That's something you may need to ask on the geronimo list. I'm not familliar with all the classloading details there.
Dan On Wednesday 06 August 2008 3:57:59 am [EMAIL PROTECTED] wrote: > Hi Dan, > > cool, this is the newest Version of Apache CXF :-) > > So I took my EAR added the new libs (not contained in Geronimo 2.1.2, > why?) > cxf-rt-ws-security-2.0.8.jar > wss4j-1.5.4.jar > and tried to deploy to the new Geronimo: > > ... > 09:25:28,770 ERROR [GBeanInstanceState] Error while starting; GBean is now > in the FAILED state: > abstractName="myapp/app/1.0/ear?configurationName=myapp/app/1.0/ear" > org.apache.geronimo.kernel.config.InvalidConfigException: Class not > loadable in classloader: > [org.apache.geronimo.kernel.config.MultiParentClassLoader > id=myapp/app/1.0/ear] > at > org.apache.geronimo.kernel.config.SerializedGBeanState.loadGBeans(Seria > ... > Caused by: java.lang.ClassNotFoundException: Unable to find class used in > GBeanData > myapp/app/1.0/ear?J2EEApplication=myapp/app/1.0/ear,j2eeType=EJBModule,name >=MyAppEJB.jar, attribute: ejbJarInfo > at > org.apache.geronimo.gbean.GBeanData$V0Externalizable.readExternal(GBeanData >.java:293) ... 33 more > Caused by: java.lang.ClassNotFoundException: Could not load class > javax.xml.namespace.QName from classloader: myapp/app/1.0/ear, destroyed > state: false > at > org.apache.geronimo.kernel.ClassLoading.loadClass(ClassLoading.java:213) > ... > > So I thought maybe "xml-apis-1.3.02.jar" is missing, but adding to the EAR > leads to: > > ... > Caused by: java.io.InvalidClassException: javax.xml.namespace.QName; local > class incompatible: stream classdesc serialVersionUID = > -9120448754896609940, local class serialVersionUID = 4418622981026545151 > at > java.io.ObjectStreamClass.initNonProxy(ObjectStreamClass.java:546) > at > java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1552) > ... > > I need the QName in my Webservice. What can I do to get my App deployed? > Thanx in advance. > > -Josef > > > > > Daniel Kulp <[EMAIL PROTECTED]> > 05.08.2008 16:42 > Bitte antworten an > [email protected] > > > An > [email protected] > Kopie > > Thema > Re: Change Version of Apache CXF for Geronimo > > > > > > > > You might want to just try Geronimo 2.1.2. The vote apparently passed > last > night: > http://www.nabble.com/-VOTE--Geronimo-Server-2.1.2-Release-to18746852s134.h >tml > > so it should be made available shortly. You can download the candidates. > > 2.1.2 is using CXF 2.0.8. > > > Dan > > On Tuesday 05 August 2008 6:03:51 am [EMAIL PROTECTED] wrote: > > Hi Glen, > > > > because I got stuck in solving the problem with Geronimo 2.1.1 and > > included CXF 2.0.2 I thought maybe CXF 2.0.8 solves my problem? > > > > So I tried to change the WS-Stack of my Geronimo from the old version to > > CXF 2.0.8. I had certain essays: > > > > 1) http://www.jroller.com/gmazza/date/20080612: > > -> In Geronimo is no <prefer-application-packages> available, I tried > > with > > > <inverse-classloading/> but I got a lot of problems with the > > classloader. > > > If I added all JARS necessary - see file WHICH_JARS - I got class cast > > exceptions, adding a certain minimum leads to NoClassDefError. > > <hidden-classes> or <non-overridable-classes> won't help? > > 2) Adding CXF under Services - Repository with a dependency-entry in the > > deployment plan: > > <dependency> > > <groupId>org.apache.cxf</groupId> > > <artifactId>cxf</artifactId> > > <version>2.0.8</version> > > <type>jar</type> > > </dependency> > > changed nothing. > > 3) ??? > > > > Can you please help? > > > > -Josef > > > > > > > > > > [EMAIL PROTECTED] > > 04.08.2008 16:09 > > Bitte antworten an > > [email protected] > > > > > > An > > [email protected] > > Kopie > > > > Thema > > Antwort: Re: Antwort: Re: Antwort: Re: WS-Stack Apache CXF asks for > > Axis2-Classes > > > > > > > > > > > > > > Hi Dan, > > > > I checked your blog and I didn't found big differences in the > > code(Server-Part is in my case more JEE5 like - see > > http://depressedprogrammer.wordpress.com/2007/07/31/cxf-ws-security-using-j > > >sr-181-interceptor-annotations-xfire-migration/ > > > > ). > > > > The difference I see compared with your blog-example is in the request > > itself: > > > > 1) from http://cwiki.apache.org/CXF20DOC/ws-security.html: > > <wsse:Security > > xmlns:wsse=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1 > > >.0.xsd > > > > " > > soap:mustUnderstand="1"> > > <wsse:UsernameToken > > xmlns:wsse=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1 > > >.0.xsd > > > > " > > xmlns:wsu=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility- > > >1.0.xsd > > > > " > > wsu:Id="UsernameToken-25268096"> > > <wsse:Username > > xmlns:wsse=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1 > > >.0.xsd > > > > "> > > joe > > </wsse:Username> > > <wsse:Password > > xmlns:wsse=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1 > > >.0.xsd > > > > " > > Type=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-prof > > >ile-1.0#PasswordDigest > > > > "> > > ymyLPVTLrQMBJo82akcw4aBSlJQ= > > </wsse:Password> > > <wsse:Nonce > > xmlns:wsse=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1 > > >.0.xsd > > > > "> > > MK3TTlJxaevzcFaxV/oKyw== > > </wsse:Nonce> > > <wsu:Created > > xmlns:wsu=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility- > > >1.0.xsd > > > > "> > > 2008-07-16T23:05:07.300Z > > </wsu:Created> > > </wsse:UsernameToken> > > </wsse:Security> > > > > 2) my request: > > <wsse:Security > > xmlns:wsse=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1 > > >.0.xsd > > > > " > > soap:mustUnderstand="1"> > > <wsse:UsernameToken > > xmlns:wsu=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility- > > >1.0.xsd > > > > " > > wsu:Id="UsernameToken-12189822"> > > <wsse:Username> > > blabla > > </wsse:Username> > > <wsse:Password > > Type=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-prof > > >ile-1.0#PasswordDigest > > > > "> > > uIqdbKqsp5VCvM4bPTps1PmnMZI=</wsse:Password> > > <wsse:Nonce>YmoBKVpJrAjM2P3ss7MUNg==</wsse:Nonce> > > <wsu:Created> > > 2008-08-04T10:08:15.245Z > > </wsu:Created> > > </wsse:UsernameToken> > > </wsse:Security> > > > > > > I miss the namespace > > xmlns:wsse=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1 > > >.0.xsd > > > > " > > and not only me but also the WSSecurityUtil.class in line 92: > > > > list = > > soapHeaderElement.getElementsByTagNameNS(WSConstants.WSSE_NS, > > WSConstants.WSSE_LN); > > > > And therefore the method > > public static Element getSecurityHeader(Document doc, String actor, > > SOAPConstants sc) { > > > > results in an null-Element. The class WSSecurityEngine and in the end > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor throws the error: > > > > WARNUNG: Request does not contain required Security header > > > > What am I doing wrong with WS-Security 1.1 ???? I have now the sources > > for > > > apacche-cxf-2.0.2 and wss4j-1.5.1, if I can debug to a certain step let > > me > > > know. > > > > -Josef > > > > > > > > > > > > Glen Mazza <[EMAIL PROTECTED]> > > 26.07.2008 03:03 > > Bitte antworten an > > [email protected] > > > > > > An > > [email protected] > > Kopie > > > > Thema > > Re: Antwort: Re: Antwort: Re: WS-Stack Apache CXF asks for Axis2-Classes > > > > > > > > > > > > > > > > Have you checked our documentation on this: > > http://cwiki.apache.org/CXF20DOC/ws-security.html > > > > Also I blogged about this recently, maybe something you can use: > > http://www.jroller.com/gmazza/entry/using_cxf_and_wss4j_to > > > > HTH, > > Glen > > > > Josef.Eisele wrote: > > > Hi Dan, > > > > > > I solved the last problem copying libraries (xmlsec-1.3.0.jar, > > > wss4j-1.5.1.jar, cxr-rt-ws-securitity-2.0.2-...) from the WAR-Part to > > > > the > > > > > EAR-Part: > > > (WebContent/WEB-INF/lib -> EarContent/lib) > > > > > > One Problem solved another arises: > > > > > > Client writes the SecurityHeader: > > > .. > > > <wsse:Security xmlns:wsse=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1 > > >.0.xsd > > > > > " soap:mustUnderstand="1"> > > > <wsse:UsernameToken xmlns:wsu=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility- > > >1.0.xsd > > > > > " wsu:Id="UsernameToken-12189822"> > > > <wsse:Username>chef</wsse:Username> > > > <wsse:Password Type=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-prof > > >ile-1.0#PasswordDigest > > > > > ">MxsuASsgtCzGlTTif0kcbqXIHxM=</wsse:Password> > > > <wsse:Nonce>HAYlnYvfdo0dddeYXGsxdw==</wsse:Nonce> > > > <wsu:Created>2008-07-25T11:22:20.886Z</wsu:Created> > > > </wsse:UsernameToken> > > > </wsse:Security> > > > ... > > > > > > Server is configured with the interceptor: > > > @InInterceptors(interceptors={ "de.mypath.WSSecurityInterceptor" }) > > > > > > In this class I configure 3 Interceptors: > > > public void handleMessage(Message message) throws Fault { > > > Map<String, Object> props = new HashMap<String, > > > > Object>(); > > > > > props.put(WSHandlerConstants.ACTION, > > > WSHandlerConstants.USERNAME_TOKEN); > > > props.put(WSHandlerConstants.PASSWORD_TYPE, > > > WSConstants.PW_DIGEST); > > > props.put(WSHandlerConstants.PW_CALLBACK_CLASS, > > > ServerPasswordCallback.class.getName()); > > > > > > WSS4JInInterceptor wss4jInInterceptor = > > new > > > > WSS4JInInterceptor(props); > > > ValidateUserTokenInterceptor userTokenInterceptor = > > new > > > > ValidateUserTokenInterceptor(Phase.POST_PROTOCOL); > > > > > > message.getInterceptorChain().add(wss4jInInterceptor); > > > //org.apache.cxf.binding.soap.SoapFault: No > > SOAPMessage > > > > DOM was found. Please enable the SAAJInInterceptor. > > > message.getInterceptorChain().add(new > > > SAAJInInterceptor()); > > > message.getInterceptorChain().add(userTokenInterceptor); > > > } > > > > > > UserTokenInterceptor works fine, SAAJInInterceptor is necessary > > > > otherwise > > > > > excepton but now I get an exception on the wss4jInInterceptor: > > > > > > 25.07.2008 13:03:44 > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor > > > > handleMessage > > > WARNUNG: Request does not contain required Security header > > > 25.07.2008 13:03:44 org.apache.cxf.phase.PhaseInterceptorChain > > > > doIntercept > > > > > INFO: Interceptor has thrown exception, unwinding now > > > org.apache.cxf.binding.soap.SoapFault: Request does not contain > > required > > > > Security header. > > > at > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInIn > > >terceptor.java:153) > > > > > at > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInIn > > >terceptor.java:60) > > > > > at > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai > > >n.java:208) > > > > > at > > > org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:429) > > > at > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleRespons > > >e(HTTPConduit.java:1955) > > > > > at > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPCon > > >duit.java:1791) > > > > > at > > org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66) > > > > at > > > org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:575) > > > at > > org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInte > > >rceptor.handleMessage(MessageSenderInterceptor.java:62) > > > > > at > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai > > >n.java:208) > > > > > at > > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:276) > > > > > at > > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:222) > > > > > at > > > org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) > > > at > > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135) > > > > How do I know what is wrong with my SecurityHeader? > > > > > > -Josef > > > > > > > > > > > > > > > Daniel Kulp <[EMAIL PROTECTED]> > > > 23.07.2008 14:42 > > > Bitte antworten an > > > [email protected] > > > > > > > > > An > > > [email protected] > > > Kopie > > > [EMAIL PROTECTED] > > > Thema > > > Re: Antwort: Re: WS-Stack Apache CXF asks for Axis2-Classes > > > > > > On Jul 23, 2008, at 7:24 AM, [EMAIL PROTECTED] wrote: > > >> Hi Kevin, Lin, Daniel, Glen, > > >> > > >> @Daniel: Your VM-Parameters solved this problem. Thank you very much > > >> for > > >> your help. > > > > > > Yea, but it definitely shouldn't have been necessary. > > > > > >> @Glen: Thank you very much for your tipp, we will wait for Geronimo > > >> 2.1.2 > > >> and then we have Apache CXF2.0.6... > > > > > > Actually, CXF 2.0.8. :-) > > > > > >> @All: Now I have two new issues ;-) > > >> 1) The client is written like described in > > >> http://cwiki.apache.org/CXF20DOC/ws-security.html. For the server > > >> part - > > >> because of JavaEE5 - we choose > > http://depressedprogrammer.wordpress.com/2007/07/31/cxf-ws-security-using-j > > >sr-181-interceptor-annotations-xfire-migration/ > > > > >> . > > >> In the first run I added > > >> @InInterceptors > > >> (interceptors={ "de.myapp.WSSecurityInterceptor" }) to > > >> the WS-Implementation-Class and nothing happend. Afterwards I had a > > >> try > > >> with the interface class and added the same > > >> @InInterceptors(interceptors={ "de.myapp.WSSecurityInterceptor" }). > > >> After this changed the class de.myapp.WSSecurityInterceptor was > > >> accessed. > > >> Why do I have to add @... in implementation AND interface? > > > > > > Not sure on that. Feel free to log a CXF bug. It should be > > > possible to just put it on the implementation. The interface should > > > be shareable between clients/servers and having interceptors defined > > > on it that should just be there for the server is not a good thing. > > > > > >> 2) In the handleMessage(Message message) I receive after: > > >> ... > > >> props.put(WSHandlerConstants.PASSWORD_TYPE, > > >> WSConstants.PW_TEXT); > > >> props.put(WSHandlerConstants.PW_CALLBACK_CLASS, > > >> ServerPasswordCallback.class.getName()); > > >> > > >> WSS4JInInterceptor wss4jInHandler = new > > >> WSS4JInInterceptor(props); > > >> ... > > >> > > >> ......................... > > >> > > >> Caused by: com.ctc.wstx.exc.WstxEOFException: Unexpected EOF in > > prolog > > > >> at [row,col {unknown-source}]: [1,0] > > >> at > > >> com.ctc.wstx.sr.StreamScanner.throwUnexpectedEOF(StreamScanner.java: > > >> 661) > > >> at > > >> com.ctc.wstx.sr.BasicStreamReader.handleEOF(BasicStreamReader.java: > > >> 2134) > > >> at > > > > > > With CXF 2.0.2, that stack could result from a BUNCH of things. We > > > actually would get that stack if the server sent back and html error > > > page without setting a 404 or similar. Several things can cause > > > it. If you can tcpdump or wireshark the wire transfers to see what's > > > going on, that would be helpful. Good news is that this changed in > > > 2.0.5 to get a better error message. :-) > > > > > > > > > --- > > > Daniel Kulp > > > [EMAIL PROTECTED] > > > http://www.dankulp.com/blog > > > > > > > > > > > > > > > > > > > > > BGS Beratungsgesellschaft > > > Software Systemplanung AG > > > > > > > > > > > > > > > Niederlassung Rhein/Main > > > Robert-Koch-Straße 41 > > > 55129 Mainz > > > Fon: +49 (0) 6131 / 914-0 > > > Fax: +49 (0) 6131 / 914-400 > > > www.bgs-ag.de > > > Geschäftssitz Mainz > > > Registergericht > > > Amtsgericht Mainz > > > HRB 62 50 > > > > > > Aufsichtsratsvorsitzender > > > Klaus Hellwig > > > Vorstand > > > Hanspeter Gau > > > Hermann Kiefer > > > Nils Manegold -- Daniel Kulp [EMAIL PROTECTED] http://www.dankulp.com/blog
