Hi, Ok I've updated my bean and configured the wss4jOutInterceptor and I was able to move forward a little. So if I set the wrong username/password combo it'll return java.io.IOException: Username/Password failure like what you have. However if I set it to the correct username/password, I get a new set of weird exception. Now it cannot find org.apache.ws.security.processor.TimestampProcessor and org.apache.ws.security.processor.UsernameTokenProcessor
On a side note its weird that the http://fisheye6.atlassian.com/browse/servicemix/components/bindings/servicemix-cxf-bc/tags/servicemix-cxf-bc-2010.01/src/test/resources/org/apache/servicemix/cxfbc/ws/security/xbean-jaas.xml?r=HEAD xbean-jass.xml from the ws-security-policy testcase didn't not have the ref bean tag for its properties section, and I wonder why that one works and mines didn't. Well mines still doesn't work =). I also have a WSS4JOutInterceptor as MyPasswordCallbackHandler, so you could modify the password in there to hopefully repeat this exception. StackTrace: 10:30:37,424 | WARN | 6...@qtp-13265566-0 | Loader | g.apache.ws.security.util.Loader 190 | org.apache.ws.security.processor.TimestampProcessor java.lang.ClassNotFoundException: org.apache.ws.security.processor.TimestampProcessor at java.net.URLClassLoader$1.run(URLClassLoader.java:200) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:303) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301) at java.lang.ClassLoader.loadClass(ClassLoader.java:248) at org.springframework.osgi.context.internal.classloader.ChainedClassLoader.doLoadClass(ChainedClassLoader.java:179) at org.springframework.osgi.context.internal.classloader.ChainedClassLoader.loadClass(ChainedClassLoader.java:160) at org.apache.ws.security.util.Loader.loadClass(Loader.java:183) at org.apache.ws.security.util.Loader.loadClass(Loader.java:175) at org.apache.ws.security.WSSConfig.getProcessor(WSSConfig.java:539) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:319) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:243) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:199) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:78) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243) at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:109) at org.apache.servicemix.cxfbc.CxfBcConsumer$JbiChainInitiationObserver.onMessage(CxfBcConsumer.java:678) at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:312) at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:276) at org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:70) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230) at org.mortbay.jetty.handler.HandlerList.handle(HandlerList.java:49) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:938) at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:755) at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228) at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:680) at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582) 10:30:37,424 | WARN | 6...@qtp-13265566-0 | Loader | g.apache.ws.security.util.Loader 190 | org.apache.ws.security.processor.UsernameTokenProcessor java.lang.ClassNotFoundException: org.apache.ws.security.processor.UsernameTokenProcessor at java.net.URLClassLoader$1.run(URLClassLoader.java:200) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:303) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301) at java.lang.ClassLoader.loadClass(ClassLoader.java:248) at org.springframework.osgi.context.internal.classloader.ChainedClassLoader.doLoadClass(ChainedClassLoader.java:179) at org.springframework.osgi.context.internal.classloader.ChainedClassLoader.loadClass(ChainedClassLoader.java:160) at org.apache.ws.security.util.Loader.loadClass(Loader.java:183) at org.apache.ws.security.util.Loader.loadClass(Loader.java:175) at org.apache.ws.security.WSSConfig.getProcessor(WSSConfig.java:539) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:319) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:243) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:199) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:78) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243) at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:109) at org.apache.servicemix.cxfbc.CxfBcConsumer$JbiChainInitiationObserver.onMessage(CxfBcConsumer.java:678) at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:312) at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:276) at org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:70) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230) at org.mortbay.jetty.handler.HandlerList.handle(HandlerList.java:49) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:938) at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:755) at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228) at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:680) at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582) 10:30:37,424 | WARN | 6...@qtp-13265566-0 | PhaseInterceptorChain | ache.cxf.common.logging.LogUtils 361 | Interceptor for {http://www.mycompany.com/ws-sec-proto}PersonService has thrown exception, unwinding now java.lang.NullPointerException at org.apache.servicemix.common.security.AuthenticationService$Proxy$1.invoke(AuthenticationService.java:52) at $Proxy141.authenticate(Unknown Source) at org.apache.servicemix.cxfbc.interceptors.JbiJAASInterceptor.handleMessage(JbiJAASInterceptor.java:92) at org.apache.servicemix.cxfbc.interceptors.JbiJAASInterceptor.handleMessage(JbiJAASInterceptor.java:40) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243) at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:109) at org.apache.servicemix.cxfbc.CxfBcConsumer$JbiChainInitiationObserver.onMessage(CxfBcConsumer.java:678) at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:312) at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:276) at org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:70) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230) at org.mortbay.jetty.handler.HandlerList.handle(HandlerList.java:49) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:938) at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:755) at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228) at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:680) at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582) Thanks, Vinh Hi, Yeah, I can see the callback handler CNFE now. The problem come from your ws-sec-bc/src/main/resources/META-INF/ spring/beans.xml, it should be <bean id="myPasswordCallback" class="com.mycompany.ServerPasswordCallback"/> <util:map