First, you don't need to add xml-apis-1.3.02.jar since the QName class is provided by the JVM now (since 1.5). Can you attach the full stack trace of the exception you see (when xml-apis-1.3.02.jar is not included)? And can you also attach the Geronimo deployment descriptor you are using?
Jarek On Thu, Aug 7, 2008 at 3:39 AM, <[EMAIL PROTECTED]> wrote: > > Hi all, > > this is an issue on the new version 2.1.2 using Webservices. Our application > works (without WS-Security) under G 2.1.1, but under G 2.1.2 I can't even > deploy. > > -Josef > > > > > Daniel Kulp <[EMAIL PROTECTED]> > > 06.08.2008 19:34 > > An > [EMAIL PROTECTED] > Kopie > [EMAIL PROTECTED] > Thema > Re: Antwort: Re: Change Version of Apache CXF for Geronimo > > > > > > That's something you may need to ask on the geronimo list. I'm not > familliar > with all the classloading details there. > > Dan > > > On Wednesday 06 August 2008 3:57:59 am [EMAIL PROTECTED] wrote: >> Hi Dan, >> >> cool, this is the newest Version of Apache CXF :-) >> >> So I took my EAR added the new libs (not contained in Geronimo 2.1.2, >> why?) >> cxf-rt-ws-security-2.0.8.jar >> wss4j-1.5.4.jar >> and tried to deploy to the new Geronimo: >> >> ... >> 09:25:28,770 ERROR [GBeanInstanceState] Error while starting; GBean is now >> in the FAILED state: >> abstractName="myapp/app/1.0/ear?configurationName=myapp/app/1.0/ear" >> org.apache.geronimo.kernel.config.InvalidConfigException: Class not >> loadable in classloader: >> [org.apache.geronimo.kernel.config.MultiParentClassLoader >> id=myapp/app/1.0/ear] >> at >> org.apache.geronimo.kernel.config.SerializedGBeanState.loadGBeans(Seria >> ... >> Caused by: java.lang.ClassNotFoundException: Unable to find class used in >> GBeanData >> >> myapp/app/1.0/ear?J2EEApplication=myapp/app/1.0/ear,j2eeType=EJBModule,name >>=MyAppEJB.jar, attribute: ejbJarInfo >> at >> >> org.apache.geronimo.gbean.GBeanData$V0Externalizable.readExternal(GBeanData >>.java:293) ... 33 more >> Caused by: java.lang.ClassNotFoundException: Could not load class >> javax.xml.namespace.QName from classloader: myapp/app/1.0/ear, destroyed >> state: false >> at >> org.apache.geronimo.kernel.ClassLoading.loadClass(ClassLoading.java:213) >> ... >> >> So I thought maybe "xml-apis-1.3.02.jar" is missing, but adding to the EAR >> leads to: >> >> ... >> Caused by: java.io.InvalidClassException: javax.xml.namespace.QName; local >> class incompatible: stream classdesc serialVersionUID = >> -9120448754896609940, local class serialVersionUID = 4418622981026545151 >> at >> java.io.ObjectStreamClass.initNonProxy(ObjectStreamClass.java:546) >> at >> java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1552) >> ... >> >> I need the QName in my Webservice. What can I do to get my App deployed? >> Thanx in advance. >> >> -Josef >> >> >> >> >> Daniel Kulp <[EMAIL PROTECTED]> >> 05.08.2008 16:42 >> Bitte antworten an >> [EMAIL PROTECTED] >> >> >> An >> [EMAIL PROTECTED] >> Kopie >> >> Thema >> Re: Change Version of Apache CXF for Geronimo >> >> >> >> >> >> >> >> You might want to just try Geronimo 2.1.2. The vote apparently passed >> last >> night: >> >> http://www.nabble.com/-VOTE--Geronimo-Server-2.1.2-Release-to18746852s134.h >>tml >> >> so it should be made available shortly. You can download the candidates. >> >> 2.1.2 is using CXF 2.0.8. >> >> >> Dan >> >> On Tuesday 05 August 2008 6:03:51 am [EMAIL PROTECTED] wrote: >> > Hi Glen, >> > >> > because I got stuck in solving the