You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by "Malisetti, Ramanjaneyulu" <Ra...@ca.com> on 2011/09/20 18:03:34 UTC
org.apache.ws.security.components.crypto.Merlin Not Found
Hi,
Another blocker while migrating from CXF 2.3 to 2.4.2. We are starting JAX-WS and REST end point from a bundle which runs in OSGi container. I have all CXF jars that come with 2.4.2 distribution including wss4j-1.6.2.jar. Though Merlin is in classpath, the following exception is coming.
I have read in CXF forums that this exception generally comes if conflicting versions of WSS4J jar in classpath. But, in our case there is no such possibility.
Do you have any suggestion?
Caused by: org.apache.ws.security.WSSecurityException: org.apache.ws.security.components.crypto.Merlin
Not Found
at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:114)[77: sample.qualifier]
at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:78)[77: sample.qualifier]
at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.getCrypto(AbstractBindingBuilder.java:1332)[77: sample.qualifier]
at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.getSignatureCrypto(AbstractBindingBuilder.java:1258)[77: sample.qualifier]
at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.getSignatureBuilder(AbstractBindingBuilder.java:1569)[77: sample.qualifier]
at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doSignature(AsymmetricBindingHandler.java:462)[77: sample.qualifier]
at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doSignBeforeEncrypt(AsymmetricBindingHandler.java:133)[77: sample.qualifier]
... 14 more
Caused by: java.lang.ClassNotFoundException: org.apache.ws.security.components.crypto.Merlin
at org.eclipse.osgi.internal.loader.BundleLoader.findClassInternal(BundleLoader.java:506)[osgi-3.6.2.R36x_v20110210.jar:]
at org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:422)[osgi-3.6.2.R36x_v20110210.jar:]
at org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:410)[osgi-3.6.2.R36x_v20110210.jar:]
at org.eclipse.osgi.internal.baseadaptor.DefaultClassLoader.loadClass(DefaultClassLoader.java:107)[osgi-3.6.2.R36x_v20110210.jar:]
at java.lang.ClassLoader.loadClass(ClassLoader.java:251)[:1.6.0_05]
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)[:1.6.0_05]
at java.lang.Class.forName0(Native Method)[:1.6.0_05]
at java.lang.Class.forName(Class.java:169)[:1.6.0_05]
at org.apache.ws.security.util.Loader.loadClass(Loader.java:243)[77:sample.qualifier]
at org.apache.ws.security.util.Loader.loadClass(Loader.java:221)[77: sample.qualifier]
at org.apache.ws.security.util.Loader.loadClass(Loader.java:215)[77: sample.qualifier]
at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:109)[77: sample.qualifier]
... 20 more
Thanks & Regards
Raman
Re: org.apache.ws.security.components.crypto.Merlin Not Found
Posted by Freeman Fang <fr...@gmail.com>.
Hi,
Just a quick notes, embed 3rd party jars in your bundle isn't a good
practice in OSGi world, you should always try to install all necessary
3rd party bundles/jars in OSGi container and from your bundle you
should import necessary package, this is the expected behavior in OSGi
container.
Not sure what kind of OSGi container you're using, but if you use
Apache karaf(can configure to use felix or equinox underlying), then
you can install cxf karaf feature which have all necessary 3rd party
bundles used by CXF, or you can use Apache Servicemix(Or FUSE ESB
which is based on Apache Servicemix), which by default install all cxf
necessary bundles and it's easy for you to start your cxf project as
you can focus all your effort on your business logic and needn't worry
about which bundle you need install.
Freeman
On 2011-9-21, at 下午2:07, Malisetti, Ramanjaneyulu wrote:
> Thanks Dan. This problem is resolved after I load wss4j and its
> dependency jar xmlsec in OSGi before I load my jar.
>
> Surprisingly, keeping wss4j and xmlsec in my bundle classpath didn't
> help. Even if I keep them as requirebundles also still problem
> persist. It was how used to be previously when we are using CXF 2.3.
>
> I still have some more problems need to figure out.