id="properties"> <entry> <key > <util:constant static- field="org.apache.cxf.ws.security.SecurityConstants.CALLBACK_HANDLER" /> </key> <ref bean="myPasswordCallback"/> </entry> </util:map> in OSGi container. After change it, I get exception as The security token could not be authenticated or authorized; nested exception is: java.io.IOException: Username/Password failure. On client side. I add printout for your ws-sec-bc/src/main/java/com/mycompany/ ServerPasswordCallback.java and I get the username extract from UsernameToken ws-security header is:admin the password extract from UsernameToken ws-security header is:abc (this log also prove now ServerPasswordCallback could be found and so print out logs) from console, so your test client code didn't set username/password(I know what you want is joe/joespassword) correctly for outgoing message. I checked your test client code, client/src/main/java/com/mycompany/ ws_sec_proto/Person_Client.java, I don't think it's even possible to set password simply through property, you still need a Callbackhandler for WSS4JOutInterceptor to set password on client side, something like <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor" id="UserToken_Request"> <constructor-arg> <map> <entry key="action" value="UsernameToken"/> <entry key="passwordType" value="PasswordText" /> <entry key="user" value="alice"/> <entry key="passwordCallbackClass" value ="org.apache.servicemix.cxfbc.ws.security.KeystorePasswordCallback"/> </map> </constructor-arg> </bean> You may need take a look at how client side do it from a working example configuration[1], pay attentation to the WSS4JOutInterceptor configuration part. [1]https://svn.apache.org/repos/asf/servicemix/components/bindings/servicemix-cxf-bc/trunk/src/test/resources/org/apache/servicemix/cxfbc/ws/security/client-jaas.xml Freeman On 2010-6-14, at 下午1:06, nbdy wrote: > > Hi, I think I've figured out what went wrong. I think you did a mvn > clean on > the client before trying to running it and Person_Soap_Client was a > generated source which was modified to accept ssl certs and do > wss4jininceptor for username token. So with Person_Soap_Client > refreshed > without the ssl acceptance code, it couldn't connect to the service > on ssl. > Anyways I've changed it so the client code is not longer a generated > code > piece. fyi its Person_Client.java now. > http://old.nabble.com/file/p28875886/ws-sec-test.zip ws-sec- > test.zip I > hope this will fix it and that you can see the exception now. > > Thanks, > Vinh > > > > Freeman Fang wrote: >> >> Hi, >> >> My comment inline. >> >> >> On 2010-6-12, at 上午6:06, nbdy wrote: >> >>> >>> >>> Hi Freeman, I've refractored my code to follow the wsdl-first-osgi >>> example >>> for smx4.2 and I'm still getting the same error. Although, my stack >>> trace >>> now is a little different from what I had originally. For the life >>> of me, I >>> tried to recreate the same stack trace but it wouldn't work. I've >>> include a >>> client in there also so you don't have to use SOAPUI. >>> http://old.nabble.com/file/p28860520/ws-sec-test.zip ws-sec-test.zip >> >> What's the stack trace you get now? >> >> I play with your testcase but I get exception has nothing to do with >> classnotfoundexception. >> >> I will explain step by step what I do and what I see with your >> testcase. >> >> 1. I'm run with Apache Servicemix 4.2 >> 2. I unzip your testcase ws-sec-test.zip and cd ws-sec-test folder >> "mvn install" successfully >> 3. copy ws-sec-bc/target/ws-sec-bc-0.0.1.jar and ws-sec-se/target/ws- >> sec-se-0.0.1.jar to $SMX4.2/deploy folder (no error) >> 4. cd client, I'm not sure how you run the client, as for me I can't >> run client with maven, so I change pom.xml a bit, add sth like >> >> <plugin> >> <groupId>org.codehaus.mojo</groupId> >> <artifactId>exec-maven-plugin</artifactId> >> <configuration> >> >> <mainClass>com.mycompany.ws_sec_proto.Person_Soap_Client</mainClass> >> <includePluginDependencies>false</ >> includePluginDependencies> >> </configuration> >> </plugin> >> then "mvn compile exec:java". >> >> I get exception >> WARNING: Interceptor for {http://www.mycompany.com/ws-sec- >> proto}PersonService#{http://www.mycompany.com/ws-sec-proto}GetPerson >> has thrown exception, unwinding now >> org.apache.cxf.interceptor.Fault: Could not send Message. >> at org.apache.cxf.interceptor.MessageSenderInterceptor >> $ >> MessageSenderEndingInterceptor >> .handleMessage(MessageSenderInterceptor.java:64) >> at >> org >> .apache >> .cxf >> .phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java: >> 243) >> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:487) >> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313) >> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265) >> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java: >> 73) >> at >> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java: >> 124) >> at $Proxy38.getPerson(Unknown Source) >> at >> com >> .mycompany >> .ws_sec_proto.Person_Soap_Client.main(Person_Soap_Client.java:59) >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> at >> sun >> .reflect >> .NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java: >> 39) >> at >> sun >> .reflect >> .DelegatingMethodAccessorImpl >> .invoke(DelegatingMethodAccessorImpl.java: >> 25) >> at java.lang.reflect.Method.invoke(Method.java:597) >> at org.codehaus.mojo.exec.ExecJavaMojo$1.run(ExecJavaMojo.java:283) >> at java.lang.Thread.run(Thread.java:637) >> Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException >> invoking https://localhost:9001/PersonService/: >> sun.security.validator.ValidatorException: PKIX path building failed: >> sun.security.provider.certpath.SunCertPathBuilderException: unable to >> find valid certification path to requested target >> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native >> Method) >> at >> sun >> .reflect >> .NativeConstructorAccessorImpl >> .newInstance(NativeConstructorAccessorImpl.java:39) >> at >> sun >> .reflect >> .DelegatingConstructorAccessorImpl >> .newInstance(DelegatingConstructorAccessorImpl.java:27) >> at java.lang.reflect.Constructor.newInstance(Constructor.java:513) >> at org.apache.cxf.transport.http.HTTPConduit >> $WrappedOutputStream.mapException(HTTPConduit.java:2058) >> at org.apache.cxf.transport.http.HTTPConduit >> $WrappedOutputStream.close(HTTPConduit.java:2043) >> at >> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java: >> 66) >> at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java: >> 639) >> at org.apache.cxf.interceptor.MessageSenderInterceptor >> $ >> MessageSenderEndingInterceptor >> .handleMessage(MessageSenderInterceptor.java:62) >> ... 