Re: cxf-bc ws-security callback classnotfoundexception

Mon, 14 Jun 2010 03:54:28 -0700

Ok, found that in your test client you already set CallbackHandlerClass for WSS4JOutInterceptor, it's ok, just a little bit you need correct 

What you need do is  in
client/src/main/java/com/mycompany/ws_sec_proto/Person_Client.java
change from
properties.put(WSHandlerConstants.USER, "admin");
to
properties.put(WSHandlerConstants.USER, "joe");
also in client/src/main/java/com/mycompany/ws_sec_proto/ MyPasswordCallbackHandler.java 
change from
pc.setPassword("abc");
to
pc.setPassword("joespassword");
That's the place to set ws-security UsernameToke action header username/password.
Btw, for your testcase, you also need add delegateToJaas="false" for cxf bc consumer endpoint in ws-sec-bc/src/main/resources/META-INF/ spring/beans.xml(don't forget change the util:map part I mentioned in previous reply). With all these changes, your test case work well from my side. Just paste the client side output 
Invoking getPerson...
Jun 14, 2010 6:45:16 PM org.apache.cxf.transport.https.SSLUtils getCiphersuites INFO: The cipher suites have not been configured, falling back to cipher suite filters. Jun 14, 2010 6:45:16 PM org.apache.cxf.transport.https.SSLUtils getCiphersuites INFO: The cipher suite filters have not been configured, falling back to default filters. Jun 14, 2010 6:45:16 PM org.apache.cxf.transport.https.SSLUtils getCiphersFromList INFO: The cipher suites have been set to SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_KRB5_WITH_RC4_128_SHA, TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5. Jun 14, 2010 6:45:16 PM org.apache.cxf.interceptor.LoggingOutInterceptor$LoggingCallback onClose 
INFO: Outbound Message
---------------------------
ID: 1
Address: https://localhost:9001/PersonService/
Encoding: UTF-8
Content-Type: text/xml
Headers: {SOAPAction=[""], Accept=[*/*]}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/ "><soap:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd " soap:mustUnderstand="1"><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd " wsu:Id="Timestamp-2"><wsu:Created>2010-06-14T10:45:16.763Z</ wsu:Created><wsu:Expires>2010-06-14T10:50:16.763Z</wsu:Expires></ wsu:Timestamp><wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd " xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd " wsu:Id="UsernameToken-1"><wsse:Username>joe</ wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText ">joespassword</wsse:Password></wsse:UsernameToken></ wsse:Security><Action xmlns="http://www.w3.org/2005/08/addressing";>http://www.mycompany.com/ws-sec-proto/Person/GetPersonRequest </Action><MessageID xmlns="http://www.w3.org/2005/08/addressing";>urn:uuid:4edd48be-3ba1-4e73-a885-cd3dac58c88f </MessageID><To xmlns="http://www.w3.org/2005/08/addressing";>https://localhost:9001/PersonService/ </To><ReplyTo xmlns="http://www.w3.org/2005/08/addressing";><Address>http://www.w3.org/2005/08/addressing/anonymous </Address></ReplyTo></soap:Header><soap:Body><GetPerson xmlns="http://www.mycompany.com/ws-sec-proto/types "><personId>sdfsdf</personId></GetPerson></soap:Body></soap:Envelope> 
--------------------------------------
getPerson._getPerson_personId=sdfsdf
getPerson._getPerson_ssn=000-000-0000
getPerson._getPerson_name=Guillaume

Hopes that's all what you want.

Freeman

On 2010-6-14, at 下午6:06, Freeman Fang wrote:


Hi,

Yeah, I can see the callback handler CNFE now.
The problem come from your ws-sec-bc/src/main/resources/META-INF/ spring/beans.xml, 

it should be
<bean id="myPasswordCallback" class="com.mycompany.ServerPasswordCallback"/> 

  <util:map id="properties">
    <entry>
      <key >
        <util:constant
static- field ="org.apache.cxf.ws.security.SecurityConstants.CALLBACK_HANDLER" /> 
      </key>
      <ref bean="myPasswordCallback"/>
    </entry>
  </util:map>

in OSGi container.