>
> Regards
> Raman
>
> -----Original Message-----
> From: Daniel Kulp [mailto:dkulp@apache.org]
> Sent: Wednesday, September 21, 2011 12:11 AM
> To: users@cxf.apache.org
> Cc: Malisetti, Ramanjaneyulu
> Subject: Re: org.apache.ws.security.components.crypto.Merlin Not Found
>
>
>
> Honestly, I'm not sure how to approach this. I know Talend's WS-
> Security
> based things that require Crypto's are working fine. I guess it
> could be
> some difference in classloaders or something between spring-dm and
> blueprint
> or similar. Is there a way to create a small example? I'd
> likely need
> to see how and when the service is created...
>
> THAT said, the line:
> org
> .apache
> .ws
> .security
> .components.crypto.CryptoFactory.getInstance(CryptoFactory.java:114)
> [77: sample.qualifier] at
>
> shows that it's using your application classloader. Thus, you can
> likely get
> around this by adding a "Require-Bundle: wss4j" attribute to the
> manifest.
> That may allow it to get the class.
>
> I'd still like to see a testcase though. :-)
>
> Dan
>
>
>
> On Tuesday, September 20, 2011 4:03:34 PM Malisetti, Ramanjaneyulu
> wrote:
>> Hi,
>> Another blocker while migrating from CXF 2.3 to 2.4.2. We are
>> starting
>> JAX-WS and REST end point from a bundle which runs in OSGi
>> container. I
>> have all CXF jars that come with 2.4.2 distribution including
>> wss4j-1.6.2.jar. Though Merlin is in classpath, the following
>> exception is
>> coming.
>>
>> I have read in CXF forums that this exception generally comes if
>> conflicting
>> versions of WSS4J jar in classpath. But, in our case there is no such
>> possibility.
>>
>>
>> Do you have any suggestion?
>>
>> Caused by: org.apache.ws.security.WSSecurityException:
>> org.apache.ws.security.components.crypto.Merlin Not Found
>> at
>> org
>> .apache
>> .ws.security.components.crypto.CryptoFactory.getInstance(CryptoFa
>> ctory.java:114)[77: sample.qualifier] at
>> org
>> .apache
>> .ws.security.components.crypto.CryptoFactory.getInstance(CryptoFa
>> ctory.java:78)[77: sample.qualifier] at
>> org
>> .apache
>> .cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.getC
>> rypto(AbstractBindingBuilder.java:1332)[77: sample.qualifier] at
>> org
>> .apache
>> .cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.getS
>> ignatureCrypto(AbstractBindingBuilder.java:1258)[77:
>> sample.qualifier] at
>> org
>> .apache
>> .cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.getS
>> ignatureBuilder(AbstractBindingBuilder.java:1569)[77:
>> sample.qualifier] at
>> org
>> .apache
>> .cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.do
>> Signature(AsymmetricBindingHandler.java:462)[77: sample.qualifier] at
>> org
>> .apache
>> .cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.do
>> SignBeforeEncrypt(AsymmetricBindingHandler.java:133)[77:
>> sample.qualifier]
>> ... 14 more
>> Caused by: java.lang.ClassNotFoundException:
>> org.apache.ws.security.components.crypto.Merlin
>>
>> at
>> org
>> .eclipse
>> .osgi.internal.loader.BundleLoader.findClassInternal(BundleLoade
>> r.java:506)[osgi-3.6.2.R36x_v20110210.jar:] at
>> org
>> .eclipse
>> .osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:4
>> 22)[osgi-3.6.2.R36x_v20110210.jar:] at
>> org
>> .eclipse
>> .osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:4
>> 10)[osgi-3.6.2.R36x_v20110210.jar:] at
>> org
>> .eclipse
>> .osgi.internal.baseadaptor.DefaultClassLoader.loadClass(DefaultC
>> lassLoader.java:107)[osgi-3.6.2.R36x_v20110210.jar:] at
>> java.lang.ClassLoader.loadClass(ClassLoader.java:251)[:1.6.0_05] at
>> java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)[:
>> 1.6.0_05] at
>> java.lang.Class.forName0(Native Method)[:1.6.0_05] at
>> java.lang.Class.forName(Class.java:169)[:1.6.0_05] at
>> org.apache.ws.security.util.Loader.loadClass(Loader.java:243)
>> [77:sample.qua
>> lifier] at org.apache.ws.security.util.Loader.loadClass(Loader.java:
>> 221)[77:
>> sample.qualifier] at
>> org.apache.ws.security.util.Loader.loadClass(Loader.java:215)[77:
>> sample.qualifier] at
>> org
>> .apache
>> .ws.security.components.crypto.CryptoFactory.getInstance(CryptoFa
>> ctory.java:109)[77: sample.qualifier] ... 20 more
>>
>> Thanks & Regards
>> Raman
> --
> Daniel Kulp
> dkulp@apache.org
> http://dankulp.com/blog
> Talend - http://www.talend.com
---------------------------------------------
Freeman Fang
FuseSource
Email:ffang@fusesource.com
Web: fusesource.com
Twitter: freemanfang
Blog: http://freemanfang.blogspot.com
RE: org.apache.ws.security.components.crypto.Merlin Not Found
Posted by "Malisetti, Ramanjaneyulu" <Ra...@ca.com>.