14 more >> Caused by: javax.net.ssl.SSLHandshakeException: >> sun.security.validator.ValidatorException: PKIX path building failed: >> sun.security.provider.certpath.SunCertPathBuilderException: unable to >> find valid certification path to requested target >> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java: >> 174) >> at >> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java: >> 1611) >> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java: >> 187) >> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java: >> 181) >> at >> com >> .sun >> .net >> .ssl >> .internal >> .ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java: >> 1035) >> at >> com >> .sun >> .net >> .ssl >> .internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java: >> 124) >> at >> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java: >> 516) >> at >> com >> .sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java: >> 454) >> at >> com >> .sun >> .net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java: >> 884) >> at >> com >> .sun >> .net >> .ssl >> .internal >> .ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java: >> 1112) >> at >> com >> .sun >> .net >> .ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java: >> 1139) >> at >> com >> .sun >> .net >> .ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java: >> 1123) >> at >> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java: >> 418) >> at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect >> (AbstractDelegateHttpsURLConnection.java:166) >> at >> sun >> .net >> .www >> .protocol >> .http.HttpURLConnection.getOutputStream(HttpURLConnection.java:896) >> at >> sun >> .net >> .www >> .protocol >> .https >> .HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java: >> 230) >> at org.apache.cxf.transport.http.HTTPConduit >> $WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1955) >> at org.apache.cxf.transport.http.HTTPConduit >> $WrappedOutputStream.onFirstWrite(HTTPConduit.java:1907) >> at >> org >> .apache >> .cxf >> .io >> .AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java: >> 42) >> at >> org >> .apache >> .cxf >> .io >> .AbstractThresholdOutputStream >> .write(AbstractThresholdOutputStream.java:69) >> at org.apache.cxf.transport.http.HTTPConduit >> $WrappedOutputStream.close(HTTPConduit.java:1974) >> ... 17 more >> Caused by: sun.security.validator.ValidatorException: PKIX path >> building failed: >> sun.security.provider.certpath.SunCertPathBuilderException: unable to >> find valid certification path to requested target >> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java: >> 285) >> at >> sun >> .security.validator.PKIXValidator.engineValidate(PKIXValidator.java: >> 191) >> at sun.security.validator.Validator.validate(Validator.java:218) >> at >> com >> .sun >> .net >> .ssl >> .internal >> .ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java: >> 126) >> at >> com >> .sun >> .net >> .ssl >> .internal >> .ssl >> .X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java: >> 209) >> at >> com >> .sun >> .net >> .ssl >> .internal >> .ssl >> .X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java: >> 249) >> at >> com >> .sun >> .net >> .ssl >> .internal >> .ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java: >> 1014) >> ... 33 more >> Caused by: >> sun.security.provider.certpath.SunCertPathBuilderException: >> unable to find valid certification path to requested target >> at >> sun >> .security >> .provider >> .certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174) >> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java: >> 238) >> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java: >> 280) >> ... 39 more >> >> At the same time, in servicemix.log, I get exception like >> 10:42:19,136 | WARN | @qtp-818227128-0 | >> jetty | service.jetty.internal.JCLLogger >> 115 | EXCEPTION >> javax.net.ssl.SSLHandshakeException: Received fatal alert: >> certificate_unknown >> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java: >> 174) >> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java: >> 136) >> at >> com >> .sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java: >> 1682) >> at >> com >> .sun >> .net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java: >> 932) >> at >> com >> .sun >> .net >> .ssl >> .internal >> .ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java: >> 1112) >> at >> com >> .sun >> .net >> .ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java: >> 1139) >> at >> com >> .sun >> .net >> .ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java: >> 1123) >> at org.mortbay.jetty.security.SslSocketConnector >> $SslConnection.run(SslSocketConnector.java:675) >> at org.mortbay.thread.QueuedThreadPool >> $PoolThread.run(QueuedThreadPool.java:582) >> >> >> My question is >> 1. This is the same exception you get? >> 2. Do I miss something, do I run the client same way as you do? >> >> From this exception, IMHO it's something incorrect(maybe >> configuration only) for you standalone cxf client side(unable to find >> valid certification path). >> >> As our original problem is Clallbackhandler CNFE, so I'm not sure if >> we saw same exception, so I give details what I've done, I just need >> ensure we are doing same thing, could you clarify? >> >> Freeman >> >> >>> >>> I'm starting to think this is a bug or something because I've tried >>> everything and nothing will work and it should be relatively simple. >>> >>> Much appreciated, >>> Vinh >>> >>> >>> >>> >>> Freeman Fang wrote: >>>> >>>> Well, several issues I can point now >>>> >>>> 1. what servicemix version you are using? >>>> Your bc and se pom.xml import >>>> org.apache.servicemix.cxf.transport.http_osgi, which indicate >>>> you're >>>> using very old servicemix version, as now http_osgi transport code >>>> move to cxf codebase, and the package should be >>>> org.apache.cxf.transport.http_osgi. Moreover, you don't need this >>>> package at all as you are use JBI endpoint which will use http >>>> transport underlying. >>>> I strongly recommend you use the latest released smx4.2. >>>> >>>> 2. your beans.xml for bc and se isn't correct. You are using OSGi >>>> package for JBI endpoint, we have a cxf-wsdl-first-osgi-package >>>> example shipped with kit which is exactly same as your scenario, >>>> you >>>> need take a look at it, especially how the pom.xml(Import-Package, >>>> Export-Package) and beans.xml looks like. Be careful for the >>>> <import >>>> resource="">, I don't think it's >>>> always necessary for your case. >>>> >>>> 3. You testcase is lack of the client side which