problem with Geronimo 2.1.1 and >> > included CXF 2.0.2 I thought maybe CXF 2.0.8 solves my problem? >> > >> > So I tried to change the WS-Stack of my Geronimo from the old version to >> > CXF 2.0.8. I had certain essays: >> > >> > 1) http://www.jroller.com/gmazza/date/20080612: >> > -> In Geronimo is no <prefer-application-packages> available, I tried >> >> with >> >> > <inverse-classloading/> but I got a lot of problems with the >> >> classloader. >> >> > If I added all JARS necessary - see file WHICH_JARS - I got class cast >> > exceptions, adding a certain minimum leads to NoClassDefError. >> > <hidden-classes> or <non-overridable-classes> won't help? >> > 2) Adding CXF under Services - Repository with a dependency-entry in the >> > deployment plan: >> > <dependency> >> > <groupId>org.apache.cxf</groupId> >> > <artifactId>cxf</artifactId> >> > <version>2.0.8</version> >> > <type>jar</type> >> > </dependency> >> > changed nothing. >> > 3) ??? >> > >> > Can you please help? >> > >> > -Josef >> > >> > >> > >> > >> > [EMAIL PROTECTED] >> > 04.08.2008 16:09 >> > Bitte antworten an >> > [EMAIL PROTECTED] >> > >> > >> > An >> > [EMAIL PROTECTED] >> > Kopie >> > >> > Thema >> > Antwort: Re: Antwort: Re: Antwort: Re: WS-Stack Apache CXF asks for >> > Axis2-Classes >> > >> > >> > >> > >> > >> > >> > Hi Dan, >> > >> > I checked your blog and I didn't found big differences in the >> > code(Server-Part is in my case more JEE5 like - see >> >> >> http://depressedprogrammer.wordpress.com/2007/07/31/cxf-ws-security-using-j >> >> >sr-181-interceptor-annotations-xfire-migration/ >> > >> > ). >> > >> > The difference I see compared with your blog-example is in the request >> > itself: >> > >> > 1) from http://cwiki.apache.org/CXF20DOC/ws-security.html: >> > <wsse:Security >> > xmlns:wsse=" >> >> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1 >> >> >.0.xsd >> > >> > " >> > soap:mustUnderstand="1"> >> > <wsse:UsernameToken >> > xmlns:wsse=" >> >> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1 >> >> >.0.xsd >> > >> > " >> > xmlns:wsu=" >> >> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility- >> >> >1.0.xsd >> > >> > " >> > wsu:Id="UsernameToken-25268096"> >> > <wsse:Username >> > xmlns:wsse=" >> >> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1 >> >> >.0.xsd >> > >> > "> >> > joe >> > </wsse:Username> >> > <wsse:Password >> > xmlns:wsse=" >> >> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1 >> >> >.0.xsd >> > >> > " >> > Type=" >> >> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-prof >> >> >ile-1.0#PasswordDigest >> > >> > "> >> > ymyLPVTLrQMBJo82akcw4aBSlJQ= >> > </wsse:Password> >> > <wsse:Nonce >> > xmlns:wsse=" >> >> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1 >> >> >.0.xsd >> > >> > "> >> > MK3TTlJxaevzcFaxV/oKyw== >> > </wsse:Nonce> >> > <wsu:Created >> > xmlns:wsu=" >> >> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility- >> >> >1.0.xsd >> > >> > "> >> > 2008-07-16T23:05:07.300Z >> > </wsu:Created> >> > </wsse:UsernameToken> >> > </wsse:Security> >> > >> > 2) my request: >> > <wsse:Security >> > xmlns:wsse=" >> >> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1 >> >> >.0.xsd >> > >> > " >> > soap:mustUnderstand="1"> >> > <wsse:UsernameToken >> > xmlns:wsu=" >> >> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility- >> >> >1.0.xsd >> > >> > " >> > wsu:Id="UsernameToken-12189822"> >> > <wsse:Username> >> > blabla >> > </wsse:Username> >> > <wsse:Password >> > Type=" >> >> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-prof >> >> >ile-1.0#PasswordDigest >> > >> > "> >> > uIqdbKqsp5VCvM4bPTps1PmnMZI=</wsse:Password> >> > <wsse:Nonce>YmoBKVpJrAjM2P3ss7MUNg==</wsse:Nonce> >> > <wsu:Created> >> > 2008-08-04T10:08:15.245Z >> > </wsu:Created> >> > </wsse:UsernameToken> >> > </wsse:Security> >> > >> > >> > I miss the namespace >> > xmlns:wsse=" >> >> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1 >> >> >.0.xsd >> > >> > " >> > and not only me but also the WSSecurityUtil.class in line 92: >> > >> > list = >> > soapHeaderElement.getElementsByTagNameNS(WSConstants.WSSE_NS, >> > WSConstants.WSSE_LN); >> > >> > And therefore the method >> > public static Element getSecurityHeader(Document doc, String actor, >> > SOAPConstants sc) { >> > >> > results in an null-Element. The class WSSecurityEngine and in the end >> > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor throws the error: >> > >> > WARNUNG: Request does not contain required Security header >> > >> > What am I doing wrong with WS-Security 1.1 ???? I have now the sources >> >> for >> >> > apacche-cxf-2.0.2 and wss4j-1.5.1, if I can debug to a certain step let >> >> me >> >> > know. >> > >> > -Josef >> > >> > >> > >> > >> > >> > Glen Mazza <[EMAIL PROTECTED]> >> > 26.07.2008 03:03 >> > Bitte antworten an >> > [EMAIL PROTECTED] >> > >> > >> > An >> > [EMAIL PROTECTED] >> > Kopie >> > >> > Thema >> > Re: Antwort: Re: Antwort: Re: WS-Stack Apache CXF asks for Axis2-Classes >> > >> > >> > >> > >> > >> > >> > >> > Have you checked our documentation on this: >> > http://cwiki.apache.org/CXF20DOC/ws-security.html >> > >> > Also I blogged about this recently, maybe something you can use: >> > http://www.jroller.com/gmazza/entry/using_cxf_and_wss4j_to >> > >> > HTH, >> > Glen >> > >> > Josef.Eisele wrote: >> > > Hi Dan, >> > > >> > > I solved the last problem copying libraries (xmlsec-1.3.0.jar, >> > > wss4j-1.5.1.jar, cxr-rt-ws-securitity-2.0.2-...) from the WAR-Part to >> > >> > the >> > >> > > EAR-Part: >> > > (WebContent/WEB-INF/lib -> EarContent/lib) >> > > >> > > One Problem solved another arises: >> > > >> > > Client writes the SecurityHeader: >> > > .. >> > > <wsse:Security xmlns:wsse=" >> >> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1 >> >> >.0.xsd >> > >> > > " soap:mustUnderstand="1"> >> > > <wsse:UsernameToken xmlns:wsu=" >> >> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility- >> >> >1.0.xsd >> > >> > > " wsu:Id="UsernameToken-12189822"> >> > > <wsse:Username>chef</wsse:Username> >> > > <wsse:Password Type=" >> >> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-prof >> >> >ile-1.0#PasswordDigest >> > >> > > ">MxsuASsgtCzGlTTif0kcbqXIHxM=</wsse:Password> >> > > <wsse:Nonce>HAYlnYvfdo0dddeYXGsxdw==</wsse:Nonce> >> > > <wsu:Created>2008-07-25T11:22:20.886Z</wsu:Created> >> > > </wsse:UsernameToken> >> > > </wsse:Security> >> > > ... >> > > >> > > Server is configured with the interceptor: >> > > @InInterceptors(interceptors={ "de.mypath.WSSecurityInterceptor" }) >> > > >> > > In this class I configure 3 Interceptors: >> > > public void handleMessage(Message message) throws Fault { >> > > Map<String, Object> props = new HashMap<String, >> > >> > Object>(); >> > >> > > props.put(WSHandlerConstants.ACTION, >> > > WSHandlerConstants.USERNAME_TOKEN); >> > > props.put(WSHandlerConstants.PASSWORD_TYPE, >> > > WSConstants.PW_DIGEST); >> > > props.put(WSHandlerConstants.PW_CALLBACK_CLASS, >> > > ServerPasswordCallback.class.getName()); >> > > >> > > WSS4JInInterceptor