Re: Wsdl returned from secure service

Mon, 11 Jun 2007 07:06:30 -0700 

Sergey Beryozkin wrote:

Hi

This is a bit scary :-)
I think I can remember a catalog solution being discussed. so that this 
xsi:location can be dropped, is it feasible to apply that catalog solution 
somehow ?
I'm no expert on this, but things like META-INF/spring.schemas is sort of a catalog in that it tells you where 
to find the file matching the location URL, for example

http\://cxf.apache.org/schemas/configuration/http-jetty.xsd=schemas/configuration/http-jetty.xsd

which tells you that URI points to a file in the classpath.
I don't believe that there is *anything* that states which JAR file that path is scoped to, so if you have something else in the classpath with that name before it, you'll get the wrong one. :( 

Gotta love that kind of type safety.


   http://cxf.apache.org/transports/http-jetty/configuration
         http://cxf.apache.org/schemas/configuration/http-jetty.xsd
   http://cxf.apache.org/transports/http/configuration
         http://cxf.apache.org/schemas/configuration/http-conf.xsd


Can http-jetty.xsd import http://cxf.apache.org/transports/http/configuration ? 
to avoid this extra location details for the http-conf.xsd ?
It already is, but I don't think that matters. The namespaces are different so they require different 
prefixes, which must be distinguished.
The problem with putting them in the same namespace, but different files in different modules runs into problems with the JAXB compiler when generating Java from the XML in those files. 

Cheers,
-Polar


Cheers, Sergey
----- Original Message ----- From: "Polar Humenn" <[EMAIL PROTECTED]> 
To: <cxf-user@incubator.apache.org>
Sent: Monday, June 11, 2007 2:34 PM
Subject: Re: Wsdl returned from secure service
Now that I read my own email, (uggg, mistake) just let me give you the whole schema location 
attribute.


xsi:schemaLocation="
   http://cxf.apache.org/transports/http-jetty/configuration
         http://cxf.apache.org/schemas/configuration/http-jetty.xsd
   http://cxf.apache.org/transports/http/configuration
         http://cxf.apache.org/schemas/configuration/http-conf.xsd
   http://cxf.apache.org/configuration/security
         http://cxf.apache.org/schemas/configuration/security.xsd
   http://www.springframework.org/schema/beans
         http://www.springframework.org/schema/beans/spring-beans-2.0.xsd";
I think just a general rule is that all CXF configuration schemas are found in 

       "http://cxf.apache.org/schemas/configuration/....";
Andrea can correct me if I'm wrong. Note the plural "schemas", and the singular "configuration". 
Namespace names, however, seems to be a completely different matter.

Cheers,
-Polar

Polar Humenn wrote:

Richard, see below:
I think you have some things mis-typed (and schema validation doesn't complain on things like missing schema locations). God I love XML! They say it's flexible! So why 
program in a programming language?

Anyway, see below, hopefully it will help.


Shaw, Richard A wrote:

