You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by "praman@tracelink.com" <pr...@tracelink.com> on 2017/10/19 11:45:17 UTC
Cannot load the resource for signing of a soap message
Environment:
cxf-bundle: 2.7.18
wss4j: 1.6.19
I am trying to act as a soap client and send a soap message which is both signed and encrypted. For signing and encrypting, different keystores are used. My own private key for signing and a server's public certificate for encrypting the soap body.
The signaturePropFile points to a location which is at the following level relative to my application's jar :
| - soap-client-application.jar
| - client (directory containing different clients and their keys)
| | - clientName
| | | - client.jks
The issue I'm facing is the following:
DEBUG [2017-10-19 11:29:54,644] org.apache.ws.security.util.Loader: Trying to find [file:///Users/blah/git/ms-service-tl-de-eucompliance/target/client/1080.1/sign.properties] using sun.misc.Launcher$AppClassLoader@18b4aac2 class loader.
DEBUG [2017-10-19 11:29:54,645] org.apache.ws.security.util.Loader: Trying to find [file:///Users/blah/git/ms-service-tl-de-eucompliance/target/client/1080.1/sign.properties] using sun.misc.Launcher$AppClassLoader@18b4aac2 class loader.
DEBUG [2017-10-19 11:29:54,645] org.apache.ws.security.util.Loader: Trying to find [file:///Users/blah/git/ms-service-tl-de-eucompliance/target/client/1080.1/sign.properties] using ClassLoader.getSystemResource().
WARN [2017-10-19 11:29:54,649] org.apache.cxf.phase.PhaseInterceptorChain: Interceptor for {http://EMVS.EU/20161/}Product#{http://EMVS.EU/20161/}ProcessProductMasterData has thrown exception, unwinding now
! org.apache.ws.security.WSSecurityException: General security error (Cannot load the resource file:///Users/blah/git/ms-service-tl-de-eucompliance/target/client/1080.1/sign.properties)
! at org.apache.ws.security.components.crypto.CryptoFactory.getProperties(CryptoFactory.java:261)
! at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:186)
! at org.apache.cxf.ws.security.wss4j.AbstractWSS4JInterceptor.loadCryptoFromPropertiesFile(AbstractWSS4JInterceptor.java:224)
! at org.apache.ws.security.handler.WSHandler.loadCrypto(WSHandler.java:910)
! at org.apache.ws.security.handler.WSHandler.loadSignatureCrypto(WSHandler.java:823)
! at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:143)
! at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52)
! at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:265)
As you can see above, the application is unable to load the sign.props file even though the path is valid. I tried several different paths like the following but I get the same error:
- (Cannot load the resource file:///Users/blah/git/ms-service-tl-de-eucompliance/target/client/1080.1/sign.properties)
- (Cannot load the resource file:Users/blah/git/ms-service-tl-de-eucompliance/target/client/1080.1/sign.properties)
- (Cannot load the resource /Users/blah/git/ms-service-tl-de-eucompliance/target/client/1080.1/sign.properties)
I have also followed this thread: https://stackoverflow.com/questions/30685860/how-to-load-the-cxf-wss4j-crypto-property-file-from-external-location-other-than . This thread has 2 comments:
1.
one is to load the properties by extending the WSS4JOutInterceptor class. This works but I need to be able to use different keystores: one for signing and another different one for encrypting. The crypto property does not allow me to do that.
2.
the other is to do what I have been describing above which is to create the files in a certain place on the filesystem and then load them up. I get the error above when I do this. This is supposedly fixed in https://issues.apache.org/jira/browse/WSS-540 .
I'm not sure what I'm doing wrongly. Any help is greatly appreciated. I have been trying to solve this for a couple of days now.
Thanks!
-PR
Re: Cannot load the resource for signing of a soap message
Posted by "praman@tracelink.com" <pr...@tracelink.com>.
