >> server side and if we do are there any ripple effects. As you are
> >> already aware I am using a JAX WS Handler to intercept the SOAP request
> >> - Will that
> >> be sufficient or I would still need the SOAP and SAAJ interceptors?
> >>
> >> Eagerly waiting to hear from you
> >>
> >> thanks
> >> Sid
> >>
> >> dkulp wrote:
> >> > This is being thrown from down in Opensaml. I really don't know what
> >> > would
> >> > cause it. You would probably need to ask on their lists and give
> >> > them the
> >> > stack trace and the XML of the SAML assertion.
> >> >
> >> > Dan
> >>
> >> dkulp wrote:
> >> > This is being thrown from down in Opensaml. I really don't know what
> >> > would
> >> > cause it. You would probably need to ask on their lists and give
> >> > them the
> >> > stack trace and the XML of the SAML assertion.
> >> >
> >> > Dan
> >> >
> >> > On Fri February 26 2010 7:19:15 pm PrSd wrote:
> >> >> Daniel,
> >> >>
> >> >> Here is the stack trace you had requested regarding this issue. I
> >> >> just cannot figure out a solution to this
> >> >>
> >> >> [2/26/10 17:16:11:596 EST] 0000001c SystemErr R
> >> >> java.lang.IllegalArgumentException: local part cannot be "null" when
> >> >> creating a QName
> >> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> >> >> javax.xml.namespace.QName.<init>(Unknown Source)
> >> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> >> >> javax.xml.namespace.QName.<init>(Unknown Source)
> >> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> >> >> org.opensaml.xml.util.XMLHelper.constructQName(XMLHelper.java:433)
> >> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> >> >> org.opensaml.xml.util.XMLHelper.getNodeQName(XMLHelper.java:171)
> >> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> >>
> >> org.opensaml.xml.io.AbstractXMLObjectUnmarshaller.unmarshallAttribute(Ab
> >>
> >> >> str actXMLObjectUnmarshaller.java:215) [2/26/10 17:16:11:612 EST]
> >> >> 0000001c SystemErr R at
> >>
> >> org.opensaml.xml.io.AbstractXMLObjectUnmarshaller.unmarshall(AbstractXML
> >>
> >> >> Obj ectUnmarshaller.java:107) [2/26/10 17:16:11:612 EST] 0000001c
> >> >> SystemErr R at
> >>
> >> com.syscom.hsc.web.soap.ServiceSAMLHandler.handleMessage(ServiceSAMLHand
> >>
> >> >> ler .java:222) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
> >>
> >> at
> >>
> >> com.syscom.hsc.web.soap.ServiceSAMLHandler.handleMessage(ServiceSAMLHan
> >>
> >> >> dler .java:1) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
> >>
> >> at
> >>
> >> org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeHandleMessage(Ha
> >>
> >> >> ndle rChainInvoker.java:335) [2/26/10 17:16:11:612 EST] 0000001c
> >> >> SystemErr R
> >> >>
> >> >> at
> >>
> >> org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeHandlerChain(Hand
> >>
> >> >> ler ChainInvoker.java:253) [2/26/10 17:16:11:612 EST] 0000001c
> >>
> >> SystemErr
> >>
> >> >> R
> >> >>
> >> >> at
> >>
> >> org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeProtocolHandlers(
> >>
> >> >> Han dlerChainInvoker.java:131) [2/26/10 17:16:11:612 EST] 0000001c
> >> >> SystemErr
> >> >>
> >> >> R at
> >>
> >> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessageIn
> >>
> >> >> ter nal(SOAPHandlerInterceptor.java:152) [2/26/10 17:16:11:612 EST]
> >> >> 0000001c SystemErr R at
> >>
> >> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(S
> >>
> >> >> OAP HandlerInterceptor.java:119) [2/26/10 17:16:11:612 EST] 0000001c
> >> >> SystemErr
> >> >>
> >> >> R at
> >>
> >> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(S
> >>
> >> >> OAP HandlerInterceptor.java:69) [2/26/10 17:16:11:612 EST] 0000001c
> >> >> SystemErr
> >> >>
> >> >> R at
> >>
> >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC
> >>
> >> >> hai n.java:243) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
> >> >>
> >> >> at
> >>
> >> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiat
> >>
> >> >> ionO bserver.java:109) [2/26/10 17:16:11:612 EST] 0000001c SystemErr
> >> >> R at
> >>
> >> org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestin
> >>
> >> >> ati on.java:98) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
> >> >>
> >> >> at
> >>
> >> org.apache.cxf.transport.servlet.ServletController.invokeDestination(Se
> >>
> >> >> rvle tController.java:406) [2/26/10 17:16:11:612 EST] 0000001c
> >>
> >> SystemErr
> >>
> >> >> R
> >> >>
> >> >> at
> >>
> >> org.apache.cxf.transport.servlet.ServletController.invoke(ServletControl
> >>
> >> >> ler .java:178) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
> >>
> >> at
> >>
> >> org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFS
> >>
> >> >> ervl et.java:142) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
> >> >>
> >> >> at
> >>
> >> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(Abst
> >>
> >> >> ract HTTPServlet.java:179) [2/26/10 17:16:11:612 EST] 0000001c
> >>
> >> SystemErr
> >>
> >> >> R
> >> >>
> >> >> at
> >>
> >> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTP
> >>
> >> >> Ser vlet.java:103) [2/26/10 17:16:11:612 EST] 0000001c SystemErr
> >> >> R
> >> >>
> >> >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
> >> >>
> >> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> >>
> >> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTT
> >>
> >> >> PSe rvlet.java:159) [2/26/10 17:16:11:612 EST] 0000001c SystemErr
> >>
> >> R
> >>
> >> >> at
> >>
> >> com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.j
> >>
> >> >> ava: 1096) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> >>
> >> com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWra
> >>
> >> >> pper .java:570) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
> >> >>
> >> >> at
> >>
> >> com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletW
> >>
> >> >> rapp er.java:478) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
> >> >>
> >> >> at
> >>
> >> com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(Cache
> >>
> >> >> Serv letWrapper.java:90) [2/26/10 17:16:11:612 EST] 0000001c
> >> >> SystemErr
> >> >>
> >> >> R
> >> >>
> >> >> at
> >>
> >> com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:748
> >>
> >> >> ) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> >>
> >> com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1
> >>
> >> >> 466 ) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> >>
> >> com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:1
> >>
> >> >> 19) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> >>
> >> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscriminatio
> >>
> >> >> n(H ttpInboundLink.java:458) [2/26/10 17:16:11:612 EST] 0000001c
> >> >> SystemErr R at
> >>
> >> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformatio
> >>
> >> >> n(H ttpInboundLink.java:387) [2/26/10 17:16:11:612 EST] 0000001c
> >> >> SystemErr R at
> >>
> >> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLi
> >>
> >> >> nk. java:267) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
> >>
> >> at
> >>
> >> com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDisc
> >>
> >> >> rimi nators(NewConnectionInitialReadCallback.java:214) [2/26/10
> >> >> 17:16:11:612 EST] 0000001c SystemErr R at
> >>
> >> com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(Ne
> >>
> >> >> wCo nnectionInitialReadCallback.java:113) [2/26/10 17:16:11:612 EST]
> >> >> 0000001c SystemErr R at
> >>
> >> com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(Ai
> >>
> >> >> oRe adCompletionListener.java:165) [2/26/10 17:16:11:612 EST]
> >> >> 0000001c SystemErr R at
> >>
> >> com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.
> >>
> >> >> jav a:217) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> >>
> >> com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelF
> >>
> >> >> utur e.java:161) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
> >> >>
> >> >> at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
> >> >>
> >> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> >> >> com.ibm.io.async.ResultHandler.complete(ResultHandler.java:195)
> >> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> >>
> >> com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java
> >>
> >> >> :74 3) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> >> >>
> >> >> com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:873)
> >> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> >> >> com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1473)
> >> >
> >> > -----------
> >> >
> >> >> > Here is the SAML Assertion that is being sent into the SOAP Header
> >> >> > <soap:Envelope
> >>
> >> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
> >>
> >> >> > <soap:Header>
> >> >> > <wsse:Security
> >>
> >> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse
> >>
> >> >> c
> >> >>
> >> >> > urity-secext-1.0.xsd">
> >> >> >
> >> >> > <saml2:Assertion
> >> >> > xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="123"
> >> >> > IssueInstant="2010-02-24T19:10:32.724Z" Version="2.0">
> >> >> >
> >> >> > <saml2:Issuer>http://localhost:9088</saml2:Issuer>
> >> >> >
> >> >> > <saml2:Subject>
> >> >> >
> >> >> > <saml2:NameID
> >>
> >> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">p8adm
> >>
> >> >> i
> >> >>
> >> >> > n</saml2:NameID> </saml2:Subject>
> >> >> >
> >> >> > <saml2:AuthnStatement
> >> >> >
> >> >> > AuthnInstant="2010-02-24T19:10:32.787Z">
> >> >> >
> >> >> > <saml2:AuthnContext>
> >>
> >> <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509<
> >>
> >> >> /
> >> >>
> >> >> > saml2:AuthnContextClassRef>
> >> >> >
> >> >> > </saml2:AuthnContext>
> >> >> >
> >> >> > </saml2:AuthnStatement>
> >> >> >
> >> >> > <saml2:AuthzDecisionStatement Decision="Permit"
> >> >> > Resource="DoubleIt">
> >> >> >
> >> >> > <saml2:Action
> >>
> >> Namespace="urn:doubleit:doubleitactions">DoubleEvenNumbers</saml2:Action
> >>
> >> >> > </saml2:AuthzDecisionStatement>
> >> >> >
> >> >> > <saml2:AttributeStatement>
> >> >> >
> >> >> > <saml2:Attribute Name="degree"
> >> >> > NameFormat="http://www.example.org/DoubleIt/Security">
> >> >> >
> >> >> > <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
> >> >> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> >> >> > xsi:type="xs:string">Mathematics</saml2:AttributeValue>
> >> >> > </saml2:Attribute></saml2:AttributeStatement>
> >> >> >
> >> >> > </saml2:Assertion></wsse:Security></soap:Header>
> >> >> >
> >> >> > <soap:Body><findTaskListUsingLoginCreds
> >> >> > xmlns="http://web.hsc.syscom.com/"><username
> >> >> > xmlns="http://web.hsc.syscom.com/">kpham</username><password
> >> >> > xmlns="http://web.hsc.syscom.com/">hdfuhgdg</password><category
> >>
> >> xmlns="http://web.hsc.syscom.com/">GETFULLEOPINWRK</category><maxResults
> >>
> >>
> >> xmlns="http://web.hsc.syscom.com/">-1</maxResults></findTaskListUsingLog
> >>
> >> >> i
> >> >>
> >> >> > nCreds></soap:Body></soap:Envelope>
--
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog
Re: local part cannot be "null" when creating a QName
Posted by PrSd <si...@yahoo.com>.
Dan,
Things got so crazy in the past week I never got time to test your fix. But
I did not have to. I got the error to go away by accidentally coming up with
a bunch of jars in the web-inf/lib directory that fixed the issue. I got it
to work with cxf-2.0-incubator jar and was very happy. However all of a
sudden I am running into that issue again. I have changed nothing in the
code or on the server. I am baffled. So today I tested your fix with the
latest snapshot - cxf-2.2.7-SNAPSHOT.jar and I still getting the local part
cannot be null error.
By the way here are the bunch of jars on the WS client WEB-INF/lib that I
got it working last week.
aopalliance-1.0.jar
cxf-2.0-incubator.jar
geronimo-activation_1.1_spec-1.0-M1.jar
geronimo-annotation_1.0_spec-1.1.jar
geronimo-javamail_1.4_spec-1.0-M1.jar
geronimo-ws-metadata_2.0_spec-1.1.1.jar
jaxb-api-2.0.jar
jaxb-impl-2.0.5.jar
jaxws-api-2.0.jar
jcifs-1.3.12.jar
jetty-6.1.3.jar
jetty-util-6.1.3.jar
joda-time-1.6.jar
ldapbp-1.0.jar
neethi-2.0.jar
opensaml-2.3.0.jar
openws-1.3.0.jar
saaj-api-1.3.jar
saaj-impl-1.3.jar
slf4j-api-1.5.10.jar
slf4j-jdk14-1.5.10.jar
spring.jar
spring-beans-2.0.4.jar
spring-context-2.0.4.jar
spring-core-2.0.4.jar
spring-web-2.0.4.jar
spring-ws-core-1.5.8.jar
spring-ws-core-tiger-1.5.8.jar
spring-ws-security-1.5.8.jar
spring-ws-support-1.5.8.jar
spring-xml-1.5.8.jar
velocity-1.5.jar
wsdl4j-1.6.1.jar
wss4j-1.5.1.jar
wstx-asl-3.2.1.jar
xmlParserAPIs.jar
xml-resolver-1.2.jar
XmlSchema-1.2.jar
xmlsec-1.4.3.jar
xmltooling-1.2.1.jar
In the IBM WAS endorsed directory
resolver-2.9.1.jar
saaj-api.jar
saaj-impl.jar
serializer-2.9.1.jar
wsdl4j-1.6.2.jar
xalan-2.7.1.jar
xercesImpl-2.9.1.jar
xml-apis-2.9.1.jar
Any thoughts on what the issue could be. It appears the fix did not work
either. I will continue trying but it will need your expertise to resolve
this.
thanks
Sid
dkulp wrote:
>
>
> Thanks for following up with them. Their hints helped me figure out where
> to
> look. I THINK I see what may be happening here on our side and I've just
> committed a fix. If you could test tomorrows snapshots (or checkout the
> source and build it) to see if that helps, that would be great.
