RE: WSSecurityEngine: Callback supplied no password for: null when using useReqSigCert for encryptionUser in multiple client scenario.
Could you attach the WSS4J config you're using on both the client and server side? Colm. -Original Message- From: santhosh00724 [mailto:santhosh00...@gmail.com] Sent: 27 March 2009 17:30 To: dev@cxf.apache.org Subject: WSSecurityEngine: Callback supplied no password for: null when using useReqSigCert for encryptionUser in multiple client scenario. I am getting following error while running a service with multiple clients with Timestamp Signature Encrypt action for the interceptor entry key=encryptionUser value=useReqSigCert/ It works fine for single client scenario. but not for multiple clients. I looked into many mailing lists but couldn't find any information. It is a two way encryption on both service client side. Environment : Tomcat, CXF 2.1.3. Mar 24, 2009 12:40:29 PM org.apache.cxf.transport.servlet.AbstractCXFServlet replaceDestinationFactory INFO: Servlet transport factory already registered Mar 24, 2009 12:40:29 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage WARNING: org.apache.ws.security.WSSecurityException: General security error (WSSecurityEngine: Callback supplied no password for: null) at org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKe y(EncryptedKeyProcessor.java:285) at org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKe y(EncryptedKeyProcessor.java:92) at org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(Encry ptedKeyProcessor.java:80) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurity Engine.java:311) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurity Engine.java:228) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JI nInterceptor.java:158) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JI nInterceptor.java:65) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC hain.java:220) at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiati onObserver.java:78) at org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestin ation.java:92) at org.apache.cxf.transport.servlet.ServletController.invokeDestination(Ser vletController.java:285) at org.apache.cxf.transport.servlet.ServletController.invoke(ServletControl ler.java:168) at org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFSe rvlet.java:175) at org.apache.cxf.transport.servlet.AbstractCXFServlet.doPost(AbstractCXFSe rvlet.java:153) at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica tionFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt erChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv e.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv e.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java :128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java :102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:2 86) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:84 5) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process( Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:619) Mar 24, 2009 12:40:30 PM org.apache.cxf.phase.PhaseInterceptorChain doIntercept INFO: Interceptor has thrown exception, unwinding now org.apache.cxf.binding.soap.SoapFault: General security error (WSSecurityEngine: Callback supplied no password for: null) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4 JInInterceptor.java:407) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JI nInterceptor.java:256) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JI nInterceptor.java:65) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC hain.java:220) at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiati onObserver.java:78) at org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestin ation.java:92) at org.apache.cxf.transport.servlet.ServletController.invokeDestination(Ser vletController.java:285) at org.apache.cxf.transport.servlet.ServletController.invoke(ServletControl ler.java:168) at
RE: WSSecurityEngine: Callback supplied no password for: null when using useReqSigCert for encryptionUser in multiple client scenario.
My Client Config :
bean id=wss4jOut
class=org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor
constructor-arg
map
entry key=action value=Timestamp Signature Encrypt/
entry key=user value=myclientkey/
entry key=signaturePropFile
value=clientKeystore.properties/
entry key=encryptionPropFile
value=clientKeystore.properties/
entry key=encryptionUser value=myclientkey/
entry key=signatureKeyIdentifier
value=DirectReference/
entry key=passwordCallbackRef
value-ref=clientKeystorePassword/
!--entry key=passwordCallbackClass
value=edu.osu.oit.peoplesoft.webservice.ClientKeystorePasswordCallback/--
entry key=signatureParts
value={Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body/
entry key=encryptionParts
value={Element}{http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body/
entry key=encryptionSymAlgorithm
value=http://www.w3.org/2001/04/xmlenc#tripledes-cbc/
/map
/constructor-arg
/bean
bean id=wss4jIn
class=org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
constructor-arg
map
entry key=action value=Timestamp Signature Encrypt/
entry key=signaturePropFile
value=clientKeystore.properties/
entry key=decryptionPropFile
value=clientKeystore.properties/
entry key=passwordCallbackRef
value-ref=clientKeystorePassword/
/map
/constructor-arg
/bean
Service Configurations:
bean id=wss4jInterceptor
class=org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
constructor-arg
map
entry key=action value=Timestamp Signature Encrypt/
entry key=signaturePropFile
value=serviceKeystore.properties/
entry key=decryptionPropFile
value=serviceKeystore.properties/
entry key=passwordCallbackRef
value-ref=serviceKeystorePasswordClass/
/map
/constructor-arg
/bean
bean id=wss4jOutInterceptor
class=org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor
constructor-arg
map
entry key=action value=Timestamp Signature Encrypt/
entry key=user value=myservicekey/
entry key=signaturePropFile
value=serviceKeystore.properties/
entry key=encryptionPropFile
value=serviceKeystore.properties/
entry key=encryptionUser value=useReqSigCert/
entry key=signatureKeyIdentifier
value=DirectReference/
entry key=passwordCallbackRef
value-ref=serviceKeystorePasswordClass/
entry key=signatureParts
value={Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body/
entry key=encryptionParts
value={Element}{http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body/
entry key=encryptionSymAlgorithm
value=http://www.w3.org/2001/04/xmlenc#tripledes-cbc/
/map
/constructor-arg
/bean
Colm O hEigeartaigh wrote:
Could you attach the WSS4J config you're using on both the client and
server side?
