Hi, My comment inline. On 2010-6-14, at 上午10:27, nbdy wrote:
Hi,Just to be sure I installed a brand new servicemix4.2 like the one you were using and followed your steps for running the testcase, inorder to recreate your stack trace but was unsuccessful. I'm still getting the classnotfound exception. I'm just not sure why we're getting different things, I've seensmx4.x do weird things before but this is just weird. Anyways here's my stacktrace now:22:10:41,085 | WARN | 1...@qtp-24363946-0 | WSS4JInInterceptor |ecurity.wss4j.WSS4JInInterceptor 308 | org.apache.ws.security.WSSecurityException: com.mycompany.ServerPasswordCallback; nested exception is:java.lang.ClassNotFoundException: com.mycompany.ServerPasswordCallbackatorg .apache .cxf .ws .security .wss4j.WSS4JInInterceptor.getCallback(WSS4JInInterceptor.java:457)atorg .apache .cxf .ws .security .wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:186)atorg .apache .cxf .ws .security .wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:78)atorg .apache .cxf .phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java: 243)atorg .apache .cxf .transport .ChainInitiationObserver.onMessage(ChainInitiationObserver.java:109)atorg.apache.servicemix.cxfbc.CxfBcConsumer $JbiChainInitiationObserver.onMessage(CxfBcConsumer.java:678)atorg .apache .cxf .transport .http_jetty .JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:312)atorg .apache .cxf .transport .http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java: 276)atorg .apache .cxf .transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java: 70) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java: 765)atorg .mortbay .jetty .handler .ContextHandlerCollection.handle(ContextHandlerCollection.java:230)at org.mortbay.jetty.handler.HandlerList.handle(HandlerList.java:49)at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java: 152)at org.mortbay.jetty.Server.handle(Server.java:326)at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java: 542)atorg.mortbay.jetty.HttpConnection $RequestHandler.content(HttpConnection.java:938)at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:755) at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) atorg.mortbay.jetty.bio.SocketConnector $Connection.run(SocketConnector.java:228)atorg.mortbay.jetty.security.SslSocketConnector $SslConnection.run(SslSocketConnector.java:680)atorg.mortbay.thread.QueuedThreadPool $PoolThread.run(QueuedThreadPool.java:582)Caused by: java.lang.ClassNotFoundException: com.mycompany.ServerPasswordCallback atorg .apache .felix .framework .ModuleImpl.findClassOrResourceByDelegation(ModuleImpl.java:814) at org.apache.felix.framework.ModuleImpl.access$100(ModuleImpl.java: 61)atorg.apache.felix.framework.ModuleImpl $ModuleClassLoader.loadClass(ModuleImpl.java:1733)at java.lang.ClassLoader.loadClass(ClassLoader.java:248) atorg .apache .cxf .common .classloader.ClassLoaderUtils.loadClass2(ClassLoaderUtils.java:236)atorg .apache .cxf .common.classloader.ClassLoaderUtils.loadClass(ClassLoaderUtils.java: 222)atorg .apache .cxf .ws .security .wss4j.WSS4JInInterceptor.getCallback(WSS4JInInterceptor.java:455)... 21 more22:10:41,085 | WARN | 1...@qtp-24363946-0 | PhaseInterceptorChain |ache.cxf.common.logging.LogUtils 361 | Interceptor for{http://www.mycompany.com/ws-sec-proto}PersonService has thrown exception,unwinding noworg.apache.cxf.binding.soap.SoapFault: com.mycompany.ServerPasswordCallback;nested exception is:java.lang.ClassNotFoundException: com.mycompany.ServerPasswordCallbackatorg .apache .cxf .ws .security .wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:563)atorg .apache .cxf .ws .security .wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:309)atorg .apache .cxf .ws .security .wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:78)atorg .apache .cxf .phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java: 243)atorg .apache .cxf .transport .ChainInitiationObserver.onMessage(ChainInitiationObserver.java:109)atorg.apache.servicemix.cxfbc.CxfBcConsumer $JbiChainInitiationObserver.onMessage(CxfBcConsumer.java:678)atorg .apache .cxf .transport .http_jetty .JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:312)atorg .apache .cxf .transport .http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java: 276)atorg .apache .cxf .transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java: 70) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java: 765)atorg .mortbay .jetty .handler .ContextHandlerCollection.handle(ContextHandlerCollection.java:230)at org.mortbay.jetty.handler.HandlerList.handle(HandlerList.java:49)at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java: 