I get another error now which I can't understand.
My server needs to talk to another service in order to initialise itself. When it tries to talk to the other service it gives me an error based on my service.xml.
I guessing that it has nothing to do with who I'm talking to but with creating the bus using the service.xml file. 11-Jun-2007 10:11:55 org.apache.cxf.bus.spring.SpringBusFactory createBus 
WARNING: Failed to create application context.
org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 33 in XML document from class path resource [etc/server.xml] is invalid; nested exception is org.xml.sax.SAXParseException: cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'httpj:engine-factory'. Caused by: org.xml.sax.SAXParseException: cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'httpj:engine-factory'. at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:236) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.error(ErrorHandlerWrapper.java:172) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:382) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:316) at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator$XSIErrorReporter.reportError(XMLSchemaValidator.java:429) at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.reportSchemaError(XMLSchemaValidator.java:3185) at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.handleStartElement(XMLSchemaValidator.java:1955) at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.startElement(XMLSchemaValidator.java:705) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement(XMLNSDocumentScannerImpl.java:330) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(XMLDocumentFragmentScannerImpl.java:1693) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:368) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:834) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:764) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:148) at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:250) at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:292) at org.springframework.beans.factory.xml.DefaultDocumentLoader.loadDocument(DefaultDocumentLoader.java:76) at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:351) at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:303) at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:280) at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:131) at org.springframework.context.support.AbstractXmlApplicationContext.loadBeanDefinitions(AbstractXmlApplicationContext.java:108) at org.springframework.context.support.AbstractXmlApplicationContext.loadBeanDefinitions(AbstractXmlApplicationContext.java:79) at org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:100) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:313) at org.apache.cxf.bus.spring.BusApplicationContext.<init>(BusApplicationContext.java:71) at org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:81) at org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:66) at org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:53) 
    at org.apache.cxf.BusFactory.getDefaultBus(BusFactory.java:68)
    at org.apache.cxf.BusFactory.getDefaultBus(BusFactory.java:57)
    at org.apache.cxf.BusFactory.getThreadDefaultBus(BusFactory.java:97)
at org.apache.cxf.jaxws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:54) 
    at javax.xml.ws.Service.<init>(Service.java:57)
at com.atkinsglobal.inform.configmanager.ConfigManagerService.<init>(ConfigManagerService.java:36) at com.atkinsglobal.inform.configmanager.ConfigManagerAccesser.findConfigManagerWSByWSDL(ConfigManagerAccesser.java:30) at com.atkinsglobal.inform.configmanager.ConfigManagerAccesser.getXMLDefinitionFromConfigManagerWithoutNamespace(ConfigManagerAccesser.java:53) at com.atkinsglobal.mosaic.traffic.twdatabaseaccess.TWDatabaseAccessImpl.init(TWDatabaseAccessImpl.java:129) at com.atkinsglobal.mosaic.traffic.twdatabaseaccess.TWDatabaseAccessServer.main(TWDatabaseAccessServer.java:36) java.lang.RuntimeException: org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 33 in XML document from class path resource [etc/server.xml] is invalid; nested exception is org.xml.sax.SAXParseException: cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'httpj:engine-factory'. at org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:84) at org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:66) at org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:53) 
    at org.apache.cxf.BusFactory.getDefaultBus(BusFactory.java:68)
    at org.apache.cxf.BusFactory.getDefaultBus(BusFactory.java:57)
    at org.apache.cxf.BusFactory.getThreadDefaultBus(BusFactory.java:97)
at org.apache.cxf.jaxws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:54) 
    at javax.xml.ws.Service.<init>(Service.java:57)
at com.atkinsglobal.inform.configmanager.ConfigManagerService.<init>(ConfigManagerService.java:36) at com.atkinsglobal.inform.configmanager.ConfigManagerAccesser.findConfigManagerWSByWSDL(ConfigManagerAccesser.java:30) at com.atkinsglobal.inform.configmanager.ConfigManagerAccesser.getXMLDefinitionFromConfigManagerWithoutNamespace(ConfigManagerAccesser.java:53) at com.atkinsglobal.mosaic.traffic.twdatabaseaccess.TWDatabaseAccessImpl.init(TWDatabaseAccessImpl.java:129) at com.atkinsglobal.mosaic.traffic.twdatabaseaccess.TWDatabaseAccessServer.main(TWDatabaseAccessServer.java:36) Caused by: org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 33 in XML document from class path resource [etc/server.xml] is invalid; nested exception is org.xml.sax.SAXParseException: cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'httpj:engine-factory'. at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:359) at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:303) at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:280) at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:131) at org.springframework.context.support.AbstractXmlApplicationContext.loadBeanDefinitions(AbstractXmlApplicationContext.java:108) at org.springframework.context.support.AbstractXmlApplicationContext.loadBeanDefinitions(AbstractXmlApplicationContext.java:79) at org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:100) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:313) at org.apache.cxf.bus.spring.BusApplicationContext.<init>(BusApplicationContext.java:71) at org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:81) 
    ... 12 more
Caused by: org.xml.sax.SAXParseException: cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'httpj:engine-factory'. at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:236) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.error(ErrorHandlerWrapper.java:172) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:382) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:316) at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator$XSIErrorReporter.reportError(XMLSchemaValidator.java:429) at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.reportSchemaError(XMLSchemaValidator.java:3185) at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.handleStartElement(XMLSchemaValidator.java:1955) at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.startElement(XMLSchemaValidator.java:705) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement(XMLNSDocumentScannerImpl.java:330) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(XMLDocumentFragmentScannerImpl.java:1693) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:368) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:834) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:764) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:148) at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:250) at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:292) at org.springframework.beans.factory.xml.DefaultDocumentLoader.loadDocument(DefaultDocumentLoader.java:76) at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:351) 
    ... 21 more
11-Jun-2007 10:11:55 com.atkinsglobal.mosaic.traffic.twdatabaseaccess.TWDatabaseAccessImpl init 
SEVERE: Can't get configuration from config manager.
java.lang.Exception: Caught Exception when get configrations from config manager for /system/component/twDatabaseAccess/*; details: org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 33 in XML document from class path resource [etc/server.xml] is invalid; nested exception is org.xml.sax.SAXParseException: cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'httpj:engine-factory'. at com.atkinsglobal.inform.configmanager.ConfigManagerAccesser.getXMLDefinitionFromConfigManagerWithoutNamespace(ConfigManagerAccesser.java:74) at com.atkinsglobal.mosaic.traffic.twdatabaseaccess.TWDatabaseAccessImpl.init(TWDatabaseAccessImpl.java:129) at com.atkinsglobal.mosaic.traffic.twdatabaseaccess.TWDatabaseAccessServer.main(TWDatabaseAccessServer.java:36) 
Listening for request...
I changed my service.xml to the following (Note: I get a very similar error if I use the old config - it couldn't find a declaration for http:destination) - 

