I'm trying to implement authentication with SSL as a ws-security policy on a service inside of SMX4. So far I've been able to implement SSL and the transport policy, but I've not been able to get the authentication part to work. I've tried to attack this at many different angles but I'm just missing something. I was wondering if you guys can help me. I don't know how it cannot find my callback class since I've exported package in the cxf.bundle config in the pom.
Error response: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";> <soap:Body> <soap:Fault> <faultcode>soap:Client</faultcode> <faultstring>com.mycompany.useraccount.ServerPasswordCallback; nested exception is: java.lang.ClassNotFoundException: com.mycompany.useraccount.ServerPasswordCallback</faultstring> </soap:Fault> </soap:Body> </soap:Envelope> Client request: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:typ="http://www.mycompany.com/UserAccount/types";> <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing";> <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";> <wsu:Timestamp wsu:Id="Timestamp-14" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> <wsu:Created>2010-06-01T19:55:10.984Z</wsu:Created> <wsu:Expires>2010-06-01T19:56:10.984Z</wsu:Expires> </wsu:Timestamp> <wsse:UsernameToken wsu:Id="UsernameToken-13" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> <wsse:Username>joe</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>joespassword</wsse:Password> <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";>o6HCEhy9dHH6zkBhdp/FLw==</wsse:Nonce> <wsu:Created>2010-06-01T19:55:03.718Z</wsu:Created> </wsse:UsernameToken> </wsse:Security> <wsa:Action>http://www.mycompany.com/UserAccount/UserAccountPortType/ApproveDenyAccountRequest</wsa:Action> </soapenv:Header> <soapenv:Body> <typ:ApproveDenyUserRequest> <typ:pendingId>13</typ:pendingId> <typ:approval>1</typ:approval> </typ:ApproveDenyUserRequest> </soapenv:Body> </soapenv:Envelope> Servicemix log: 15:55:16,812 | WARN | 7...@qtp-31267377-2 | WSS4JInInterceptor | ecurity.wss4j.WSS4JInInterceptor 255 | org.apache.ws.security.WSSecurityException: com.mycompany.useraccount.ServerPasswordCallback; nested exception is: java.lang.ClassNotFoundException: com.mycompany.useraccount.ServerPasswordCallback at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.getCallback(WSS4JInInterceptor.java:477) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:195) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:78) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243) at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:109) at org.apache.servicemix.cxfbc.CxfBcConsumer$JbiChainInitiationObserver.onMessage(CxfBcConsumer.java:678) at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:312) at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:276) at org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:70) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230) at org.mortbay.jetty.handler.HandlerList.handle(HandlerList.java:49) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:938) at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:755) at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:218) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228) at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:680) at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582) Caused by: java.lang.ClassNotFoundException: com.mycompany.useraccount.ServerPasswordCallback at org.eclipse.osgi.internal.loader.BundleLoader.findClassInternal(BundleLoader.java:494) at org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:410) at org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:398) at org.eclipse.osgi.internal.baseadaptor.DefaultClassLoader.loadClass(DefaultClassLoader.java:105) at java.lang.ClassLoader.loadClass(ClassLoader.java:252) at org.apache.cxf.common.classloader.ClassLoaderUtils.loadClass2(ClassLoaderUtils.java:236) at org.apache.cxf.common.classloader.ClassLoaderUtils.loadClass(ClassLoaderUtils.java:222) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.getCallback(WSS4JInInterceptor.java:475) ... 21 more 15:55:16,812 | WARN | 7...@qtp-31267377-2 | PhaseInterceptorChain | ache.cxf.common.logging.LogUtils 361 | Interceptor for {http://www.mycompany.com/UserAccount}UserAccountService has thrown exception, unwinding now org.apache.cxf.binding.soap.SoapFault: com.mycompany.useraccount.ServerPasswordCallback; nested exception is: java.lang.ClassNotFoundException: com.mycompany.useraccount.ServerPasswordCallback at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:583) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:256) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:78) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243) at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:109) at org.apache.servicemix.cxfbc.CxfBcConsumer$JbiChainInitiationObserver.onMessage(CxfBcConsumer.java:678) at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:312) at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:276) at