152)at org.mortbay.jetty.Server.handle(Server.java:326)at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java: 542)atorg.mortbay.jetty.HttpConnection $RequestHandler.content(HttpConnection.java:938)at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:755) at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) atorg.mortbay.jetty.bio.SocketConnector $Connection.run(SocketConnector.java:228)atorg.mortbay.jetty.security.SslSocketConnector $SslConnection.run(SslSocketConnector.java:680)atorg.mortbay.thread.QueuedThreadPool $PoolThread.run(QueuedThreadPool.java:582)Caused by: org.apache.ws.security.WSSecurityException: com.mycompany.ServerPasswordCallback; nested exception is:java.lang.ClassNotFoundException: com.mycompany.ServerPasswordCallbackatorg .apache .cxf .ws .security .wss4j.WSS4JInInterceptor.getCallback(WSS4JInInterceptor.java:457)atorg .apache .cxf .ws .security .wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:186)... 20 more Caused by: java.lang.ClassNotFoundException: com.mycompany.ServerPasswordCallback atorg .apache .felix .framework .ModuleImpl.findClassOrResourceByDelegation(ModuleImpl.java:814) at org.apache.felix.framework.ModuleImpl.access$100(ModuleImpl.java: 61)atorg.apache.felix.framework.ModuleImpl $ModuleClassLoader.loadClass(ModuleImpl.java:1733)at java.lang.ClassLoader.loadClass(ClassLoader.java:248) atorg .apache .cxf .common .classloader.ClassLoaderUtils.loadClass2(ClassLoaderUtils.java:236)atorg .apache .cxf .common.classloader.ClassLoaderUtils.loadClass(ClassLoaderUtils.java: 222)atorg .apache .cxf .ws .security .wss4j.WSS4JInInterceptor.getCallback(WSS4JInInterceptor.java:455)... 21 more Looking at your stacktrace it seems like your smx does not like my sslconfig at all. Maybe it is having trouble reading the keystore. Are yourunning this under a *nix OS, if so then could you check the keystore,ws-sec-test/ws-sec-bc/src/main/resources/certs/cherry.jks has the extrawindows RL char?
A quick question, how you run the client in your testcase(exactly same as I do)?
I'm on MacOS, but the exception I saw is caused by client side(sth like can't find keystore on client side, so the message sent out from client is incorrect), smx not get involved at all at this moment from my side.
Freeman
Vinh Freeman Fang wrote:Hi, My comment inline. On 2010-6-12, at 上午6:06, nbdy wrote:Hi Freeman, I've refractored my code to follow the wsdl-first-osgi example for smx4.2 and I'm still getting the same error. Although, my stack trace now is a little different from what I had originally. For the life of me, I tried to recreate the same stack trace but it wouldn't work. I've include a client in there also so you don't have to use SOAPUI. http://old.nabble.com/file/p28860520/ws-sec-test.zip ws-sec-test.zipWhat's the stack trace you get now? I play with your testcase but I get exception has nothing to do with classnotfoundexception.I will explain step by step what I do and what I see with your testcase.1. I'm run with Apache Servicemix 4.2 2. I unzip your testcase ws-sec-test.zip and cd ws-sec-test folder "mvn install" successfully 3. copy ws-sec-bc/target/ws-sec-bc-0.0.1.jar and ws-sec-se/target/ws- sec-se-0.0.1.jar to $SMX4.2/deploy folder (no error) 4. cd client, I'm not sure how you run the client, as for me I can't run client with maven, so I change pom.xml a bit, add sth like <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>exec-maven-plugin</artifactId> <configuration> <mainClass>com.mycompany.ws_sec_proto.Person_Soap_Client</mainClass> <includePluginDependencies>false</ includePluginDependencies> </configuration> </plugin> then "mvn compile exec:java". I get exception WARNING: Interceptor for {http://www.mycompany.com/ws-sec- proto}PersonService#{http://www.mycompany.com/ws-sec-proto}GetPerson has thrown exception, unwinding now org.apache.cxf.interceptor.Fault: Could not send Message. at org.apache.cxf.interceptor.MessageSenderInterceptor $ MessageSenderEndingInterceptor .handleMessage(MessageSenderInterceptor.java:64) at org .apache .cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java: 243)at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:487) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java: 73) at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124) at $Proxy38.getPerson(Unknown Source) at com .mycompany .ws_sec_proto.Person_Soap_Client.main(Person_Soap_Client.java:59) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect .NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun .reflect.DelegatingMethodAccessorImpl .invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.codehaus.mojo.exec.ExecJavaMojo$1.run(ExecJavaMojo.java:283) at java.lang.Thread.run(Thread.java:637) Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://localhost:9001/PersonService/: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun .reflect .NativeConstructorAccessorImpl .newInstance(NativeConstructorAccessorImpl.java:39) at sun .reflect .DelegatingConstructorAccessorImpl .newInstance(DelegatingConstructorAccessorImpl.java:27) at java.lang.reflect.Constructor.newInstance(Constructor.java:513) at org.apache.cxf.transport.http.HTTPConduit $WrappedOutputStream.mapException(HTTPConduit.java:2058) at org.apache.cxf.transport.http.HTTPConduit $WrappedOutputStream.close(HTTPConduit.java:2043) atorg.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java: 66)at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java: 639) at org.apache.cxf.interceptor.MessageSenderInterceptor $ MessageSenderEndingInterceptor .handleMessage(MessageSenderInterceptor.java:62) ... 14 more Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetat com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java: 174)at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java: 1611)at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java: 187) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java: 181)at com .sun .net .ssl.internal .ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035) at com .sun .net .ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java: 124)atcom.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java: 516)atcom .sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454) at com.sun .net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884) at com .sun .net .ssl.internal .ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112) at com .sun.net .ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139) at com .sun.net .ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java: 418) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect (AbstractDelegateHttpsURLConnection.java:166) at sun .net .www .protocol .http.HttpURLConnection.getOutputStream(HttpURLConnection.java:896) at sun .net .www .protocol .https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java: 230)at org.apache.cxf.transport.http.HTTPConduit $WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1955) at org.apache.cxf.transport.http.HTTPConduit $WrappedOutputStream.onFirstWrite(HTTPConduit.java:1907) at org .apache .cxf.io .AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:42) at org .apache .cxf .io .AbstractThresholdOutputStream .write(AbstractThresholdOutputStream.java:69) at org.apache.cxf.transport.http.HTTPConduit $WrappedOutputStream.close(HTTPConduit.java:1974) ... 17 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetat sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java: 285)atsun .security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191) at sun.security.validator.Validator.validate(Validator.java:218) at com .sun .net .ssl.internal .ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126) at com .sun .net .ssl .internal.ssl .X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209) at com .sun .net .ssl .internal.ssl .X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249) at com .sun .net .ssl.internal .ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014) ... 33 moreCaused by: sun.security.provider.certpath.SunCertPathBuilderException:unable to find valid certification path to requested target at sun .security .provider .certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)at java.security.cert.CertPathBuilder.build(CertPathBuilder.java: 238) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java: 280)... 39 more At the same time, in servicemix.log, I get exception like 10:42:19,136 | WARN | @qtp-818227128-0 | jetty | service.jetty.internal.JCLLogger 115 | EXCEPTION javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknownat com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java: 174) at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java: 136)at com .sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java: 1682) at com.sun .net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:932) at com .sun .net .ssl.internal .ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112) at com .sun.net .ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139) at com .sun.net .ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123) at org.mortbay.jetty.security.SslSocketConnector $SslConnection.run(SslSocketConnector.java:675) at org.mortbay.thread.QueuedThreadPool $PoolThread.run(QueuedThreadPool.java:582) My question is 1. This is the same exception you get? 2. Do I miss something, do I run the client same way as you do? From this exception, IMHO it's something incorrect(maybe configuration only) for you standalone cxf client side(unable to find valid certification path). As our original problem is Clallbackhandler CNFE, so I'm not sure if we saw same exception, so I give details what I've done, I just need ensure we are doing same thing, could you clarify? FreemanI'm starting to think this is a bug or something because I've tried everything and nothing will work and it should be relatively simple. Much appreciated, Vinh Freeman Fang wrote:Well, several issues I can point now 1. what servicemix version you are using? Your bc and se pom.xml importorg.apache.servicemix.cxf.transport.http_osgi, which indicate you'reusing very old servicemix version, as now http_osgi transport code move to cxf codebase, and the package should be org.apache.cxf.transport.http_osgi. Moreover, you don't need this package at all as you are use JBI endpoint which will use http transport underlying. I strongly recommend you use the latest released smx4.2. 2. your beans.xml for bc and se isn't correct. You are using OSGi package for JBI endpoint, we have a cxf-wsdl-first-osgi-packageexample shipped with kit which is exactly same as your scenario, youneed take a look at it, especially how the pom.xml(Import-Package,Export-Package) and beans.xml looks like. Be careful for the <importresource="">, I don't think it's always necessary for your case. 3. You testcase is lack of the client side which send out soapmessage, I don't want to assume it myself as I need ensure what I dohere is exactly same as what you've done.4. Could you provide a clean testcase for me which just reproduce thecallbackhandler class can't found error? If the testcase isn't sostraightforward, I need a step by step instruction which tell me how to reproduce the exact error. For the current testcase I can't simplydeploy it, after change several part I can deploy but get different error like javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? at com .sun .net .ssl.internal.ssl.InputRecord.handleUnknownRecord(InputRecord.java: 523) at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java: 355) at com .sun .net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java: 789) at com .sun .net .ssl .internal .ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java: 1112) at com .sun .net .ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java: 1139) at com .sun .net .ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java: 1123) at org.mortbay.jetty.security.SslSocketConnector $SslConnection.run(SslSocketConnector.java:675) at org.mortbay.thread.QueuedThreadPool $PoolThread.run(QueuedThreadPool.java:582) I don't want assume what you do and change your testcase myself, I need ensure we are doing same thing. The simpler testcase which exactly reproduce the problem you described, the quicker you get help.Could you refactor your testcase based on cxf-wsdl-first-osgi- packageagainst SMX4.2, if you follow my instruction but the problem still exist. :-) Freeman On 2010-6-4, at 上午2:54, nbdy wrote:Hi, I was trying to make a clean project for you to play with but Iran out of time. So here's our original project with the SE and BC. http://old.nabble.com/file/p28771556/useracctService.zip useracctService.zip I had to replace the CXF-BC in my servicemix 4 w/ http://repo2.maven.org/maven2/org/apache/servicemix/servicemix-cxf-bc/2010.01/servicemix-cxf-bc-2010.01.jar servicemix-cxf-bc-2010.01.jarw/ a hack by replace the cxf-bc in the lib dir. Couldn't figure outhow to get servicemix to get a different version of a packaged bundle. Thanks, Vinh Freeman Fang wrote:Hi, Not exactly sure what happened now. Actually we have a cxf-ws- security-osgi example shipped with kit and use callback handler class, thisclass can be found. Could you append your project(the one I can build and modify, not onlythe binary bundle jar), as well as your client which send out soaprequest? I'd like to play with it when I get chance. Freeman On 2010-6-2, at 下午9:06, nbdy wrote:Hi, yes I've had with the export package only, private-package only, and both export and private package. They all resulted the same error. Vinh Freeman Fang wrote:Hi, How about you remove <Private-Package> com.mycompany.useraccount </Private-Package> from your pom? Freeman On 2010-6-2, at 上午5:08, nbdy wrote:I'm trying to implement