Is there a way of using this technique described in to load 2 different
keystores rather than just 1? Construct Properties object in-memory, and
have CXF use that instead.
package soap.common.interceptors;
import client.clientmgr.ClientInfo;
import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.handler.RequestData;
import java.util.Map;
import java.util.Properties;
public class CryptoPropsOutInterceptor extends WSS4JOutInterceptor {
private ClientInfo clientInfo;
public CryptoPropsOutInterceptor(Map<String, Object> props, ClientInfo
clientInfo) {
super(props);
this.clientInfo = clientInfo;
}
@Override
protected Crypto loadCryptoFromPropertiesFile(String propFilename,
RequestData reqData)
throws WSSecurityException {
Properties cxfProps = new Properties();
cxfProps.setProperty("org.apache.ws.security.crypto.provider",
"org.apache.ws.security.components.crypto.Merlin");
cxfProps.setProperty("org.apache.ws.security.crypto.merlin.keystore.type",
"jks");
cxfProps.setProperty("org.apache.ws.security.crypto.merlin.keystore.alias",
this.clientInfo.getSignAlias());
cxfProps.setProperty("org.apache.ws.security.crypto.merlin.keystore.password",
this.clientInfo.getSignPassword());
cxfProps.setProperty("org.apache.ws.security.crypto.merlin.keystore.file",
"client/1080.1/client.jks"); //here this would load only one but i would
like to load 2 if it's possible
// one for signing the other for encrypting.
return CryptoFactory.getInstance(cxfProps);
}
}
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Re: Cannot load the resource for signing of a soap message
Posted by "praman@tracelink.com" <pr...@tracelink.com>.
Thanks Colm! I was able to solve my issues using your suggestion, I basically
load the properties java object instead of secifying the url to the props
file.
ctx.put(SecurityConstants.ENCRYPT_PROPERTIES,
this.propertiesLoader.loadFromFileSystem(this.clientInfo.getEncryptPropFile()));
Thanks a bunch for helping out!
-PR
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Re: Cannot load the resource for signing of a soap message
Posted by Colm O hEigeartaigh <co...@apache.org>.
I mean instead of specifying a String for the configuration property,
instead set a Properties object. For example, here's a Spring example:
https://github.com/apache/cxf/blob/f5fdf091c9a7cf6053b3d595084d443ac57fa45a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client.xml#L113
On Fri, Oct 20, 2017 at 5:34 PM, praman@tracelink.com <pr...@tracelink.com>
wrote:
> Not sure exactly which class you want me to pass the crypto properties
> object
> to?
>
>
>
> --
> Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: Cannot load the resource for signing of a soap message
Posted by "praman@tracelink.com" <pr...@tracelink.com>.
Not sure exactly which class you want me to pass the crypto properties object
to?
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Re: Cannot load the resource for signing of a soap message
Posted by Colm O hEigeartaigh <co...@apache.org>.
You could try creating a Properties Object with the contents of your crypto
properties file and passing that through instead of a URL?
Colm.
On Fri, Oct 20, 2017 at 4:08 PM, praman@tracelink.com <pr...@tracelink.com>
wrote:
> Yes I tried the full path and it won't work. The reason being the same, the
> AbstractBindingBuilder.getCrypto method tries to load it from the
> classpath.
> If it doesn't find it then it throws a PolicyException.
>
> I cannot upgrade to cxf latest versions unfortunately.
>
> It looks like I could use a BusFactory (not SpringBusFactory). The reason I
> say this is: when spring is used, this line of code gives one more resolver
> for the ResourceManager than my code without spring:
>
> ResourceManager rm =
> (ResourceManager)((Bus)this.message.getExchange().get(Bus.
> class)).getExtension(ResourceManager.class);
>
>
> With that one more spring resolver, the code is able to resolve the
> resource
> without any errors. Can I do something like this without the
> SpringBusFactory? How do I use a BusFactory? I dont use spring in my
> application because it is frowned upon so spring is out of the question.
>
> Any inputs is greatly appreciated.
>
>
>
> --
> Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: Cannot load the resource for signing of a soap message
Posted by "praman@tracelink.com" <pr...@tracelink.com>.