>
> Dan
>
> On Mon March 1 2010 11:20:28 pm PrSd wrote:
>> Dan,
>>
>> I approached the folks at OpenSAML. As per Scott Cantor (one of the
>> person
>> heading that project), the issue is not at the SAML end, it is where DOM
>> is
>> first being created. The XML Parser is creating the DOM without namespace
>> awareness which causes the SAML code to fail when it tries creating a
>> QName(localpart). The localName of the DOM attribute is null.
>>
>> Following link is a detailed exchange I had with them
>> https://mail.internet2.edu/wws/arc/mace-opensaml-users/2010-03/msg00025.htm
>> l
>>
>>
>>
>> He clearly mentioned that I need to use a DOM2 or DOM3 Level
>> specification.
>> It is also possible that the CXF client or server side SOAP/SAAJ
>> Interceptors are altering the DOM in a certain way that is causing the
>> umarshalling process using the SAML to fail.
>>
>> I managed to catch hold of the stack trace on the client side.
>>
>> at
>> org.apache.cxf.binding.soap.saaj.SAAJInInterceptor.handleMessage(SAAJInInte
>> rceptor.java:154) at
>> org.apache.cxf.jaxws.handler.soap.SOAPMessageContextImpl.getMessage(SOAPMes
>> sageContextImpl.java:78) at
>> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.createProtocolMess
>> ageContext(SOAPHandlerInterceptor.java:236) at
>> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessageInter
>> nal(SOAPHandlerInterceptor.java:144) at
>> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(SOAP
>> HandlerInterceptor.java:119) at
>> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(SOAP
>> HandlerInterceptor.java:69) at
>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
>> n.java:243) at
>> org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:672) at
>> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleRespons
>> eInternal(HTTPConduit.java:2210) at
>> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleRespons
>> e(HTTPConduit.java:2087) at
>> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPCon
>> duit.java:1985) at
>> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
>> at
>> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:640) at
>> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInte
>> rceptor.handleMessage(MessageSenderInterceptor.java:62) at
>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
>> n.java:243) at
>> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:484) at
>> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:310) at
>> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:262) at
>> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) at
>> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
>> at $Proxy47.findTaskListUsingLoginCreds(Unknown Source)
>> at
>> com.hsc.security.saml.soap.SpringWSClient.main(SpringWSClient.java:77)
>>
>> Q1. Does CXF uses its own DOM Parser when building the SOAPMessages? Is
>> there a way to turn on the namespace awareness at DOM parsing time.
>> Q2. If not, can we turn off the CXF interceptors on both the client and
>> server side and if we do are there any ripple effects. As you are already
>> aware I am using a JAX WS Handler to intercept the SOAP request - Will
>> that
>> be sufficient or I would still need the SOAP and SAAJ interceptors?
>>
>> Eagerly waiting to hear from you
>>
>> thanks
>> Sid
>>
>> dkulp wrote:
>> > This is being thrown from down in Opensaml. I really don't know what
>> > would
>> > cause it. You would probably need to ask on their lists and give them
>> > the
>> > stack trace and the XML of the SAML assertion.
>> >
>> > Dan
>>
>> dkulp wrote:
>> > This is being thrown from down in Opensaml. I really don't know what
>> > would
>> > cause it. You would probably need to ask on their lists and give them
>> > the
>> > stack trace and the XML of the SAML assertion.
>> >
>> > Dan
>> >
>> > On Fri February 26 2010 7:19:15 pm PrSd wrote:
>> >> Daniel,
>> >>
>> >> Here is the stack trace you had requested regarding this issue. I just
>> >> cannot figure out a solution to this
>> >>
>> >> [2/26/10 17:16:11:596 EST] 0000001c SystemErr R
>> >> java.lang.IllegalArgumentException: local part cannot be "null" when
>> >> creating a QName
>> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> >> javax.xml.namespace.QName.<init>(Unknown Source)
>> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> >> javax.xml.namespace.QName.<init>(Unknown Source)
>> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> >> org.opensaml.xml.util.XMLHelper.constructQName(XMLHelper.java:433)
>> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> >> org.opensaml.xml.util.XMLHelper.getNodeQName(XMLHelper.java:171)
>> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> >>
>> org.opensaml.xml.io.AbstractXMLObjectUnmarshaller.unmarshallAttribute(Ab
>> >> str actXMLObjectUnmarshaller.java:215) [2/26/10 17:16:11:612 EST]
>> >> 0000001c SystemErr R at
>> >>
>> org.opensaml.xml.io.AbstractXMLObjectUnmarshaller.unmarshall(AbstractXML
>> >> Obj ectUnmarshaller.java:107) [2/26/10 17:16:11:612 EST] 0000001c
>> >> SystemErr R at
>> >>
>> com.syscom.hsc.web.soap.ServiceSAMLHandler.handleMessage(ServiceSAMLHand
>> >> ler .java:222) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
>> at
>> >>
>> com.syscom.hsc.web.soap.ServiceSAMLHandler.handleMessage(ServiceSAMLHan
>> >> dler .java:1) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
>> at
>> >>
>> org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeHandleMessage(Ha
>> >> ndle rChainInvoker.java:335) [2/26/10 17:16:11:612 EST] 0000001c
>> >> SystemErr R
>> >>
>> >> at
>> >>
>> >>
>> org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeHandlerChain(Hand
>> >> ler ChainInvoker.java:253) [2/26/10 17:16:11:612 EST] 0000001c
>> SystemErr
>> >> R
>> >>
>> >> at
>> >>
>> >>
>> org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeProtocolHandlers(
>> >> Han dlerChainInvoker.java:131) [2/26/10 17:16:11:612 EST] 0000001c
>> >> SystemErr
>> >>
>> >> R at
>> >>
>> >>
>> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessageIn
>> >> ter nal(SOAPHandlerInterceptor.java:152) [2/26/10 17:16:11:612 EST]
>> >> 0000001c SystemErr R at
>> >>
>> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(S
>> >> OAP HandlerInterceptor.java:119) [2/26/10 17:16:11:612 EST] 0000001c
>> >> SystemErr
>> >>
>> >> R at
>> >>
>> >>
>> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(S
>> >> OAP HandlerInterceptor.java:69) [2/26/10 17:16:11:612 EST] 0000001c
>> >> SystemErr
>> >>
>> >> R at
>> >>
>> >>
>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC
>> >> hai n.java:243) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
>> >> at
>> >>
>> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiat
>> >> ionO bserver.java:109) [2/26/10 17:16:11:612 EST] 0000001c SystemErr
>> >> R at
>> >>
>> org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestin
>> >> ati on.java:98) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
>> >> at
>> >>
>> org.apache.cxf.transport.servlet.ServletController.invokeDestination(Se
>> >> rvle tController.java:406) [2/26/10 17:16:11:612 EST] 0000001c
>> SystemErr
>> >> R
>> >>
>> >> at
>> >>
>> >>
>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletControl
>> >> ler .java:178) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
>> at
>> >>
>> org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFS
>> >> ervl et.java:142) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
>> >> at
>> >>
>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(Abst
>> >> ract HTTPServlet.java:179) [2/26/10 17:16:11:612 EST] 0000001c
>> SystemErr
>> >> R
>> >>
>> >> at
>> >>
>> >>
>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTP
>> >> Ser vlet.java:103) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
>> >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
>> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> >>
>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTT
>> >> PSe rvlet.java:159) [2/26/10 17:16:11:612 EST] 0000001c SystemErr
>> R
>> >> at
>> >>
>> com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.j
>> >> ava: 1096) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> >>
>> com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWra
>> >> pper .java:570) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
>> >> at
>> >>
>> com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletW
>> >> rapp er.java:478) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
>> >> at
>> >>
>> com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(Cache
>> >> Serv letWrapper.java:90) [2/26/10 17:16:11:612 EST] 0000001c SystemErr
>> >> R
>> >>
>> >> at
>> >>
>> >>
>> com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:748
>> >> ) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> >>
>> com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1
>> >> 466 ) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> >>
>> com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:1
>> >> 19) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> >>
>> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscriminatio
>> >> n(H ttpInboundLink.java:458) [2/26/10 17:16:11:612 EST] 0000001c
>> >> SystemErr R at
>> >>
>> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformatio
>> >> n(H ttpInboundLink.java:387) [2/26/10 17:16:11:612 EST] 0000001c
>> >> SystemErr R at
>> >>
>> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLi
>> >> nk. java:267) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
>> at
>> >>
>> com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDisc
>> >> rimi nators(NewConnectionInitialReadCallback.java:214) [2/26/10
>> >> 17:16:11:612 EST] 0000001c SystemErr R at
>> >>
>> com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(Ne
>> >> wCo nnectionInitialReadCallback.java:113) [2/26/10 17:16:11:612 EST]
>> >> 0000001c SystemErr R at
>> >>
>> com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(Ai
>> >> oRe adCompletionListener.java:165) [2/26/10 17:16:11:612 EST] 0000001c
>> >> SystemErr R at
>> >>
>> com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.
>> >> jav a:217) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> >>
>> com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelF
>> >> utur e.java:161) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
>> >> at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
>> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> >> com.ibm.io.async.ResultHandler.complete(ResultHandler.java:195)
>> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> >>
>> com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java
>> >> :74 3) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> >> com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:873)
>> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> >> com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1473)
>> >
>> > -----------
>> >
>> >> > Here is the SAML Assertion that is being sent into the SOAP Header
>> >> > <soap:Envelope
>> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
>> >> >
>> >> > <soap:Header>
>> >> > <wsse:Security
>> >>
>> >>
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse
>> >> c
>> >>
>> >> > urity-secext-1.0.xsd">
>> >> >
>> >> > <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
>> >> > ID="123" IssueInstant="2010-02-24T19:10:32.724Z" Version="2.0">
>> >> >
>> >> > <saml2:Issuer>http://localhost:9088</saml2:Issuer>
>> >> >
>> >> > <saml2:Subject>
>> >> >
>> >> > <saml2:NameID
>> >>
>> >>
>> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">p8adm
>> >> i
>> >>
>> >> > n</saml2:NameID> </saml2:Subject>
>> >> >
>> >> > <saml2:AuthnStatement
>> >> >
>> >> > AuthnInstant="2010-02-24T19:10:32.787Z">
>> >> >
>> >> > <saml2:AuthnContext>
>> >>
>> >>
>> <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509<
>> >> /
>> >>
>> >> > saml2:AuthnContextClassRef>
>> >> >
>> >> > </saml2:AuthnContext>
>> >> >
>> >> > </saml2:AuthnStatement>
>> >> >
>> >> > <saml2:AuthzDecisionStatement Decision="Permit" Resource="DoubleIt">
>> >> >
>> >> > <saml2:Action
>> >>
>> >>
>> Namespace="urn:doubleit:doubleitactions">DoubleEvenNumbers</saml2:Action
>> >> >
>> >>
>> >> > </saml2:AuthzDecisionStatement>
>> >> >
>> >> > <saml2:AttributeStatement>
>> >> >
>> >> > <saml2:Attribute Name="degree"
>> >> > NameFormat="http://www.example.org/DoubleIt/Security">
>> >> >
>> >> > <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
>> >> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> >> > xsi:type="xs:string">Mathematics</saml2:AttributeValue>
>> >> > </saml2:Attribute></saml2:AttributeStatement>
>> >> >
>> >> > </saml2:Assertion></wsse:Security></soap:Header>
>> >> >
>> >> > <soap:Body><findTaskListUsingLoginCreds
>> >> > xmlns="http://web.hsc.syscom.com/"><username
>> >> > xmlns="http://web.hsc.syscom.com/">kpham</username><password
>> >> > xmlns="http://web.hsc.syscom.com/">hdfuhgdg</password><category
>> >>
>> >>
>> xmlns="http://web.hsc.syscom.com/">GETFULLEOPINWRK</category><maxResults
>> >>
>> >>
>> xmlns="http://web.hsc.syscom.com/">-1</maxResults></findTaskListUsingLog
>> >> i
>> >>
>> >> > nCreds></soap:Body></soap:Envelope>
>
> --
> Daniel Kulp
> dkulp@apache.org
> http://www.dankulp.com/blog
>
>
--
View this message in context: http://old.nabble.com/local-part-cannot-be-%22null%22-when-creating-a-QName-tp27714287p27872480.html
Sent from the cxf-user mailing list archive at Nabble.com.