org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:70) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230) at org.mortbay.jetty.handler.HandlerList.handle(HandlerList.java:49) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:938) at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:755) at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:218) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228) at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:680) at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582) Caused by: org.apache.ws.security.WSSecurityException: com.mycompany.useraccount.ServerPasswordCallback; nested exception is: java.lang.ClassNotFoundException: com.mycompany.useraccount.ServerPasswordCallback at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.getCallback(WSS4JInInterceptor.java:477) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:195) ... 20 more Caused by: java.lang.ClassNotFoundException: com.mycompany.useraccount.ServerPasswordCallback at org.eclipse.osgi.internal.loader.BundleLoader.findClassInternal(BundleLoader.java:494) at org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:410) at org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:398) at org.eclipse.osgi.internal.baseadaptor.DefaultClassLoader.loadClass(DefaultClassLoader.java:105) at java.lang.ClassLoader.loadClass(ClassLoader.java:252) at org.apache.cxf.common.classloader.ClassLoaderUtils.loadClass2(ClassLoaderUtils.java:236) at org.apache.cxf.common.classloader.ClassLoaderUtils.loadClass(ClassLoaderUtils.java:222) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.getCallback(WSS4JInInterceptor.java:475) ... 21 more xbeans.xml: <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:cxfbc="http://servicemix.apache.org/cxfbc/1.0"; xmlns:nwec="http://www.mycompany.com/UserAccount"; xmlns:util="http://www.springframework.org/schema/util"; xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"; xmlns:http="http://cxf.apache.org/transports/http/configuration"; xmlns:sec="http://cxf.apache.org/configuration/security"; xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd http://servicemix.apache.org/cxfbc/1.0 http://repo2.maven.org/maven2/org/apache/servicemix/servicemix-cxf-bc/2010.01/servicemix-cxf-bc-2010.01.xsd http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd"; > <import resource="classpath:META-INF/cxf/cxf.xml" /> <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" /> <import resource="classpath:META-INF/cxf/cxf-extension-http.xml" /> <import resource="classpath:META-INF/cxf/osgi/cxf-extension-osgi.xml" /> <import resource="classpath:META-INF/cxf/cxf-extension-policy.xml" /> <import resource="classpath:META-INF/cxf/cxf-extension-ws-security.xml" /> <cxfbc:consumer wsdl="classpath:wsdl/UserAccount.wsdl" targetService="nwec:UserAccountService" targetEndpoint="endpoint" useJBIWrapper="false" useSOAPEnvelope="false" properties="#properties" locationURI="https://localhost:9001/useraccount";> </cxfbc:consumer> <util:map id="properties"> <entry value="com.mycompany.useraccount.ServerPasswordCallback"> <key> <util:constant static-field="org.apache.cxf.ws.security.SecurityConstants.CALLBACK_HANDLER" /> </key> </entry> </util:map> <httpj:engine-factory bus="cxf"> <httpj:engine port="9001"> <httpj:tlsServerParameters> <sec:keyManagers keyPassword="password"> <sec:keyStore type="JKS" password="password" resource="certs/cherry.jks" /> </sec:keyManagers> <sec:cipherSuitesFilter> <sec:include>.*_WITH_3DES_.*</sec:include> <sec:include>.*_WITH_DES_.*</sec:include> <sec:exclude>.*_WITH_NULL_.*</sec:exclude> <sec:exclude>.*_DH_anon_.*</sec:exclude> </sec:cipherSuitesFilter> <sec:clientAuthentication want="false" required="false" /> </httpj:tlsServerParameters> </httpj:engine> </httpj:engine-factory> <bean id="cxf" class="org.apache.cxf.bus.CXFBusImpl" /> <bean class="org.apache.servicemix.common.osgi.EndpointExporter" /> </beans> wsdl: <?xml version="1.0" encoding="UTF-8"?> <wsdl:definitions xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"; xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"; xmlns:http="http://schemas.xmlsoap.org/wsdl/http/"; xmlns:xs="http://www.w3.org/2001/XMLSchema"; xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"; xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:tns="http://www.mycompany.com/UserAccount"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:fi="http://java.sun.com/xml/ns/wsit/2006/09/policy/fastinfoset/service"; xmlns:tcp="http://java.sun.com/xml/ns/wsit/2006/09/policy/soaptcp/service"; xmlns:sc="http://schemas.sun.com/2006/03/wss/server"; xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy"; xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust"; xmlns:wsaw="http://www.w3.org/2005/08/addressing"; xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"; xmlns:tc="http://schemas.sun.com/ws/2006/05/trust/server"; xmlns:ns="http://www.mycompany.com/UserAccount/types"; targetNamespace="http://www.mycompany.com/UserAccount";> <wsdl:types> ... </wsdl:types> ... <wsdl:portType