Yes I tried the full path and it won't work. The reason being the same, the
AbstractBindingBuilder.getCrypto method tries to load it from the classpath.
If it doesn't find it then it throws a PolicyException.
I cannot upgrade to cxf latest versions unfortunately.
It looks like I could use a BusFactory (not SpringBusFactory). The reason I
say this is: when spring is used, this line of code gives one more resolver
for the ResourceManager than my code without spring:
ResourceManager rm =
(ResourceManager)((Bus)this.message.getExchange().get(Bus.class)).getExtension(ResourceManager.class);
With that one more spring resolver, the code is able to resolve the resource
without any errors. Can I do something like this without the
SpringBusFactory? How do I use a BusFactory? I dont use spring in my
application because it is frowned upon so spring is out of the question.
Any inputs is greatly appreciated.
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Re: Cannot load the resource for signing of a soap message
Posted by Colm O hEigeartaigh <co...@apache.org>.
I tested it with a more recent version of CXF and it works fine. Did you
try specifying an absolute path using something like: "
file:/data/config.xml"?
Colm.
On Fri, Oct 20, 2017 at 3:23 PM, praman@tracelink.com <pr...@tracelink.com>
wrote:
> Colm,
>
> I used your suggestion and solved my problem. But I m running into a
> similar
> problem elsewhere where the resource file is not found by the
> AbstractBindingBuilder class. Here is the exception:
>
> WARN [2017-10-20 12:56:45,022] org.apache.cxf.phase.
> PhaseInterceptorChain:
> Interceptor for
> {http://EMVS.EU/20161/}Product#{http://EMVS.EU/20161/
> }ProcessProductMasterData
> has thrown exception, unwinding now
> ! org.apache.cxf.ws.policy.PolicyException: Could not find properties file
> client/1080.1/encrypt.properties
> ! at
> org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.
> policyNotAsserted(AbstractBindingBuilder.java:315)
> ! at
> org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.
> getCrypto(AbstractBindingBuilder.java:1546)
> ! at
> org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.
> getEncryptionCrypto(AbstractBindingBuilder.java:1480)
> ! at
> org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.
> doEncryption(AsymmetricBindingHandler.java:418)
> ! at
> org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.
> doEncryptBeforeSign(AsymmetricBindingHandler.java:270)
> ! at
> org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.
> handleBinding(AsymmetricBindingHandler.java:96)
> ! at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$
> PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:176)
> ! at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$
> PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:90)
> ! at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:272)
> ! at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:572)
> ! at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:481)
> ! at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:382)
> ! at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:335)
> ! at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> ! at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> JaxWsClientProxy.java:136)
> ! at com.sun.proxy.$Proxy103.processProductMasterData(Unknown Source)
>
> Im wondering if i could solve this in a similar way as overriding the
> method
> which loads the resource file to force it to load it from the file system.
>
> Here is the approach Im thinking:
> In the stacktrace, I see *AbstractBindingBuilder* class has a method called
> *getCrypto* which is the method that loads up the resource. I am thinking
> of
> overriding this. Any idea how to make use of this overridden class to
> indicate PolicyBasedWSS4JOutInterceptor to make use of the overridden
> class?
>
>
>
> --
> Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: Cannot load the resource for signing of a soap message
Posted by "praman@tracelink.com" <pr...@tracelink.com>.
Colm,
I used your suggestion and solved my problem. But I m running into a similar
problem elsewhere where the resource file is not found by the
AbstractBindingBuilder class. Here is the exception:
WARN [2017-10-20 12:56:45,022] org.apache.cxf.phase.PhaseInterceptorChain:
Interceptor for
{http://EMVS.EU/20161/}Product#{http://EMVS.EU/20161/}ProcessProductMasterData
has thrown exception, unwinding now
! org.apache.cxf.ws.policy.PolicyException: Could not find properties file
client/1080.1/encrypt.properties
! at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.policyNotAsserted(AbstractBindingBuilder.java:315)
! at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.getCrypto(AbstractBindingBuilder.java:1546)
! at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.getEncryptionCrypto(AbstractBindingBuilder.java:1480)
! at
org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doEncryption(AsymmetricBindingHandler.java:418)
! at
org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doEncryptBeforeSign(AsymmetricBindingHandler.java:270)
! at
org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.handleBinding(AsymmetricBindingHandler.java:96)
! at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:176)
! at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:90)
! at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
! at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:572)
! at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:481)
! at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:382)
! at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:335)
! at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
! at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:136)
! at com.sun.proxy.$Proxy103.processProductMasterData(Unknown Source)
Im wondering if i could solve this in a similar way as overriding the method
which loads the resource file to force it to load it from the file system.