wss4jInInterceptor = >> >> new >> >> > > WSS4JInInterceptor(props); >> > > ValidateUserTokenInterceptor userTokenInterceptor = >> >> new >> >> > > ValidateUserTokenInterceptor(Phase.POST_PROTOCOL); >> > > >> > > message.getInterceptorChain().add(wss4jInInterceptor); >> > > //org.apache.cxf.binding.soap.SoapFault: No >> >> SOAPMessage >> >> > > DOM was found. Please enable the SAAJInInterceptor. >> > > message.getInterceptorChain().add(new >> > > SAAJInInterceptor()); >> > > message.getInterceptorChain().add(userTokenInterceptor); >> > > } >> > > >> > > UserTokenInterceptor works fine, SAAJInInterceptor is necessary >> > >> > otherwise >> > >> > > excepton but now I get an exception on the wss4jInInterceptor: >> > > >> > > 25.07.2008 13:03:44 >> >> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor >> >> > > handleMessage >> > > WARNUNG: Request does not contain required Security header >> > > 25.07.2008 13:03:44 org.apache.cxf.phase.PhaseInterceptorChain >> > >> > doIntercept >> > >> > > INFO: Interceptor has thrown exception, unwinding now >> > > org.apache.cxf.binding.soap.SoapFault: Request does not contain >> >> required >> >> > > Security header. >> > > at >> >> >> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInIn >> >> >terceptor.java:153) >> > >> > > at >> >> >> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInIn >> >> >terceptor.java:60) >> > >> > > at >> >> >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai >> >> >n.java:208) >> > >> > > at >> > > org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:429) >> > > at >> >> >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleRespons >> >> >e(HTTPConduit.java:1955) >> > >> > > at >> >> >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPCon >> >> >duit.java:1791) >> > >> > > at >> >> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66) >> >> > > at >> > > org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:575) >> > > at >> >> >> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInte >> >> >rceptor.handleMessage(MessageSenderInterceptor.java:62) >> > >> > > at >> >> >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai >> >> >n.java:208) >> > >> > > at >> > >> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:276) >> > >> > > at >> > >> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:222) >> > >> > > at >> > > org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) >> > > at >> >> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135) >> >> > > How do I know what is wrong with my SecurityHeader? >> > > >> > > -Josef >> > > >> > > >> > > >> > > >> > > Daniel Kulp <[EMAIL PROTECTED]> >> > > 23.07.2008 14:42 >> > > Bitte antworten an >> > > [EMAIL PROTECTED] >> > > >> > > >> > > An >> > > [EMAIL PROTECTED] >> > > Kopie >> > > [email protected] >> > > Thema >> > > Re: Antwort: Re: WS-Stack Apache CXF asks for Axis2-Classes >> > > >> > > On Jul 23, 2008, at 7:24 AM, [EMAIL PROTECTED] wrote: >> > >> Hi Kevin, Lin, Daniel, Glen, >> > >> >> > >> @Daniel: Your VM-Parameters solved this problem. Thank you very much >> > >> for >> > >> your help. >> > > >> > > Yea, but it definitely shouldn't have been necessary. >> > > >> > >> @Glen: Thank you very much for your tipp, we will wait for Geronimo >> > >> 2.1.2 >> > >> and then we have Apache CXF2.0.6... >> > > >> > > Actually, CXF 2.0.8. :-) >> > > >> > >> @All: Now I