send out soap >>>> message, I don't want to assume it myself as I need ensure what I >>>> do >>>> here is exactly same as what you've done. >>>> >>>> 4. Could you provide a clean testcase for me which just reproduce >>>> the >>>> callbackhandler class can't found error? If the testcase isn't so >>>> straightforward, I need a step by step instruction which tell me >>>> how >>>> to reproduce the exact error. For the current testcase I can't >>>> simply >>>> deploy it, after change several part I can deploy but get different >>>> error like >>>> javax.net.ssl.SSLException: Unrecognized SSL message, plaintext >>>> connection? >>>> at >>>> com >>>> .sun >>>> .net >>>> .ssl.internal.ssl.InputRecord.handleUnknownRecord(InputRecord.java: >>>> 523) >>>> at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java: >>>> 355) >>>> at >>>> com >>>> .sun >>>> .net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java: >>>> 789) >>>> at >>>> com >>>> .sun >>>> .net >>>> .ssl >>>> .internal >>>> .ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java: >>>> 1112) >>>> at >>>> com >>>> .sun >>>> .net >>>> .ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java: >>>> 1139) >>>> at >>>> com >>>> .sun >>>> .net >>>> .ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java: >>>> 1123) >>>> at org.mortbay.jetty.security.SslSocketConnector >>>> $SslConnection.run(SslSocketConnector.java:675) >>>> at org.mortbay.thread.QueuedThreadPool >>>> $PoolThread.run(QueuedThreadPool.java:582) >>>> >>>> I don't want assume what you do and change your testcase myself, I >>>> need ensure we are doing same thing. >>>> >>>> The simpler testcase which exactly reproduce the problem you >>>> described, the quicker you get help. >>>> >>>> >>>> Could you refactor your testcase based on cxf-wsdl-first-osgi- >>>> package >>>> against SMX4.2, if you follow my instruction but the problem still >>>> exist. :-) >>>> >>>> >>>> Freeman >>>> On 2010-6-4, at 上午2:54, nbdy wrote: >>>> >>>>> >>>>> Hi, I was trying to make a clean project for you to play with >>>>> but I >>>>> ran out >>>>> of time. So here's our original project with the SE and BC. >>>>> http://old.nabble.com/file/p28771556/useracctService.zip >>>>> useracctService.zip >>>>> >>>>> I had to replace the CXF-BC in my servicemix 4 w/ >>>>> http://repo2.maven.org/maven2/org/apache/servicemix/servicemix-cxf-bc/2010.01/servicemix-cxf-bc-2010.01.jar >>>>> servicemix-cxf-bc-2010.01.jar >>>>> w/ a hack by replace the cxf-bc in the lib dir. Couldn't figure >>>>> out >>>>> how to >>>>> get servicemix to get a different version of a packaged bundle. >>>>> >>>>> >>>>> Thanks, >>>>> Vinh >>>>> >>>>> >>>>> >>>>> Freeman Fang wrote: >>>>>> >>>>>> Hi, >>>>>> >>>>>> Not exactly sure what happened now. Actually we have a cxf-ws- >>>>>> security- >>>>>> osgi example shipped with kit and use callback handler class, >>>>>> this >>>>>> class can be found. >>>>>> Could you append your project(the one I can build and modify, not >>>>>> only >>>>>> the binary bundle jar), as well as your client which send out >>>>>> soap >>>>>> request? I'd like to play with it when I get chance. >>>>>> >>>>>> Freeman >>>>>> On 2010-6-2, at 下午9:06, nbdy wrote: >>>>>> >>>>>>> >>>>>>> Hi, yes I've had with the export package only, private-package >>>>>>> only, >>>>>>> and both >>>>>>> export and private package. They all resulted the same error. >>>>>>> >>>>>>> Vinh >>>>>>> >>>>>>> >>>>>>> >>>>>>> Freeman Fang wrote: >>>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> How about you remove >>>>>>>> >>>>>>>> <Private-Package> >>>>>>>> com.mycompany.useraccount >>>>>>>> </Private-Package> >>>>>>>> >>>>>>>> from your pom? >>>>>>>> >>>>>>>> Freeman >>>>>>>> On 2010-6-2, at 上午5:08, nbdy wrote: >>>>>>>> >>>>>>>>> >>>>>>>>> I'm trying to implement authentication with SSL as a ws- >>>>>>>>> security >>>>>>>>> policy on a >>>>>>>>> service inside of SMX4. So far I've been able to implement SSL >>>>>>>>> and >>>>>>>>> the >>>>>>>>> transport policy, but I've not been able to get the >>>>>>>>> authentication >>>>>>>>> part to >>>>>>>>> work. I've tried to attack this at many different angles but >>>>>>>>> I'm >>>>>>>>> just >>>>>>>>> missing something. I was wondering if you guys can help me. I >>>>>>>>> don't >>>>>>>>> know how >>>>>>>>> it cannot find my callback class since I've exported package >>>>>>>>> in >>>>>>>>> the >>>>>>>>> cxf.bundle config in the pom. >>>>>>>>> >>>>>>>>> Error response: >>>>>>>>> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/ >>>>>>>>> envelope/"> >>>>>>>>> <soap:Body> >>>>>>>>> <soap:Fault> >>>>>>>>> <faultcode>soap:Client</faultcode> >>>>>>>>> <faultstring>com.mycompany.useraccount.ServerPasswordCallback; >>>>>>>>> nested >>>>>>>>> exception is: >>>>>>>>> java.lang.ClassNotFoundException: >>>>>>>>> com.mycompany.useraccount.ServerPasswordCallback</faultstring> >>>>>>>>> </soap:Fault> >>>>>>>>> </soap:Body> >>>>>>>>> </soap:Envelope> >>>>>>>>> >>>>>>>>> Client request: >>>>>>>>> <soapenv:Envelope >>>>>>>>> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/ >>>>>>>>> " >>>>>>>>> xmlns:typ="http://www.mycompany.com/UserAccount/types";> >>>>>>>>> <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/ >>>>>>>>> addressing"> >>>>>>>>> <wsse:Security soapenv:mustUnderstand="1" >>>>>>>>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd >>>>>>>>> "> >>>>>>>>> <wsu:Timestamp wsu:Id="Timestamp-14" >>>>>>>>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >>>>>>>>> "> >>>>>>>>> <wsu:Created>2010-06-01T19:55:10.984Z</wsu:Created> >>>>>>>>> <wsu:Expires>2010-06-01T19:56:10.984Z</wsu:Expires> >>>>>>>>> </wsu:Timestamp> >>>>>>>>> <wsse:UsernameToken wsu:Id="UsernameToken-13" >>>>>>>>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >>>>>>>>> "> >>>>>>>>> <wsse:Username>joe</wsse:Username> >>>>>>>>> <wsse:Password >>>>>>>>> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText >>>>>>>>> ">joespassword</wsse:Password> >>>>>>>>> <wsse:Nonce >>>>>>>>> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary >>>>>>>>> ">o6HCEhy9dHH6zkBhdp/FLw==</wsse:Nonce> >>>>>>>>> <wsu:Created>2010-06-01T19:55:03.718Z</wsu:Created> >>>>>>>>> </wsse:UsernameToken> >>>>>>>>> </wsse:Security> >>>>>>>>> <wsa:Action>http://www.mycompany.com/UserAccount/UserAccountPortType/ApproveDenyAccountRequest >>>>>>>>> </wsa:Action> >>>>>>>>> </soapenv:Header> >>>>>>>>> <soapenv:Body> >>>>>>>>> <typ:ApproveDenyUserRequest> >>>>>>>>> <typ:pendingId>13</typ:pendingId> >>>>>>>>> <typ:approval>1</typ:approval> >>>>>>>>> </typ:ApproveDenyUserRequest> >>>>>>>>> </soapenv:Body> >>>>>>>>> </soapenv:Envelope> >>>>>>>>> >>>>>>>>> Servicemix log: >>>>>>>>> 15:55:16,812 | WARN | 7...