Here is the approach Im thinking:
In the stacktrace, I see *AbstractBindingBuilder* class has a method called
*getCrypto* which is the method that loads up the resource. I am thinking of
overriding this. Any idea how to make use of this overridden class to
indicate PolicyBasedWSS4JOutInterceptor to make use of the overridden class?
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Re: Cannot load the resource for signing of a soap message
Posted by Colm O hEigeartaigh <co...@apache.org>.
https://github.com/apache/wss4j/commit/cb50d1940f53027fb76da03201ee5dc8cb5c81c2
Colm.
On Fri, Oct 20, 2017 at 10:05 AM, praman@tracelink.com <praman@tracelink.com
> wrote:
> Colm,
>
> For the workaround- can you show me the diff of your fix? Are you basically
> loading the resource in a different way rather than the classloader way? If
> you show me what the diff is for the fix you put in then I will use that as
> the base.
>
> Again thanks for fixing and for the quick responses. Appreciate it.
>
> -PR
>
>
>
> --
> Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: Cannot load the resource for signing of a soap message
Posted by "praman@tracelink.com" <pr...@tracelink.com>.
Colm,
For the workaround- can you show me the diff of your fix? Are you basically
loading the resource in a different way rather than the classloader way? If
you show me what the diff is for the fix you put in then I will use that as
the base.
Again thanks for fixing and for the quick responses. Appreciate it.
-PR
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Re: Cannot load the resource for signing of a soap message
Posted by Colm O hEigeartaigh <co...@apache.org>.
In terms of a workaround, yes you should be able to subclass the WSS4J
interceptors and override
AbstractWSS4JInterceptor.loadCryptoFromPropertiesFile with the fix that I
committed to WSS4J.
Colm.
On Fri, Oct 20, 2017 at 9:21 AM, Colm O hEigeartaigh <co...@apache.org>
wrote:
> The fix will be in releases 2.0.11, 2.1.12, 2.2.1 - WSS4J 1.6.x is no
> longer maintained.
>
> Colm.
>
> On Thu, Oct 19, 2017 at 6:06 PM, praman@tracelink.com <
> praman@tracelink.com> wrote:
>
>> Colm, that's great! Can you please let me know when this would be
>> available
>> for use? Will it be made available via maven? Is it a wss4j 1.6.19 fix?
>>
>> Unfortunately, I cannot upgrade to the latest versions of cxf because we
>> support sdk code given to us which was written a long time ago.
>>
>> Much appreciate the quick response. IS there some work-around for this
>> specific issue or not really?
>>
>> Thanks,
>> PR
>>
>>
>>
>> --
>> Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
>>
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: Cannot load the resource for signing of a soap message
Posted by Colm O hEigeartaigh <co...@apache.org>.
The fix will be in releases 2.0.11, 2.1.12, 2.2.1 - WSS4J 1.6.x is no
longer maintained.
Colm.
On Thu, Oct 19, 2017 at 6:06 PM, praman@tracelink.com <pr...@tracelink.com>
wrote:
> Colm, that's great! Can you please let me know when this would be available
> for use? Will it be made available via maven? Is it a wss4j 1.6.19 fix?
>
> Unfortunately, I cannot upgrade to the latest versions of cxf because we
> support sdk code given to us which was written a long time ago.
>
> Much appreciate the quick response. IS there some work-around for this
> specific issue or not really?
