Hi Sanjay, I'm trying to find a place that could throw the NPE in the xmlsec-1.4.1 code. I still can't find a problem JCEMapper.loadAlgorithms() method is called with an element picked out of the config file and it should simply be able to process the rest of it without an issue. If we had line numbers it would have been very easy to spot the issue.
Can you please try using this jar [1] and see whether you can reproduce this error with it? ( hopefully this is compiled with debug info). Thanks, Ruchith 1. http://dist.wso2.org/maven2/org/apache/santuario/xmlsec/534045-patched/xmlsec-534045-patched.jar On Wed, Apr 22, 2009 at 11:49 PM, Sanjay Gupta <sanjay.gu...@billwiseinc.com> wrote: > Hi Ruchith, > I am using verison 1.4.1. > xmlsec-1.4.1.jar > > Thanks > Sanjay > > -----Original Message----- > From: Ruchith Fernando [mailto:ruchith.ferna...@gmail.com] > Sent: Wednesday, April 22, 2009 7:24 PM > To: axis-user@ws.apache.org > Subject: Re: Securing Axis2 REST Style Services > > Hi Sanjay, > > Which version of Apache xmlsec are you using? > > Thanks, > Ruchith > > On Mon, Apr 20, 2009 at 7:41 PM, Sanjay Gupta > <sanjay.gu...@billwiseinc.com> wrote: >> Hi Ruchith, >> Finally I got authentication working on rest call. I had to comment the db >> calls in the class that you provided to get past the db connection issue. >> Thank you so much for helping me out. Even though the authentication is >> working I get an error. See the stacktrace below. I see a jira for the same >> issue. Are there any side effect of this error? >> Thanks >> Sanjay >> >> http://wso2.org/mailarchive/ds-java-dev/2008-August/001970.html >> >> >> [FATAL] Bad: >> java.lang.NullPointerException >> at >> org.apache.xml.security.algorithms.JCEMapper.loadAlgorithms(Unknown Source) >> at org.apache.xml.security.algorithms.JCEMapper.init(Unknown Source) >> at org.apache.xml.security.Init.init(Unknown Source) >> at org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:233) >> at org.apache.ws.security.WSSConfig.<init>(WSSConfig.java:256) >> at org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:265) >> at >> org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:275) >> at org.apache.ws.security.message.WSSecBase.<init>(WSSecBase.java:52) >> at >> org.apache.ws.security.message.WSSecUsernameToken.<init>(WSSecUsernameToken.java:62) >> at >> org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:183) >> at org.apache.axis2.engine.Phase.invoke(Phase.java:317) >> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264) >> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163) >> at >> org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136) >> at >> org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130) >> at >> org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829) >> at >> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:690) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >> at >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) >> at >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) >> at >> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525) >> at >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) >> at >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) >> at >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) >> at >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) >> at >> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) >> at >> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) >> at >> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) >> at java.lang.Thread.run(Thread.java:619) >> java.lang.NullPointerException >> at >> org.apache.xml.security.algorithms.JCEMapper.loadAlgorithms(Unknown Source) >> at org.apache.xml.security.algorithms.JCEMapper.init(Unknown Source) >> at org.apache.xml.security.Init.init(Unknown Source) >> at org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:233) >> at org.apache.ws.security.WSSConfig.<init>(WSSConfig.java:256) >> at org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:265) >> at >> org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:275) >> at org.apache.ws.security.message.WSSecBase.<init>(WSSecBase.java:52) >> at >> org.apache.ws.security.message.WSSecUsernameToken.<init>(WSSecUsernameToken.java:62) >> at >> org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:183) >> at org.apache.axis2.engine.Phase.invoke(Phase.java:317) >> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264) >> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163) >> at >> org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136) >> at >> org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130) >> at >> org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829) >> at >> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:690) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >> at >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) >> at >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) >> at >> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525) >> at >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) >> at >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) >> at >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) >> at >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) >> at >> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) >> at >> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) >> at >> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) >> at java.lang.Thread.run(Thread.java:619) >> -----Original Message----- >> From: Sanjay Gupta [mailto:sanjay.gu...