After change it, I get exception as
The security token could not be authenticated or authorized; nested exception is: 
        java.io.IOException: Username/Password failure.
On client side.
I add printout for your ws-sec-bc/src/main/java/com/mycompany/ ServerPasswordCallback.java and I get 
the username extract from UsernameToken ws-security header is:admin
the password extract from UsernameToken ws-security header is:abc (this log also prove now ServerPasswordCallback could be found and so print out logs)
from console, so your test client code didn't set username/ password(I know what you want is joe/joespassword) correctly for outgoing message.
I checked your test client code, client/src/main/java/com/mycompany/ ws_sec_proto/Person_Client.java, I don't think it's even possible to set password simply through property, you still need a Callbackhandler for WSS4JOutInterceptor to set password on client side, something like 

<bean
        class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"
        id="UserToken_Request">
        <constructor-arg>
            <map>
                <entry key="action" value="UsernameToken"/>
                <entry key="passwordType" value="PasswordText" />
                <entry key="user" value="alice"/>
<entry key="passwordCallbackClass" value ="org.apache.servicemix.cxfbc.ws.security.KeystorePasswordCallback"/> 
            </map>
        </constructor-arg>
    </bean>
You may need take a look at how client side do it from a working example configuration[1], pay attentation to the WSS4JOutInterceptor configuration part. 
[1]https://svn.apache.org/repos/asf/servicemix/components/bindings/servicemix-cxf-bc/trunk/src/test/resources/org/apache/servicemix/cxfbc/ws/security/client-jaas.xml

Freeman

On 2010-6-14, at 下午1:06, nbdy wrote:
Hi, I think I've figured out what went wrong. I think you did a mvn clean on 
the client before trying to running it and Person_Soap_Client was a
generated source which was modified to accept ssl certs and do
wss4jininceptor for username token. So with Person_Soap_Client refreshed without the ssl acceptance code, it couldn't connect to the service on ssl. Anyways I've changed it so the client code is not longer a generated code 
piece.  fyi its Person_Client.java now.
http://old.nabble.com/file/p28875886/ws-sec-test.zip ws-sec- test.zip I 
hope this will fix it and that you can see the exception now.

Thanks,
Vinh



Freeman Fang wrote:


Hi,

My comment inline.


On 2010-6-12, at 上午6:06, nbdy wrote:




Hi Freeman, I've refractored my code to follow the wsdl-first-osgi
example
for smx4.2 and I'm still getting the same error. Although, my stack 
trace
now is a little different from what I had originally.  For the life
of me, I
tried to recreate the same stack trace but it wouldn't work.  I've
include a
client in there also so you don't have to use SOAPUI.
http://old.nabble.com/file/p28860520/ws-sec-test.zip ws-sec- test.zip 

What's the stack trace you get now?

I play with your testcase but I get exception has nothing to do with
classnotfoundexception.
I will explain step by step what I do and what I see with your testcase. 

1. I'm run with Apache Servicemix 4.2
2. I unzip your testcase ws-sec-test.zip and cd ws-sec-test folder
"mvn install" successfully
3. copy ws-sec-bc/target/ws-sec-bc-0.0.1.jar and ws-sec-se/target/ ws- 
sec-se-0.0.1.jar to $SMX4.2/deploy folder (no error)
4. cd client, I'm not sure how you run the client, as for me I can't
run client with maven, so I change pom.xml a bit, add sth like

         <plugin>
                <groupId>org.codehaus.mojo</groupId>
                <artifactId>exec-maven-plugin</artifactId>
                <configuration>

<mainClass>com.mycompany.ws_sec_proto.Person_Soap_Client</mainClass>
                    <includePluginDependencies>false</
includePluginDependencies>
                </configuration>
            </plugin>
then "mvn compile exec:java".

