You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by mmerayo <Pe...@hotmail.com> on 2011/03/02 19:54:40 UTC
WSS4JInInterceptor getCallback null
Hi All,
First of all get a big hug from me, and a chance for mi Enlish speeling.
I've been shearching for that problem but i doesnt know how to fix it, so i
come here.
I getting a NullPinterException when i validate the signature of the
response from a WSE3 Service. The request its ok to he server.
Actually im only validating de signature so we have no encryption now.
the service is responding something like
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1"EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">aWzWGE/MWydgaDLx3HTOclihR70=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</KeyInfo>
Concretly i see that in the method getCallback in the WSS4JInInterceptor
class i returning a null but i dont really know what i should see here.
That's what's happening, it just doesn't enter in the first if and later it
doesnt find any TokenStore
Finally the exception thrown is
org.apache.ws.security.WSSecurityException: General security error
(WSSecurityEngine: Callback supplied no password for:
aWzWGE/MWydgaDLx3HTOclihR70=); nested exception is:
java.lang.NullPointerException
I configured in the interceptor the properties:
ACTION
USER
SIGNATURE_USER
PW_CALLBACK_CLASS
SIG_PROP_FILE
I should have other things?
Thanks for all.
--
View this message in context: http://cxf.547215.n5.nabble.com/WSS4JInInterceptor-getCallback-null-tp3406991p3406991.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: WSS4JInInterceptor getCallback null
Posted by mmerayo <Pe...@hotmail.com>.
Hi!
We finally have changed the WSE3 policy assertions, so it now uses the same
tokens im using, and that worked perfectly.
If it is needed more info about my case i can supply it.
Thanks.
--
View this message in context: http://cxf.547215.n5.nabble.com/WSS4JInInterceptor-getCallback-null-tp3406991p3409039.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: WSS4JInInterceptor getCallback null
Posted by mmerayo <Pe...@hotmail.com>.
Thanks for you reply.
We are trying to change de key identifier method on the server side, but
nowdays we have not find a way that's working too, so we are finding a
solution in parallel, one in cxf other in wse3
That's the stacktrace in the WSS4JInInterceptor when im only validating
(action SIGNATURE)
WARN : org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor -
org.apache.ws.security.WSSecurityException: General security error
(WSSecurityEngine: Callback supplied no password for:
Rqy5if9nSwlljZGfoobfjHiXVUw=); nested exception is:
java.lang.NullPointerException
at
org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:392)
at
org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:116)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:328)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:218)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:80)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:255)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:755)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2335)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2193)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:2037)
at
org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:47)
at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:188)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:697)
at
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:255)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
at $Proxy41.getOverviews(Unknown Source)
at
com.bs.fs.test.SecurityServiceVisoTest.testCorrectoHWS(SecurityServiceVisoTest.java:282)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:44)
at
org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:15)
at
org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:41)
at
org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:20)
at
org.springframework.test.context.junit4.statements.RunBeforeTestMethodCallbacks.evaluate(RunBeforeTestMethodCallbacks.java:74)
at
org.springframework.test.context.junit4.statements.RunAfterTestMethodCallbacks.evaluate(RunAfterTestMethodCallbacks.java:82)
at
org.springframework.test.context.junit4.statements.SpringRepeat.evaluate(SpringRepeat.java:72)
at
org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:240)
at
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:50)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:193)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:52)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:191)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:42)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:184)
at
org.springframework.test.context.junit4.statements.RunBeforeTestClassCallbacks.evaluate(RunBeforeTestClassCallbacks.java:61)
at
org.springframework.test.context.junit4.statements.RunAfterTestClassCallbacks.evaluate(RunAfterTestClassCallbacks.java:70)
at org.junit.runners.ParentRunner.run(ParentRunner.java:236)
at
org.springframework.test.context.junit4.SpringJUnit4ClassRunner.run(SpringJUnit4ClassRunner.java:180)
at
org.apache.maven.surefire.junit4.JUnit4TestSet.execute(JUnit4TestSet.java:62)
at
org.apache.maven.surefire.suite.AbstractDirectoryTestSuite.executeTestSet(AbstractDirectoryTestSuite.java:140)
at
org.apache.maven.surefire.suite.AbstractDirectoryTestSuite.execute(AbstractDirectoryTestSuite.java:127)
at org.apache.maven.surefire.Surefire.run(Surefire.java:177)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
org.apache.maven.surefire.booter.SurefireBooter.runSuitesInProcess(SurefireBooter.java:345)
at