authentication with SSL as a ws- securitypolicy on a service inside of SMX4. So far I've been able to implement SSL and the transport policy, but I've not been able to get the authentication part towork. I've tried to attack this at many different angles but I'mjust missing something. I was wondering if you guys can help me. I don't know howit cannot find my callback class since I've exported package inthe cxf.bundle config in the pom. Error response: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/ envelope/"> <soap:Body> <soap:Fault> <faultcode>soap:Client</faultcode> <faultstring>com.mycompany.useraccount.ServerPasswordCallback; nested exception is: java.lang.ClassNotFoundException: com.mycompany.useraccount.ServerPasswordCallback</faultstring> </soap:Fault> </soap:Body> </soap:Envelope> Client request: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/ " xmlns:typ="http://www.mycompany.com/UserAccount/types";> <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/ addressing"> <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd "> <wsu:Timestamp wsu:Id="Timestamp-14" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd "> <wsu:Created>2010-06-01T19:55:10.984Z</wsu:Created> <wsu:Expires>2010-06-01T19:56:10.984Z</wsu:Expires> </wsu:Timestamp> <wsse:UsernameToken wsu:Id="UsernameToken-13" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd "> <wsse:Username>joe</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText ">joespassword</wsse:Password> <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary ">o6HCEhy9dHH6zkBhdp/FLw==</wsse:Nonce> <wsu:Created>2010-06-01T19:55:03.718Z</wsu:Created> </wsse:UsernameToken> </wsse:Security> <wsa:Action>http://www.mycompany.com/UserAccount/UserAccountPortType/ApproveDenyAccountRequest </wsa:Action> </soapenv:Header> <soapenv:Body> <typ:ApproveDenyUserRequest> <typ:pendingId>13</typ:pendingId> <typ:approval>1</typ:approval> </typ:ApproveDenyUserRequest> </soapenv:Body> </soapenv:Envelope> Servicemix log: 15:55:16,812 | WARN | 7...@qtp-31267377-2 | WSS4JInInterceptor | ecurity.wss4j.WSS4JInInterceptor 255 | org.apache.ws.security.WSSecurityException: com.mycompany.useraccount.ServerPasswordCallback; nested exception is: java.lang.ClassNotFoundException: com.mycompany.useraccount.ServerPasswordCallback at org .apache .cxf .ws .security .wss4j.WSS4JInInterceptor.getCallback(WSS4JInInterceptor.java: 477) at org .apache .cxf .ws .security.wss4j .WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:195) at org .apache .cxf .ws .security.wss4j .WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:78) at org .apache .cxf .phase .PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java: 243) at org .apache .cxf .transport.ChainInitiationObserver .onMessage(ChainInitiationObserver.java:109) at org.apache.servicemix.cxfbc.CxfBcConsumer $JbiChainInitiationObserver.onMessage(CxfBcConsumer.java:678) at org .apache .cxf .transport .http_jetty.JettyHTTPDestination .serviceRequest(JettyHTTPDestination.java:312) at org .apache .cxf .transport .http_jetty .JettyHTTPDestination.doService(JettyHTTPDestination.java: 276) at org .apache .cxf .transport .http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java: 70) at org .mortbay .jetty.handler.ContextHandler.handle(ContextHandler.java: 765) at org .mortbay .jetty .handler.ContextHandlerCollection .handle(ContextHandlerCollection.java:230) at org.mortbay.jetty.handler.HandlerList.handle(HandlerList.java: 49) at org .mortbay .jetty.handler.HandlerWrapper.handle(HandlerWrapper.java: 152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay .jetty.HttpConnection.handleRequest(HttpConnection.java:542) at org.mortbay.jetty.HttpConnection $RequestHandler.content(HttpConnection.java:938) at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:755)at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:218)at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at org.mortbay.jetty.bio.SocketConnector $Connection.run(SocketConnector.java:228) at org.mortbay.jetty.security.SslSocketConnector $SslConnection.run(SslSocketConnector.java:680) at org.mortbay.thread.QueuedThreadPool $PoolThread.run(QueuedThreadPool.java:582) Caused by: java.lang.ClassNotFoundException: com.mycompany.useraccount.ServerPasswordCallback at org .eclipse .osgi .internal .loader.BundleLoader.findClassInternal(BundleLoader.java: 494) at org .eclipse.osgi .internal.loader.BundleLoader.findClass(BundleLoader.java:410) at org .eclipse.osgi .internal.loader.BundleLoader.findClass(BundleLoader.java:398) at org .eclipse .osgi .internal .baseadaptor .DefaultClassLoader.loadClass(DefaultClassLoader.java: 105) at java.lang.ClassLoader.loadClass(ClassLoader.java:252) at org .apache .cxf .common.classloader .ClassLoaderUtils.loadClass2(ClassLoaderUtils.java:236) at org .apache .cxf .common .classloader.ClassLoaderUtils.loadClass(ClassLoaderUtils.java: 222) at org .apache .cxf .ws .security .wss4j.WSS4JInInterceptor.getCallback(WSS4JInInterceptor.java: 475) ... 