@qtp-31267377-2 | WSS4JInInterceptor | >>>>>>>>> ecurity.wss4j.WSS4JInInterceptor 255 | >>>>>>>>> org.apache.ws.security.WSSecurityException: >>>>>>>>> com.mycompany.useraccount.ServerPasswordCallback; nested >>>>>>>>> exception >>>>>>>>> is: >>>>>>>>> java.lang.ClassNotFoundException: >>>>>>>>> com.mycompany.useraccount.ServerPasswordCallback >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .apache >>>>>>>>> .cxf >>>>>>>>> .ws >>>>>>>>> .security >>>>>>>>> .wss4j.WSS4JInInterceptor.getCallback(WSS4JInInterceptor.java: >>>>>>>>> 477) >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .apache >>>>>>>>> .cxf >>>>>>>>> .ws >>>>>>>>> .security >>>>>>>>> .wss4j >>>>>>>>> .WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java: >>>>>>>>> 195) >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .apache >>>>>>>>> .cxf >>>>>>>>> .ws >>>>>>>>> .security >>>>>>>>> .wss4j >>>>>>>>> .WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java: >>>>>>>>> 78) >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .apache >>>>>>>>> .cxf >>>>>>>>> .phase >>>>>>>>> .PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java: >>>>>>>>> 243) >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .apache >>>>>>>>> .cxf >>>>>>>>> .transport >>>>>>>>> .ChainInitiationObserver >>>>>>>>> .onMessage(ChainInitiationObserver.java: >>>>>>>>> 109) >>>>>>>>> at >>>>>>>>> org.apache.servicemix.cxfbc.CxfBcConsumer >>>>>>>>> $JbiChainInitiationObserver.onMessage(CxfBcConsumer.java:678) >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .apache >>>>>>>>> .cxf >>>>>>>>> .transport >>>>>>>>> .http_jetty >>>>>>>>> .JettyHTTPDestination >>>>>>>>> .serviceRequest(JettyHTTPDestination.java: >>>>>>>>> 312) >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .apache >>>>>>>>> .cxf >>>>>>>>> .transport >>>>>>>>> .http_jetty >>>>>>>>> .JettyHTTPDestination.doService(JettyHTTPDestination.java: >>>>>>>>> 276) >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .apache >>>>>>>>> .cxf >>>>>>>>> .transport >>>>>>>>> .http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java: >>>>>>>>> 70) >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .mortbay >>>>>>>>> .jetty.handler.ContextHandler.handle(ContextHandler.java: >>>>>>>>> 765) >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .mortbay >>>>>>>>> .jetty >>>>>>>>> .handler >>>>>>>>> .ContextHandlerCollection >>>>>>>>> .handle(ContextHandlerCollection.java: >>>>>>>>> 230) >>>>>>>>> at >>>>>>>>> org.mortbay.jetty.handler.HandlerList.handle(HandlerList.java: >>>>>>>>> 49) >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .mortbay >>>>>>>>> .jetty.handler.HandlerWrapper.handle(HandlerWrapper.java: >>>>>>>>> 152) >>>>>>>>> at org.mortbay.jetty.Server.handle(Server.java:326) >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .mortbay >>>>>>>>> .jetty.HttpConnection.handleRequest(HttpConnection.java: >>>>>>>>> 542) >>>>>>>>> at >>>>>>>>> org.mortbay.jetty.HttpConnection >>>>>>>>> $RequestHandler.content(HttpConnection.java:938) >>>>>>>>> at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:755) >>>>>>>>> at >>>>>>>>> org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java: >>>>>>>>> 218) >>>>>>>>> at >>>>>>>>> org.mortbay.jetty.HttpConnection.handle(HttpConnection.java: >>>>>>>>> 404) >>>>>>>>> at >>>>>>>>> org.mortbay.jetty.bio.SocketConnector >>>>>>>>> $Connection.run(SocketConnector.java:228) >>>>>>>>> at >>>>>>>>> org.mortbay.jetty.security.SslSocketConnector >>>>>>>>> $SslConnection.run(SslSocketConnector.java:680) >>>>>>>>> at >>>>>>>>> org.mortbay.thread.QueuedThreadPool >>>>>>>>> $PoolThread.run(QueuedThreadPool.java:582) >>>>>>>>> Caused by: java.lang.ClassNotFoundException: >>>>>>>>> com.mycompany.useraccount.ServerPasswordCallback >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .eclipse >>>>>>>>> .osgi >>>>>>>>> .internal >>>>>>>>> .loader.BundleLoader.findClassInternal(BundleLoader.java: >>>>>>>>> 494) >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .eclipse >>>>>>>>> .osgi >>>>>>>>> .internal.loader.BundleLoader.findClass(BundleLoader.java: >>>>>>>>> 410) >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .eclipse >>>>>>>>> .osgi >>>>>>>>> .internal.loader.BundleLoader.findClass(BundleLoader.java: >>>>>>>>> 398) >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .eclipse >>>>>>>>> .osgi >>>>>>>>> .internal >>>>>>>>> .baseadaptor >>>>>>>>> .DefaultClassLoader.loadClass(DefaultClassLoader.java: >>>>>>>>> 105) >>>>>>>>> at java.lang.ClassLoader.loadClass(ClassLoader.java:252) >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .apache >>>>>>>>> .cxf >>>>>>>>> .common >>>>>>>>> .classloader >>>>>>>>> .ClassLoaderUtils.loadClass2(ClassLoaderUtils.java: >>>>>>>>> 236) >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .apache >>>>>>>>> .cxf >>>>>>>>> .common >>>>>>>>> .classloader.ClassLoaderUtils.loadClass(ClassLoaderUtils.java: >>>>>>>>> 222) >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .apache >>>>>>>>> .cxf >>>>>>>>> .ws >>>>>>>>> .security >>>>>>>>> .wss4j.WSS4JInInterceptor.getCallback(WSS4JInInterceptor.java: >>>>>>>>> 475) >>>>>>>>> ... 21 more >>>>>>>>> 15:55:16,812 | WARN | 7...@qtp-31267377-2 | >>>>>>>>> PhaseInterceptorChain | >>>>>>>>> ache.cxf.common.logging.LogUtils 361 | Interceptor for >>>>>>>>> {http://www.mycompany.com/UserAccount}UserAccountService has >>>>>>>>> thrown >>>>>>>>> exception, unwinding now >>>>>>>>> org.apache.cxf.binding.soap.SoapFault: >>>>>>>>> com.mycompany.useraccount.ServerPasswordCallback; nested >>>>>>>>> exception >>>>>>>>> is: >>>>>>>>> java.lang.ClassNotFoundException: >>>>>>>>> com.mycompany.useraccount.ServerPasswordCallback >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .apache >>>>>>>>> .cxf >>>>>>>>> .ws >>>>>>>>> .security >>>>>>>>> .wss4j >>>>>>>>> .WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java: >>>>>>>>> 583) >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .apache >>>>>>>>> .cxf >>>>>>>>> .ws >>>>>>>>> .security >>>>>>>>> .wss4j >>>>>>>>> .WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java: >>>>>>>>> 256) >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .apache >>>>>>>>> .cxf >>>>>>>>> .ws >>>>>>>>> .security >>>>>>>>> .wss4j >>>>>>>>> .WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java: >>>>>>>>> 78) >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .apache >>>>>>>>> .cxf >>>>>>>>> .phase >>>>>>>>> .PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java: >>>>>>>>> 243) >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .apache >>>>>>>>> .cxf >>>>>>>>> .transport >>>>>>>>> .ChainInitiationObserver >>>>>>>>> .onMessage(ChainInitiationObserver.java: >>>>>>>>> 109) >>>>>>>>> at >>>>>>>>> org.apache.servicemix.cxfbc.CxfBcConsumer >>>>>>>>> $JbiChainInitiationObserver.onMessage(CxfBcConsumer.java:678) >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .apache >>>>>>>>> .cxf >>>>>>>>> .transport >>>>>>>>> .http_jetty >>>>>>>>> .JettyHTTPDestination >>>>>>>>> .serviceRequest(JettyHTTPDestination.java: >>>>>>>>> 312) >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .apache >>>>>>>>> .cxf >>>>>>>>> .transport >>>>>>>>> .http_jetty >>>>>>>>> .JettyHTTPDestination.doService(JettyHTTPDestination.java: >>>>>>>>> 276) >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .apache >>>>>>>>> .cxf >>>>>>>>> .transport >>>>>>>>> .http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java: >>>>>>>>> 70) >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .mortbay >>>>>>>>> .jetty.handler.ContextHandler.handle(ContextHandler.java: >>>>>>>>> 765) >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .mortbay >>>>>>>>> .jetty >>>>>>>>> .handler >>>>>>>>> .ContextHandlerCollection >>>>>>>>> .handle(ContextHandlerCollection.java: >>>>>>>>> 230) >>>>>>>>> at >>>>>>>>> org.mortbay.jetty.handler.HandlerList.handle(HandlerList.java: >>>>>>>>> 49) >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .mortbay >>>>>>>>> .jetty.handler.HandlerWrapper.handle(HandlerWrapper.java: >>>>>>>>> 152) >>>>>>>>> at org.mortbay.jetty.Server.handle(Server.java:326) >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .mortbay >>>>>>>>> .jetty.HttpConnection.handleRequest(HttpConnection.java: >>>>>>>>> 542) >>>>>>>>> at >>>>>>>>> org.mortbay.jetty.HttpConnection >>>>>>>>> $RequestHandler.content(HttpConnection.java:938) >>>>>>>>> at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:755) >>>>>>>>> at >>>>>>>>> org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java: >>>>>>>>> 218) >>>>>>>>> at >>>>>>>>> org.mortbay.jetty.HttpConnection.handle(HttpConnection.java: >>>>>>>>> 404) >>>>>>>>> at >>>>>>>>> org.mortbay.jetty.bio.SocketConnector >>>>>>>>> $Connection.run(SocketConnector.java:228) >>>>>>>>> at >>>>>>>>> org.mortbay.jetty.security.SslSocketConnector >>>>>>>>> $SslConnection.run(SslSocketConnector.java:680) >>>>>>>>> at >>>>>>>>> org.mortbay.thread.QueuedThreadPool >>>>>>>>> $PoolThread.run(QueuedThreadPool.java:582) >>>>>>>>> Caused by: org.apache.ws.security.WSSecurityException: >>>>>>>>> com.mycompany.useraccount.ServerPasswordCallback; nested >>>>>>>>> exception >>>>>>>>> is: >>>>>>>>> java.lang.ClassNotFoundException: >>>>>>>>> com.mycompany.useraccount.ServerPasswordCallback >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .apache >>>>>>>>> .cxf >>>>>>>>> .ws >>>>>>>>> .security >>>>>>>>> .wss4j.WSS4JInInterceptor.getCallback(WSS4JInInterceptor.java: >>>>>>>>> 477) >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .apache >>>>>>>>> .cxf >>>>>>>>> .ws >>>>>>>>> .security >>>>>>>>> .wss4j >>>>>>>>> .WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java: >>>>>>>>> 195) >>>>>>>>> ... 20 more >>>>>>>>> Caused by: java.lang.ClassNotFoundException: >>>>>>>>> com.mycompany.useraccount.ServerPasswordCallback >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .eclipse >>>>>>>>> .osgi >>>>>>>>> .internal >>>>>>>>> .loader.BundleLoader.findClassInternal(BundleLoader.java: >>>>>>>>> 494) >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .eclipse >>>>>>>>> .osgi >>>>>>>>> .internal.loader.BundleLoader.findClass(BundleLoader.java: >>>>>>>>> 410) >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .eclipse >>>>>>>>> .osgi >>>>>>>>> .internal.loader.BundleLoader.findClass(BundleLoader.java: >>>>>>>>> 398) >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .eclipse >>>>>>>>> .osgi >>>>>>>>> .internal >>>>>>>>> .baseadaptor >>>>>>>>> .DefaultClassLoader.loadClass(DefaultClassLoader.java: >>>>>>>>> 105) >>>>>>>>> at java.lang.ClassLoader.loadClass(ClassLoader.java:252) >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .apache >>>>>>>>> .cxf >>>>>>>>> .common >>>>>>>>> .classloader >>>>>>>>> .ClassLoaderUtils.loadClass2(ClassLoaderUtils.java: >>>>>>>>> 236) >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .apache >>>>>>>>> .cxf >>>>>>>>> .common >>>>>>>>> .classloader.ClassLoaderUtils.loadClass(ClassLoaderUtils.java: >>>>>>>>> 222) >>>>>>>>> at >>>>>>>>> org >>>>>>>>> .apache >>>>>>>>> .cxf >>>>>>>>> .ws >>>>>>>>> .security >>>>>>>>> .wss4j.WSS4JInInterceptor.getCallback(WSS4JInInterceptor.java: >>>>>>>>> 475) >>>>>>>>> ... 21 more >>>>>>>>> >>>>>>>>> xbeans.xml: >>>>>>>>> >>>>>>>>> <beans xmlns="http://www.springframework.org/schema/beans"; >>>>>>>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >>>>>>>>> xmlns:cxfbc="http://servicemix.apache.org/cxfbc/1.0"; >>>>>>>>> xmlns:nwec="http://www.mycompany.com/UserAccount"; >>>>>>>>> xmlns:util="http://www.springframework.org/schema/util"; >>>>>>>>> xmlns:httpj="http://cxf.apache.org/transports/http-jetty/ >>>>>>>>> configuration" >>>>>>>>> xmlns:http="http://cxf.apache.org/transports/http/configuration >>>>>>>>> " >>>>>>>>> xmlns:sec="http://cxf.apache.org/configuration/security"; >>>>>>>>> xsi:schemaLocation=" >>>>>>>>> http://www.springframework.org/schema/beans >>>>>>>>> http://www.springframework.org/schema/beans/spring-beans.xsd >>>>>>>>> http://www.springframework.org/schema/util >>>>>>>>> http://www.springframework.org/schema/util/spring-util.xsd >>>>>>>>> http://servicemix.apache.org/cxfbc/1.0 >>>>>>>>> http://repo2.maven.org/maven2/org/apache/servicemix/servicemix-cxf-bc/2010.01/servicemix-cxf-bc-2010.01.xsd >>>>>>>>> http://cxf.apache.org/transports/http-jetty/configuration >>>>>>>>> http://cxf.apache.org/schemas/configuration/http-jetty.xsd >>>>>>>>> http://cxf.apache.org/transports/http/configuration >>>>>>>>> http://cxf.apache.org/schemas/configuration/http-conf.xsd"; > >>>>>>>>> >>>>>>>>> <import resource="classpath:META-INF/cxf/cxf.xml" /> >>>>>>>>> <import resource="classpath:META-INF/cxf/cxf-extension- >>>>>>>>> soap.xml" /> >>>>>>>>> <import resource="classpath:META-INF/cxf/cxf-extension- >>>>>>>>> http.xml" /> >>>>>>>>> <import resource="classpath:META-INF/cxf/osgi/cxf-extension- >>>>>>>>> osgi.xml" /> >>>>>>>>> <import resource="classpath:META-INF/cxf/cxf-extension- >>>>>>>>> policy.xml" /> >>>>>>>>> <import resource="classpath:META-INF/cxf/cxf-extension-ws- >>>>>>>>> security.xml" /> >>>>>>>>> >>>>>>>>> <cxfbc:consumer wsdl="classpath:wsdl/UserAccount.wsdl" >>>>>>>>> targetService="nwec:UserAccountService" >>>>>>>>> targetEndpoint="endpoint" >>>>>>>>> useJBIWrapper="false" useSOAPEnvelope="false" >>>>>>>>> properties="#properties" >>>>>>>>> locationURI="https://localhost:9001/useraccount";> >>>>>>>>> </cxfbc:consumer> >>>>>>>>> >>>>>>>>> <util:map id="properties"> >>>>>>>>> <entry >>>>>>>>> value="com.mycompany.useraccount.ServerPasswordCallback"> >>>>>>>>> <key> >>>>>>>>> <util:constant >>>>>>>>> static- >>>>>>>>> field >>>>>>>>> = >>>>>>>>> "org >>>>>>>>> .apache.cxf.ws.security.SecurityConstants.CALLBACK_HANDLER" >>>>>>>>> /> >>>>>>>>> </key> >>>>>>>>> </entry> >>>>>>>>> </util:map> >>>>>>>>> >>>>>>>>> <httpj:engine-factory bus="cxf"> >>>>>>>>> <httpj:engine port="9001"> >>>>>>>>> <httpj:tlsServerParameters> >>>>>>>>> <sec:keyManagers keyPassword="password"> >>>>>>>>> <sec:keyStore type="JKS" password="password" resource="certs/ >>>>>>>>> cherry.jks" /> >>>>>>>>> </sec:keyManagers> >>>>>>>>> <sec:cipherSuitesFilter> >>>>>>>>> <sec:include>.