Colm.
--
View this message in context:
http://www.nabble.com/WSSecurityEngine%3A-Callback-supplied-no-password-for%3A-null--when-using-useReqSigCert-for-encryptionUser-in-multiple-client-scenario.-tp22745189p22782797.html
Sent from the cxf-dev mailing list archive at Nabble.com.
wsdl2java -p option change
Hi It looks like the use of the -p flag with wsdl2java has changed dor cxf 2.2. Now it reports -p option cannot be used when wsdl contains mutiple schemas for my wsdl, even though the wsdl compiles with version 2.1.4. The wsdl in question does import other schema, so I reckon that this is causing the error to be reported. Is that correct? If this is the case, is it really valid to say I cannot specify a package name now when I import a schema. I can understand it when the schema is a 3rd party one, but what if I just have simply factored out some schema from the wsdl file? Thanks Eamonn
Re: wsdl2java -p option change
Eamonn, On Mon March 30 2009 9:25:23 am Eamonn Dwyer wrote: It looks like the use of the -p flag with wsdl2java has changed dor cxf 2.2. Now it reports -p option cannot be used when wsdl contains mutiple schemas for my wsdl, even though the wsdl compiles with version 2.1.4. Hmm... I thought that message went in for 2.1.4 as well. I'm surprised it worked for 2.1.4. Actually, that error message should change a bit. -p CAN be used if you provide a unique package for each namespace: -p http://blah.com=com.blah -p http://foo.com=com.foo The wsdl in question does import other schema, so I reckon that this is causing the error to be reported. Is that correct? If there are schemas in multiple namespaces, then it should report that issue. If this is the case, is it really valid to say I cannot specify a package name now when I import a schema. I can understand it when the schema is a 3rd party one, but what if I just have simply factored out some schema from the wsdl file? Basically, if you have multiple schemas, you NEED to specify a unique package name for each schema so the package-info.java and ObjectFactory.java for each schema is put in a unique location instead of overwriting itself. -- Daniel Kulp dk...@apache.org http://www.dankulp.com/blog
Re: Uh, oh, JDK 1.6
Thanks. The MacOS 1.6 doesn't show the problem for me when I just run 'mvn', so I was stumped. On Mon, Mar 30, 2009 at 11:14 AM, Daniel Kulp dk...@apache.org wrote: On Sat March 28 2009 2:40:34 pm Benson Margulies wrote: THe 1.6 build, which I presume uses the JAXB in JDK 1.6, is breaking. I may need some help here. I'm on it. Seems to be a bug in something in the JDK, but I'm not sure what. We don't use the JAXB in the JDK.It MAY be the DOM in the JDK or maybe something in xerces 2.9.1 is conflicting or something. I don't really know. In anycase, the issue is that qnames in the xsd:union memberTypes that have empty prefixes are not being resolved. So things like: simpleType name=SimpleUnion union memberTypes=positiveInteger just need to be changed to: simpleType name=SimpleUnion union memberTypes=xsd:positiveInteger I'm testing that fix now. -- Daniel Kulp dk...@apache.org http://www.dankulp.com/blog
RE: wsdl2java -p option change