I get exception
WARNING: Interceptor for {http://www.mycompany.com/ws-sec-
proto}PersonService#{http://www.mycompany.com/ws-sec-proto}GetPerson
has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Could not send Message.
        at org.apache.cxf.interceptor.MessageSenderInterceptor
$
MessageSenderEndingInterceptor
.handleMessage(MessageSenderInterceptor.java:64)
        at
org
.apache
.cxf
.phase .PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243) 
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:487)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java: 
124)
        at $Proxy38.getPerson(Unknown Source)
        at
com
.mycompany
.ws_sec_proto.Person_Soap_Client.main(Person_Soap_Client.java:59)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at
sun
.reflect .NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java: 
39)
        at
sun
.reflect
.DelegatingMethodAccessorImpl .invoke(DelegatingMethodAccessorImpl.java: 
25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.codehaus.mojo.exec.ExecJavaMojo$1.run(ExecJavaMojo.java:283)
        at java.lang.Thread.run(Thread.java:637)
Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException 
invoking https://localhost:9001/PersonService/:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to 
find valid certification path to requested target
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method)
        at
sun
.reflect
.NativeConstructorAccessorImpl
.newInstance(NativeConstructorAccessorImpl.java:39)
        at
sun
.reflect
.DelegatingConstructorAccessorImpl
.newInstance(DelegatingConstructorAccessorImpl.java:27)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
        at org.apache.cxf.transport.http.HTTPConduit
$WrappedOutputStream.mapException(HTTPConduit.java:2058)
        at org.apache.cxf.transport.http.HTTPConduit
$WrappedOutputStream.close(HTTPConduit.java:2043)
        at
org .apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66) at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java: 
639)
        at org.apache.cxf.interceptor.MessageSenderInterceptor
$
MessageSenderEndingInterceptor
.handleMessage(MessageSenderInterceptor.java:62)
        ... 14 more
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to 
find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) 
        at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:
1611)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181) 
        at
com
.sun
.net
.ssl
.internal .ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java: 
1035)
        at
com
.sun
.net
.ssl
.internal .ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124) 
        at
com .sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java: 516) 
        at
com .sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java: 
454)
        at
com
.sun .net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java: 
884)
        at
com
.sun
.net
.ssl
.internal .ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java: 
1112)
        at
com
.sun
.net .ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java: 
1139)
        at
com
.sun
.net .ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java: 
1123)
        at
sun .net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java: 
418)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect
(AbstractDelegateHttpsURLConnection.java:166)
        at
sun
.net
.www
.protocol
.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:896)
        at
sun
.net
.www
.protocol
.https
.HttpsURLConnectionImpl .getOutputStream(HttpsURLConnectionImpl.java:230) 
        at org.apache.cxf.transport.http.HTTPConduit
$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java: 1955) 
        at org.apache.cxf.transport.http.HTTPConduit
$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1907)
        at
org
.apache
.cxf
.io .AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java: 
42)
        at
org
.apache
.cxf
.io
.AbstractThresholdOutputStream
.write(AbstractThresholdOutputStream.java:69)
        at org.apache.cxf.transport.http.HTTPConduit
$WrappedOutputStream.close(HTTPConduit.java:1974)
        ... 17 more
Caused by: sun.security.validator.ValidatorException: PKIX path
building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to 
find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285) 
        at
sun .security.validator.PKIXValidator.engineValidate(PKIXValidator.java: 
191)
        at sun.security.validator.Validator.validate(Validator.java:218)
        at
com
.sun
.net
.ssl
.internal .ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java: 
126)
        at
com
.sun
.net
.ssl
.internal
.ssl .X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java: 
209)
        at
com
.sun
.net
.ssl
.internal
.ssl .X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java: 
249)
        at
com
.sun
.net
.ssl
.internal .ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java: 
1014)
        ... 33 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: 
unable to find valid certification path to requested target
        at
sun
.security
.provider
.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java: 174) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java: 238) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280) 
        ... 39 more

At the same time, in servicemix.log, I get exception like
10:42:19,136 | WARN  | @qtp-818227128-0 |
jetty                            | service.jetty.internal.JCLLogger
115 | EXCEPTION
javax.net.ssl.SSLHandshakeException: Received fatal alert:
certificate_unknown
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136) 
        at
com
.sun .net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java: 
1682)
        at
com
.sun .net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java: 
932)
        at
com
.sun
.net
.ssl
.internal .ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java: 
1112)
        at
com
.sun
.net .ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java: 
1139)
        at
com
.sun
.net .ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java: 
1123)
        at org.mortbay.jetty.security.SslSocketConnector
$SslConnection.run(SslSocketConnector.java:675)
        at org.mortbay.thread.QueuedThreadPool
$PoolThread.run(QueuedThreadPool.java:582)


My question is
1. This is the same exception you get?
2. Do I miss something, do I run the client same way as you do?

From this exception, IMHO it's something incorrect(maybe
configuration only) for you standalone cxf client side(unable to find 
valid certification path).

As our original problem is Clallbackhandler CNFE, so I'm not sure if
we saw same exception, so I give details what I've done, I just need
ensure we are doing same thing, could you clarify?

Freeman




I'm starting to think this is a bug or something because I've tried
everything and nothing will work and it should be relatively simple. 

Much appreciated,
Vinh




Freeman Fang wrote:


Well, several issues I can point now

1. what servicemix version you are using?
Your bc and se pom.xml import
org.apache.servicemix.cxf.transport.http_osgi, which indicate you're 
using very old servicemix version, as now http_osgi transport code
move to cxf codebase, and the package should be
org.apache.cxf.transport.http_osgi. Moreover, you don't need this
package at all as you are use JBI endpoint which will use http
transport underlying.
I strongly recommend you use the latest released smx4.2.