RE: jaxws endpoint threadsafe as a Spring singleton?
Posted by Ron Grimes <rg...@sinclairoil.com>.
I've used the WebServiceContext for purposes such as to retrieve the client's IP address. Never had a problem with it. Also, if you look at the source code for WebServiceContextImpl, you'll see that it uses a ThreadLocal type for the context. And, if you look at the source on ThreadLocal, you'll see that the documentation reads:
"**
* This class provides thread-local variables. These variables differ from
* their normal counterparts in that each thread that accesses one (via its
* <tt>get</tt> or <tt>set</tt> method) has its own, independently initialized
* copy of the variable."
Ron Grimes
-----Original Message-----
From: Kessel, Christopher [mailto:ckessel@transunion.com]
Sent: Tuesday, March 02, 2010 8:48 AM
To: users@cxf.apache.org
Subject: jaxws endpoint threadsafe as a Spring singleton?
I've defined my bean in Spring as per some examples in the CXF tutorial
pages:
<bean id="fooImpl" class="FooServerImpl"></bean>
<jaxws:endpoint id="foo" implementor="#fooImpl"
address="/foo"></jaxws:endpoint>
My FooServerImpl has a reference to the WebServiceContext (because I
have to get to the SerlvetContext for historical reasons).
@Resource
private WebServiceContext _wsContext;
The javadoc on WebServiceContext says that _wsContext is relative to the
request being served:
* A <code>WebServiceContext</code> makes it possible for
* a web service endpoint implementation class to access
* message context and security information relative to
* a request being served.
So, my question is, if FooServerImpl is a Spring singleton (which I
think is the default, at least in the application I'm working on), would
that mean the _wsContext isn't thread safe since it's related to each
request? If I had 2 requests come in simultaneously, the _wsContext for
the 2nd one would clobber the value set for the first request. Yes?
Thanks,
Chris
jaxws endpoint threadsafe as a Spring singleton?
Posted by "Kessel, Christopher" <ck...@transunion.com>.
I've defined my bean in Spring as per some examples in the CXF tutorial
pages:
<bean id="fooImpl" class="FooServerImpl"></bean>
<jaxws:endpoint id="foo" implementor="#fooImpl"
address="/foo"></jaxws:endpoint>
My FooServerImpl has a reference to the WebServiceContext (because I
have to get to the SerlvetContext for historical reasons).
@Resource
private WebServiceContext _wsContext;
The javadoc on WebServiceContext says that _wsContext is relative to the
request being served:
* A <code>WebServiceContext</code> makes it possible for
* a web service endpoint implementation class to access
* message context and security information relative to
* a request being served.
So, my question is, if FooServerImpl is a Spring singleton (which I
think is the default, at least in the application I'm working on), would
that mean the _wsContext isn't thread safe since it's related to each
request? If I had 2 requests come in simultaneously, the _wsContext for
the 2nd one would clobber the value set for the first request. Yes?
Thanks,
Chris
Re: local part cannot be "null" when creating a QName
Posted by PrSd <si...@yahoo.com>.
Really appreciate your timely help Dan. Will look forward to tomorrow's
build.
best regards
Sid
dkulp wrote:
>
>
> Thanks for following up with them. Their hints helped me figure out where
> to
> look. I THINK I see what may be happening here on our side and I've just
> committed a fix. If you could test tomorrows snapshots (or checkout the
> source and build it) to see if that helps, that would be great.
>
> Dan
>
> On Mon March 1 2010 11:20:28 pm PrSd wrote:
>> Dan,
>>
>> I approached the folks at OpenSAML. As per Scott Cantor (one of the
>> person
>> heading that project), the issue is not at the SAML end, it is where DOM
>> is
>> first being created. The XML Parser is creating the DOM without namespace
>> awareness which causes the SAML code to fail when it tries creating a
>> QName(localpart). The localName of the DOM attribute is null.
>>
>> Following link is a detailed exchange I had with them
>> https://mail.internet2.edu/wws/arc/mace-opensaml-users/2010-03/msg00025.htm
>> l
>>
>>
>>
>> He clearly mentioned that I need to use a DOM2 or DOM3 Level
>> specification.
>> It is also possible that the CXF client or server side SOAP/SAAJ
>> Interceptors are altering the DOM in a certain way that is causing the
>> umarshalling process using the SAML to fail.
>>
>> I managed to catch hold of the stack trace on the client side.
>>
>> at
>> org.apache.cxf.binding.soap.saaj.SAAJInInterceptor.handleMessage(SAAJInInte
>> rceptor.java:154) at
>> org.apache.cxf.jaxws.handler.soap.SOAPMessageContextImpl.getMessage(SOAPMes
>> sageContextImpl.java:78) at
>> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.createProtocolMess
>> ageContext(SOAPHandlerInterceptor.java:236) at
>> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessageInter
>> nal(SOAPHandlerInterceptor.java:144) at
>> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(SOAP
>> HandlerInterceptor.java:119) at
>> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(SOAP
>> HandlerInterceptor.java:69) at
>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
>> n.java:243) at
>> org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:672) at
>> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleRespons
>> eInternal(HTTPConduit.java:2210) at
>> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleRespons
>> e(HTTPConduit.java:2087) at
>> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPCon
>> duit.java:1985) at
>> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
>> at
>> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:640) at
>> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInte
>> rceptor.handleMessage(MessageSenderInterceptor.java:62) at
>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
>> n.java:243) at
>> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:484) at
>> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:310) at
>> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:262) at
>> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) at
>> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
>> at $Proxy47.findTaskListUsingLoginCreds(Unknown Source)
>> at
>> com.hsc.security.saml.soap.SpringWSClient.main(SpringWSClient.java:77)
>>
>> Q1. Does CXF uses its own DOM Parser when building the SOAPMessages? Is
>> there a way to turn on the namespace awareness at DOM parsing time.
>> Q2. If not, can we turn off the CXF interceptors on both the client and
>> server side and if we do are there any ripple effects. As you are already
>> aware I am using a JAX WS Handler to intercept the SOAP request - Will
>> that
>> be sufficient or I would still need the SOAP and SAAJ interceptors?
>>
>> Eagerly waiting to hear from you
>>
>> thanks
>> Sid
>>
>> dkulp wrote:
>> > This is being thrown from down in Opensaml. I really don't know what
>> > would
>> > cause it. You would probably need to ask on their lists and give them
>> > the
>> > stack trace and the XML of the SAML assertion.
>> >
>> > Dan
>>
>> dkulp wrote:
>> > This is being thrown from down in Opensaml. I really don't know what
>> > would
>> > cause it. You would probably need to ask on their lists and give them
>> > the
>> > stack trace and the XML of the SAML assertion.
>> >
>> > Dan
>> >
>> > On Fri February 26 2010 7:19:15 pm PrSd wrote:
>> >> Daniel,
>> >>
>> >> Here is the stack trace you had requested regarding this issue. I just
>> >> cannot figure out a solution to this
>> >>
>> >> [2/26/10 17:16:11:596 EST] 0000001c SystemErr R
>> >> java.lang.IllegalArgumentException: local part cannot be "null" when
>> >> creating a QName
>> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> >> javax.xml.namespace.QName.<init>(Unknown Source)
>> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> >> javax.xml.namespace.QName.<init>(Unknown Source)
>> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> >> org.opensaml.xml.util.XMLHelper.constructQName(XMLHelper.java:433)
>> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> >> org.opensaml.xml.util.XMLHelper.getNodeQName(XMLHelper.java:171)
>> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> >>
>> org.opensaml.xml.io.AbstractXMLObjectUnmarshaller.unmarshallAttribute(Ab
>> >> str actXMLObjectUnmarshaller.java:215) [2/26/10 17:16:11:612 EST]
>> >> 0000001c SystemErr R at
>> >>
>> org.opensaml.xml.io.AbstractXMLObjectUnmarshaller.unmarshall(AbstractXML
>> >> Obj ectUnmarshaller.java:107) [2/26/10 17:16:11:612 EST] 0000001c
>> >> SystemErr R at
>> >>
>> com.syscom.hsc.web.soap.ServiceSAMLHandler.handleMessage(ServiceSAMLHand
>> >> ler .java:222) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
>> at
>> >>
>> com.syscom.hsc.web.soap.ServiceSAMLHandler.handleMessage(ServiceSAMLHan
>> >> dler .java:1) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
>> at
>> >>
>> org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeHandleMessage(Ha
>> >> ndle rChainInvoker.java:335) [2/26/10 17:16:11:612 EST] 0000001c
>> >> SystemErr R
>> >>
>> >> at
>> >>
>> >>
>> org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeHandlerChain(Hand
>> >> ler ChainInvoker.java:253) [2/26/10 17:16:11:612 EST] 0000001c
>> SystemErr
>> >> R
>> >>
>> >> at
>> >>
>> >>
>> org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeProtocolHandlers(
>> >> Han dlerChainInvoker.java:131) [2/26/10 17:16:11:612 EST] 0000001c
>> >> SystemErr
>> >>
>> >> R at
>> >>
>> >>
>> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessageIn
>> >> ter nal(SOAPHandlerInterceptor.java:152) [2/26/10 17:16:11:612 EST]
>> >> 0000001c SystemErr R at
>> >>
>> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(S
>> >> OAP HandlerInterceptor.java:119) [2/26/10 17:16:11:612 EST] 0000001c
>> >> SystemErr
>> >>
>> >> R at
>> >>
>> >>
>> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(S
>> >> OAP HandlerInterceptor.java:69) [2/26/10 17:16:11:612 EST] 0000001c
>> >> SystemErr
>> >>
>> >> R at
>> >>
>> >>
>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC
>> >> hai n.java:243) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
>> >> at
>> >>
>> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiat
>> >> ionO bserver.java:109) [2/26/10 17:16:11:612 EST] 0000001c SystemErr
>> >> R at
>> >>
>> org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestin
>> >> ati on.java:98) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
>> >> at
>> >>
>> org.apache.cxf.transport.servlet.ServletController.invokeDestination(Se
>> >> rvle tController.java:406) [2/26/10 17:16:11:612 EST] 0000001c
>> SystemErr
>> >> R
>> >>
>> >> at
>> >>
>> >>
>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletControl
>> >> ler .java:178) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
>> at
>> >>
>> org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFS
>> >> ervl et.java:142) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
>> >> at
>> >>
>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(Abst
>> >> ract HTTPServlet.java:179) [2/26/10 17:16:11:612 EST] 0000001c
>> SystemErr
>> >> R
>> >>
>> >> at
>> >>
>> >>
>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTP
>> >> Ser vlet.java:103) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
>> >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
>> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> >>
>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTT
>> >> PSe rvlet.java:159) [2/26/10 17:16:11:612 EST] 0000001c SystemErr
>> R
>> >> at
>> >>
>> com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.j
>> >> ava: 1096) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> >>
>> com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWra
>> >> pper .java:570) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
>> >> at
>> >>
>> com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletW
>> >> rapp er.java:478) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
>> >> at
>> >>
>> com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(Cache
>> >> Serv letWrapper.java:90) [2/26/10 17:16:11:612 EST] 0000001c SystemErr
>> >> R
>> >>
>> >> at
>> >>
>> >>
>> com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:748
>> >> ) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> >>
>> com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1
>> >> 466 ) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> >>
>> com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:1
>> >> 19) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> >>
>> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscriminatio
>> >> n(H ttpInboundLink.java:458) [2/26/10 17:16:11:612 EST] 0000001c
>> >> SystemErr R at
>> >>
>> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformatio
>> >> n(H ttpInboundLink.java:387) [2/26/10 17:16:11:612 EST] 0000001c
>> >> SystemErr R at
>> >>
>> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLi
>> >> nk. java:267) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
>> at
>> >>
>> com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDisc
>> >> rimi nators(NewConnectionInitialReadCallback.java:214) [2/26/10
>> >> 17:16:11:612 EST] 0000001c SystemErr R at
>> >>
>> com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(Ne
>> >> wCo nnectionInitialReadCallback.java:113) [2/26/10 17:16:11:612 EST]
>> >> 0000001c SystemErr R at
>> >>
>> com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(Ai
>> >> oRe adCompletionListener.java:165) [2/26/10 17:16:11:612 EST] 0000001c
>> >> SystemErr R at
>> >>
>> com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.