have two new issues ;-) >> > >> 1) The client is written like described in >> > >> http://cwiki.apache.org/CXF20DOC/ws-security.html. For the server >> > >> part - >> > >> because of JavaEE5 - we choose >> >> >> http://depressedprogrammer.wordpress.com/2007/07/31/cxf-ws-security-using-j >> >> >sr-181-interceptor-annotations-xfire-migration/ >> > >> > >> . >> > >> In the first run I added >> > >> @InInterceptors >> > >> (interceptors={ "de.myapp.WSSecurityInterceptor" }) to >> > >> the WS-Implementation-Class and nothing happend. Afterwards I had a >> > >> try >> > >> with the interface class and added the same >> > >> @InInterceptors(interceptors={ "de.myapp.WSSecurityInterceptor" }). >> > >> After this changed the class de.myapp.WSSecurityInterceptor was >> > >> accessed. >> > >> Why do I have to add @... in implementation AND interface? >> > > >> > > Not sure on that. Feel free to log a CXF bug. It should be >> > > possible to just put it on the implementation. The interface should >> > > be shareable between clients/servers and having interceptors defined >> > > on it that should just be there for the server is not a good thing. >> > > >> > >> 2) In the handleMessage(Message message) I receive after: >> > >> ... >> > >> props.put(WSHandlerConstants.PASSWORD_TYPE, >> > >> WSConstants.PW_TEXT); >> > >> props.put(WSHandlerConstants.PW_CALLBACK_CLASS, >> > >> ServerPasswordCallback.class.getName()); >> > >> >> > >> WSS4JInInterceptor wss4jInHandler = new >> > >> WSS4JInInterceptor(props); >> > >> ... >> > >> >> > >> ......................... >> > >> >> > >> Caused by: com.ctc.wstx.exc.WstxEOFException: Unexpected EOF in >> >> prolog >> >> > >> at [row,col {unknown-source}]: [1,0] >> > >> at >> > >> com.ctc.wstx.sr.StreamScanner.throwUnexpectedEOF(StreamScanner.java: >> > >> 661) >> > >> at >> > >> com.ctc.wstx.sr.BasicStreamReader.handleEOF(BasicStreamReader.java: >> > >> 2134) >> > >> at >> > > >> > > With CXF 2.0.2, that stack could result from a BUNCH of things. We >> > > actually would get that stack if the server sent back and html error >> > > page without setting a 404 or similar. Several things can cause >> > > it. If you can tcpdump or wireshark the wire transfers to see what's >> > > going on, that would be helpful. Good news is that this changed in >> > > 2.0.5 to get a better error message. :-) >> > > >> > > >> > > --- >> > > Daniel Kulp >> > > [EMAIL PROTECTED] >> > > http://www.dankulp.com/blog >> > > >> > > >> > > >> > > >> > > >> > > >> > > BGS Beratungsgesellschaft >> > > Software Systemplanung AG >> > > >> > > >> > > >> > > >> > > Niederlassung Rhein/Main >> > > Robert-Koch-Straße 41 >> > > 55129 Mainz >> > > Fon: +49 (0) 6131 / 914-0 >> > > Fax: +49 (0) 6131 / 914-400 >> > > www.bgs-ag.de >> > > Geschäftssitz Mainz >> > > Registergericht >> > > Amtsgericht Mainz >> > > HRB 62 50 >> > > >> > > Aufsichtsratsvorsitzender >> > > Klaus Hellwig >> > > Vorstand >> > > Hanspeter Gau >> > > Hermann Kiefer >> > > Nils Manegold > > > > -- > Daniel Kulp > [EMAIL PROTECTED] > http://www.dankulp.com/blog > > ________________________________ > BGS Beratungsgesellschaft > Software Systemplanung AG > Niederlassung Rhein/Main > Robert-Koch-Straße 41 > 55129 Mainz > Fon: +49 (0) 6131 / 914-0 > Fax: +49 (0) 6131 / 914-400 > www.bgs-ag.de Geschäftssitz Mainz > Registergericht > Amtsgericht Mainz > HRB 62 50 > Aufsichtsratsvorsitzender > Klaus Hellwig > Vorstand > Hanspeter Gau > Hermann Kiefer > Nils Manegold > >