2. your beans.xml for bc and se isn't correct. You are using OSGi
package for JBI endpoint, we have a cxf-wsdl-first-osgi-package
example shipped with kit which is exactly same as your scenario, you need take a look at it, especially how the pom.xml(Import- Package, Export-Package) and beans.xml looks like. Be careful for the <import 
resource="">, I don't think it's
always necessary for your case.

3. You testcase is lack of the client side which send out soap
message, I don't want to assume it myself as I need ensure what I do 
here is exactly same as what you've done.
4. Could you provide a clean testcase for me which just reproduce the 
callbackhandler class can't found error? If the testcase isn't so
straightforward, I need a step by step instruction which tell me how to reproduce the exact error. For the current testcase I can't simply deploy it, after change several part I can deploy but get different 
error like
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext
connection?
        at
com
.sun
.net
.ssl .internal.ssl.InputRecord.handleUnknownRecord(InputRecord.java: 
523)
at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java: 
355)
        at
com
.sun
.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:
789)
        at
com
.sun
.net
.ssl
.internal
.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:
1112)
        at
com
.sun
.net
.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:
1139)
        at
com
.sun
.net
.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:
1123)
        at org.mortbay.jetty.security.SslSocketConnector
$SslConnection.run(SslSocketConnector.java:675)
        at org.mortbay.thread.QueuedThreadPool
$PoolThread.run(QueuedThreadPool.java:582)

I don't want assume what you do and change your testcase myself, I
need ensure we are doing same thing.

The simpler testcase which exactly reproduce the problem you
described, the quicker you get help.
Could you refactor your testcase based on cxf-wsdl-first-osgi- package against SMX4.2, if you follow my instruction but the problem still 
exist. :-)


Freeman
On 2010-6-4, at 上午2:54, nbdy wrote:
Hi, I was trying to make a clean project for you to play with but I 
ran out
of time.  So here's our original project with the SE and BC.
http://old.nabble.com/file/p28771556/useracctService.zip
useracctService.zip

I had to replace the CXF-BC in my servicemix 4 w/
http://repo2.maven.org/maven2/org/apache/servicemix/servicemix-cxf-bc/2010.01/servicemix-cxf-bc-2010.01.jar
servicemix-cxf-bc-2010.01.jar
w/ a hack by replace the cxf-bc in the lib dir. Couldn't figure out 
how to
get servicemix to get a different version of a packaged bundle.


Thanks,
Vinh



Freeman Fang wrote:


Hi,

Not exactly sure what happened now. Actually we have a cxf-ws-
security-
osgi example shipped with kit and use callback handler class, this 
class can be found.
Could you append your project(the one I can build and modify, not 
only
the binary bundle jar), as well as your client which send out soap 
request?  I'd like to play with it when I get chance.

Freeman
On 2010-6-2, at 下午9:06, nbdy wrote:



Hi, yes I've had with the export package only, private-package
only,
and both
export and private package.  They all resulted the same error.

Vinh



Freeman Fang wrote:


Hi,

How about you remove

<Private-Package>
com.mycompany.useraccount
</Private-Package>

from your pom?

Freeman
On 2010-6-2, at 上午5:08, nbdy wrote:
I'm trying to implement authentication with SSL as a ws- security 
policy on a
service inside of SMX4. So far I've been able to implement SSL 
and
the
transport policy, but I've not been able to get the
authentication
part to
work. I've tried to attack this at many different angles but I'm 
just
missing something. I was wondering if you guys can help me. I
don't
know how
it cannot find my callback class since I've exported package in 
the
cxf.bundle config in the pom.

Error response:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/
envelope/">
<soap:Body>
<soap:Fault>
<faultcode>soap:Client</faultcode>
< faultstring>com.mycompany.useraccount.ServerPasswordCallback; 
nested
exception is:
java.lang.ClassNotFoundException:
com.mycompany.useraccount.ServerPasswordCallback</ faultstring> 
</soap:Fault>
</soap:Body>
</soap:Envelope>

Client request:
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/
"
xmlns:typ="http://www.mycompany.com/UserAccount/types";>
<soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/
addressing">
<wsse:Security soapenv:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
">
<wsu:Timestamp wsu:Id="Timestamp-14"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
">
<wsu:Created>2010-06-01T19:55:10.984Z</wsu:Created>
<wsu:Expires>2010-06-01T19:56:10.984Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-13"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
">
<wsse:Username>joe</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText
">joespassword</wsse:Password>
<wsse:Nonce
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
">o6HCEhy9dHH6zkBhdp/FLw==</wsse:Nonce>
<wsu:Created>2010-06-01T19:55:03.718Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
<wsa:Action>http://www.mycompany.com/UserAccount/UserAccountPortType/ApproveDenyAccountRequest
</wsa:Action>
</soapenv:Header>
<soapenv:Body>
<typ:ApproveDenyUserRequest>
<typ:pendingId>13</typ:pendingId>
<typ:approval>1</typ:approval>
</typ:ApproveDenyUserRequest>
</soapenv:Body>
</soapenv:Envelope>