@billwiseinc.com] >> Sent: Sunday, April 19, 2009 10:36 PM >> To: axis-user@ws.apache.org >> Subject: RE: Securing Axis2 REST Style Services >> >> Hi Ruchitch, >> Please ignore my previous message. The POXSecurityHandler class was not >> compiled correctly. I had to figure out all the dependencies and copy them >> to the axis2 lib dir one by one. Painful but I think I have them all now. >> Now I am stuck on this error. How can I avoid connection the database >> wso2wsas_db. I think I don't need to this for what I am trying to >> accomplish. I really appreciate your help. >> Thanks >> Sanjay >> >> Apr 20, 2009 12:30:50 AM org.apache.catalina.core.StandardWrapperValve invoke >> SEVERE: Servlet.service() for servlet AxisServlet threw exception >> org.hibernate.exception.GenericJDBCException: Cannot open connection >> at >> org.hibernate.exception.SQLStateConverter.handledNonSpecificException(SQLStateConverter.java:103) >> at >> org.hibernate.exception.SQLStateConverter.convert(SQLStateConverter.java:91) >> at >> org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:43) >> at >> org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:29) >> at >> org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:426) >> at >> org.hibernate.jdbc.ConnectionManager.getConnection(ConnectionManager.java:144) >> at org.hibernate.jdbc.JDBCContext.connection(JDBCContext.java:119) >> at >> org.hibernate.transaction.JDBCTransaction.begin(JDBCTransaction.java:57) >> at >> org.hibernate.impl.SessionImpl.beginTransaction(SessionImpl.java:1326) >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> at >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) >> at java.lang.reflect.Method.invoke(Method.java:597) >> at >> org.hibernate.context.ThreadLocalSessionContext$TransactionProtectionWrapper.invoke(ThreadLocalSessionContext.java:301) >> at $Proxy4.beginTransaction(Unknown Source) >> at >> org.wso2.wsas.persistence.dao.ServiceDAO.getService(ServiceDAO.java:77) >> at >> org.wso2.wsas.persistence.PersistenceManager.getService(PersistenceManager.java:300) >> at >> org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:93) >> at org.apache.axis2.engine.Phase.invoke(Phase.java:317) >> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264) >> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163) >> at >> org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136) >> at >> org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130) >> at >> org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829) >> at >> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:690) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >> at >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) >> at >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) >> at >> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525) >> at >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) >> at >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) >> at >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) >> at >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) >> at >> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) >> at >> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) >> at >> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) >> at java.lang.Thread.run(Thread.java:619) >> Caused by: SQL Exception: Database '../database/WSO2WSAS_DB' not found. >> at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Unknown >> Source) >> at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Unknown >> Source) >> at org.apache.derby.impl.jdbc.Util.generateCsSQLException(Unknown >> Source) >> at org.apache.derby.impl.jdbc.EmbedConnection.newSQLException(Unknown >> Source) >> at org.apache.derby.impl.jdbc.EmbedConnection.<init>(Unknown Source) >> at org.apache.derby.impl.jdbc.EmbedConnection30.<init>(Unknown Source) >> at org.apache.derby.jdbc.Driver30.getNewEmbedConnection(Unknown >> Source) >> at org.apache.derby.jdbc.InternalDriver.connect(Unknown Source) >> at java.sql.DriverManager.getConnection(DriverManager.java:582) >> at java.sql.DriverManager.getConnection(DriverManager.java:154) >> at >> org.hibernate.connection.DriverManagerConnectionProvider.getConnection(DriverManagerConnectionProvider.java:110) >> at >> org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:423) >> ... 35 more >> >> -----Original Message----- >> From: Sanjay Gupta [mailto:sanjay.gu...