>> >> jav a:217) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> >>
>> com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelF
>> >> utur e.java:161) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
>> >> at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
>> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> >> com.ibm.io.async.ResultHandler.complete(ResultHandler.java:195)
>> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> >>
>> com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java
>> >> :74 3) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> >> com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:873)
>> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> >> com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1473)
>> >
>> > -----------
>> >
>> >> > Here is the SAML Assertion that is being sent into the SOAP Header
>> >> > <soap:Envelope
>> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
>> >> >
>> >> > <soap:Header>
>> >> > <wsse:Security
>> >>
>> >>
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse
>> >> c
>> >>
>> >> > urity-secext-1.0.xsd">
>> >> >
>> >> > <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
>> >> > ID="123" IssueInstant="2010-02-24T19:10:32.724Z" Version="2.0">
>> >> >
>> >> > <saml2:Issuer>http://localhost:9088</saml2:Issuer>
>> >> >
>> >> > <saml2:Subject>
>> >> >
>> >> > <saml2:NameID
>> >>
>> >>
>> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">p8adm
>> >> i
>> >>
>> >> > n</saml2:NameID> </saml2:Subject>
>> >> >
>> >> > <saml2:AuthnStatement
>> >> >
>> >> > AuthnInstant="2010-02-24T19:10:32.787Z">
>> >> >
>> >> > <saml2:AuthnContext>
>> >>
>> >>
>> <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509<
>> >> /
>> >>
>> >> > saml2:AuthnContextClassRef>
>> >> >
>> >> > </saml2:AuthnContext>
>> >> >
>> >> > </saml2:AuthnStatement>
>> >> >
>> >> > <saml2:AuthzDecisionStatement Decision="Permit" Resource="DoubleIt">
>> >> >
>> >> > <saml2:Action
>> >>
>> >>
>> Namespace="urn:doubleit:doubleitactions">DoubleEvenNumbers</saml2:Action
>> >> >
>> >>
>> >> > </saml2:AuthzDecisionStatement>
>> >> >
>> >> > <saml2:AttributeStatement>
>> >> >
>> >> > <saml2:Attribute Name="degree"
>> >> > NameFormat="http://www.example.org/DoubleIt/Security">
>> >> >
>> >> > <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
>> >> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> >> > xsi:type="xs:string">Mathematics</saml2:AttributeValue>
>> >> > </saml2:Attribute></saml2:AttributeStatement>
>> >> >
>> >> > </saml2:Assertion></wsse:Security></soap:Header>
>> >> >
>> >> > <soap:Body><findTaskListUsingLoginCreds
>> >> > xmlns="http://web.hsc.syscom.com/"><username
>> >> > xmlns="http://web.hsc.syscom.com/">kpham</username><password
>> >> > xmlns="http://web.hsc.syscom.com/">hdfuhgdg</password><category
>> >>
>> >>
>> xmlns="http://web.hsc.syscom.com/">GETFULLEOPINWRK</category><maxResults
>> >>
>> >>
>> xmlns="http://web.hsc.syscom.com/">-1</maxResults></findTaskListUsingLog
>> >> i
>> >>
>> >> > nCreds></soap:Body></soap:Envelope>
>
> --
> Daniel Kulp
> dkulp@apache.org
> http://www.dankulp.com/blog
>
>
--
View this message in context: http://old.nabble.com/local-part-cannot-be-%22null%22-when-creating-a-QName-tp27714287p27757264.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: local part cannot be "null" when creating a QName
Posted by Daniel Kulp <dk...@apache.org>.
Thanks for following up with them. Their hints helped me figure out where to
look. I THINK I see what may be happening here on our side and I've just
committed a fix. If you could test tomorrows snapshots (or checkout the
source and build it) to see if that helps, that would be great.
Dan
On Mon March 1 2010 11:20:28 pm PrSd wrote:
> Dan,
>
> I approached the folks at OpenSAML. As per Scott Cantor (one of the person
> heading that project), the issue is not at the SAML end, it is where DOM is
> first being created. The XML Parser is creating the DOM without namespace
> awareness which causes the SAML code to fail when it tries creating a
> QName(localpart). The localName of the DOM attribute is null.
>
> Following link is a detailed exchange I had with them
> https://mail.internet2.edu/wws/arc/mace-opensaml-users/2010-03/msg00025.htm
> l
>
>
>
> He clearly mentioned that I need to use a DOM2 or DOM3 Level specification.
> It is also possible that the CXF client or server side SOAP/SAAJ
> Interceptors are altering the DOM in a certain way that is causing the
> umarshalling process using the SAML to fail.
>
> I managed to catch hold of the stack trace on the client side.
>
> at
> org.apache.cxf.binding.soap.saaj.SAAJInInterceptor.handleMessage(SAAJInInte
> rceptor.java:154) at
> org.apache.cxf.jaxws.handler.soap.SOAPMessageContextImpl.getMessage(SOAPMes
> sageContextImpl.java:78) at
> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.createProtocolMess
> ageContext(SOAPHandlerInterceptor.java:236) at
> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessageInter
> nal(SOAPHandlerInterceptor.java:144) at
> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(SOAP
> HandlerInterceptor.java:119) at
> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(SOAP
> HandlerInterceptor.java:69) at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
> n.java:243) at
> org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:672) at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleRespons
> eInternal(HTTPConduit.java:2210) at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleRespons
> e(HTTPConduit.java:2087) at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPCon
> duit.java:1985) at
> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
> at
> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:640) at
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInte
> rceptor.handleMessage(MessageSenderInterceptor.java:62) at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
> n.java:243) at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:484) at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:310) at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:262) at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
> at $Proxy47.findTaskListUsingLoginCreds(Unknown Source)
> at
> com.hsc.security.saml.soap.SpringWSClient.main(SpringWSClient.java:77)
>
> Q1. Does CXF uses its own DOM Parser when building the SOAPMessages? Is
> there a way to turn on the namespace awareness at DOM parsing time.
> Q2. If not, can we turn off the CXF interceptors on both the client and
> server side and if we do are there any ripple effects. As you are already
> aware I am using a JAX WS Handler to intercept the SOAP request - Will that
> be sufficient or I would still need the SOAP and SAAJ interceptors?
>
> Eagerly waiting to hear from you
>
> thanks
> Sid
>
> dkulp wrote:
> > This is being thrown from down in Opensaml. I really don't know what
> > would
> > cause it. You would probably need to ask on their lists and give them
> > the
> > stack trace and the XML of the SAML assertion.
> >
> > Dan
>
> dkulp wrote:
> > This is being thrown from down in Opensaml. I really don't know what
> > would
> > cause it. You would probably need to ask on their lists and give them
> > the
> > stack trace and the XML of the SAML assertion.
> >
> > Dan
> >
> > On Fri February 26 2010 7:19:15 pm PrSd wrote:
> >> Daniel,
> >>
> >> Here is the stack trace you had requested regarding this issue. I just
> >> cannot figure out a solution to this
> >>
> >> [2/26/10 17:16:11:596 EST] 0000001c SystemErr R
> >> java.lang.IllegalArgumentException: local part cannot be "null" when
> >> creating a QName
> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> >> javax.xml.namespace.QName.<init>(Unknown Source)
> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> >> javax.xml.namespace.QName.<init>(Unknown Source)
> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> >> org.opensaml.xml.util.XMLHelper.constructQName(XMLHelper.java:433)
> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> >> org.opensaml.xml.util.XMLHelper.getNodeQName(XMLHelper.java:171)
> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> >> org.opensaml.xml.io.AbstractXMLObjectUnmarshaller.unmarshallAttribute(Ab
> >> str actXMLObjectUnmarshaller.java:215) [2/26/10 17:16:11:612 EST]
> >> 0000001c SystemErr R at
> >> org.opensaml.xml.io.AbstractXMLObjectUnmarshaller.unmarshall(AbstractXML
> >> Obj ectUnmarshaller.java:107) [2/26/10 17:16:11:612 EST] 0000001c
> >> SystemErr R at
> >> com.syscom.hsc.web.soap.ServiceSAMLHandler.handleMessage(ServiceSAMLHand
> >> ler .java:222) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> >> com.syscom.hsc.web.soap.ServiceSAMLHandler.handleMessage(ServiceSAMLHan
> >> dler .java:1) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> >> org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeHandleMessage(Ha
> >> ndle rChainInvoker.java:335) [2/26/10 17:16:11:612 EST] 0000001c
> >> SystemErr R
> >>
> >> at
> >>
> >> org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeHandlerChain(Hand
> >> ler ChainInvoker.java:253) [2/26/10 17:16:11:612 EST] 0000001c SystemErr
> >> R
> >>
> >> at
> >>
> >> org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeProtocolHandlers(
> >> Han dlerChainInvoker.java:131) [2/26/10 17:16:11:612 EST] 0000001c
> >> SystemErr
> >>
> >> R at
> >>
> >> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessageIn
> >> ter nal(SOAPHandlerInterceptor.java:152) [2/26/10 17:16:11:612 EST]
> >> 0000001c SystemErr R at
> >> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(S
> >> OAP HandlerInterceptor.java:119) [2/26/10 17:16:11:612 EST] 0000001c
> >> SystemErr
> >>
> >> R at
> >>
> >> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(S
> >> OAP HandlerInterceptor.java:69) [2/26/10 17:16:11:612 EST] 0000001c
> >> SystemErr
> >>
> >> R at
> >>
> >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC
> >> hai n.java:243) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
> >> at
> >> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiat
> >> ionO bserver.java:109) [2/26/10 17:16:11:612 EST] 0000001c SystemErr
> >> R at
> >> org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestin
> >> ati on.java:98) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
> >> at
> >> org.apache.cxf.transport.servlet.ServletController.invokeDestination(Se
> >> rvle tController.java:406) [2/26/10 17:16:11:612 EST] 0000001c SystemErr
> >> R
> >>
> >> at
> >>
> >> org.apache.cxf.transport.servlet.ServletController.invoke(ServletControl
> >> ler .java:178) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> >> org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFS
> >> ervl et.java:142) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
> >> at
> >> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(Abst
> >> ract HTTPServlet.java:179) [2/26/10 17:16:11:612 EST] 0000001c SystemErr
> >> R
> >>
> >> at
> >>
> >> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTP
> >> Ser vlet.java:103) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
> >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> >> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTT
> >> PSe rvlet.java:159) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
> >> at
> >> com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.j
> >> ava: 1096) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> >> com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWra
> >> pper .java:570) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
> >> at
> >> com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletW
> >> rapp er.java:478) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
> >> at
> >> com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(Cache
> >> Serv letWrapper.java:90) [2/26/10 17:16:11:612 EST] 0000001c SystemErr
> >> R
> >>
> >> at
> >>
> >> com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:748
> >> ) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> >> com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1
> >> 466 ) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> >> com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:1
> >> 19) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> >> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscriminatio
> >> n(H ttpInboundLink.java:458) [2/26/10 17:16:11:612 EST] 0000001c
> >> SystemErr R at
> >> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformatio
> >> n(H ttpInboundLink.java:387) [2/26/10 17:16:11:612 EST] 0000001c
> >> SystemErr R at
> >> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLi
> >> nk. java:267) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> >> com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDisc
> >> rimi nators(NewConnectionInitialReadCallback.java:214) [2/26/10
> >> 17:16:11:612 EST] 0000001c SystemErr R at
> >> com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(Ne
> >> wCo nnectionInitialReadCallback.java:113) [2/26/10 17:16:11:612 EST]
> >> 0000001c SystemErr R at
> >> com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(Ai
> >> oRe adCompletionListener.java:165) [2/26/10 17:16:11:612 EST] 0000001c
> >> SystemErr R at
> >> com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.