*_WITH_3DES_.*</sec:include> >>>>>>>>> <sec:include>.*_WITH_DES_.*</sec:include> >>>>>>>>> <sec:exclude>.*_WITH_NULL_.*</sec:exclude> >>>>>>>>> <sec:exclude>.*_DH_anon_.*</sec:exclude> >>>>>>>>> </sec:cipherSuitesFilter> >>>>>>>>> <sec:clientAuthentication want="false" >>>>>>>>> required="false" /> >>>>>>>>> </httpj:tlsServerParameters> >>>>>>>>> </httpj:engine> >>>>>>>>> </httpj:engine-factory> >>>>>>>>> >>>>>>>>> <bean id="cxf" class="org.apache.cxf.bus.CXFBusImpl" /> >>>>>>>>> >>>>>>>>> <bean >>>>>>>>> class="org.apache.servicemix.common.osgi.EndpointExporter" /> >>>>>>>>> >>>>>>>>> </beans> >>>>>>>>> >>>>>>>>> wsdl: >>>>>>>>> <?xml version="1.0" encoding="UTF-8"?> >>>>>>>>> <wsdl:definitions xmlns:wsdl="http://schemas.xmlsoap.org/ >>>>>>>>> wsdl/" >>>>>>>>> xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"; >>>>>>>>> xmlns:http="http://schemas.xmlsoap.org/wsdl/http/"; >>>>>>>>> xmlns:xs="http://www.w3.org/2001/XMLSchema"; >>>>>>>>> xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"; >>>>>>>>> xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/"; >>>>>>>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >>>>>>>>> xmlns:tns="http://www.mycompany.com/UserAccount"; >>>>>>>>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >>>>>>>>> " >>>>>>>>> xmlns:fi="http://java.sun.com/xml/ns/wsit/2006/09/policy/fastinfoset/service >>>>>>>>> " >>>>>>>>> xmlns:tcp="http://java.sun.com/xml/ns/wsit/2006/09/policy/soaptcp/service >>>>>>>>> " >>>>>>>>> xmlns:sc="http://schemas.sun.com/2006/03/wss/server"; >>>>>>>>> xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy"; >>>>>>>>> xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust"; >>>>>>>>> xmlns:wsaw="http://www.w3.org/2005/08/addressing"; >>>>>>>>> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; >>>>>>>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/ >>>>>>>>> securitypolicy" >>>>>>>>> xmlns:tc="http://schemas.sun.com/ws/2006/05/trust/server"; >>>>>>>>> xmlns:ns="http://www.mycompany.com/UserAccount/types"; >>>>>>>>> targetNamespace="http://www.mycompany.com/UserAccount";> >>>>>>>>> <wsdl:types> >>>>>>>>> ... >>>>>>>>> </wsdl:types> >>>>>>>>> ... >>>>>>>>> <wsdl:portType name="UserAccountPortType"> >>>>>>>>> ... >>>>>>>>> </wsdl:portType> >>>>>>>>> <wsdl:binding name="UserAccountBinding" >>>>>>>>> type="tns:UserAccountPortType"> >>>>>>>>> <soap:binding style="document" >>>>>>>>> transport="http://schemas.xmlsoap.org/soap/http"; /> >>>>>>>>> <wsp:PolicyReference URI="#UserAccountBindingPolicy" /> >>>>>>>>> ... >>>>>>>>> </wsdl:binding> >>>>>>>>> <wsdl:service name="UserAccountService"> >>>>>>>>> <wsdl:port name="UserAccountPort" >>>>>>>>> binding="tns:UserAccountBinding"> >>>>>>>>> <soap:address location="https://localhost:9001/useraccount"; /> >>>>>>>>> </wsdl:port> >>>>>>>>> </wsdl:service> >>>>>>>>> >>>>>>>>> <wsp:Policy wsu:Id="UserAccountBindingPolicy"> >>>>>>>>> <wsp:ExactlyOne> >>>>>>>>> <wsp:All> >>>>>>>>> <wsaw:UsingAddressing >>>>>>>>> xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl >>>>>>>>> " >>>>>>>>> wsp:Optional="true" /> >>>>>>>>> <sp:TransportBinding> >>>>>>>>> <wsp:Policy> >>>>>>>>> <sp:TransportToken> >>>>>>>>> <wsp:Policy> >>>>>>>>> <sp:HttpsToken RequireClientCertificate="false"/> >>>>>>>>> </wsp:Policy> >>>>>>>>> </sp:TransportToken> >>>>>>>>> <sp:Layout> >>>>>>>>> <wsp:Policy> >>>>>>>>> <sp:Lax/> >>>>>>>>> </wsp:Policy> >>>>>>>>> </sp:Layout> >>>>>>>>> <sp:IncludeTimestamp/> >>>>>>>>> <sp:AlgorithmSuite> >>>>>>>>> <wsp:Policy> >>>>>>>>> <sp:Basic128/> >>>>>>>>> </wsp:Policy> >>>>>>>>> </sp:AlgorithmSuite> >>>>>>>>> </wsp:Policy> >>>>>>>>> </sp:TransportBinding> >>>>>>>>> <sp:SupportingTokens> >>>>>>>>> <wsp:Policy> >>>>>>>>> <sp:UsernameToken >>>>>>>>> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient >>>>>>>>> "> >>>>>>>>> <wsp:Policy> >>>>>>>>> <sp:WssUsernameToken10 /> >>>>>>>>> </wsp:Policy> >>>>>>>>> </sp:UsernameToken> >>>>>>>>> </wsp:Policy> >>>>>>>>> </sp:SupportingTokens> >>>>>>>>> <sp:Wss11 /> >>>>>>>>> </wsp:All> >>>>>>>>> </wsp:ExactlyOne> >>>>>>>>> </wsp:Policy> >>>>>>>>> </wsdl:definitions> >>>>>>>>> >>>>>>>>> pom: >>>>>>>>> <?xml version="1.0" encoding="UTF-8"?> >>>>>>>>> <project xmlns="http://maven.apache.org/POM/4.0.0"; >>>>>>>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >>>>>>>>> xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 >>>>>>>>> http://maven.apache.org/maven-v4_0_0.xsd";> >>>>>>>>> >>>>>>>>> <!-- >>>>>>>>> >>>>>>>>> Licensed to the Apache Software Foundation (ASF) under one or >>>>>>>>> more >>>>>>>>> contributor license agreements. See the NOTICE file >>>>>>>>> distributed >>>>>>>>> with >>>>>>>>> this work for additional information regarding copyright >>>>>>>>> ownership. >>>>>>>>> The ASF licenses this file to You under the Apache License, >>>>>>>>> Version >>>>>>>>> 2.0 (the "License"); you may not use this file except in >>>>>>>>> compliance >>>>>>>>> with the License. You may obtain a copy of the License at >>>>>>>>> >>>>>>>>> http://www.apache.org/licenses/LICENSE-2.0 Unless required by >>>>>>>>> applicable law or agreed to in writing, software distributed >>>>>>>>> under >>>>>>>>> the >>>>>>>>> License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES >>>>>>>>> OR >>>>>>>>> CONDITIONS OF ANY KIND, either express or implied. See the >>>>>>>>> License >>>>>>>>> for >>>>>>>>> the specific language governing permissions and limitations >>>>>>>>> under >>>>>>>>> the >>>>>>>>> License. >>>>>>>>> --> >>>>>>>>> >>>>>>>>> <modelVersion>4.0.0</modelVersion> >>>>>>>>> >>>>>>>>> <groupId>com.mycompany</groupId> >>>>>>>>> <artifactId>useraccount-bc</artifactId> >>>>>>>>> <packaging>bundle</packaging> >>>>>>>>> <name>User Account BC</name> >>>>>>>>> <version>0.0.1-SNAPSHOT</version> >>>>>>>>> <url>http://www.mycompany.com</url> >>>>>>>>> >>>>>>>>> <repositories> >>>>>>>>> <repository> >>>>>>>>> <id>open.iona.m2</id> >>>>>>>>> <name>IONA