Hello: For you information , I could solve this issue . I was talking about this in Tomcat mail list and we found 2 solutions:
a) upgrading to Tomcat 7.0.41 b) setting -Dorg.apache.catalina.loader.WebappClassLoader.ENABLE_CLEAR_REFERENCES=false in Tomcat 6.x But I couldn't find the root cause for memory leak I don't understand why the log reference in DOMReference.java is setted to null by Tomcat I use sl4j + logback + jcl-over-slf4j . I tried to upgrade to the lastest release of this libraries , but it fails again Regards 2013/6/18 Jose María Zaragoza <[email protected]> > > Hello: > > I've crossposted this email to WSS4J mailist, but I know a lot of CXF > users use WSS4J for WS-Security implementation, so I hope someone can help > me. > > > I'm using WSS4J with Apache CXF 2.7.3, for signing SOAP messages > So, I'm using WSS4J 1.6.9 > > These SOAP messages are sent by my WAR application to a remote webservice > > When I redeploy my WAR into Tomcat server *without restart it* , I always > get the next exception: > > Caused by: org.apache.ws.security.WSSecurityException: Error during > Signature: > at > org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:105) > ~[wss4j-1.6.9.jar:1.6.9] > at > org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:230) > ~[wss4j-1.6.9.jar:1.6.9] > at > org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52) > ~[cxf-rt-ws-security-2.7.3.jar:2.7.3] > at > org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:260) > ~[cxf-rt-ws-security-2.7.3.jar:2.7.3] > at > org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:136) > ~[cxf-rt-ws-security-2.7.3.jar:2.7.3] > at > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271) > [cxf-api-2.7.3.jar:2.7.3] > at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530) > ~[cxf-api-2.7.3.jar:2.7.3] > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463) > ~[cxf-api-2.7.3.jar:2.7.3] > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366) > ~[cxf-api-2.7.3.jar:2.7.3] > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319) > ~[cxf-api-2.7.3.jar:2.7.3] > at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) > ~[cxf-rt-frontend-simple-2.7.3.jar:2.7.3] > at > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:133) > ~[cxf-rt-frontend-jaxws-2.7.3.jar:2.7.3] > ... 41 common frames omitted > Caused by: org.apache.ws.security.WSSecurityException: Signature creation > failed > at > org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:558) > ~[wss4j-1.6.9.jar:1.6.9] > at > org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:99) > ~[wss4j-1.6.9.jar:1.6.9] > ... 52 common frames omitted > Caused by: java.lang.NullPointerException: null > at > org.apache.jcp.xml.dsig.internal.dom.DOMReference.marshal(DOMReference.java:297) > ~[xmlsec-1.5.3.jar:1.5.3] > at > org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo.marshal(DOMSignedInfo.java:268) > ~[xmlsec-1.5.3.jar:1.5.3] > at > org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.marshal(DOMXMLSignature.java:216) > ~[xmlsec-1.5.3.jar:1.5.3] > at > org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:329) > ~[xmlsec-1.5.3.jar:1.5.3] > at > org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:553) > ~[wss4j-1.6.9.jar:1.6.9] > ... 53 common frames omitted > > > Any idea ? > I've to restart Tomcat server and all works fine again > Looks like a leak > > When fails, if I enable debug logging level, I don't see the the log > message in DOMReference.java , line 297 > > if (log.isDebugEnabled()) > { > log.debug("Marshalling Reference"); > > } > > When I restart Tomcat, this log message is shown > > My CXF client configuration is > > <http-conf:conduit name="https://.*";> > <http-conf:tlsClientParameters> > <sec:trustManagers> > <sec:keyStore type="JKS" password="xxx" > resource="truststore.jks"/> > </sec:trustManagers> > </http-conf:tlsClientParameters> > <http-conf:client ConnectionTimeout="5000" ReceiveTimeout="10000" /> > </http-conf:conduit> > > <jaxws:outInterceptors> > <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"> > <constructor-arg> > <map> > <entry key="action" value="Signature"/> > <entry key="user" value="xxx"/> > <entry key="signatureUser" value="xxxx"/> > <entry key="passwordCallbackClass" > value="com.test.KeystorePasswordCallback"/> > <entry key="signaturePropFile" > value="keystore.properties"/> > <entry key="signatureKeyIdentifier" > value="DirectReference"/> > <entry key="signatureAlgorithm" value=" > http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> > <entry key="sigCanonicalization" value=" > http://www.w3.org/2001/10/xml-exc-c14n#"/> > <entry key="signatureDigestAlgorithm" value=" > http://www.w3.org/2000/09/xmldsig#sha1"/> > </map> > </constructor-arg> > </bean> > </jaxws:outInterceptors> > > </jaxws:client> >