>
> Thanks,
> PR
>
>
>
> --
> Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: Cannot load the resource for signing of a soap message
Posted by "praman@tracelink.com" <pr...@tracelink.com>.
Colm, that's great! Can you please let me know when this would be available
for use? Will it be made available via maven? Is it a wss4j 1.6.19 fix?
Unfortunately, I cannot upgrade to the latest versions of cxf because we
support sdk code given to us which was written a long time ago.
Much appreciate the quick response. IS there some work-around for this
specific issue or not really?
Thanks,
PR
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Re: Cannot load the resource for signing of a soap message
Posted by Colm O hEigeartaigh <co...@apache.org>.
I've found the issue and merged a fix for WSS-540:
https://issues.apache.org/jira/browse/WSS-540
In terms of upgrading, the latest CXF releases are 3.1.13 and 3.2.0. Please
note that the bundle is removed from 3.0.x, instead just refer to the
individual modules that you need.
Colm.
On Thu, Oct 19, 2017 at 3:54 PM, praman@tracelink.com <pr...@tracelink.com>
wrote:
> Colm,
>
> thanks for responding.
>
> It's hard for me to create a test-case because there is so many things
> involved. I did my best below:
>
> Client creates a file called client.properties under */tmp* which looks
> like
> this:
> sign.propFile=client/100/sign.properties
> enc.propFile=client/100/encrypt.properties
> resp.propFile=client/100/decrypt.properties
>
> My java application is able to find this file without any issues even
> though
> /tmp is *not * in the classpath.
>
> however when WSS4JOutInterceptor runs when I prepare the soap message, it
> goes into the WSHandler.loadSignatureCrypto -> WSHandler.loadCrypto method
> -> WSHandler.loadCryptoFromPropertiesFile -> CryptoFactory.getInstance ->
> org.apache.ws.security.Loader.getResource which always tries to use the
> classloader to load the resource.
>
> No matter what path I try for the sign.propFile , I get the same error.
>
> *What versions of cxf + wss4j are supported currently?* Let me know please
> so that I can see if I can upgrade. Currently I have the following:
>
> <dependency>
> <groupId>org.apache.cxf</groupId>
> <artifactId>cxf-bundle</artifactId>
> <version>2.7.15</version>
> </dependency>
> Which pulls in wss4j 1.6.19 as a transitive dependency.
>
>
>
> --
> Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: Cannot load the resource for signing of a soap message
Posted by "praman@tracelink.com" <pr...@tracelink.com>.
Colm,
thanks for responding.
It's hard for me to create a test-case because there is so many things
involved. I did my best below:
Client creates a file called client.properties under */tmp* which looks like
this:
sign.propFile=client/100/sign.properties
enc.propFile=client/100/encrypt.properties
resp.propFile=client/100/decrypt.properties
My java application is able to find this file without any issues even though
/tmp is *not * in the classpath.
however when WSS4JOutInterceptor runs when I prepare the soap message, it
goes into the WSHandler.loadSignatureCrypto -> WSHandler.loadCrypto method
-> WSHandler.loadCryptoFromPropertiesFile -> CryptoFactory.getInstance ->
org.apache.ws.security.Loader.getResource which always tries to use the
classloader to load the resource.
No matter what path I try for the sign.propFile , I get the same error.
*What versions of cxf + wss4j are supported currently?* Let me know please
so that I can see if I can upgrade. Currently I have the following:
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-bundle</artifactId>
<version>2.7.15</version>
</dependency>
Which pulls in wss4j 1.6.19 as a transitive dependency.
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Re: Cannot load the resource for signing of a soap message
Posted by Colm O hEigeartaigh <co...@apache.org>.
Could you submit a test-case that reproduces the problem? Note that CXF
2.7.x + WSS4J 1.6.x are no longer supported.
Colm.
On Thu, Oct 19, 2017 at 12:45 PM, praman@tracelink.com <praman@tracelink.com
> wrote:
> Environment:
> cxf-bundle: 2.7.18
> wss4j: 1.6.19
>
> I am trying to act as a soap client and send a soap message which is both
> signed and encrypted. For signing and encrypting, different keystores are
> used. My own private key for signing and a server's public certificate for
> encrypting the soap body.
