There is no need - I have already upgraded WSS4J and so CXF will pick it up
once the next WSS4J release is made.
Colm.
On Tue, Jun 25, 2013 at 11:40 AM, Jose María Zaragoza
<demablo...@gmail.com>wrote:
> Thanks !
> You got it
>
> I tested 1.5.4 and it didn't work , but with 1.5.5 works fine
>
> I upgraded Apache CXF to the lastest release ( 2.7.5 ) but they are still
> using xmlsec 1.5.4
> I will reporte to them
>
> Regards
>
>
>
>
> 2013/6/25 Colm O hEigeartaigh <cohei...@apache.org>
>
>>
>> I have no idea. It appears that it's an NPE on log.isDebugEnabled().
>> Could you try with a more recent version of XML Security for Java (i.e.
>> 1.5.5)? Some ThreadLocals were removed in 1.5.4 which possibly might cause
>> your issue.
>>
>> Colm.
>>
>>
>> On Tue, Jun 18, 2013 at 7:32 PM, Jose María Zaragoza <
>> demablo...@gmail.com> wrote:
>>
>>> Hello:
>>>
>>> I've crossposted this email to WSS4J mail list, so I hope someone can
>>> help me. Thanks
>>>
>>>
>>> I'm using WSS4J with Apache CXF 2.7.3, for signing SOAP messages
>>> So, I'm using WSS4J 1.6.9 and xmlsec 1.5.3
>>>
>>> These SOAP messages are sent by my WAR application to a remote webservice
>>>
>>> When I redeploy my WAR into Tomcat server *without restart it* , I
>>> always get the next exception:
>>>
>>> Caused by: org.apache.ws.security.WSSecurityException: Error during
>>> Signature:
>>> at
>>> org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:105)
>>> ~[wss4j-1.6.9.jar:1.6.9]
>>> at
>>> org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:230)
>>> ~[wss4j-1.6.9.jar:1.6.9]
>>> at
>>> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52)
>>> ~[cxf-rt-ws-security-2.7.3.jar:2.7.3]
>>> at
>>> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:260)
>>> ~[cxf-rt-ws-security-2.7.3.jar:2.7.3]
>>> at
>>> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:136)
>>> ~[cxf-rt-ws-security-2.7.3.jar:2.7.3]
>>> at
>>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
>>> [cxf-api-2.7.3.jar:2.7.3]
>>> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530)
>>> ~[cxf-api-2.7.3.jar:2.7.3]
>>> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
>>> ~[cxf-api-2.7.3.jar:2.7.3]
>>> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
>>> ~[cxf-api-2.7.3.jar:2.7.3]
>>> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
>>> ~[cxf-api-2.7.3.jar:2.7.3]
>>> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
>>> ~[cxf-rt-frontend-simple-2.7.3.jar:2.7.3]
>>> at
>>> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:133)
>>> ~[cxf-rt-frontend-jaxws-2.7.3.jar:2.7.3]
>>> ... 41 common frames omitted
>>> Caused by: org.apache.ws.security.WSSecurityException: Signature
>>> creation failed
>>> at
>>> org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:558)
>>> ~[wss4j-1.6.9.jar:1.6.9]
>>> at
>>> org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:99)
>>> ~[wss4j-1.6.9.jar:1.6.9]
>>> ... 52 common frames omitted
>>> Caused by: java.lang.NullPointerException: null
>>> at
>>> org.apache.jcp.xml.dsig.internal.dom.DOMReference.marshal(DOMReference.java:297)
>>> ~[xmlsec-1.5.3.jar:1.5.3]
>>> at
>>> org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo.marshal(DOMSignedInfo.java:268)
>>> ~[xmlsec-1.5.3.jar:1.5.3]
>>> at
>>> org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.marshal(DOMXMLSignature.java:216)
>>> ~[xmlsec-1.5.3.jar:1.5.3]
>>> at
>>> org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:329)
>>> ~[xmlsec-1.5.3.jar:1.5.3]
>>> at
>>> org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:553)
>>> ~[wss4j-1.6.9.jar:1.6.9]
>>> ... 53 common frames omitted
>>>
>>>
>>> Any idea ?
>>> I've to restart Tomcat server and all works fine again
>>> Looks like a leak
>>>
>>> When fails, if I enable debug logging level, I don't see the the log
>>> message in DOMReference.java , line 297
>>>
>>> if (log.isDebugEnabled())
>>> {
>>> log.debug("Marshalling Reference");
>>>
>>> }
>>>
>>> When I restart Tomcat, this log message is shown
>>>
>>> My CXF client configuration is
>>>
>>> <http-conf:conduit name="https://.*";>
>>> <http-conf:tlsClientParameters>
>>> <sec:trustManagers>
>>> <sec:keyStore type="JKS" password="xxx"
>>> resource="truststore.jks"/>
>>> </sec:trustManagers>
>>> </http-conf:tlsClientParameters>
>>> <http-conf:client ConnectionTimeout="5000" ReceiveTimeout="10000"
>>> />
>>> </http-conf:conduit>
>>>
>>> <jaxws:outInterceptors>
>>> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
>>> <constructor-arg>
>>> <map>
>>> <entry key="action" value="Signature"/>
>>> <entry key="user" value="xxx"/>
>>> <entry key="signatureUser" value="xxxx"/>
>>> <entry key="passwordCallbackClass"
>>> value="com.test.KeystorePasswordCallback"/>
>>> <entry key="signaturePropFile"
>>> value="keystore.properties"/>
>>> <entry key="signatureKeyIdentifier"
>>> value="DirectReference"/>
>>> <entry key="signatureAlgorithm" value="
>>> http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>>> <entry key="sigCanonicalization" value="
>>> http://www.w3.org/2001/10/xml-exc-c14n#"/>
>>> <entry key="signatureDigestAlgorithm" value="
>>> http://www.w3.org/2000/09/xmldsig#sha1"/>
>>> </map>
>>> </constructor-arg>
>>> </bean>
>>> </jaxws:outInterceptors>
>>>
>>> </jaxws:client>
>>>
>>>
>>
>>
>> --
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