<beans xmlns="http://www.springframework.org/schema/beans";
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
  xmlns:sec="http://cxf.apache.org/configuration/security";
  xmlns:http="http://cxf.apache.org/transports/http/configuration";
xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"; xsi:schemaLocation="http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
the above schemaLocation for http-jetty is fine, the rest however, need fixing:
http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schema/transports/http.xsd 
should be
    http://cxf.apache.org/transports/http/configuration
          http://cxf.apache.org/schemas/transports/http-conf.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"; 
should be
     http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 

and you should add

    http://cxf.apache.org/configuration/security
           http://cxf.apache.org/schemas/configuration/security.xsd


The rest seems fine. Hopefully, your PKCS12 key file jives with the Sun
implementation.


<httpj:engine-factory bus="cxf">
   <httpj:engine port="9095">
       <httpj:tlsServerParameters>
           <sec:keyManagers keyPassword="XXXXX">
<sec:keyStore type="PKCS12" file="etc/TrafficWales.p12" password="password"/> 
           </sec:keyManagers>
           <sec:trustManagers>
<sec:keyStore type="jks" file="etc/mosaic.truststore.jks"/> 
           </sec:trustManagers>
           <sec:clientAuthentication want="true" required="true"/>
       </httpj:tlsServerParameters>
  </httpj:engine>
</httpj:engine-factory>

Cheers,
-Polar


Richard Shaw

¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø¤º°`°º¤ø,¸¸,ø¤
Richard Shaw Technical Design Authority - Information Solutions Consultancy Intelligent Transport Systems Atkins Highways and Transportation Woodcote Grove, Ashley Road, Epsom, Surrey, KT18 5BW 

Tel: +44 (0) 1372 756407 Fax: +44 (0) 1372 740055
Mob: 07740 817586 E-mail: [EMAIL PROTECTED]

www.atkinsglobal.com/its

-----Original Message-----
From: Jiang, Ning (Willem) [mailto:[EMAIL PROTECTED] Sent: 07 June 2007 16:08 
To: cxf-user@incubator.apache.org
Subject: RE: Wsdl returned from secure service

Hi Richard

Just FYI,
Here are some changes of the configuration of https in the trunk that we did today. I just updated the sample of hello_world_https, it should be work with latest trunk now. You can take the configurations (*.cxf in hello_world_https) as the examples :). 

Cheers,

Willem.


-----Original Message-----
From: Polar Humenn [mailto:[EMAIL PROTECTED]
Sent: Thu 6/7/2007 22:12
To: cxf-user@incubator.apache.org
Subject: Re: Wsdl returned from secure service
There are several things you now need to do in order for this to work with the current configuration, if you are using the the snapshot that got committed this morning.
You'll need to take your "etx/mosaic.truststore" which I presume is a plain PEM encoded certificate (which is the way it used to work when your keystore was PKCS12), and put it into a JavaKeyStore. (JKS).
keytool -storetype etc/mosaic.truststore.jks -import -file etc/mosaic.truststore 

Next you need to change your configuration to the following:

xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration";
xsi:schemaLocation="
     http://cxf.apache.org/transports/http-jetty/configuration
         http://cxf.apache.org/schemas/configuration/http-jetty.xsd";