Servicemix log:
15:55:16,812 | WARN | 7...@qtp-31267377-2 | WSS4JInInterceptor |
ecurity.wss4j.WSS4JInInterceptor 255 |
org.apache.ws.security.WSSecurityException:
com.mycompany.useraccount.ServerPasswordCallback; nested
exception
is:
java.lang.ClassNotFoundException:
com.mycompany.useraccount.ServerPasswordCallback
at
org
.apache
.cxf
.ws
.security
.wss4j .WSS4JInInterceptor.getCallback(WSS4JInInterceptor.java: 
477)
at
org
.apache
.cxf
.ws
.security
.wss4j .WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java: 
195)
at
org
.apache
.cxf
.ws
.security
.wss4j .WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java: 
78)
at
org
.apache
.cxf
.phase
.PhaseInterceptorChain .doIntercept(PhaseInterceptorChain.java: 
243)
at
org
.apache
.cxf
.transport
.ChainInitiationObserver .onMessage(ChainInitiationObserver.java: 
109)
at
org.apache.servicemix.cxfbc.CxfBcConsumer
$JbiChainInitiationObserver.onMessage(CxfBcConsumer.java:678)
at
org
.apache
.cxf
.transport
.http_jetty
.JettyHTTPDestination .serviceRequest(JettyHTTPDestination.java: 
312)
at
org
.apache
.cxf
.transport
.http_jetty
.JettyHTTPDestination.doService(JettyHTTPDestination.java:
276)
at
org
.apache
.cxf
.transport
.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:
70)
at
org
.mortbay
.jetty.handler.ContextHandler.handle(ContextHandler.java:
765)
at
org
.mortbay
.jetty
.handler
.ContextHandlerCollection .handle(ContextHandlerCollection.java: 
230)
at
org .mortbay.jetty.handler.HandlerList.handle(HandlerList.java: 
49)
at
org
.mortbay
.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:
152)
at org.mortbay.jetty.Server.handle(Server.java:326)
at
org
.mortbay .jetty.HttpConnection.handleRequest(HttpConnection.java: 
542)
at
org.mortbay.jetty.HttpConnection
$RequestHandler.content(HttpConnection.java:938)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java: 755) at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java: 
218)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java: 
404)
at
org.mortbay.jetty.bio.SocketConnector
$Connection.run(SocketConnector.java:228)
at
org.mortbay.jetty.security.SslSocketConnector
$SslConnection.run(SslSocketConnector.java:680)
at
org.mortbay.thread.QueuedThreadPool
$PoolThread.run(QueuedThreadPool.java:582)
Caused by: java.lang.ClassNotFoundException:
com.mycompany.useraccount.ServerPasswordCallback
at
org
.eclipse
.osgi
.internal
.loader.BundleLoader.findClassInternal(BundleLoader.java:
494)
at
org
.eclipse
.osgi .internal.loader.BundleLoader.findClass(BundleLoader.java: 
410)
at
org
.eclipse
.osgi .internal.loader.BundleLoader.findClass(BundleLoader.java: 
398)
at
org
.eclipse
.osgi
.internal
.baseadaptor
.DefaultClassLoader.loadClass(DefaultClassLoader.java:
105)
at java.lang.ClassLoader.loadClass(ClassLoader.java:252)
at
org
.apache
.cxf
.common
.classloader .ClassLoaderUtils.loadClass2(ClassLoaderUtils.java: 
236)
at
org
.apache
.cxf
.common
.classloader .ClassLoaderUtils.loadClass(ClassLoaderUtils.java: 
222)
at
org
.apache
.cxf
.ws
.security
.wss4j .WSS4JInInterceptor.getCallback(WSS4JInInterceptor.java: 
475)
... 21 more
15:55:16,812 | WARN | 7...@qtp-31267377-2 | PhaseInterceptorChain | 
ache.cxf.common.logging.LogUtils 361 | Interceptor for
{http://www.mycompany.com/UserAccount}UserAccountService has
thrown
exception, unwinding now
org.apache.cxf.binding.soap.SoapFault:
com.mycompany.useraccount.ServerPasswordCallback; nested
exception
is:
java.lang.ClassNotFoundException:
com.mycompany.useraccount.ServerPasswordCallback
at
org
.apache
.cxf
.ws
.security
.wss4j
.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:
583)
at
org
.apache
.cxf
.ws
.security
.wss4j .WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java: 
256)
at
org
.apache
.cxf
.ws
.security
.wss4j .WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java: 
78)
at
org
.apache
.cxf
.phase
.PhaseInterceptorChain .doIntercept(PhaseInterceptorChain.java: 
243)
at
org
.apache
.cxf
.transport
.ChainInitiationObserver .onMessage(ChainInitiationObserver.java: 
109)
at
org.apache.servicemix.cxfbc.CxfBcConsumer
$JbiChainInitiationObserver.onMessage(CxfBcConsumer.java:678)
at
org
.apache
.cxf
.transport
.http_jetty
.JettyHTTPDestination .serviceRequest(JettyHTTPDestination.java: 
312)
at
org
.apache
.cxf
.transport
.http_jetty
.JettyHTTPDestination.doService(JettyHTTPDestination.java:
276)
at
org
.apache
.cxf
.transport
.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:
70)
at
org
.mortbay
.jetty.handler.ContextHandler.handle(ContextHandler.java:
765)
at
org
.mortbay
.jetty
.handler
.ContextHandlerCollection .handle(ContextHandlerCollection.java: 
230)
at
org .mortbay.jetty.handler.HandlerList.handle(HandlerList.java: 
49)
at
org
.mortbay
.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:
152)
at org.mortbay.jetty.Server.handle(Server.java:326)
at
org
.mortbay .jetty.HttpConnection.handleRequest(HttpConnection.java: 
542)
at
org.mortbay.jetty.HttpConnection
$RequestHandler.content(HttpConnection.java:938)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java: 755) at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java: 
218)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java: 
404)
at
org.mortbay.jetty.bio.SocketConnector
$Connection.run(SocketConnector.java:228)
at
org.mortbay.jetty.security.SslSocketConnector
$SslConnection.run(SslSocketConnector.java:680)
at
org.mortbay.thread.QueuedThreadPool
$PoolThread.run(QueuedThreadPool.java:582)
Caused by: org.apache.ws.security.WSSecurityException:
com.mycompany.useraccount.ServerPasswordCallback; nested
exception
is:
java.lang.ClassNotFoundException:
com.mycompany.useraccount.ServerPasswordCallback
at
org
.apache
.cxf
.ws
.security
.wss4j .WSS4JInInterceptor.getCallback(WSS4JInInterceptor.java: 
477)
at
org
.apache
.cxf
.ws
.security
.wss4j .WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java: 
195)
... 20 more
Caused by: java.lang.ClassNotFoundException:
com.mycompany.useraccount.ServerPasswordCallback
at
org
.eclipse
.osgi
.internal
.loader.BundleLoader.findClassInternal(BundleLoader.java:
494)
at
org
.eclipse
.osgi .internal.loader.BundleLoader.findClass(BundleLoader.java: 
410)
at
org
.eclipse
.osgi .internal.loader.BundleLoader.findClass(BundleLoader.java: 
398)
at
org
.eclipse
.osgi
.internal
.baseadaptor
.DefaultClassLoader.loadClass(DefaultClassLoader.java:
105)
at java.lang.ClassLoader.loadClass(ClassLoader.java:252)
at
org
.apache
.cxf
.common
.classloader .ClassLoaderUtils.loadClass2(ClassLoaderUtils.java: 
236)
at
org
.apache
.cxf
.common
.classloader .ClassLoaderUtils.loadClass(ClassLoaderUtils.java: 
222)
at
org
.apache
.cxf
.ws
.security
.wss4j .WSS4JInInterceptor.getCallback(WSS4JInInterceptor.java: 
475)
... 21 more