> >> jav a:217) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> >> com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelF
> >> utur e.java:161) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
> >> at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> >> com.ibm.io.async.ResultHandler.complete(ResultHandler.java:195)
> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> >> com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java
> >> :74 3) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> >> com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:873)
> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> >> com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1473)
> >
> > -----------
> >
> >> > Here is the SAML Assertion that is being sent into the SOAP Header
> >> > <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
> >> >
> >> > <soap:Header>
> >> > <wsse:Security
> >>
> >> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse
> >> c
> >>
> >> > urity-secext-1.0.xsd">
> >> >
> >> > <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
> >> > ID="123" IssueInstant="2010-02-24T19:10:32.724Z" Version="2.0">
> >> >
> >> > <saml2:Issuer>http://localhost:9088</saml2:Issuer>
> >> >
> >> > <saml2:Subject>
> >> >
> >> > <saml2:NameID
> >>
> >> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">p8adm
> >> i
> >>
> >> > n</saml2:NameID> </saml2:Subject>
> >> >
> >> > <saml2:AuthnStatement
> >> >
> >> > AuthnInstant="2010-02-24T19:10:32.787Z">
> >> >
> >> > <saml2:AuthnContext>
> >>
> >> <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509<
> >> /
> >>
> >> > saml2:AuthnContextClassRef>
> >> >
> >> > </saml2:AuthnContext>
> >> >
> >> > </saml2:AuthnStatement>
> >> >
> >> > <saml2:AuthzDecisionStatement Decision="Permit" Resource="DoubleIt">
> >> >
> >> > <saml2:Action
> >>
> >> Namespace="urn:doubleit:doubleitactions">DoubleEvenNumbers</saml2:Action
> >> >
> >>
> >> > </saml2:AuthzDecisionStatement>
> >> >
> >> > <saml2:AttributeStatement>
> >> >
> >> > <saml2:Attribute Name="degree"
> >> > NameFormat="http://www.example.org/DoubleIt/Security">
> >> >
> >> > <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
> >> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> >> > xsi:type="xs:string">Mathematics</saml2:AttributeValue>
> >> > </saml2:Attribute></saml2:AttributeStatement>
> >> >
> >> > </saml2:Assertion></wsse:Security></soap:Header>
> >> >
> >> > <soap:Body><findTaskListUsingLoginCreds
> >> > xmlns="http://web.hsc.syscom.com/"><username
> >> > xmlns="http://web.hsc.syscom.com/">kpham</username><password
> >> > xmlns="http://web.hsc.syscom.com/">hdfuhgdg</password><category
> >>
> >> xmlns="http://web.hsc.syscom.com/">GETFULLEOPINWRK</category><maxResults
> >>
> >> xmlns="http://web.hsc.syscom.com/">-1</maxResults></findTaskListUsingLog
> >> i
> >>
> >> > nCreds></soap:Body></soap:Envelope>
--
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog
Re: local part cannot be "null" when creating a QName
Posted by PrSd <si...@yahoo.com>.
Dan,
I approached the folks at OpenSAML. As per Scott Cantor (one of the person
heading that project), the issue is not at the SAML end, it is where DOM is
first being created. The XML Parser is creating the DOM without namespace
awareness which causes the SAML code to fail when it tries creating a
QName(localpart). The localName of the DOM attribute is null.
Following link is a detailed exchange I had with them
https://mail.internet2.edu/wws/arc/mace-opensaml-users/2010-03/msg00025.html
He clearly mentioned that I need to use a DOM2 or DOM3 Level specification.
It is also possible that the CXF client or server side SOAP/SAAJ
Interceptors are altering the DOM in a certain way that is causing the
umarshalling process using the SAML to fail.
I managed to catch hold of the stack trace on the client side.
at
org.apache.cxf.binding.soap.saaj.SAAJInInterceptor.handleMessage(SAAJInInterceptor.java:154)
at
org.apache.cxf.jaxws.handler.soap.SOAPMessageContextImpl.getMessage(SOAPMessageContextImpl.java:78)
at
org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.createProtocolMessageContext(SOAPHandlerInterceptor.java:236)
at
org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessageInternal(SOAPHandlerInterceptor.java:144)
at
org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(SOAPHandlerInterceptor.java:119)
at
org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(SOAPHandlerInterceptor.java:69)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:672)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2210)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2087)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1985)
at
org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:640)
at
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:484)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:310)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:262)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
at $Proxy47.findTaskListUsingLoginCreds(Unknown Source)
at
com.hsc.security.saml.soap.SpringWSClient.main(SpringWSClient.java:77)
Q1. Does CXF uses its own DOM Parser when building the SOAPMessages? Is
there a way to turn on the namespace awareness at DOM parsing time.
Q2. If not, can we turn off the CXF interceptors on both the client and
server side and if we do are there any ripple effects. As you are already
aware I am using a JAX WS Handler to intercept the SOAP request - Will that
be sufficient or I would still need the SOAP and SAAJ interceptors?
Eagerly waiting to hear from you
thanks
Sid
dkulp wrote:
>
>
> This is being thrown from down in Opensaml. I really don't know what
> would
> cause it. You would probably need to ask on their lists and give them
> the
> stack trace and the XML of the SAML assertion.
>
> Dan
dkulp wrote:
>
>
> This is being thrown from down in Opensaml. I really don't know what
> would
> cause it. You would probably need to ask on their lists and give them
> the
> stack trace and the XML of the SAML assertion.
>
> Dan
>
>
> On Fri February 26 2010 7:19:15 pm PrSd wrote:
>> Daniel,
>>
>> Here is the stack trace you had requested regarding this issue. I just
>> cannot figure out a solution to this
>>
>> [2/26/10 17:16:11:596 EST] 0000001c SystemErr R
>> java.lang.IllegalArgumentException: local part cannot be "null" when
>> creating a QName
>> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> javax.xml.namespace.QName.<init>(Unknown Source)
>> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> javax.xml.namespace.QName.<init>(Unknown Source)
>> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> org.opensaml.xml.util.XMLHelper.constructQName(XMLHelper.java:433)
>> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> org.opensaml.xml.util.XMLHelper.getNodeQName(XMLHelper.java:171)
>> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> org.opensaml.xml.io.AbstractXMLObjectUnmarshaller.unmarshallAttribute(Abstr
>> actXMLObjectUnmarshaller.java:215) [2/26/10 17:16:11:612 EST] 0000001c
>> SystemErr R at
>> org.opensaml.xml.io.AbstractXMLObjectUnmarshaller.unmarshall(AbstractXMLObj
>> ectUnmarshaller.java:107) [2/26/10 17:16:11:612 EST] 0000001c SystemErr
>> R at
>> com.syscom.hsc.web.soap.ServiceSAMLHandler.handleMessage(ServiceSAMLHandler
>> .java:222) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> com.syscom.hsc.web.soap.ServiceSAMLHandler.handleMessage(ServiceSAMLHandler
>> .java:1) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeHandleMessage(Handle
>> rChainInvoker.java:335) [2/26/10 17:16:11:612 EST] 0000001c SystemErr
>> R
>> at
>> org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeHandlerChain(Handler
>> ChainInvoker.java:253) [2/26/10 17:16:11:612 EST] 0000001c SystemErr
>> R
>> at
>> org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeProtocolHandlers(Han
>> dlerChainInvoker.java:131) [2/26/10 17:16:11:612 EST] 0000001c SystemErr
>> R at
>> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessageInter
>> nal(SOAPHandlerInterceptor.java:152) [2/26/10 17:16:11:612 EST] 0000001c
>> SystemErr R at
>> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(SOAP
>> HandlerInterceptor.java:119) [2/26/10 17:16:11:612 EST] 0000001c
>> SystemErr
>> R at
>> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(SOAP
>> HandlerInterceptor.java:69) [2/26/10 17:16:11:612 EST] 0000001c SystemErr
>> R at
>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
>> n.java:243) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationO
>> bserver.java:109) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
>> at
>> org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestinati
>> on.java:98) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> org.apache.cxf.transport.servlet.ServletController.invokeDestination(Servle
>> tController.java:406) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
>> at
>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController
>> .java:178) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServl
>> et.java:142) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(Abstract
>> HTTPServlet.java:179) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
>> at
>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPSer
>> vlet.java:103) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
>> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPSe
>> rvlet.java:159) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:
>> 1096) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper
>> .java:570) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapp
>> er.java:478) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServ
>> letWrapper.java:90) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
>> at
>> com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:748)
>> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1466
>> ) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:119)
>> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(H
>> ttpInboundLink.java:458) [2/26/10 17:16:11:612 EST] 0000001c SystemErr
>> R at
>> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(H
>> ttpInboundLink.java:387) [2/26/10 17:16:11:612 EST] 0000001c SystemErr
>> R at
>> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.
>> java:267) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscrimi
>> nators(NewConnectionInitialReadCallback.java:214) [2/26/10 17:16:11:612
>> EST] 0000001c SystemErr R at
>> com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewCo
>> nnectionInitialReadCallback.java:113) [2/26/10 17:16:11:612 EST] 0000001c
>> SystemErr R at
>> com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioRe
>> adCompletionListener.java:165) [2/26/10 17:16:11:612 EST] 0000001c
>> SystemErr R at
>> com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.jav
>> a:217) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFutur
>> e.java:161) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
>> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> com.ibm.io.async.ResultHandler.complete(ResultHandler.java:195)
>> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:74
>> 3) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:873)
>> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
>> com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1473)
>>
> -----------
>
>> >
>> >
>> > Here is the SAML Assertion that is being sent into the SOAP Header
>> > <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
>> >
>> > <soap:Header>
>> > <wsse:Security
>> >
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
>> > urity-secext-1.0.xsd">
>> >
>> > <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
>> > ID="123" IssueInstant="2010-02-24T19:10:32.724Z" Version="2.0">
>> >
>> > <saml2:Issuer>http://localhost:9088</saml2:Issuer>
>> >
>> > <saml2:Subject>
>> >
>> > <saml2:NameID
>> >
>> >
>> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">p8admi
>> > n</saml2:NameID> </saml2:Subject>
>> >
>> > <saml2:AuthnStatement
>> >
>> > AuthnInstant="2010-02-24T19:10:32.787Z">
>> >
>> > <saml2:AuthnContext>
>> >
>> >
>> <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509</
>> > saml2:AuthnContextClassRef>
>> >
>> > </saml2:AuthnContext>
>> >
>> > </saml2:AuthnStatement>
>> >
>> > <saml2:AuthzDecisionStatement Decision="Permit" Resource="DoubleIt">
>> >
>> > <saml2:Action
>> >
>> Namespace="urn:doubleit:doubleitactions">DoubleEvenNumbers</saml2:Action>
>> > </saml2:AuthzDecisionStatement>
>> >
>> > <saml2:AttributeStatement>
>> >
>> > <saml2:Attribute Name="degree"
>> > NameFormat="http://www.example.org/DoubleIt/Security">
>> >
>> > <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
>> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> > xsi:type="xs:string">Mathematics</saml2:AttributeValue>
>> > </saml2:Attribute></saml2:AttributeStatement>
>> >
>> > </saml2:Assertion></wsse:Security></soap:Header>
>> >
>> > <soap:Body><findTaskListUsingLoginCreds
>> > xmlns="http://web.hsc.syscom.com/"><username
>> > xmlns="http://web.hsc.syscom.com/">kpham</username><password
>> > xmlns="http://web.hsc.syscom.com/">hdfuhgdg</password><category
>> >
>> xmlns="http://web.hsc.syscom.com/">GETFULLEOPINWRK</category><maxResults
>> >
>> xmlns="http://web.hsc.syscom.com/">-1</maxResults></findTaskListUsingLogi
>> > nCreds></soap:Body></soap:Envelope>
>
> --
> Daniel Kulp
> dkulp@apache.org
> http://www.dankulp.com/blog
>
>
--
View this message in context: http://old.nabble.com/local-part-cannot-be-%22null%22-when-creating-a-QName-tp27714287p27752064.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: local part cannot be "null" when creating a QName
Posted by Daniel Kulp <dk...@apache.org>.
This is being thrown from down in Opensaml. I really don't know what would
cause it. You would probably need to ask on their lists and give them the
stack trace and the XML of the SAML assertion.