21 more15:55:16,812 | WARN | 7...@qtp-31267377-2 | PhaseInterceptorChain |ache.cxf.common.logging.LogUtils 361 | Interceptor for {http://www.mycompany.com/UserAccount}UserAccountService has thrown exception, unwinding now org.apache.cxf.binding.soap.SoapFault: com.mycompany.useraccount.ServerPasswordCallback; nested exception is: java.lang.ClassNotFoundException: com.mycompany.useraccount.ServerPasswordCallback at org .apache .cxf .ws .security .wss4j .WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java: 583) at org .apache .cxf .ws .security.wss4j .WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:256) at org .apache .cxf .ws .security.wss4j .WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:78) at org .apache .cxf .phase .PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java: 243) at org .apache .cxf .transport.ChainInitiationObserver .onMessage(ChainInitiationObserver.java:109) at org.apache.servicemix.cxfbc.CxfBcConsumer $JbiChainInitiationObserver.onMessage(CxfBcConsumer.java:678) at org .apache .cxf .transport .http_jetty.JettyHTTPDestination .serviceRequest(JettyHTTPDestination.java:312) at org .apache .cxf .transport .http_jetty .JettyHTTPDestination.doService(JettyHTTPDestination.java: 276) at org .apache .cxf .transport .http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java: 70) at org .mortbay .jetty.handler.ContextHandler.handle(ContextHandler.java: 765) at org .mortbay .jetty .handler.ContextHandlerCollection .handle(ContextHandlerCollection.java:230) at org.mortbay.jetty.handler.HandlerList.handle(HandlerList.java: 49) at org .mortbay .jetty.handler.HandlerWrapper.handle(HandlerWrapper.java: 152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay .jetty.HttpConnection.handleRequest(HttpConnection.java:542) at org.mortbay.jetty.HttpConnection $RequestHandler.content(HttpConnection.java:938) at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:755)at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:218)at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at org.mortbay.jetty.bio.SocketConnector $Connection.run(SocketConnector.java:228) at org.mortbay.jetty.security.SslSocketConnector $SslConnection.run(SslSocketConnector.java:680) at org.mortbay.thread.QueuedThreadPool $PoolThread.run(QueuedThreadPool.java:582) Caused by: org.apache.ws.security.WSSecurityException: com.mycompany.useraccount.ServerPasswordCallback; nested exception is: java.lang.ClassNotFoundException: com.mycompany.useraccount.ServerPasswordCallback at org .apache .cxf .ws .security .wss4j.WSS4JInInterceptor.getCallback(WSS4JInInterceptor.java: 477) at org .apache .cxf .ws .security.wss4j .WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:195) ... 20 more Caused by: java.lang.ClassNotFoundException: com.mycompany.useraccount.ServerPasswordCallback at org .eclipse .osgi .internal .loader.BundleLoader.findClassInternal(BundleLoader.java: 494) at org .eclipse.osgi .internal.loader.BundleLoader.findClass(BundleLoader.java:410) at org .eclipse.osgi .internal.loader.BundleLoader.findClass(BundleLoader.java:398) at org .eclipse .osgi .internal .baseadaptor .DefaultClassLoader.loadClass(DefaultClassLoader.java: 105) at java.lang.ClassLoader.loadClass(ClassLoader.java:252) at org .apache .cxf .common.classloader .ClassLoaderUtils.loadClass2(ClassLoaderUtils.java:236) at org .apache .cxf .common .classloader.ClassLoaderUtils.loadClass(ClassLoaderUtils.java: 222) at org .apache .cxf .ws .security .wss4j.WSS4JInInterceptor.getCallback(WSS4JInInterceptor.java: 475) ... 