Thanks Dan. This problem is resolved after I load wss4j and its dependency jar xmlsec in OSGi before I load my jar.
Surprisingly, keeping wss4j and xmlsec in my bundle classpath didn't help. Even if I keep them as requirebundles also still problem persist. It was how used to be previously when we are using CXF 2.3.
I still have some more problems need to figure out.
Regards
Raman
-----Original Message-----
From: Daniel Kulp [mailto:dkulp@apache.org]
Sent: Wednesday, September 21, 2011 12:11 AM
To: users@cxf.apache.org
Cc: Malisetti, Ramanjaneyulu
Subject: Re: org.apache.ws.security.components.crypto.Merlin Not Found
Honestly, I'm not sure how to approach this. I know Talend's WS-Security
based things that require Crypto's are working fine. I guess it could be
some difference in classloaders or something between spring-dm and blueprint
or similar. Is there a way to create a small example? I'd likely need
to see how and when the service is created...
THAT said, the line:
org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:114)
[77: sample.qualifier] at
shows that it's using your application classloader. Thus, you can likely get
around this by adding a "Require-Bundle: wss4j" attribute to the manifest.
That may allow it to get the class.
I'd still like to see a testcase though. :-)
Dan
On Tuesday, September 20, 2011 4:03:34 PM Malisetti, Ramanjaneyulu wrote:
> Hi,
> Another blocker while migrating from CXF 2.3 to 2.4.2. We are starting
> JAX-WS and REST end point from a bundle which runs in OSGi container. I
> have all CXF jars that come with 2.4.2 distribution including
> wss4j-1.6.2.jar. Though Merlin is in classpath, the following exception is
> coming.
>
> I have read in CXF forums that this exception generally comes if conflicting
> versions of WSS4J jar in classpath. But, in our case there is no such
> possibility.
>
>
> Do you have any suggestion?
>
> Caused by: org.apache.ws.security.WSSecurityException:
> org.apache.ws.security.components.crypto.Merlin Not Found
> at
> org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFa
> ctory.java:114)[77: sample.qualifier] at
> org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFa
> ctory.java:78)[77: sample.qualifier] at
> org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.getC
> rypto(AbstractBindingBuilder.java:1332)[77: sample.qualifier] at
> org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.getS
> ignatureCrypto(AbstractBindingBuilder.java:1258)[77: sample.qualifier] at
> org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.getS
> ignatureBuilder(AbstractBindingBuilder.java:1569)[77: sample.qualifier] at
> org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.do
> Signature(AsymmetricBindingHandler.java:462)[77: sample.qualifier] at
> org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.do
> SignBeforeEncrypt(AsymmetricBindingHandler.java:133)[77: sample.qualifier]
> ... 14 more
> Caused by: java.lang.ClassNotFoundException:
> org.apache.ws.security.components.crypto.Merlin
>
> at
> org.eclipse.osgi.internal.loader.BundleLoader.findClassInternal(BundleLoade
> r.java:506)[osgi-3.6.2.R36x_v20110210.jar:] at
> org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:4
> 22)[osgi-3.6.2.R36x_v20110210.jar:] at
> org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:4
> 10)[osgi-3.6.2.R36x_v20110210.jar:] at
> org.eclipse.osgi.internal.baseadaptor.DefaultClassLoader.loadClass(DefaultC
> lassLoader.java:107)[osgi-3.6.2.R36x_v20110210.jar:] at
> java.lang.ClassLoader.loadClass(ClassLoader.java:251)[:1.6.0_05] at
> java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)[:1.6.0_05] at
> java.lang.Class.forName0(Native Method)[:1.6.0_05] at
> java.lang.Class.forName(Class.java:169)[:1.6.0_05] at
> org.apache.ws.security.util.Loader.loadClass(Loader.java:243)[77:sample.qua
> lifier] at org.apache.ws.security.util.Loader.loadClass(Loader.java:221)[77:
> sample.qualifier] at
> org.apache.ws.security.util.Loader.loadClass(Loader.java:215)[77:
> sample.qualifier] at
> org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFa
> ctory.java:109)[77: sample.qualifier] ... 20 more
>
> Thanks & Regards
> Raman
--
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog
Talend - http://www.talend.com
Re: org.apache.ws.security.components.crypto.Merlin Not Found
Posted by Daniel Kulp <dk...@apache.org>.