Dan
On Fri February 26 2010 7:19:15 pm PrSd wrote:
> Daniel,
>
> Here is the stack trace you had requested regarding this issue. I just
> cannot figure out a solution to this
>
> [2/26/10 17:16:11:596 EST] 0000001c SystemErr R
> java.lang.IllegalArgumentException: local part cannot be "null" when
> creating a QName
> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> javax.xml.namespace.QName.<init>(Unknown Source)
> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> javax.xml.namespace.QName.<init>(Unknown Source)
> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> org.opensaml.xml.util.XMLHelper.constructQName(XMLHelper.java:433)
> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> org.opensaml.xml.util.XMLHelper.getNodeQName(XMLHelper.java:171)
> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> org.opensaml.xml.io.AbstractXMLObjectUnmarshaller.unmarshallAttribute(Abstr
> actXMLObjectUnmarshaller.java:215) [2/26/10 17:16:11:612 EST] 0000001c
> SystemErr R at
> org.opensaml.xml.io.AbstractXMLObjectUnmarshaller.unmarshall(AbstractXMLObj
> ectUnmarshaller.java:107) [2/26/10 17:16:11:612 EST] 0000001c SystemErr
> R at
> com.syscom.hsc.web.soap.ServiceSAMLHandler.handleMessage(ServiceSAMLHandler
> .java:222) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> com.syscom.hsc.web.soap.ServiceSAMLHandler.handleMessage(ServiceSAMLHandler
> .java:1) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeHandleMessage(Handle
> rChainInvoker.java:335) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
> at
> org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeHandlerChain(Handler
> ChainInvoker.java:253) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
> at
> org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeProtocolHandlers(Han
> dlerChainInvoker.java:131) [2/26/10 17:16:11:612 EST] 0000001c SystemErr
> R at
> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessageInter
> nal(SOAPHandlerInterceptor.java:152) [2/26/10 17:16:11:612 EST] 0000001c
> SystemErr R at
> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(SOAP
> HandlerInterceptor.java:119) [2/26/10 17:16:11:612 EST] 0000001c SystemErr
> R at
> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(SOAP
> HandlerInterceptor.java:69) [2/26/10 17:16:11:612 EST] 0000001c SystemErr
> R at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
> n.java:243) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationO
> bserver.java:109) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestinati
> on.java:98) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(Servle
> tController.java:406) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
> at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController
> .java:178) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServl
> et.java:142) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(Abstract
> HTTPServlet.java:179) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPSer
> vlet.java:103) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPSe
> rvlet.java:159) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:
> 1096) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper
> .java:570) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapp
> er.java:478) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServ
> letWrapper.java:90) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R
> at
> com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:748)
> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1466
> ) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:119)
> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(H
> ttpInboundLink.java:458) [2/26/10 17:16:11:612 EST] 0000001c SystemErr
> R at
> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(H
> ttpInboundLink.java:387) [2/26/10 17:16:11:612 EST] 0000001c SystemErr
> R at
> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.
> java:267) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscrimi
> nators(NewConnectionInitialReadCallback.java:214) [2/26/10 17:16:11:612
> EST] 0000001c SystemErr R at
> com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewCo
> nnectionInitialReadCallback.java:113) [2/26/10 17:16:11:612 EST] 0000001c
> SystemErr R at
> com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioRe
> adCompletionListener.java:165) [2/26/10 17:16:11:612 EST] 0000001c
> SystemErr R at
> com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.jav
> a:217) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFutur
> e.java:161) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> com.ibm.io.async.ResultHandler.complete(ResultHandler.java:195)
> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:74
> 3) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:873)
> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
> com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1473)
>
-----------
> >
> >
> > Here is the SAML Assertion that is being sent into the SOAP Header
> > <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
> >
> > <soap:Header>
> > <wsse:Security
> > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
> > urity-secext-1.0.xsd">
> >
> > <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
> > ID="123" IssueInstant="2010-02-24T19:10:32.724Z" Version="2.0">
> >
> > <saml2:Issuer>http://localhost:9088</saml2:Issuer>
> >
> > <saml2:Subject>
> >
> > <saml2:NameID
> >
> > Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">p8admi
> > n</saml2:NameID> </saml2:Subject>
> >
> > <saml2:AuthnStatement
> >
> > AuthnInstant="2010-02-24T19:10:32.787Z">
> >
> > <saml2:AuthnContext>
> >
> > <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509</
> > saml2:AuthnContextClassRef>
> >
> > </saml2:AuthnContext>
> >
> > </saml2:AuthnStatement>
> >
> > <saml2:AuthzDecisionStatement Decision="Permit" Resource="DoubleIt">
> >
> > <saml2:Action
> > Namespace="urn:doubleit:doubleitactions">DoubleEvenNumbers</saml2:Action>
> > </saml2:AuthzDecisionStatement>
> >
> > <saml2:AttributeStatement>
> >
> > <saml2:Attribute Name="degree"
> > NameFormat="http://www.example.org/DoubleIt/Security">
> >
> > <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> > xsi:type="xs:string">Mathematics</saml2:AttributeValue>
> > </saml2:Attribute></saml2:AttributeStatement>
> >
> > </saml2:Assertion></wsse:Security></soap:Header>
> >
> > <soap:Body><findTaskListUsingLoginCreds
> > xmlns="http://web.hsc.syscom.com/"><username
> > xmlns="http://web.hsc.syscom.com/">kpham</username><password
> > xmlns="http://web.hsc.syscom.com/">hdfuhgdg</password><category
> > xmlns="http://web.hsc.syscom.com/">GETFULLEOPINWRK</category><maxResults
> > xmlns="http://web.hsc.syscom.com/">-1</maxResults></findTaskListUsingLogi
> > nCreds></soap:Body></soap:Envelope>
--
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog
Re: local part cannot be "null" when creating a QName
Posted by PrSd <si...@yahoo.com>.
Daniel,
Here is the stack trace you had requested regarding this issue. I just
cannot figure out a solution to this
[2/26/10 17:16:11:596 EST] 0000001c SystemErr R
java.lang.IllegalArgumentException: local part cannot be "null" when
creating a QName
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
javax.xml.namespace.QName.<init>(Unknown Source)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
javax.xml.namespace.QName.<init>(Unknown Source)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
org.opensaml.xml.util.XMLHelper.constructQName(XMLHelper.java:433)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
org.opensaml.xml.util.XMLHelper.getNodeQName(XMLHelper.java:171)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller.unmarshallAttribute(AbstractXMLObjectUnmarshaller.java:215)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller.unmarshall(AbstractXMLObjectUnmarshaller.java:107)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
com.syscom.hsc.web.soap.ServiceSAMLHandler.handleMessage(ServiceSAMLHandler.java:222)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
com.syscom.hsc.web.soap.ServiceSAMLHandler.handleMessage(ServiceSAMLHandler.java:1)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeHandleMessage(HandlerChainInvoker.java:335)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeHandlerChain(HandlerChainInvoker.java:253)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeProtocolHandlers(HandlerChainInvoker.java:131)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessageInternal(SOAPHandlerInterceptor.java:152)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(SOAPHandlerInterceptor.java:119)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(SOAPHandlerInterceptor.java:69)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:109)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:98)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:406)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:178)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:142)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:179)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:103)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:159)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1096)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:570)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:478)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:90)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:748)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1466)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:119)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:458)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:387)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:267)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
com.ibm.io.async.ResultHandler.complete(ResultHandler.java:195)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:743)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:873)
[2/26/10 17:16:11:612 EST] 0000001c SystemErr R at
com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1473)
****************************************************************************************************************
This is the line of code where the exception is being thrown on the JAX WS
Service Handler
***************************************************************************************************************
<code>
UnmarshallerFactory unmarshallerFactory = Configuration
.getUnmarshallerFactory();
Unmarshaller unmarshaller = unmarshallerFactory
.getUnmarshaller(assertionElement);
Assertion samlAssertion =
(Assertion) unmarshaller.unmarshall(assertionElement);
</code>
This is how I am getting the AssertionElement
<code>
SOAPHeader sh = smc.getMessage().getSOAPHeader();
// check for wsse:security element under SOAP Header
Node wsseElement = sh.getFirstChild();
// check for SAML assertion under wsse:security element
Element assertionElement = (Element)
wsseElement.getFirstChild();
</code>
****************************************************************************************************************
On the client side SAML Handler, I have tried both these approaches for
creating the Assertion object
****************************************************************************************************************
<code>
DefaultBootstrap.bootstrap();
SOAPMessage message = smc.getMessage();
SOAPPart soapPart = message.getSOAPPart();
SOAPEnvelope soapEnvelope = soapPart.getEnvelope();
Name wsseHeaderName = soapEnvelope.createName("Security",
"wsse", WS_SECURITY_NS_URI);
if (soapEnvelope.getHeader() == null) {
soapEnvelope.addHeader();
}
SOAPHeaderElement securityElement = soapEnvelope.getHeader()
.addHeaderElement(wsseHeaderName);
// APPROACH 1: Get the builder factory
SAMLObjectBuilder<Assertion> ab =
(SAMLObjectBuilder<Assertion>)
builderFactory.getBuilder(Assertion.DEFAULT_ELEMENT_NAME);
// APPROACH 2: Get the builder factory
// AssertionBuilder ab =
(AssertionBuilder)builderFactory.getBuilder(Assertion.DEFAULT_ELEMENT_NAME);
Assertion assertion = ab.buildObject();
..............
............
.............
try {
assertionElement =
Configuration.getMarshallerFactory().getMarshaller(assertion).marshall(assertion);
} catch (MarshallingException e) {
e.printStackTrace();
}
</code>
*****************************************************************************************************************
Here is the list of all the jars in the webapp using the ApplicationFirst
classloader policy (am thinking there may be conflicts here) -
aopalliance-1.0.jar
commons-codec-1.3.jar
commons-collections-3.2.1.jar
commons-configuration-1.5.jar
commons-lang-2.4.jar
commons-logging-1.1.1.jar
commons-pool-1.5.2.jar
cxf-2.2.6.jar
geronimo-activation_1.1_spec-1.0.2.jar
geronimo-annotation_1.0_spec-1.1.1.jar
geronimo-javamail_1.4_spec-1.6.jar
geronimo-jaxws_2.1_spec-1.0.jar
geronimo-stax-api_1.0_spec-1.0.1.jar
geronimo-ws-metadata_2.0_spec-1.1.2.jar
Jace.jar
jaxb-api-2.1.jar
jaxb-impl-2.1.12.jar
jaxen-1.1.jar
jetty-6.1.21.jar
jetty-util-6.1.21.jar
joda-time-1.6.jar
log4j.jar
neethi-2.0.4.jar
opensaml-2.3.0.jar
openws-1.3.0.jar
pe.jar
peResources.jar
slf4j-api-1.5.10.jar
slf4j-jdk14-1.5.10.jar
spring-beans-2.5.6.jar
spring-context-2.5.6.jar
spring-core-2.5.6.jar
spring-web-2.5.6.jar
velocity-1.5.jar
wss4j-1.5.8.jar
wstx-asl-3.2.9.jar
xalan-2.7.1.jar
xmlbeans-2.4.0.jar
xml-resolver-1.2.jar
XmlSchema-1.4.5.jar
xmlsec-1.4.3.jar
xmltooling-1.2.1.jar
************************************************************************************************************
Here are the ones in the Websphere's endorsed directory
(C:\IBM\WAS\java\jre\lib\endorsed)
jaxp-ri-1.4.2.jar
resolver-2.9.1.jar
saaj-api-1.3.jar
saaj-impl-1.3.2.jar
serializer-2.9.1.jar
wsdl4j-1.6.2.jar
xalan-2.7.1.jar
xercesImpl-2.9.1.jar
xml-apis-2.9.1.jar
**************************************************************************************************************
This is the SOAP Header
**************************************************************************************************************
<soap:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
ID="1267222570127" IssueInstant="2010-02-26T22:16:10.127Z" Version="2.0">
<saml2:Issuer>http://localhost:9088</saml2:Issuer>
<saml2:Subject><saml2:NameID
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">mbrendish</saml2:NameID>
<saml2:SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches"/>
</saml2:Subject>
<saml2:AuthnStatement AuthnInstant="2010-02-26T22:16:10.190Z">
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>AuthnContextType</saml2:AuthnContextClassRef>
</saml2:AuthnContext>
</saml2:AuthnStatement>
</saml2:Assertion>
</wsse:Security>
</soap:Header>
I have hit a dead end on this critical path of implementing a
Spring/SAML/CXF SSO protoype effort currently for a client will be
completely wasted.
Any help would be greatly appreciated.
PrSd wrote:
>
> Hello,
>
> I am injecting a SAML Assertion in a SOAP Header from the SOAPClient and
> then issuing a service request to a CXF webservice. On the service end I
> have a JAX WS SOAP Handler that intercepts and unmarshals the header. The
> client and service handlers are from Glen Mazza's weblog.