Hi Dan The explicit mapping from namespace to package name works for me. I've created a to change the message in Jira for it in cxf, CXF-2144. I can volunteer for the patch too 2.1.4 did allow the unqualified specifying of package name for me though. Thanks Eamonn -Original Message- From: Daniel Kulp [mailto:dk...@apache.org] Sent: 30 March 2009 15:11 To: dev@cxf.apache.org Cc: Eamonn Dwyer Subject: Re: wsdl2java -p option change Eamonn, On Mon March 30 2009 9:25:23 am Eamonn Dwyer wrote: It looks like the use of the -p flag with wsdl2java has changed dor cxf 2.2. Now it reports -p option cannot be used when wsdl contains mutiple schemas for my wsdl, even though the wsdl compiles with version 2.1.4. Hmm... I thought that message went in for 2.1.4 as well. I'm surprised it worked for 2.1.4. Actually, that error message should change a bit. -p CAN be used if you provide a unique package for each namespace: -p http://blah.com=com.blah -p http://foo.com=com.foo The wsdl in question does import other schema, so I reckon that this is causing the error to be reported. Is that correct? If there are schemas in multiple namespaces, then it should report that issue. If this is the case, is it really valid to say I cannot specify a package name now when I import a schema. I can understand it when the schema is a 3rd party one, but what if I just have simply factored out some schema from the wsdl file? Basically, if you have multiple schemas, you NEED to specify a unique package name for each schema so the package-info.java and ObjectFactory.java for each schema is put in a unique location instead of overwriting itself. -- Daniel Kulp dk...@apache.org http://www.dankulp.com/blog
Re: wsdl2java -p option change
On Mon March 30 2009 1:05:30 pm Eamonn Dwyer wrote: Hi Dan The explicit mapping from namespace to package name works for me. I've created a to change the message in Jira for it in cxf, CXF-2144. I can volunteer for the patch too Please do. :-) Dan 2.1.4 did allow the unqualified specifying of package name for me though. Thanks Eamonn -Original Message- From: Daniel Kulp [mailto:dk...@apache.org] Sent: 30 March 2009 15:11 To: dev@cxf.apache.org Cc: Eamonn Dwyer Subject: Re: wsdl2java -p option change Eamonn, On Mon March 30 2009 9:25:23 am Eamonn Dwyer wrote: It looks like the use of the -p flag with wsdl2java has changed dor cxf 2.2. Now it reports -p option cannot be used when wsdl contains mutiple schemas for my wsdl, even though the wsdl compiles with version 2.1.4. Hmm... I thought that message went in for 2.1.4 as well. I'm surprised it worked for 2.1.4. Actually, that error message should change a bit. -p CAN be used if you provide a unique package for each namespace: -p http://blah.com=com.blah -p http://foo.com=com.foo The wsdl in question does import other schema, so I reckon that this is causing the error to be reported. Is that correct? If there are schemas in multiple namespaces, then it should report that issue. If this is the case, is it really valid to say I cannot specify a package name now when I import a schema. I can understand it when the schema is a 3rd party one, but what if I just have simply factored out some schema from the wsdl file? Basically, if you have multiple schemas, you NEED to specify a unique package name for each schema so the package-info.java and ObjectFactory.java for each schema is put in a unique location instead of overwriting itself. -- Daniel Kulp dk...@apache.org http://www.dankulp.com/blog
RE: WSSecurityEngine: Callback supplied no password for: null when using useReqSigCert for encryptionUser in multiple client scenario.