Honestly, I'm not sure how to approach this. I know Talend's WS-Security
based things that require Crypto's are working fine. I guess it could be
some difference in classloaders or something between spring-dm and blueprint
or similar. Is there a way to create a small example? I'd likely need
to see how and when the service is created...
THAT said, the line:
org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:114)
[77: sample.qualifier] at
shows that it's using your application classloader. Thus, you can likely get
around this by adding a "Require-Bundle: wss4j" attribute to the manifest.
That may allow it to get the class.
I'd still like to see a testcase though. :-)
Dan
On Tuesday, September 20, 2011 4:03:34 PM Malisetti, Ramanjaneyulu wrote:
> Hi,
> Another blocker while migrating from CXF 2.3 to 2.4.2. We are starting
> JAX-WS and REST end point from a bundle which runs in OSGi container. I
> have all CXF jars that come with 2.4.2 distribution including
> wss4j-1.6.2.jar. Though Merlin is in classpath, the following exception is
> coming.
>
> I have read in CXF forums that this exception generally comes if conflicting
> versions of WSS4J jar in classpath. But, in our case there is no such
> possibility.
>
>
> Do you have any suggestion?
>
> Caused by: org.apache.ws.security.WSSecurityException:
> org.apache.ws.security.components.crypto.Merlin Not Found
> at
> org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFa
> ctory.java:114)[77: sample.qualifier] at
> org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFa
> ctory.java:78)[77: sample.qualifier] at
> org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.getC
> rypto(AbstractBindingBuilder.java:1332)[77: sample.qualifier] at
> org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.getS
> ignatureCrypto(AbstractBindingBuilder.java:1258)[77: sample.qualifier] at
> org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.getS
> ignatureBuilder(AbstractBindingBuilder.java:1569)[77: sample.qualifier] at
> org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.do
> Signature(AsymmetricBindingHandler.java:462)[77: sample.qualifier] at
> org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.do
> SignBeforeEncrypt(AsymmetricBindingHandler.java:133)[77: sample.qualifier]
> ... 14 more
> Caused by: java.lang.ClassNotFoundException:
> org.apache.ws.security.components.crypto.Merlin
>
> at
> org.eclipse.osgi.internal.loader.BundleLoader.findClassInternal(BundleLoade
> r.java:506)[osgi-3.6.2.R36x_v20110210.jar:] at
> org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:4
> 22)[osgi-3.6.2.R36x_v20110210.jar:] at
> org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:4
> 10)[osgi-3.6.2.R36x_v20110210.jar:] at
> org.eclipse.osgi.internal.baseadaptor.DefaultClassLoader.loadClass(DefaultC
> lassLoader.java:107)[osgi-3.6.2.R36x_v20110210.jar:] at
> java.lang.ClassLoader.loadClass(ClassLoader.java:251)[:1.6.0_05] at
> java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)[:1.6.0_05] at
> java.lang.Class.forName0(Native Method)[:1.6.0_05] at
> java.lang.Class.forName(Class.java:169)[:1.6.0_05] at
> org.apache.ws.security.util.Loader.loadClass(Loader.java:243)[77:sample.qua
> lifier] at org.apache.ws.security.util.Loader.loadClass(Loader.java:221)[77:
> sample.qualifier] at
> org.apache.ws.security.util.Loader.loadClass(Loader.java:215)[77:
> sample.qualifier] at
> org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFa
> ctory.java:109)[77: sample.qualifier] ... 20 more
>
> Thanks & Regards
> Raman
--
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog
Talend - http://www.talend.com