> http://www.jroller.com/gmazza/entry/using_the_opensaml_library_in
>
> I am still including them incase any customary changes I may have made
> messed up something. So here it is
>
> ------------------------------------------------------------------------------------------------------
> SOAPClient:
> ------------------------------------------------------------------------------------------------------
> package com.hsc.security.saml.soap;
>
> import java.io.IOException;
> import java.net.MalformedURLException;
> import java.net.URL;
>
> import java.util.ArrayList;
> import java.util.List;
> import java.util.Map;
> import java.util.Properties;
> import java.util.Set;
> import javax.xml.namespace.QName;
> import javax.xml.soap.SOAPElement;
> import javax.xml.soap.SOAPEnvelope;
> import javax.xml.soap.SOAPHeader;
> import javax.xml.soap.SOAPMessage;
> import javax.xml.ws.BindingProvider;
> import javax.xml.ws.Service;
> import javax.xml.ws.handler.MessageContext;
> import javax.xml.ws.handler.soap.SOAPHandler;
> import javax.xml.ws.handler.soap.SOAPMessageContext;
> import javax.xml.ws.soap.SOAPBinding;
>
> import com.syscom.hsc.web.IBpmService;
>
> public class SpringWSClient {
>
> String wsdlString =
> "http://localhost:9088/bpm-servicesCXF/services/IBpmService";
> //String wsdlString =
> "http://localhost:9088/bpm-servicesCXF/services/IBpmService?wsdl=IBpmService.wsdl";
> private static final QName SERVICE_NAME
> = new QName("http://web.hsc.syscom.com", "BPMWebService");
>
> private static final QName PORT_NAME
> = new QName("http://web.hsc.syscom.com", "BpmServicePort");
>
>
>
>
> public static String xmlFileNamePath = "BpmServices.xml";
>
> public static void main(String [] args){
>
> SpringWSClient ws = new SpringWSClient();
> System.out.println("Starting SOAP request");
> Service service = Service.create(SERVICE_NAME);
>
> //BPMWebService bpmServices = new BPMWebService(SERVICE_NAME);
> HeaderHandlerResolver handlerResolver = new HeaderHandlerResolver();
> service.setHandlerResolver(handlerResolver);
>
>
> // Endpoint Address
> String endpointAddress =
> "http://localhost:9088/bpm-servicesCXF/services/IBpmService";
> try {
> java.net.URL url = new URL(endpointAddress);
> } catch (MalformedURLException e1) {
> // TODO Auto-generated catch block
> e1.printStackTrace();
> }
>
> // Add a port to the Service
>
> IBpmService client = service.getPort(IBpmService.class);
>
> Map<String, Object> requestContext =
> ((BindingProvider)client).getRequestContext();
> requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
> endpointAddress);
> requestContext.put(BindingProvider.SESSION_MAINTAIN_PROPERTY,
> Boolean.TRUE);
>
> String username = "kpham";
> String password = "hdfuhgdg";
> String category = "GETFULLEOPINWRK";
> int max = -1;
> Properties arguments = null;
> String response =null;
> try {
> response = client.findTaskListUsingLoginCreds(username, password,
> category, arguments, max);
> //response = client.findTaskList(category, arguments, max);
>
> System.out.println("Response: " + response);
> } catch (Exception e) {
> // TODO Auto-generated catch block
> e.printStackTrace();
> }
>
>
> }
>
> ------------------------------------------------------------------------------------------------------
> ClientSAMLHandler
> ------------------------------------------------------------------------------------------------------
> public class ClientSAMLHandler implements SOAPHandler<SOAPMessageContext>
> {
>
> // change this to redirect output if desired
> private static PrintStream out = System.out;
>
> public static final String WS_SECURITY_NS_URI =
>
> "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
>
> private static final Set<QName> HEADERS = new HashSet<QName>();
> /* static {
> HEADERS.add(new QName(WSConstants.WSSE_NS, "Security"));
> HEADERS.add(new QName(WSConstants.WSSE11_NS, "Security"));
> HEADERS.add(new QName(WSConstants.ENC_NS, "EncryptedData"));
>
> }
> */
> public Set getHeaders() {
> //return HEADERS;
> return null;
> }
>
> public boolean handleMessage(SOAPMessageContext smc) {
> Boolean outboundProperty = (Boolean)
> smc.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
>
> if (outboundProperty.booleanValue()) {
> out.println("(debug) Adding SAML token to outbound message from
> client");
> System.out.println("(debug) Adding SAML token to outbound message
> from client");
>
> try {
> DefaultBootstrap.bootstrap();
> SOAPMessage message = smc.getMessage();
> SOAPPart soapPart = message.getSOAPPart();
> SOAPEnvelope soapEnvelope = soapPart.getEnvelope();
> Name wsseHeaderName = soapEnvelope.createName("Security",
> "wsse", WS_SECURITY_NS_URI);
> if (soapEnvelope.getHeader() == null) {
> soapEnvelope.addHeader();
> }
> SOAPHeaderElement securityElement = soapEnvelope.getHeader()
> .addHeaderElement(wsseHeaderName);
>
> AssertionBuilder ab = new AssertionBuilder();
> Assertion assertion = ab.buildObject();
> assertion.setVersion(SAMLVersion.VERSION_20);
> assertion.setID("123"); // in reality, must be unique for all
> assertions
> assertion.setIssueInstant(new DateTime());
>
> IssuerBuilder ib = new IssuerBuilder();
> Issuer myIssuer = ib.buildObject();
> myIssuer.setValue("http://localhost:9088");
> assertion.setIssuer(myIssuer);
>
> SubjectBuilder sb = new SubjectBuilder();
> Subject mySubject = sb.buildObject();
> NameIDBuilder nb = new NameIDBuilder();
> NameID myNameID = nb.buildObject();
> myNameID.setValue("p8admin");
> myNameID.setFormat(NameIdentifier.X509_SUBJECT);
> mySubject.setNameID(myNameID);
> assertion.setSubject(mySubject);
>
> // user authenticated via X509 token
> AuthnStatementBuilder asb = new AuthnStatementBuilder();
> AuthnStatement myAuthnStatement = asb.buildObject();
> myAuthnStatement.setAuthnInstant(new DateTime());
> AuthnContextBuilder acb = new AuthnContextBuilder();
> AuthnContext myACI = acb.buildObject();
> AuthnContextClassRefBuilder accrb = new
> AuthnContextClassRefBuilder();
> AuthnContextClassRef accr = accrb.buildObject();
> accr.setAuthnContextClassRef(AuthnContext.X509_AUTHN_CTX);
> myACI.setAuthnContextClassRef(accr);
> myAuthnStatement.setAuthnContext(myACI);
> assertion.getAuthnStatements().add(myAuthnStatement);
>
> // user can double even numbers
> AuthzDecisionStatementBuilder adsb = new
> AuthzDecisionStatementBuilder();
> AuthzDecisionStatement ads = adsb.buildObject();
> ads.setDecision(DecisionTypeEnumeration.PERMIT);
> ads.setResource("DoubleIt");
> ActionBuilder actb = new ActionBuilder();
> Action act = actb.buildObject();
> // arbitrary unique tag to define "namespace" of action
> // note SAML actions not defined in an XSD -- XAMCL normally
> used instead
> act.setNamespace("urn:doubleit:doubleitactions");
> act.setAction("DoubleEvenNumbers");
> ads.getActions().add(act);
> assertion.getAuthzDecisionStatements().add(ads);
>
> // user has math degree
> AttributeStatementBuilder attstmtb = new
> AttributeStatementBuilder();
> AttributeStatement attstmt = attstmtb.buildObject();
> AttributeBuilder attbldr = new AttributeBuilder();
> Attribute attr = attbldr.buildObject();
> attr.setName("degree");
>
> attr.setNameFormat("http://www.example.org/DoubleIt/Security");
> XSStringBuilder stringBuilder = (XSStringBuilder)
> Configuration
> .getBuilderFactory().getBuilder(XSString.TYPE_NAME);
> XSString stringValue = stringBuilder
> .buildObject(AttributeValue.DEFAULT_ELEMENT_NAME,
> XSString.TYPE_NAME);
> stringValue.setValue("Mathematics");
> attr.getAttributeValues().add(stringValue);
> attstmt.getAttributes().add(attr);
> assertion.getAttributeStatements().add(attstmt);
>
> // marshall Assertion Java class into XML
> MarshallerFactory marshallerFactory = Configuration
> .getMarshallerFactory();
> Marshaller marshaller = marshallerFactory
> .getMarshaller(assertion);
> Element assertionElement = marshaller.marshall(assertion);
> securityElement.appendChild(soapPart.importNode(
> assertionElement, true));
>
> //Print out the outbound SOAP message to System.out
> message.writeTo(System.out);
> System.out.println("");
>
> } catch (Exception e) {
> e.printStackTrace();
> }
> }
> else{
> try {
>
> //This handler does nothing with the response from the Web
> Service so
> //we just print out the SOAP message.
> SOAPMessage message = smc.getMessage();
> message.writeTo(System.out);
> System.out.println("");
>
> } catch (Exception ex) {
> ex.printStackTrace();
> }
> }
> return true;
> }
>
> public boolean handleFault(SOAPMessageContext smc) {
> out.println("Exception in Client handler: ");
> SOAPMessage message = smc.getMessage();
> try {
> message.writeTo(out);
> out.println(""); // just to add a newline
> } catch (Exception e) {
> out.println("Unable to write exception for exception: "
> + e.toString());
> }
> return true;
> }
>
> // nothing to clean up
> public void close(MessageContext messageContext) {
> }
>
> }
>
>
> }
>
> The SOAP Client then issues the service request, the Service JAX WS
> Handler intercepts the incoming message. The handleMessage is invoked,
> however I see a SOAPFaultException being thrown -
> ------------------------------------------------------------------------------------------------------
> [2/24/10 14:10:33:974 EST] 00000022 HandlerChainI 1 invoking handlers,
> direction: inbound
> [2/24/10 14:10:33:974 EST] 00000022 HandlerChainI 1 invoking handler of
> type com.syscom.hsc.web.soap.ServiceSAMLHandler
> [2/24/10 14:10:33:974 EST] 00000022 SystemOut O Inside handleMessage
> ---->
> [2/24/10 14:10:33:974 EST] 00000022 SystemOut O Inside handleMessage
> ----> outboundProperty.booleanValue() false
> [2/24/10 14:10:33:974 EST] 00000022 SystemOut O Inside handleMessage
> ----> sh.toString()[soap:Header: null]
> [2/24/10 14:10:33:974 EST] 00000022 SystemOut O Inside handleMessage
> ----> wsseElement.getLocalName()Security
> [2/24/10 14:10:33:974 EST] 00000022 SystemOut O Inside handleMessage
> ---->
> wsseElement.getNamespaceURI()http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> [2/24/10 14:10:33:974 EST] 00000022 SystemOut O Inside handleMessage
> ----> assertionElement.getLocalName()Assertion
> [2/24/10 14:10:33:974 EST] 00000022 SystemOut O Inside handleMessage
> ---->
> assertionElement.getNamespaceURI()urn:oasis:names:tc:SAML:2.0:assertion
> [2/24/10 14:10:34:224 EST] 00000022 Configuration W
> org.opensaml.xml.Configuration validateJCEProviders The JCE providers
> currently configured in the JVM do not support
> required capabilities for XML Encryption, either the 'AES' cipher
> algorithm
> or the 'ISO10126Padding' padding scheme
>
> handleMessage raised exception
> javax.xml.ws.soap.SOAPFaultException:
> Internal Error: local part cannot be "null" when creating a QName
> at
> com.syscom.hsc.web.soap.ServiceSAMLHandler.createSOAPFaultException(ServiceSAMLHandler.java:253)
> at
> com.syscom.hsc.web.soap.ServiceSAMLHandler.handleMessage(ServiceSAMLHandler.java:234)
> at
> com.syscom.hsc.web.soap.ServiceSAMLHandler.handleMessage(ServiceSAMLHandler.java:1)
> at
> org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeHandleMessage(HandlerChainInvoker.java:335)
> at
> org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeHandlerChain(HandlerChainInvoker.java:253)
> at
> org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeProtocolHandlers(HandlerChainInvoker.java:131)
> .-----------------------------------------------------------------------------------------------------
>
>
>
>
> Here is the ServiceHandler
> ------------------------------------------------------------------------------------------------------
> SAMLServiceHandler
> ------------------------------------------------------------------------------------------------------
> package com.syscom.hsc.web.soap;
> import java.io.PrintStream;
> import java.util.HashSet;
> import java.util.Iterator;
> import java.util.List;
> import java.util.Set;
>
> import javax.annotation.PostConstruct;
> import javax.annotation.PreDestroy;
> import javax.xml.namespace.QName;
> import javax.xml.soap.SOAPBody;
> import javax.xml.soap.SOAPConstants;
> import javax.xml.soap.SOAPException;
> import javax.xml.soap.SOAPFactory;
> import javax.xml.soap.SOAPFault;
> import javax.xml.soap.SOAPHeader;
> import javax.xml.soap.SOAPMessage;
> import javax.xml.ws.handler.MessageContext;
> import javax.xml.ws.handler.soap.SOAPHandler;
> import javax.xml.ws.handler.soap.SOAPMessageContext;
> import javax.xml.ws.soap.SOAPFaultException;
>
> import org.apache.ws.security.WSConstants;
> import org.opensaml.Configuration;
> import org.opensaml.DefaultBootstrap;
> import org.opensaml.saml2.core.Action;
> import org.opensaml.saml2.core.Assertion;
> import org.opensaml.saml2.core.Attribute;
> import org.opensaml.saml2.core.AttributeStatement;
> import org.opensaml.saml2.core.AuthnContext;
> import org.opensaml.saml2.core.AuthnStatement;
> import org.opensaml.saml2.core.AuthzDecisionStatement;
> import org.opensaml.xml.XMLObject;
> import org.opensaml.xml.io.Unmarshaller;
> import org.opensaml.xml.io.UnmarshallerFactory;
> import org.w3c.dom.Element;
> import org.w3c.dom.Node;
>
> import org.opensaml.common.xml.SAMLConstants;
>
> import com.syscom.hsc.web.security.saml.SAMLCredential;
>
> /*
> * This sample SOAP Protocol Handler for DoubleIt checks for X.509
> authentication,
> * attribute of Math degree, and authorization to double even numbers.