xbeans.xml:

<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:cxfbc="http://servicemix.apache.org/cxfbc/1.0";
xmlns:nwec="http://www.mycompany.com/UserAccount";
xmlns:util="http://www.springframework.org/schema/util";
xmlns:httpj="http://cxf.apache.org/transports/http-jetty/
configuration"
xmlns:http="http://cxf.apache.org/transports/http/configuration " 
xmlns:sec="http://cxf.apache.org/configuration/security";
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util.xsd
http://servicemix.apache.org/cxfbc/1.0
http://repo2.maven.org/maven2/org/apache/servicemix/servicemix-cxf-bc/2010.01/servicemix-cxf-bc-2010.01.xsd
http://cxf.apache.org/transports/http-jetty/configuration
http://cxf.apache.org/schemas/configuration/http-jetty.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd"; >

<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-
soap.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-
http.xml" />
<import resource="classpath:META-INF/cxf/osgi/cxf-extension-
osgi.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-
policy.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-ws-
security.xml" />

<cxfbc:consumer wsdl="classpath:wsdl/UserAccount.wsdl"
targetService="nwec:UserAccountService"
targetEndpoint="endpoint"
useJBIWrapper="false" useSOAPEnvelope="false"
properties="#properties"
locationURI="https://localhost:9001/useraccount";>
</cxfbc:consumer>

<util:map id="properties">
<entry value="com.mycompany.useraccount.ServerPasswordCallback"> 
<key>
<util:constant
static-
field
= "org .apache.cxf.ws.security.SecurityConstants.CALLBACK_HANDLER" 
/>
</key>
</entry>
</util:map>

<httpj:engine-factory bus="cxf">
<httpj:engine port="9001">
<httpj:tlsServerParameters>
<sec:keyManagers keyPassword="password">
<sec:keyStore type="JKS" password="password" resource="certs/
cherry.jks" />
</sec:keyManagers>
<sec:cipherSuitesFilter>
<sec:include>.*_WITH_3DES_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:exclude>.*_WITH_NULL_.*</sec:exclude>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
<sec:clientAuthentication want="false"
required="false" />
</httpj:tlsServerParameters>
</httpj:engine>
</httpj:engine-factory>

<bean id="cxf" class="org.apache.cxf.bus.CXFBusImpl" />

<bean
class="org.apache.servicemix.common.osgi.EndpointExporter" />

</beans>

wsdl:
<?xml version="1.0" encoding="UTF-8"?>
<wsdl:definitions xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/ " 
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/";
xmlns:http="http://schemas.xmlsoap.org/wsdl/http/";
xmlns:xs="http://www.w3.org/2001/XMLSchema";
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/";
xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:tns="http://www.mycompany.com/UserAccount";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
"
xmlns:fi="http://java.sun.com/xml/ns/wsit/2006/09/policy/fastinfoset/service
"
xmlns:tcp="http://java.sun.com/xml/ns/wsit/2006/09/policy/soaptcp/service
"
xmlns:sc="http://schemas.sun.com/2006/03/wss/server";
xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy";
xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";
xmlns:wsaw="http://www.w3.org/2005/08/addressing";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy " 
xmlns:tc="http://schemas.sun.com/ws/2006/05/trust/server";
xmlns:ns="http://www.mycompany.com/UserAccount/types";
targetNamespace="http://www.mycompany.com/UserAccount";>
<wsdl:types>
...
</wsdl:types>
...
<wsdl:portType name="UserAccountPortType">
...
</wsdl:portType>
<wsdl:binding name="UserAccountBinding"
type="tns:UserAccountPortType">
<soap:binding style="document"
transport="http://schemas.xmlsoap.org/soap/http"; />
<wsp:PolicyReference URI="#UserAccountBindingPolicy" />
...
</wsdl:binding>
<wsdl:service name="UserAccountService">
<wsdl:port name="UserAccountPort"
binding="tns:UserAccountBinding">
<soap:address location="https://localhost:9001/ useraccount" /> 
</wsdl:port>
</wsdl:service>

<wsp:Policy wsu:Id="UserAccountBindingPolicy">
<wsp:ExactlyOne>
<wsp:All>
<wsaw:UsingAddressing
xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl
"
wsp:Optional="true" />
<sp:TransportBinding>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
</wsp:Policy>
</sp:TransportBinding>
<sp:SupportingTokens>
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
">
<wsp:Policy>
<sp:WssUsernameToken10 />
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SupportingTokens>
<sp:Wss11 />
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</wsdl:definitions>

pom:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd";>

<!--

Licensed to the Apache Software Foundation (ASF) under one or
more
contributor license agreements. See the NOTICE file distributed 
with
this work for additional information regarding copyright
ownership.
The ASF licenses this file to You under the Apache License,
Version
2.0 (the "License"); you may not use this file except in
compliance
with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0 Unless required by
applicable law or agreed to in writing, software distributed
under
the
License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES 
OR
CONDITIONS OF ANY KIND, either express or implied. See the
License
for
the specific language governing permissions and limitations
under
the
License.
-->

