-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Jose,
On 6/19/13 11:04 AM, Jose María Zaragoza wrote: > This isn't an error in Tomcat, but it's an error what happens in > my web application by using Apache CXF + WSS4J. > > I'm using Tomcat 6.0.24 and I've found that it's fixed in 7.0.41 ( > but not in 6.03.7 ) I'm surprised that it works in later versions of Tomcat, given what I suspect the problem to be. > But , for bussiness matters, I cannot upgrade from 6.0.24 to 7.x You should at least upgrade to 6.0.37. 6.0.24 was a long time ago, and security fixes are available. You are 3 years out of date right now: https://tomcat.apache.org/security-6.html > I would like if somebody can address to me about what I could > patch in my Tomcat 6.x server to fix some that was solved in 7.x. > If more info is needed , I don't any problem providing it I believe it is your web application that needs to be patched. > When I redeploy my WAR into Tomcat server *without restart it* , > I always get the next exception: > > Caused by: org.apache.ws.security.WSSecurityException: Error during > Signature: Why is your web application attempting to get a message's signature during shutdown? > at > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:133) > > > ~[cxf-rt-frontend-jaxws-2.7.3.jar:2.7.3] > ... 41 common frames omitted .. oh, we won't know. > Caused by: org.apache.ws.security.WSSecurityException: Signature > creation failed at > org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:558) > > > ~[wss4j-1.6.9.jar:1.6.9] > at > org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:99) > > > ~[wss4j-1.6.9.jar:1.6.9] > ... 52 common frames omitted Caused by: > java.lang.NullPointerException: null at > org.apache.jcp.xml.dsig.internal.dom.DOMReference.marshal(DOMReference.java:297) > > > ~[xmlsec-1.5.3.jar:1.5.3] > at > org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo.marshal(DOMSignedInfo.java:268) > > > ~[xmlsec-1.5.3.jar:1.5.3] > at > org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.marshal(DOMXMLSignature.java:216) > > > ~[xmlsec-1.5.3.jar:1.5.3] > at > org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:329) > > > ~[xmlsec-1.5.3.jar:1.5.3] > at > org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:553) > > > ~[wss4j-1.6.9.jar:1.6.9] > ... 53 common frames omitted It would be great to see the full stack trace with no "common frames omitted". > Any idea ? I think you have to use a ServletContextListener to properly tear-down your resources, otherwise they may be torn-down after Tomcat does things such as nulling-out static field references, which is likely to be the problem you are encountering, here. > I've to restart Tomcat server and all works fine again Looks like > a leak > > When fails, if I enable debug logging level, I don't see the the > log message in DOMReference.java , line 297 > > if (log.isDebugEnabled()) { log.debug("Marshalling Reference"); > > } That's because the "log" reference is null. If you just want Tomcat to stop throwing this error, you could probably set this system property when running Tomcat: - -Dorg.apache.catalina.loader. WebappClassLoader.ENABLE_CLEAR_REFERENCES=false http://tomcat.apache.org/tomcat-6.0-doc/config/systemprops.html#Other You probably will still have a resource-management problem, but it might stop bombing when you reload your webapp. Hope that helps, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJRwhC0AAoJEBzwKT+lPKRYPYIP/0qVTz/bfJb71+4qGMVAWRv6 LlU4x9SD1ESE0dPsDOH9nVlRQvXh0mb092ASUKN/yZS0zTD63sjRWWGintotu75L p04TwKrWBbu3rgTKwZBxmAz83TIH7LnN79T09xNKhQhmjQorTjzJGncWXN5lv5Sr pRukKbT8xOwRZH0K2QiOv/vUikdYOXEO2RNpNexohmvKKHHcDifiedtyB/EhHd3h sqM5leCkg6XU0YBMsyokqB1Svv4u5aTxjBJoC9NXKHIvwj3ozIsgFc/FN8BstDh4 vuqC9mIaz4QJWx3vWleJ/6WWLmQ41JrFIG0KtA3gTcLmGpoo7033YMoQ7Dk0cgi2 3RSqMcAVY1y14X1UGv7Qc5WTJl1a1Fz5Uc1HPrGFl0TsPM9N1louZi6pp8VyCEth 8LFMvTiIhCVOxW8DK5ns0jI90VDEMeGaN9zM+OFYVYc3STd4IuQC1iE375nhP9oC XgIxe6blKaAdwdZSKprvcFEmwf+m2onDzdL769Qh8U4kbAwj0eNkEOW0N6aF92iM Akm+hqkyDWXTo1BMO+GNfDH7ZG9iR20ot3M1zPnsYjlUsPrEzY10VibfFPuVOgAX D7l500QlyFOC/vrilWwMorxXm7BJBMGyY87Yl1fVjgPMWKR5fkv5AGRHGG/48Qxs UyXmHVg+N17tkVPnAYMn =8d8N -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org