org.apache.maven.surefire.booter.SurefireBooter.main(SurefireBooter.java:1009)
When i put SIGNATURE and ENCRYT I get the following stacktrace
WARN : org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor -
org.apache.ws.security.WSSecurityException: The signature or decryption was
invalid
at
org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:441)
at
org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:116)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:328)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:218)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:80)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:255)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:755)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2335)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2193)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:2037)
at
org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:47)
at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:188)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:697)
at
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:255)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
at $Proxy41.getOverviews(Unknown Source)
at
com.bs.fs.test.SecurityServiceVisoTest.testCorrectoHWS(SecurityServiceVisoTest.java:282)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:44)
at
org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:15)
at
org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:41)
at
org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:20)
at
org.springframework.test.context.junit4.statements.RunBeforeTestMethodCallbacks.evaluate(RunBeforeTestMethodCallbacks.java:74)
at
org.springframework.test.context.junit4.statements.RunAfterTestMethodCallbacks.evaluate(RunAfterTestMethodCallbacks.java:82)
at
org.springframework.test.context.junit4.statements.SpringRepeat.evaluate(SpringRepeat.java:72)
at
org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:240)
at
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:50)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:193)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:52)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:191)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:42)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:184)
at
org.springframework.test.context.junit4.statements.RunBeforeTestClassCallbacks.evaluate(RunBeforeTestClassCallbacks.java:61)
at
org.springframework.test.context.junit4.statements.RunAfterTestClassCallbacks.evaluate(RunAfterTestClassCallbacks.java:70)
at org.junit.runners.ParentRunner.run(ParentRunner.java:236)
at
org.springframework.test.context.junit4.SpringJUnit4ClassRunner.run(SpringJUnit4ClassRunner.java:180)
at
org.apache.maven.surefire.junit4.JUnit4TestSet.execute(JUnit4TestSet.java:62)
at
org.apache.maven.surefire.suite.AbstractDirectoryTestSuite.executeTestSet(AbstractDirectoryTestSuite.java:140)
at
org.apache.maven.surefire.suite.AbstractDirectoryTestSuite.execute(AbstractDirectoryTestSuite.java:127)
at org.apache.maven.surefire.Surefire.run(Surefire.java:177)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
org.apache.maven.surefire.booter.SurefireBooter.runSuitesInProcess(SurefireBooter.java:345)
at
org.apache.maven.surefire.booter.SurefireBooter.main(SurefireBooter.java:1009)
--
View this message in context: http://cxf.547215.n5.nabble.com/WSS4JInInterceptor-getCallback-null-tp3406991p3407788.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: WSS4JInInterceptor getCallback null
Posted by Colm O hEigeartaigh <co...@apache.org>.
Can you print the stacktrace you are getting? I think there is a bug
in CXF in that it does not set the CallbackHandler instance up for
Signature processing, as for most cases we don't need a password to
verify signatures. However, for this case the CallbackHandler is
expected to supply a key corresponding to the EncryptedKeySHA1 digest.
Can you change the way the key is referenced on the server side, to
issuer serial, or SKI Identifier or something which is clearer as to
what key is required?
Colm.
On Thu, Mar 3, 2011 at 8:28 AM, mmerayo <Pe...@hotmail.com> wrote:
> To complete my info i can say:
>
> Im testing it all in a maven 2 project
> It has a test with Junit 4.8.1
> It is enabled with SpringTest 3.0.2
> My java version is jdk 1.6.0.18
> I'm using the new CFX 2.3.3
> The WJSS4j version is 1.5.11
>
> The action I configured was
>
> inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE);
>
> If i put ENCRYPT action the WSS4J is asking to the password to the callback
> class y supply, but i don't know what pasword i should put to decrypt de
> keyinfo, i tried the keystore one, but that doesn't work.
>
> Thanks.
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/WSS4JInInterceptor-getCallback-null-tp3406991p3407640.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
Re: WSS4JInInterceptor getCallback null
Posted by mmerayo <Pe...@hotmail.com>.
To complete my info i can say:
Im testing it all in a maven 2 project
It has a test with Junit 4.8.1
It is enabled with SpringTest 3.0.2
My java version is jdk 1.6.0.18
I'm using the new CFX 2.3.3
The WJSS4j version is 1.5.11
The action I configured was
inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE);
If i put ENCRYPT action the WSS4J is asking to the password to the callback
class y supply, but i don't know what pasword i should put to decrypt de
keyinfo, i tried the keystore one, but that doesn't work.
Thanks.
--
View this message in context: http://cxf.547215.n5.nabble.com/WSS4JInInterceptor-getCallback-null-tp3406991p3407640.html
Sent from the cxf-user mailing list archive at Nabble.com.