> */
> public class ServiceSAMLHandler implements SOAPHandler<SOAPMessageContext>
> {
>
> // change this to redirect output if desired
> private static PrintStream out = System.out;
>
> private static String WS_SECURITY_URI =
>
> "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
> private static final String HANDLER_NAME = "ServiceSAMLHandler";
>
>
> private static final Set<QName> HEADERS = new HashSet<QName>();
> /* static {
> HEADERS.add(new QName(WSConstants.WSSE_NS, "Security"));
> HEADERS.add(new QName(WSConstants.WSSE11_NS, "Security"));
> HEADERS.add(new QName(WSConstants.ENC_NS, "EncryptedData"));
> }
> */
> @PostConstruct
> public void init() {
> out.println("------------------------------------");
> out.println("In Handler " + HANDLER_NAME + ":init()");
> out.println("Exiting Handler " + HANDLER_NAME + ":init()");
> out.println("------------------------------------");
> }
>
> @PreDestroy
> public void destroy() {
> out.println("------------------------------------");
> out.println("In Handler " + HANDLER_NAME + ":destroy()");
> out.println("Exiting Handler " + HANDLER_NAME + ":destroy()");
> out.println("------------------------------------");
> }
>
>
> public Set <QName> getHeaders() {
> //return HEADERS;
> return null;
> }
>
> public boolean handleMessage(SOAPMessageContext smc) {
> out.println("Inside handleMessage ----> ");
> Boolean outboundProperty = (Boolean) smc
> .get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
>
>
> if (!outboundProperty.booleanValue()) {
> out.println("Inside handleMessage ---->
> outboundProperty.booleanValue() "+outboundProperty.booleanValue());
> logToSystemOut(smc);
> Element assertionElement;
>
> try {
> // check for SOAP Header
> SOAPHeader sh = smc.getMessage().getSOAPHeader();
> out.println("Inside handleMessage ---->
> sh.toString()"+sh.toString());
> if (sh == null) {
> throw createSOAPFaultException("Missing SOAP Header",
> true);
> }
>
> // check for wsse:security element under SOAP Header
> Node wsseElement = sh.getFirstChild();
> out.println("Inside handleMessage ---->
> wsseElement.getLocalName()"+wsseElement.getLocalName());
> out.println("Inside handleMessage ---->
> wsseElement.getNamespaceURI()"+wsseElement.getNamespaceURI());
>
> if (wsseElement == null ||
> !"Security".equals(wsseElement.getLocalName())
> ||
> !WS_SECURITY_URI.equals(wsseElement.getNamespaceURI())) {
> throw createSOAPFaultException("Missing or invalid
> WS-Security Header",
> true);
> }
>
> // check for SAML assertion under wsse:security element
> assertionElement = (Element) wsseElement.getFirstChild();
>
> out.println("Inside handleMessage ---->
> assertionElement.getLocalName()"+assertionElement.getLocalName());
> out.println("Inside handleMessage ---->
> assertionElement.getNamespaceURI()"+assertionElement.getNamespaceURI());
> if (assertionElement == null
> || !"Assertion".equals(assertionElement.getLocalName())
> ||
> !SAMLConstants.SAML20_NS.equals(assertionElement.getNamespaceURI())) {
> throw createSOAPFaultException("Missing or invalid SAML
> Assertion", true);
> }
>
> // Unmarshall SAML Assertion into an OpenSAML Java object.
> DefaultBootstrap.bootstrap();
> UnmarshallerFactory unmarshallerFactory = Configuration
> .getUnmarshallerFactory();
> Unmarshaller unmarshaller = unmarshallerFactory
> .getUnmarshaller(assertionElement);
> Assertion samlAssertion = (Assertion) unmarshaller
> .unmarshall(assertionElement);
>
> /*
> * Below code works with OpenSAML API to check Authentication,
> * Authorization, and attributes. Using the XPath API with the
> * assertionElement above would probably be an easier and more
> * readable option.
> */
> //Check for Subject
> out.println("Subject from Service
> Handler"+samlAssertion.getSubject().getNameID().getValue());
> //SAMLCredential samlCred = new
> SAMLCredential(samlAssertion.getSubject().getNameID(), samlAssertion);
>
> SAMLCredential.setNameID(samlAssertion.getSubject().getNameID());
> SAMLCredential.setAuthenticationAssertion(samlAssertion);
>
>
> // Check for X509 authentication, error otherwise
> List authStmtList = samlAssertion.getAuthnStatements();
> if (authStmtList == null || authStmtList.size() < 1
> || authStmtList.size() > 1) {
> throw createSOAPFaultException("Missing Authentication
> Statement.", true);
> } else {
> AuthnStatement authStmt = (AuthnStatement)
> authStmtList.get(0);
> if
> (!AuthnContext.X509_AUTHN_CTX.equals(authStmt.getAuthnContext()
>
> .getAuthnContextClassRef().getAuthnContextClassRef())) {
> throw createSOAPFaultException("Only X.509
> authentication supported.",
> true);
> }
> }
>
> // Check if math degree, error otherwise
> List asList = samlAssertion.getAttributeStatements();
> /* if (asList == null || asList.size() == 0) {
> throw createSOAPFaultException("Degree/Major is missing.",
> true);
> } else {
> boolean hasMathDegree = false;
> for (Iterator it = asList.iterator(); it.hasNext();) {
> AttributeStatement as = it.next();
> List attList = as.getAttributes();
> if (attList == null || attList.size() == 0) {
> throw createSOAPFaultException("Degree/major is
> missing.", true);
> } else {
> for (Iterator it2 = attList.iterator();
> it2.hasNext();) {
> Attribute att = it2.next();
> if (!att.getName().equals("degree")) {
> continue;
> } else {
> List xoList = att.getAttributeValues();
> if (xoList == null || xoList.size() < 1 ||
> xoList.size() > 1) {
> throw createSOAPFaultException("Degree/major
> is missing.",
> true);
> } else {
> XMLObject xmlObj = xoList.get(0);
> if
> (xmlObj.getDOM().getFirstChild().getTextContent()
> .equals("Mathematics")) {
> hasMathDegree = true;
> }
> }
> }
> }
> }
> }
> if (hasMathDegree == false) {
> throw createSOAPFaultException(
> "Must have Mathematics degree to run DoubleIt.",
> true);
> }
> }
> *
> // If even number being doubled, make sure user has permission
> SOAPBody sb = smc.getMessage().getSOAPBody();
>
> if (sb.getFirstChild() == null ||
> sb.getFirstChild().getFirstChild() == null) {
> throw createSOAPFaultException("Invalid SOAP Body", true);
> } else {
> Integer intValue = new
> Integer(sb.getFirstChild().getFirstChild()
> .getTextContent());
> if ((intValue.intValue() % 2) == 0) { // if even
> List adsList = samlAssertion
> .getAuthzDecisionStatements();
> if (adsList == null || adsList.size() < 1 ||
> adsList.size() > 1) {
> throw createSOAPFaultException(
> "Missing or invalid Authorization Decision
> Statement", true);
> } else {
> Boolean canDoubleEven = false;
> AuthzDecisionStatement ads = (AuthzDecisionStatement)
> adsList.get(0);
> List actList = ads.getActions();
> for (Iterator it = actList.iterator(); it.hasNext();)
> {
> Action action = (Action) it.next();
> if
> ("DoubleEvenNumbers".equals(action.getAction())) {
> canDoubleEven = true;
> break;
> }
> }
> if (canDoubleEven == false) {
> throw createSOAPFaultException(
> "Missing authorization to double even
> numbers.", true);
> }
> }
> }
> }*/
> } catch (Exception e) {
> throw createSOAPFaultException("Internal Error: " +
> e.getMessage(), false);
> }
> }
> return true;
> }
>
> /*
> * Convenience function used to generate a generic SOAPFaultException
> */
> private SOAPFaultException createSOAPFaultException(String faultString,
> Boolean clientFault) {
> try {
> System.out.println("*********clientFault***********"+clientFault);
> String faultCode = clientFault ? "Client" : "Server";
> System.out.println("*********faultCode***********"+faultCode);
> SOAPFault fault = SOAPFactory.newInstance().createFault();
>
> System.out.println("*********faultString***********"+faultString);
> fault.setFaultString(faultString);
> fault.setFaultCode(new QName(SOAPConstants.URI_NS_SOAP_ENVELOPE,
> faultCode));
> return new SOAPFaultException(fault);
> } catch (SOAPException e) {
> throw new RuntimeException("Error creating SOAP Fault message,
> faultString: "
> + faultString);
> }
> }
>
> public boolean handleFault(SOAPMessageContext smc) {
>
> out.println("------------------------------------");
> out.println("In Handler " + HANDLER_NAME + ":handleFault()");
> logToSystemOut(smc);
> out.println("Exiting Handler " + HANDLER_NAME + ":handleFault()");
> out.println("------------------------------------");
>
> return true;
> }
>
> // nothing to clean up
> public void close(MessageContext messageContext) {
> out.println("------------------------------------");
> out.println("In Handler " + HANDLER_NAME + ":close()");
> out.println("Exiting Handler " + HANDLER_NAME + ":close()");
> out.println("------------------------------------");
>
> }
>
> /*
> * Check the MESSAGE_OUTBOUND_PROPERTY in the context to see if this is
> an
> * outgoing or incoming message. Write a brief message to the print
> stream
> * and output the message. The writeTo() method can throw SOAPException
> or
> * IOException
> */
> private void logToSystemOut(SOAPMessageContext smc) {
> Boolean outboundProperty = (Boolean) smc
> .get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
>
> if (outboundProperty.booleanValue()) {
> out.println("\nIncoming message to web service provider:");
> } else {
> out.println("\nOutgoing message from web service provider:");
> }
>
> SOAPMessage message = smc.getMessage();
> try {
> message.writeTo(out);
> out.println(""); // just to add a newline
> } catch (Exception e) {
> out.println("Exception in handler: " + e);
> }
> }
>
> }
>
> I am not sure what the local part here is and how can I circumvent it from
> being Null. Any clue or suggestions will be well appreciated.
>
>
>
> Here is the SAML Assertion that is being sent into the SOAP Header
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
>
> <soap:Header>
> <wsse:Security
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
>
> <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
> ID="123" IssueInstant="2010-02-24T19:10:32.724Z" Version="2.0">
>
> <saml2:Issuer>http://localhost:9088</saml2:Issuer>
>
> <saml2:Subject>
> <saml2:NameID
> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">p8admin</saml2:NameID>
> </saml2:Subject>
>
> <saml2:AuthnStatement
> AuthnInstant="2010-02-24T19:10:32.787Z">
>
> <saml2:AuthnContext>
>
> <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509</saml2:AuthnContextClassRef>
> </saml2:AuthnContext>
> </saml2:AuthnStatement>
>
> <saml2:AuthzDecisionStatement Decision="Permit" Resource="DoubleIt">
>
> <saml2:Action
> Namespace="urn:doubleit:doubleitactions">DoubleEvenNumbers</saml2:Action>
> </saml2:AuthzDecisionStatement>
>
> <saml2:AttributeStatement>
>
> <saml2:Attribute Name="degree"
> NameFormat="http://www.example.org/DoubleIt/Security">
>
> <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:type="xs:string">Mathematics</saml2:AttributeValue>
> </saml2:Attribute></saml2:AttributeStatement>
>
> </saml2:Assertion></wsse:Security></soap:Header>
>
> <soap:Body><findTaskListUsingLoginCreds
> xmlns="http://web.hsc.syscom.com/"><username
> xmlns="http://web.hsc.syscom.com/">kpham</username><password
> xmlns="http://web.hsc.syscom.com/">hdfuhgdg</password><category
> xmlns="http://web.hsc.syscom.com/">GETFULLEOPINWRK</category><maxResults
> xmlns="http://web.hsc.syscom.com/">-1</maxResults></findTaskListUsingLoginCreds></soap:Body></soap:Envelope>
>
--
View this message in context: http://old.nabble.com/local-part-cannot-be-%22null%22-when-creating-a-QName-tp27714287p27724868.html
Sent from the cxf-user mailing list archive at Nabble.com.