>
> The signaturePropFile points to a location which is at the following level
> relative to my application's jar :
>
> | - soap-client-application.jar
> | - client (directory containing different clients and their keys)
> | | - clientName
> | | | - client.jks
>
> The issue I'm facing is the following:
> DEBUG [2017-10-19 11:29:54,644] org.apache.ws.security.util.Loader:
> Trying to find [file:///Users/blah/git/ms-service-tl-de-eucompliance/
> target/client/1080.1/sign.properties] using sun.misc.Launcher$
> AppClassLoader@18b4aac2 class loader.
> DEBUG [2017-10-19 11:29:54,645] org.apache.ws.security.util.Loader:
> Trying to find [file:///Users/blah/git/ms-service-tl-de-eucompliance/
> target/client/1080.1/sign.properties] using sun.misc.Launcher$
> AppClassLoader@18b4aac2 class loader.
> DEBUG [2017-10-19 11:29:54,645] org.apache.ws.security.util.Loader:
> Trying to find [file:///Users/blah/git/ms-service-tl-de-eucompliance/
> target/client/1080.1/sign.properties] using ClassLoader.getSystemResource(
> ).
> WARN [2017-10-19 11:29:54,649] org.apache.cxf.phase.PhaseInterceptorChain:
> Interceptor for {http://EMVS.EU/20161/}Product#{http://EMVS.EU/20161/
> }ProcessProductMasterData has thrown exception, unwinding now
> ! org.apache.ws.security.WSSecurityException: General security error
> (Cannot load the resource file:///Users/blah/git/ms-
> service-tl-de-eucompliance/target/client/1080.1/sign.properties)
> ! at org.apache.ws.security.components.crypto.CryptoFactory.getProperties(
> CryptoFactory.java:261)
> ! at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(
> CryptoFactory.java:186)
> ! at org.apache.cxf.ws.security.wss4j.AbstractWSS4JInterceptor.
> loadCryptoFromPropertiesFile(AbstractWSS4JInterceptor.java:224)
> ! at org.apache.ws.security.handler.WSHandler.loadCrypto(
> WSHandler.java:910)
> ! at org.apache.ws.security.handler.WSHandler.
> loadSignatureCrypto(WSHandler.java:823)
> ! at org.apache.ws.security.handler.WSHandler.
> doSenderAction(WSHandler.java:143)
> ! at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(
> WSS4JOutInterceptor.java:52)
> ! at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$
> WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:265)
>
> As you can see above, the application is unable to load the sign.props
> file even though the path is valid. I tried several different paths like
> the following but I get the same error:
> - (Cannot load the resource file:///Users/blah/git/ms-
> service-tl-de-eucompliance/target/client/1080.1/sign.properties)
> - (Cannot load the resource file:Users/blah/git/ms-
> service-tl-de-eucompliance/target/client/1080.1/sign.properties)
> - (Cannot load the resource /Users/blah/git/ms-service-tl-
> de-eucompliance/target/client/1080.1/sign.properties)
>
> I have also followed this thread: https://stackoverflow.com/
> questions/30685860/how-to-load-the-cxf-wss4j-crypto-
> property-file-from-external-location-other-than . This thread has 2
> comments:
>
> 1.
> one is to load the properties by extending the WSS4JOutInterceptor class.
> This works but I need to be able to use different keystores: one for
> signing and another different one for encrypting. The crypto property does
> not allow me to do that.
>
> 2.
> the other is to do what I have been describing above which is to create
> the files in a certain place on the filesystem and then load them up. I get
> the error above when I do this. This is supposedly fixed in
> https://issues.apache.org/jira/browse/WSS-540 .
>
> I'm not sure what I'm doing wrongly. Any help is greatly appreciated. I
> have been trying to solve this for a couple of days now.
>
> Thanks!
> -PR
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com