Ivica Loncar created WSS-410:
--------------------------------
Summary: Reduce dependency on xmlsec library
Key: WSS-410
URL: https://issues.apache.org/jira/browse/WSS-410
Project: WSS4J
Issue Type: Sub-task
Components: WSS4J Core
Affects Versions: 1.6.7
Environment: WAS 8.5
Reporter: Ivica Loncar
Assignee: Colm O hEigeartaigh
I've replaced static call to the org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI
with
addJceProvider("ApacheXMLDSig",
"org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI");
but there is another dependency. Namely, setXmlSecIgnoreLineBreak initializes
org.apache.xml.security.Init
Of course I've got: java.lang.NoClassDefFoundError:
org.apache.xml.security.Init
Since I don't want to use org.apache.xml.security but IBM provided classes I
have added another option useApacheXmlSecurity. It is modeled after
addJceProviders.
Afterwards I have met another issue:
29.10.12. 16:32:39:512 CET] 0000029a servlet E
com.ibm.ws.webcontainer.servlet.ServletWrapper service Uncaught service()
exception thrown by servlet InvestFundsServlet: java.lang.NoClassDefFoundError:
org.apache.xml.security.utils.RFC2253Parser
at
org.apache.ws.security.message.token.DOMX509IssuerSerial.<init>(DOMX509IssuerSerial.java:76)
at
org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:221)
at
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:69)
at
org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:230)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:260)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:136)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
...
Caused by: java.lang.ClassNotFoundException:
org.apache.xml.security.utils.RFC2253Parser
at java.net.URLClassLoader.findClass(URLClassLoader.java:434)
This is an isolated utility class which can be safely transfered to project.
After I have copied org.apache.xml.security.utils.RFC2253Parser from Santuario
I was able to invoke web service that required signed request using CXF client
running on IBM WAS 8.5 without adding extra JCE providers.
All I had to do is creat servlet listener that enabled two properties in
question:
WSSConfig.setUseApacheXmlSecurity(false);
WSSConfig.setAddJceProviders(false);
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