<httpj:engine-factory bus="cxf">
   <httpj:engine port="9095">
       <httpj:tlsServerParameters>
           <sec:keyManagers keyPassword="XXXXX">
<sec:keyStore type="PKCS12" file="etc/TrafficWales.p12" password="password"/> 
           </sec:keyManagers>
           <sec:trustManagers>
<sec:keyStore type="jks" file="etc/mosaic.truststore.jks"/> 
           </sec:trustManagers>
           <sec:clientAuthentication want="true" required="true/>
       </httpj:tlsServerParameters>
  </httpj:engine>
</httpj:engine-factory bus="cxf">

Cheers,
-Polar

Shaw, Richard A wrote:

I've secured my service using the following bean -

<beans xmlns="http://www.springframework.org/schema/beans";
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
  xmlns:sec="http://cxf.apache.org/configuration/security";
  xmlns:http="http://cxf.apache.org/transports/http/configuration";
  xsi:schemaLocation="
http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schema/transports/http.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd";>
<http:destination id="{http://www.atkinsglobal.com/mosaic/traffic/twdatabaseaccess/}TWDatabaseAccessPort.http-destination";> 
    <http:sslServer>
      <sec:Keystore>etc/TrafficWales.p12</sec:Keystore>
      <sec:KeystoreType>PKCS12</sec:KeystoreType>
      <sec:KeystorePassword>password</sec:KeystorePassword>
      <sec:KeyPassword>m0sa1c</sec:KeyPassword>
      <sec:WantClientAuthentication>true</sec:WantClientAuthentication>
<sec:RequireClientAuthentication>true</sec:RequireClientAuthentication> 
      <sec:TrustStore>etc/mosaic.truststore</sec:TrustStore>
      <sec:CiphersuiteFilters>
        <!-- these filters ensure that a ciphersuite with
          export-suitable or null encryption is used,
          but exclude anonymous Diffie-Hellman key change as
          this is vulnerable to man-in-the-middle attacks -->
        <sec:include>.*_EXPORT_.*</sec:include>
        <sec:include>.*_EXPORT1024_.*</sec:include>
        <sec:include>.*_WITH_DES_.*</sec:include>
        <sec:include>.*_WITH_NULL_.*</sec:include>
        <sec:exclude>.*_DH_anon_.*</sec:exclude>
      </sec:CiphersuiteFilters>
    </http:sslServer>
  </http:destination>

</beans>
And when I call the https://localhost:9095/TWDatabaseAccessService?wsdl the returned wsdl has the address set as http://localhost:9095/TWDatabaseAccessService 

I then get the following error -
Caused by: java.io.IOException: Illegal Protocol http for HTTPS URLConnection Factory. at org.apache.cxf.transport.https.HttpsURLConnectionFactory.createConnection(HttpsURLConnectionFactory.java:112) at org.apache.cxf.transport.http.HTTPConduit.prepare(HTTPConduit.java:447) at org.apache.cxf.interceptor.MessageSenderInterceptor.handleMessage(MessageSenderInterceptor.java:45) 
    ... 31 more

Richard Shaw

¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø¤º°`°º¤ø,¸¸,ø¤

Richard Shaw
Technical Design Authority - Information Solutions Consultancy Intelligent Transport Systems 

Atkins Highways and Transportation
Woodcote Grove, Ashley Road, Epsom, Surrey, KT18 5BW

Tel: +44 (0) 1372 756407
Fax: +44 (0) 1372 740055
Mob: 07740 817586
E-mail: [EMAIL PROTECTED]

www.atkinsglobal.com/its
This email and any attached files are confidential and copyright protected. If you are not the addressee, any dissemination of this communication is strictly prohibited. Unless otherwise expressly agreed in writing, nothing stated in this communication shall be legally binding.
The ultimate parent company of the Atkins Group is WS Atkins plc. Registered in England No. 1885586. Registered Office Woodcote Grove, Ashley Road, Epsom, Surrey KT18 5BW.
Consider the environment. Please don't print this e-mail unless you really need to.
This message has been scanned for viruses by MailControl - (see http://bluepages.wsatkins.co.uk/?6875772) 



----------------------------
IONA Technologies PLC (registered in Ireland)
Registered Number: 171387
Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland

Reply via email to