<modelVersion>4.0.0</modelVersion>

<groupId>com.mycompany</groupId>
<artifactId>useraccount-bc</artifactId>
<packaging>bundle</packaging>
<name>User Account BC</name>
<version>0.0.1-SNAPSHOT</version>
<url>http://www.mycompany.com</url>

<repositories>
<repository>
<id>open.iona.m2</id>
<name>IONA Open Source Community Release Repository</name>
<url>http://repo.open.iona.com/maven2</url>
<snapshots>
<enabled>false</enabled>
</snapshots>
<releases>
<enabled>true</enabled>
</releases>
</repository>
<repository>
<id>open.iona.m2-snapshot</id>
<name>IONA Open Source Community Snapshot Repository</name>
<url>http://repo.open.iona.com/maven2-snapshot</url>
<snapshots>
<enabled>true</enabled>
</snapshots>
<releases>
<enabled>false</enabled>
</releases>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<id>open.iona.m2</id>
<name>IONA Open Source Community Release Repository</name>
<url>http://repo.open.iona.com/maven2</url>
<snapshots>
<enabled>false</enabled>
</snapshots>
<releases>
<enabled>true</enabled>
</releases>
</pluginRepository>
<pluginRepository>
<id>open.iona.m2-snapshot</id>
<name>IONA Open Source Community Snapshot Repository</name>
<url>http://repo.open.iona.com/maven2-snapshot</url>
<snapshots>
<enabled>true</enabled>
</snapshots>
<releases>
<enabled>false</enabled>
</releases>
</pluginRepository>
</pluginRepositories>

<dependencies>
<dependency>
<groupId>org.apache.geronimo.specs</groupId>
<artifactId>geronimo-ws-metadata_2.0_spec</artifactId>
<version>1.1.2</version>
</dependency>
<dependency>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
<version>2.1</version>
</dependency>
<dependency>
<groupId>javax.xml.ws</groupId>
<artifactId>jaxws-api</artifactId>
<version>2.1</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-ws-security</artifactId>
<version>${cxf.version}</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-ws-policy</artifactId>
<version>${cxf.version}</version>
</dependency>
</dependencies>

<build>
<defaultGoal>install</defaultGoal>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.5</source>
<target>1.5</target>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<extensions>true</extensions>
<configuration>
<instructions>
<Bundle-SymbolicName>${pom.artifactId}</Bundle-SymbolicName>
<Import-Package>
*,
javax.jws,
javax.wsdl,
javax.xml.bind,
javax.xml.bind.annotation,
javax.xml.namespace,
javax.xml.ws,
META-INF.cxf,
META-INF.cxf.osgi,
org.apache.cxf.bus,
org.apache.cxf.bus.spring,
org.apache.cxf.bus.resource,
org.apache.cxf.configuration.spring,
org.apache.cxf.resource,
org.apache.cxf.jaxws,
org.apache.cxf.ws.security.wss4j,
org.apache.servicemix.common.osgi,
org.apache.servicemix.cxf.transport.http_osgi,
org.apache.servicemix.cxfbc,
org.springframework.beans.factory.config,
javax.security.auth.callback,
org.apache.ws.security
</Import-Package>
<Export-Package>
com.mycompany.useraccount
</Export-Package>
<Private-Package>
com.mycompany.useraccount
</Private-Package>
<!-- Update Private Package tag with appropriate package name
-->
<Require-Bundle>org.apache.cxf.bundle</Require-Bundle>
</instructions>
</configuration>
</plugin>
</plugins>
</build>
<properties>
<cxf.version>2.2.6</cxf.version>
</properties>

</project>
--
View this message in context:
http://old.nabble.com/cxf-bc-ws-security-callback-classnotfoundexception-tp28747501p28747501.html
Sent from the ServiceMix - User mailing list archive at
Nabble.com.




--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com





--
View this message in context:
http://old.nabble.com/cxf-bc-ws-security-callback-classnotfoundexception-tp28747501p28754241.html
Sent from the ServiceMix - User mailing list archive at
Nabble.com.




--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com





--
View this message in context:
http://old.nabble.com/cxf-bc-ws-security-callback-classnotfoundexception-tp28747501p28771556.html
Sent from the ServiceMix - User mailing list archive at Nabble.com. 




--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com
http://old.nabble.com/file/p28860520/ws-sec-test.zip ws-sec- test.zip 
--
View this message in context:
http://old.nabble.com/cxf-bc-ws-security-callback-classnotfoundexception-tp28747501p28860520.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.




--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com





--
View this message in context: 
http://old.nabble.com/cxf-bc-ws-security-callback-classnotfoundexception-tp28747501p28875886.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.




--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com




--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com

Reply via email to