21 more xbeans.xml: <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:cxfbc="http://servicemix.apache.org/cxfbc/1.0"; xmlns:nwec="http://www.mycompany.com/UserAccount"; xmlns:util="http://www.springframework.org/schema/util"; xmlns:httpj="http://cxf.apache.org/transports/http-jetty/ configuration"xmlns:http="http://cxf.apache.org/transports/http/configuration "xmlns:sec="http://cxf.apache.org/configuration/security"; xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd http://servicemix.apache.org/cxfbc/1.0 http://repo2.maven.org/maven2/org/apache/servicemix/servicemix-cxf-bc/2010.01/servicemix-cxf-bc-2010.01.xsd http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd"; > <import resource="classpath:META-INF/cxf/cxf.xml" /> <import resource="classpath:META-INF/cxf/cxf-extension- soap.xml" /> <import resource="classpath:META-INF/cxf/cxf-extension- http.xml" /> <import resource="classpath:META-INF/cxf/osgi/cxf-extension- osgi.xml" /> <import resource="classpath:META-INF/cxf/cxf-extension- policy.xml" /> <import resource="classpath:META-INF/cxf/cxf-extension-ws- security.xml" /> <cxfbc:consumer wsdl="classpath:wsdl/UserAccount.wsdl" targetService="nwec:UserAccountService" targetEndpoint="endpoint" useJBIWrapper="false" useSOAPEnvelope="false" properties="#properties" locationURI="https://localhost:9001/useraccount";> </cxfbc:consumer> <util:map id="properties"><entry value="com.mycompany.useraccount.ServerPasswordCallback"><key> <util:constant static- field= "org .apache.cxf.ws.security.SecurityConstants.CALLBACK_HANDLER"/> </key> </entry> </util:map> <httpj:engine-factory bus="cxf"> <httpj:engine port="9001"> <httpj:tlsServerParameters> <sec:keyManagers keyPassword="password"> <sec:keyStore type="JKS" password="password" resource="certs/ cherry.jks" /> </sec:keyManagers> <sec:cipherSuitesFilter> <sec:include>.*_WITH_3DES_.*</sec:include> <sec:include>.*_WITH_DES_.*</sec:include> <sec:exclude>.*_WITH_NULL_.*</sec:exclude> <sec:exclude>.*_DH_anon_.*</sec:exclude> </sec:cipherSuitesFilter> <sec:clientAuthentication want="false" required="false" /> </httpj:tlsServerParameters> </httpj:engine> </httpj:engine-factory> <bean id="cxf" class="org.apache.cxf.bus.CXFBusImpl" /> <bean class="org.apache.servicemix.common.osgi.EndpointExporter" /> </beans> wsdl: <?xml version="1.0" encoding="UTF-8"?><wsdl:definitions xmlns:wsdl="http://schemas.xmlsoap.org/ wsdl/"xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"; xmlns:http="http://schemas.xmlsoap.org/wsdl/http/"; xmlns:xs="http://www.w3.org/2001/XMLSchema"; xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"; xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:tns="http://www.mycompany.com/UserAccount"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd " xmlns:fi="http://java.sun.com/xml/ns/wsit/2006/09/policy/fastinfoset/service " xmlns:tcp="http://java.sun.com/xml/ns/wsit/2006/09/policy/soaptcp/service " xmlns:sc="http://schemas.sun.com/2006/03/wss/server"; xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy"; xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust"; xmlns:wsaw="http://www.w3.org/2005/08/addressing"; xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/ securitypolicy"xmlns:tc="http://schemas.sun.com/ws/2006/05/trust/server"; xmlns:ns="http://www.mycompany.com/UserAccount/types"; targetNamespace="http://www.mycompany.com/UserAccount";> <wsdl:types> ... </wsdl:types> ... <wsdl:portType name="UserAccountPortType"> ... </wsdl:portType> <wsdl:binding name="UserAccountBinding" type="tns:UserAccountPortType"> <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"; /> <wsp:PolicyReference URI="#UserAccountBindingPolicy" /> ... </wsdl:binding> <wsdl:service name="UserAccountService"> <wsdl:port name="UserAccountPort" binding="tns:UserAccountBinding"> <soap:address location="https://localhost:9001/useraccount"; /> </wsdl:port> </wsdl:service> <wsp:Policy wsu:Id="UserAccountBindingPolicy"> <wsp:ExactlyOne> <wsp:All> <wsaw:UsingAddressing xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl " wsp:Optional="true" /> <sp:TransportBinding> <wsp:Policy> <sp:TransportToken> <wsp:Policy> <sp:HttpsToken RequireClientCertificate="false"/> </wsp:Policy> </sp:TransportToken> <sp:Layout> <wsp:Policy> <sp:Lax/> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp/> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic128/> </wsp:Policy> </sp:AlgorithmSuite> </wsp:Policy> </sp:TransportBinding> <sp:SupportingTokens> <wsp:Policy> <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient "> <wsp:Policy> <sp:WssUsernameToken10 /> </wsp:Policy> </sp:UsernameToken> </wsp:Policy> </sp:SupportingTokens> <sp:Wss11 /> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> </wsdl:definitions> pom: <?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd";> <!