@billwiseinc.com] >> Sent: Sunday, April 19, 2009 8:44 PM >> To: axis-user@ws.apache.org >> Subject: RE: Securing Axis2 REST Style Services >> >> Hi Ruchith, >> Thanks for proving the class. I am assuming that I needed to add this >> handler to the transport phase after SOAPActionBasedDispatcher. I was able >> to find the wso2 dependencies from wso2wsas version 2.3. and able to >> compile the class by using wso2wsas-core-2.3.jar and wso2utils-2.2.jar >> files. But I am having trouble when I run it. The program depends >> javax.servlet.http.HttpServletRequest and >> javax.servlet.http.HttpServletResponse classes and they are available in >> servlet-api.jar in standard tomcat 6.0.18. But for some reason I get this >> error. >> >> SEVERE: StandardWrapper.Throwable >> java.lang.Error: Unresolved compilation problems: >> The import javax.servlet.http cannot be resolved >> The import javax.servlet.http cannot be resolved >> HttpServletRequest cannot be resolved to a type >> HttpServletRequest cannot be resolved to a type >> HttpServletResponse cannot be resolved to a type >> HttpServletResponse cannot be resolved to a type >> HttpServletResponse cannot be resolved >> >> at >> org.wso2.wsas.security.pox.POXSecurityHandler.<init>(POXSecurityHandler.java:44) >> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native >> Method) >> >> I tried unzipping the servlet-api.jar in classes dir and got this error. >> SEVERE: Servlet /axis2 threw load() exception >> java.lang.ClassCastException: org.apache.axis2.transport.http.AxisServlet >> cannot be cast to javax.servlet.Servlet >> at >> org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1104) >> at >> org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:981) >> at >> org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4058) >> at >> org.apache.catalina.core.StandardContext.start(StandardContext.java:4364) >> at >> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791) >> at >> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771) >> at >> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525) >> at >> org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:924) >> at >> org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:887) >> at >> org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492) >> at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1147) >> at >> org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311) >> at >> org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117) >> at >> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053) >> at org.apache.catalina.core.StandardHost.start(StandardHost.java:719) >> at >> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045) >> at >> org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443) >> at >> org.apache.catalina.core.StandardService.start(StandardService.java:516) >> at >> org.apache.catalina.core.StandardServer.start(StandardServer.java:710) >> at org.apache.catalina.startup.Catalina.start(Catalina.java:578) >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> at >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) >> at java.lang.reflect.Method.invoke(Method.java:597) >> at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288) >> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) >> >> >> I would really appreciate any help. I am using axis2-1.4.1 with rampart 1.4. >> Thanks >> Sanjay >> >> -----Original Message----- >> From: Ruchith Fernando [mailto:ruchith.ferna...@gmail.com] >> Sent: Thursday, April 16, 2009 5:52 PM >> To: axis-user@ws.apache.org >> Subject: Re: Securing Axis2 REST Style Services >> >> Oops :-) >> >> Here you go : >> >> https://wso2.org/repos/wso2/branches/wsas/java/2.2/wsas/java/modules/core/src/org/wso2/wsas/security/pox/POXSecurityHandler.java >> >> On Thu, Apr 16, 2009 at 8:36 PM, Sanjay Gupta >> <sanjay.gu...@billwiseinc.com> wrote: >>> Hi Ruchith, >>> Thanks for the quick reply. Could you please point me to the link that >>> talks about this solutions. >>> Thanks >>> Sanjay >>> >>> -----Original Message----- >>> From: Ruchith Fernando [mailto:ruchith.ferna...@gmail.com] >>> Sent: Thursday, April 16, 2009 4:31 PM >>> To: axis-user@ws.apache.org >>> Subject: Re: Securing Axis2 REST Style Services >>> >>> Hi, >>> >>> For the REST style calls you can use HTTPS + Basic Auth >>> >>> Have a look at this [1] handler from WSO2 WSAS. This will simply add >>> the UsernameToken into the SOAP representation of the incoming REST >>> request, which will be processed by Rampart (which you have already >>> configured). >>> >>> Thanks, >>> Ruchith >>> >>> On Thu, Apr 16, 2009 at 3:04 PM, Sanjay Gupta >>> <sanjay.gu...@billwiseinc.com> wrote: >>>> HI, >>>> >>>> I have a POJO based services deployed in axis2 and it's working well. I >>>> have >>>> implememted the basic user/password security using rampart and it's >>>> working >>>> fine for SOAP calls. I generated the client using wsdl2java.My question is >>>> how do I secure the REST style calls. Do I need to do anything special. I >>>> need to deploy these services into production soon and any help or pointers >>>> would be greatly appreciated. >>>> >>>> Thanks >>>> >>>> Sanjay >>> >>> >>> >>> -- >>> http://blog.ruchith.org >>> >> >> >> >> -- >> http://blog.ruchith.org >> > > > > -- > http://blog.ruchith.org > -- http://blog.ruchith.org