name="UserAccountPortType"> ... </wsdl:portType> <wsdl:binding name="UserAccountBinding" type="tns:UserAccountPortType"> <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"; /> <wsp:PolicyReference URI="#UserAccountBindingPolicy" /> ... </wsdl:binding> <wsdl:service name="UserAccountService"> <wsdl:port name="UserAccountPort" binding="tns:UserAccountBinding"> <soap:address location="https://localhost:9001/useraccount"; /> </wsdl:port> </wsdl:service> <wsp:Policy wsu:Id="UserAccountBindingPolicy"> <wsp:ExactlyOne> <wsp:All> <wsaw:UsingAddressing xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"; wsp:Optional="true" /> <sp:TransportBinding> <wsp:Policy> <sp:TransportToken> <wsp:Policy> <sp:HttpsToken RequireClientCertificate="false"/> </wsp:Policy> </sp:TransportToken> <sp:Layout> <wsp:Policy> <sp:Lax/> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp/> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic128/> </wsp:Policy> </sp:AlgorithmSuite> </wsp:Policy> </sp:TransportBinding> <sp:SupportingTokens> <wsp:Policy> <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";> <wsp:Policy> <sp:WssUsernameToken10 /> </wsp:Policy> </sp:UsernameToken> </wsp:Policy> </sp:SupportingTokens> <sp:Wss11 /> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> </wsdl:definitions> pom: <?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd";> <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --> <modelVersion>4.0.0</modelVersion> <groupId>com.mycompany</groupId> <artifactId>useraccount-bc</artifactId> <packaging>bundle</packaging> <name>User Account BC</name> <version>0.0.1-SNAPSHOT</version> <url>http://www.mycompany.com</url> <repositories> <repository> <id>open.iona.m2</id> <name>IONA Open Source Community Release Repository</name> <url>http://repo.open.iona.com/maven2</url> <snapshots> <enabled>false</enabled> </snapshots> <releases> <enabled>true</enabled> </releases> </repository> <repository> <id>open.iona.m2-snapshot</id> <name>IONA Open Source Community Snapshot Repository</name> <url>http://repo.open.iona.com/maven2-snapshot</url> <snapshots> <enabled>true</enabled> </snapshots> <releases> <enabled>false</enabled> </releases> </repository> </repositories> <pluginRepositories> <pluginRepository> <id>open.iona.m2</id> <name>IONA Open Source Community Release Repository</name> <url>http://repo.open.iona.com/maven2</url> <snapshots> <enabled>false</enabled> </snapshots> <releases> <enabled>true</enabled> </releases> </pluginRepository> <pluginRepository> <id>open.iona.m2-snapshot</id> <name>IONA Open Source Community Snapshot Repository</name> <url>http://repo.open.iona.com/maven2-snapshot</url> <snapshots> <enabled>true</enabled> </snapshots> <releases> <enabled>false</enabled> </releases> </pluginRepository> </pluginRepositories> <dependencies> <dependency> <groupId>org.apache.geronimo.specs</groupId> <artifactId>geronimo-ws-metadata_2.0_spec</artifactId> <version>1.1.2</version> </dependency> <dependency> <groupId>javax.xml.bind</groupId> <artifactId>jaxb-api</artifactId> <version>2.1</version> </dependency> <dependency> <groupId>javax.xml.ws</groupId> <artifactId>jaxws-api</artifactId> <version>2.1</version> </dependency> <dependency> <groupId>org.apache.cxf</groupId> <artifactId>cxf-rt-ws-security</artifactId> <version>${cxf.version}</version> </dependency> <dependency> <groupId>org.apache.cxf</groupId> <artifactId>cxf-rt-ws-policy</artifactId> <version>${cxf.version}</version> </dependency> </dependencies> <build> <defaultGoal>install</defaultGoal> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <configuration> <source>1.5</source> <target>1.5</target> </configuration> </plugin> <plugin> <groupId>org.apache.felix</groupId> <artifactId>maven-bundle-plugin</artifactId> <extensions>true</extensions> <configuration> <instructions> <Bundle-SymbolicName>${pom.artifactId}</Bundle-SymbolicName> <Import-Package> *, javax.jws, javax.wsdl, javax.xml.bind, javax.xml.bind.annotation, javax.xml.namespace, javax.xml.ws, META-INF.cxf, META-INF.cxf.osgi, org.apache.cxf.bus, org.apache.cxf.bus.spring, org.apache.cxf.bus.resource, org.apache.cxf.configuration.spring, org.apache.cxf.resource, org.apache.cxf.jaxws, org.apache.cxf.ws.security.wss4j, org.apache.servicemix.common.osgi, org.apache.servicemix.cxf.transport.http_osgi, org.apache.servicemix.cxfbc, org.springframework.beans.factory.config, javax.security.auth.callback, org.apache.ws.security </Import-Package> <Export-Package> com.mycompany.useraccount </Export-Package> <Private-Package> com.mycompany.useraccount </Private-Package> <!-- Update Private Package tag with appropriate package name --> <Require-Bundle>org.apache.cxf.bundle</Require-Bundle> </instructions> </configuration> </plugin> </plugins> </build> <properties> <cxf.version>2.2.6</cxf.version> </properties> </project> -- View this message in context: http://old.nabble.com/cxf-bc-ws-security-callback-classnotfoundexception-tp28747501p28747501.html Sent from the ServiceMix - User mailing list archive at Nabble.com.