-- Licensed to the Apache Software Foundation (ASF) under one or morecontributor license agreements. See the NOTICE file distributedwith this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --> <modelVersion>4.0.0</modelVersion> <groupId>com.mycompany</groupId> <artifactId>useraccount-bc</artifactId> <packaging>bundle</packaging> <name>User Account BC</name> <version>0.0.1-SNAPSHOT</version> <url>http://www.mycompany.com</url> <repositories> <repository> <id>open.iona.m2</id> <name>IONA Open Source Community Release Repository</name> <url>http://repo.open.iona.com/maven2</url> <snapshots> <enabled>false</enabled> </snapshots> <releases> <enabled>true</enabled> </releases> </repository> <repository> <id>open.iona.m2-snapshot</id> <name>IONA Open Source Community Snapshot Repository</name> <url>http://repo.open.iona.com/maven2-snapshot</url> <snapshots> <enabled>true</enabled> </snapshots> <releases> <enabled>false</enabled> </releases> </repository> </repositories> <pluginRepositories> <pluginRepository> <id>open.iona.m2</id> <name>IONA Open Source Community Release Repository</name> <url>http://repo.open.iona.com/maven2</url> <snapshots> <enabled>false</enabled> </snapshots> <releases> <enabled>true</enabled> </releases> </pluginRepository> <pluginRepository> <id>open.iona.m2-snapshot</id> <name>IONA Open Source Community Snapshot Repository</name> <url>http://repo.open.iona.com/maven2-snapshot</url> <snapshots> <enabled>true</enabled> </snapshots> <releases> <enabled>false</enabled> </releases> </pluginRepository> </pluginRepositories> <dependencies> <dependency> <groupId>org.apache.geronimo.specs</groupId> <artifactId>geronimo-ws-metadata_2.0_spec</artifactId> <version>1.1.2</version> </dependency> <dependency> <groupId>javax.xml.bind</groupId> <artifactId>jaxb-api</artifactId> <version>2.1</version> </dependency> <dependency> <groupId>javax.xml.ws</groupId> <artifactId>jaxws-api</artifactId> <version>2.1</version> </dependency> <dependency> <groupId>org.apache.cxf</groupId> <artifactId>cxf-rt-ws-security</artifactId> <version>${cxf.version}</version> </dependency> <dependency> <groupId>org.apache.cxf</groupId> <artifactId>cxf-rt-ws-policy</artifactId> <version>${cxf.version}</version> </dependency> </dependencies> <build> <defaultGoal>install</defaultGoal> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <configuration> <source>1.5</source> <target>1.5</target> </configuration> </plugin> <plugin> <groupId>org.apache.felix</groupId> <artifactId>maven-bundle-plugin</artifactId> <extensions>true</extensions> <configuration> <instructions> <Bundle-SymbolicName>${pom.artifactId}</Bundle-SymbolicName> <Import-Package> *, javax.jws, javax.wsdl, javax.xml.bind, javax.xml.bind.annotation, javax.xml.namespace, javax.xml.ws, META-INF.cxf, META-INF.cxf.osgi, org.apache.cxf.bus, org.apache.cxf.bus.spring, org.apache.cxf.bus.resource, org.apache.cxf.configuration.spring, org.apache.cxf.resource, org.apache.cxf.jaxws, org.apache.cxf.ws.security.wss4j, org.apache.servicemix.common.osgi, org.apache.servicemix.cxf.transport.http_osgi, org.apache.servicemix.cxfbc, org.springframework.beans.factory.config, javax.security.auth.callback, org.apache.ws.security </Import-Package> <Export-Package> com.mycompany.useraccount </Export-Package> <Private-Package> com.mycompany.useraccount </Private-Package> <!-- Update Private Package tag with appropriate package name --> <Require-Bundle>org.apache.cxf.bundle</Require-Bundle> </instructions> </configuration> </plugin> </plugins> </build> <properties> <cxf.version>2.2.6</cxf.version> </properties> </project> -- View this message in context: http://old.nabble.com/cxf-bc-ws-security-callback-classnotfoundexception-tp28747501p28747501.html Sent from the ServiceMix - User mailing list archive at Nabble.com.-- Freeman Fang ------------------------ Open Source SOA: http://fusesource.com-- View this message in context: http://old.nabble.com/cxf-bc-ws-security-callback-classnotfoundexception-tp28747501p28754241.html Sent from the ServiceMix - User mailing list archive at Nabble.com.-- Freeman Fang ------------------------ Open Source SOA: http://fusesource.com-- View this message in context: http://old.nabble.com/cxf-bc-ws-security-callback-classnotfoundexception-tp28747501p28771556.htmlSent from the ServiceMix - User mailing list archive at Nabble.com.-- Freeman Fang ------------------------ Open Source SOA: http://fusesource.comhttp://old.nabble.com/file/p28860520/ws-sec-test.zip ws-sec-test.zip -- View this message in context: http://old.nabble.com/cxf-bc-ws-security-callback-classnotfoundexception-tp28747501p28860520.html Sent from the ServiceMix - User mailing list archive at Nabble.com.-- Freeman Fang ------------------------ Open Source SOA: http://fusesource.com-- View this message in context: http://old.nabble.com/cxf-bc-ws-security-callback-classnotfoundexception-tp28747501p28875409.html Sent from the ServiceMix - User mailing list archive at Nabble.com.
-- Freeman Fang ------------------------ Open Source SOA: http://fusesource.com
