[ https://issues.apache.org/jira/browse/WSS-410?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13486773#comment-13486773 ]
Colm O hEigeartaigh commented on WSS-410: ----------------------------------------- Hi, I have applied a modified version of your patch. I have not added an extra "useApacheXMLSecurity" flag to WSSConfig, but instead just placed the call to set the line breaks inside the "addJCEProviders" flag. Could you try with a SNAPSHOT version and let me know if it works? Colm. > Reduce dependency on xmlsec library > ----------------------------------- > > Key: WSS-410 > URL: https://issues.apache.org/jira/browse/WSS-410 > Project: WSS4J > Issue Type: Sub-task > Components: WSS4J Core > Affects Versions: 1.6.7 > Environment: WAS 8.5 > Reporter: Ivica Loncar > Assignee: Colm O hEigeartaigh > Labels: santuario, was, websphere, xmlsec > Fix For: 1.6.8 > > Attachments: wss4j_patch.diff > > Original Estimate: 2h > Remaining Estimate: 2h > > I've replaced static call to the > org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI with > addJceProvider("ApacheXMLDSig", > "org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI"); > but there is another dependency. Namely, setXmlSecIgnoreLineBreak initializes > org.apache.xml.security.Init > Of course I've got: java.lang.NoClassDefFoundError: > org.apache.xml.security.Init > Since I don't want to use org.apache.xml.security but IBM provided classes I > have added another option useApacheXmlSecurity. It is modeled after > addJceProviders. > Afterwards I have met another issue: > 29.10.12. 16:32:39:512 CET] 0000029a servlet E > com.ibm.ws.webcontainer.servlet.ServletWrapper service Uncaught service() > exception thrown by servlet InvestFundsServlet: > java.lang.NoClassDefFoundError: org.apache.xml.security.utils.RFC2253Parser > at > org.apache.ws.security.message.token.DOMX509IssuerSerial.<init>(DOMX509IssuerSerial.java:76) > at > org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:221) > at > org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:69) > at > org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:230) > at > org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52) > at > org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:260) > at > org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:136) > at > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) > at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320) > at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89) > ... > Caused by: java.lang.ClassNotFoundException: > org.apache.xml.security.utils.RFC2253Parser > at java.net.URLClassLoader.findClass(URLClassLoader.java:434) > This is an isolated utility class which can be safely transfered to project. > After I have copied org.apache.xml.security.utils.RFC2253Parser from > Santuario I was able to invoke web service that required signed request using > CXF client running on IBM WAS 8.5 without adding extra JCE providers. > All I had to do is creat servlet listener that enabled two properties in > question: > WSSConfig.setUseApacheXmlSecurity(false); > WSSConfig.setAddJceProviders(false); -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org For additional commands, e-mail: dev-h...@ws.apache.org