Open Source Community Release Repository</name> >>>>>>>>> <url>http://repo.open.iona.com/maven2</url> >>>>>>>>> <snapshots> >>>>>>>>> <enabled>false</enabled> >>>>>>>>> </snapshots> >>>>>>>>> <releases> >>>>>>>>> <enabled>true</enabled> >>>>>>>>> </releases> >>>>>>>>> </repository> >>>>>>>>> <repository> >>>>>>>>> <id>open.iona.m2-snapshot</id> >>>>>>>>> <name>IONA Open Source Community Snapshot Repository</name> >>>>>>>>> <url>http://repo.open.iona.com/maven2-snapshot</url> >>>>>>>>> <snapshots> >>>>>>>>> <enabled>true</enabled> >>>>>>>>> </snapshots> >>>>>>>>> <releases> >>>>>>>>> <enabled>false</enabled> >>>>>>>>> </releases> >>>>>>>>> </repository> >>>>>>>>> </repositories> >>>>>>>>> <pluginRepositories> >>>>>>>>> <pluginRepository> >>>>>>>>> <id>open.iona.m2</id> >>>>>>>>> <name>IONA Open Source Community Release Repository</name> >>>>>>>>> <url>http://repo.open.iona.com/maven2</url> >>>>>>>>> <snapshots> >>>>>>>>> <enabled>false</enabled> >>>>>>>>> </snapshots> >>>>>>>>> <releases> >>>>>>>>> <enabled>true</enabled> >>>>>>>>> </releases> >>>>>>>>> </pluginRepository> >>>>>>>>> <pluginRepository> >>>>>>>>> <id>open.iona.m2-snapshot</id> >>>>>>>>> <name>IONA Open Source Community Snapshot Repository</name> >>>>>>>>> <url>http://repo.open.iona.com/maven2-snapshot</url> >>>>>>>>> <snapshots> >>>>>>>>> <enabled>true</enabled> >>>>>>>>> </snapshots> >>>>>>>>> <releases> >>>>>>>>> <enabled>false</enabled> >>>>>>>>> </releases> >>>>>>>>> </pluginRepository> >>>>>>>>> </pluginRepositories> >>>>>>>>> >>>>>>>>> <dependencies> >>>>>>>>> <dependency> >>>>>>>>> <groupId>org.apache.geronimo.specs</groupId> >>>>>>>>> <artifactId>geronimo-ws-metadata_2.0_spec</artifactId> >>>>>>>>> <version>1.1.2</version> >>>>>>>>> </dependency> >>>>>>>>> <dependency> >>>>>>>>> <groupId>javax.xml.bind</groupId> >>>>>>>>> <artifactId>jaxb-api</artifactId> >>>>>>>>> <version>2.1</version> >>>>>>>>> </dependency> >>>>>>>>> <dependency> >>>>>>>>> <groupId>javax.xml.ws</groupId> >>>>>>>>> <artifactId>jaxws-api</artifactId> >>>>>>>>> <version>2.1</version> >>>>>>>>> </dependency> >>>>>>>>> <dependency> >>>>>>>>> <groupId>org.apache.cxf</groupId> >>>>>>>>> <artifactId>cxf-rt-ws-security</artifactId> >>>>>>>>> <version>${cxf.version}</version> >>>>>>>>> </dependency> >>>>>>>>> <dependency> >>>>>>>>> <groupId>org.apache.cxf</groupId> >>>>>>>>> <artifactId>cxf-rt-ws-policy</artifactId> >>>>>>>>> <version>${cxf.version}</version> >>>>>>>>> </dependency> >>>>>>>>> </dependencies> >>>>>>>>> >>>>>>>>> <build> >>>>>>>>> <defaultGoal>install</defaultGoal> >>>>>>>>> <plugins> >>>>>>>>> <plugin> >>>>>>>>> <groupId>org.apache.maven.plugins</groupId> >>>>>>>>> <artifactId>maven-compiler-plugin</artifactId> >>>>>>>>> <configuration> >>>>>>>>> <source>1.5</source> >>>>>>>>> <target>1.5</target> >>>>>>>>> </configuration> >>>>>>>>> </plugin> >>>>>>>>> <plugin> >>>>>>>>> <groupId>org.apache.felix</groupId> >>>>>>>>> <artifactId>maven-bundle-plugin</artifactId> >>>>>>>>> <extensions>true</extensions> >>>>>>>>> <configuration> >>>>>>>>> <instructions> >>>>>>>>> <Bundle-SymbolicName>${pom.artifactId}</Bundle-SymbolicName> >>>>>>>>> <Import-Package> >>>>>>>>> *, >>>>>>>>> javax.jws, >>>>>>>>> javax.wsdl, >>>>>>>>> javax.xml.bind, >>>>>>>>> javax.xml.bind.annotation, >>>>>>>>> javax.xml.namespace, >>>>>>>>> javax.xml.ws, >>>>>>>>> META-INF.cxf, >>>>>>>>> META-INF.cxf.osgi, >>>>>>>>> org.apache.cxf.bus, >>>>>>>>> org.apache.cxf.bus.spring, >>>>>>>>> org.apache.cxf.bus.resource, >>>>>>>>> org.apache.cxf.configuration.spring, >>>>>>>>> org.apache.cxf.resource, >>>>>>>>> org.apache.cxf.jaxws, >>>>>>>>> org.apache.cxf.ws.security.wss4j, >>>>>>>>> org.apache.servicemix.common.osgi, >>>>>>>>> org.apache.servicemix.cxf.transport.http_osgi, >>>>>>>>> org.apache.servicemix.cxfbc, >>>>>>>>> org.springframework.beans.factory.config, >>>>>>>>> javax.security.auth.callback, >>>>>>>>> org.apache.ws.security >>>>>>>>> </Import-Package> >>>>>>>>> <Export-Package> >>>>>>>>> com.mycompany.useraccount >>>>>>>>> </Export-Package> >>>>>>>>> <Private-Package> >>>>>>>>> com.mycompany.useraccount >>>>>>>>> </Private-Package> >>>>>>>>> <!-- Update Private Package tag with appropriate package name >>>>>>>>> --> >>>>>>>>> <Require-Bundle>org.apache.cxf.bundle</Require-Bundle> >>>>>>>>> </instructions> >>>>>>>>> </configuration> >>>>>>>>> </plugin> >>>>>>>>> </plugins> >>>>>>>>> </build> >>>>>>>>> <properties> >>>>>>>>> <cxf.version>2.2.6</cxf.version> >>>>>>>>> </properties> >>>>>>>>> >>>>>>>>> </project> >>>>>>>>> -- >>>>>>>>> View this message in context: >>>>>>>>> http://old.nabble.com/cxf-bc-ws-security-callback-classnotfoundexception-tp28747501p28747501.html >>>>>>>>> Sent from the ServiceMix - User mailing list archive at >>>>>>>>> Nabble.com. >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Freeman Fang >>>>>>>> ------------------------ >>>>>>>> Open Source SOA: http://fusesource.com >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> -- >>>>>>> View this message in context: >>>>>>> http://old.nabble.com/cxf-bc-ws-security-callback-classnotfoundexception-tp28747501p28754241.html >>>>>>> Sent from the ServiceMix - User mailing list archive at >>>>>>> Nabble.com. >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Freeman Fang >>>>>> ------------------------ >>>>>> Open Source SOA: http://fusesource.com >>>>>> >>>>>> >>>>>> >>>>> >>>>> -- >>>>> View this message in context: >>>>> http://old.nabble.com/cxf-bc-ws-security-callback-classnotfoundexception-tp28747501p28771556.html >>>>> Sent from the ServiceMix - User mailing list archive at >>>>> Nabble.com. >>>>> >>>> >>>> >>>> -- >>>> Freeman Fang >>>> ------------------------ >>>> Open Source SOA: http://fusesource.com >>>> >>>> >>>> >>> http://old.nabble.com/file/p28860520/ws-sec-test.zip ws-sec-test.zip >>> -- >>> View this message in context: >>> http://old.nabble.com/cxf-bc-ws-security-callback-classnotfoundexception-tp28747501p28860520.html >>> Sent from the ServiceMix - User mailing list archive at Nabble.com. >>> >> >> >> -- >> Freeman Fang >> ------------------------ >> Open Source SOA: http://fusesource.com >> >> >> > > -- > View this message in context: > http://old.nabble.com/cxf-bc-ws-security-callback-classnotfoundexception-tp28747501p28875886.html > Sent from the ServiceMix - User mailing list archive at Nabble.com. > -- Freeman Fang ------------------------ Open Source SOA: http://fusesource.com -- View this message in context: http://old.nabble.com/cxf-bc-ws-security-callback-classnotfoundexception-tp28747501p28880483.html Sent from the ServiceMix - User mailing list archive at Nabble.com.