Thank you for reply, This is what I am getting now. I am using CXF 2.1.3. is this a problem. I tried using CXF 2.2 2.1.4 I am getting : java.lang.ClassNotFoundException: org.springframework.context.support.AbstractRefres hableConfigApplicationContext Santhosh. Original Exception with CXF 2.1.3: org.apache.ws.security.WSSecurityException: Error during encryption: ; nested exception is: org.apache.ws.security.WSSecurityException: General security error (No certificates for user useReqSigCert were found for encryption) at org.apache.ws.security.action.EncryptionAction.execute(EncryptionAction.java:64) at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:201) at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:47) at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:219) at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:107) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:220) at org.apache.cxf.interceptor.OutgoingChainInterceptor.handleMessage(OutgoingChainInterceptor.java:74) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:220) at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:78) at org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:92) at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:285) at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:168) at org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:175) at org.apache.cxf.transport.servlet.AbstractCXFServlet.doPost(AbstractCXFServlet.java:153) at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:619) Caused by: org.apache.ws.security.WSSecurityException: General security error (No certificates for user useReqSigCert were found for encryption) at org.apache.ws.security.message.WSSecEncrypt.prepare(WSSecEncrypt.java:248) at org.apache.ws.security.message.WSSecEncrypt.build(WSSecEncrypt.java:288) at org.apache.ws.security.action.EncryptionAction.execute(EncryptionAction.java:62) ... 27 more Colm O hEigeartaigh wrote: Hi, Can you try again, except this time using a SNAPSHOT version of WSS4J available here: http://people.apache.org/~coheigea/stage/wss4j/1.5.7-SNAPSHOT/ Dan Kulp made some fixes lately for some multi-threaded problems that are included in the SNAPSHOT...this *may* be causing the problem. Colm. -- View this message in context: http://www.nabble.com/WSSecurityEngine%3A-Callback-supplied-no-password-for%3A-null--when-using-useReqSigCert-for-encryptionUser-in-multiple-client-scenario.-tp22745189p22789814.html Sent from the cxf-dev mailing list archive at Nabble.com.
RE: wsdl2java -p option change
Hi
Since XJC already supports using single package name for multiple
schemas with different namespace by means of passing the -p parameter,
why should this feature be disabled?
If we pass -xjc-p,package-name in the wsdl2java then XJC should (and
does pick) up the single package for all namespaces and builds 1
ObjectFactory.java with createxxx() for all the types. It also generate
the package-info.java with the with namespace that is most frequently
used and in other JAXB classes it creates the XMLElement with the name
and namespace.
One thing I noticed is that JAXBDataBinding class is actually passing
the default packagename passed to the wsdl2java to XJC. Should it be
doing that? Instead it should just let the user pass JAXB package
through the -xjc argument.
if (context.getPackageName() != null) {
schemaCompiler.setDefaultPackageName(context.getPackageName());
}
The context.getPackageName is the -p parameter of wsdl2Java (i.e. the
default package for the service interface, fault-class etc. Should we be
really passing the same to databinding compiler - XJC?
Thanks,
Sam
-Original Message-
From: Daniel Kulp [mailto:dk...@apache.org]
Sent: Monday, March 30, 2009 9:11 AM
To: dev@cxf.apache.org
Cc: Eamonn Dwyer
Subject: Re: wsdl2java -p option change
Eamonn,
On Mon March 30 2009 9:25:23 am Eamonn Dwyer wrote:
It looks like the use of the -p flag with wsdl2java has changed dor
cxf
2.2. Now it reports
-p option cannot be used when wsdl contains mutiple schemas
for my wsdl, even though the wsdl compiles with version 2.1.4.
Hmm... I thought that message went in for 2.1.4 as well. I'm surprised
it
worked for 2.1.4.
Actually, that error message should change a bit. -p CAN be used if
you
provide a unique package for each namespace:
-p http://blah.com=com.blah -p http://foo.com=com.foo
The wsdl in question does import other schema, so I reckon that this
is
causing the error to be reported. Is that correct?
If there are schemas in multiple namespaces, then it should report that
issue.
If this is the case, is it really valid to say I cannot specify a
package name now when I import a schema. I can understand it when the
schema is a 3rd party one, but what if I just have simply factored out
some schema from the wsdl file?
Basically, if you have multiple schemas, you NEED to specify a unique
package
name for each schema so the package-info.java and ObjectFactory.java for
each
schema is put in a unique location instead of overwriting itself.
--
Daniel Kulp
dk...@apache.org
http://www.dankulp.com/blog
GSoC Proposal:Implement the SOAP/JMS specification for CXF
Hi all, I want to take part in the GSoC. Aftter looking into the suggestions by Daniel Kulp, I have modified my proposal and published this proposal on GSoC. I have published my proposal about cxf-soapjms on http://wiki.apache.org/general/soc2009-soapjms-proposal. The GSoC page is here: http://socghop.appspot.com/document/show/user/liucong/cxf_soapjms Any comments and suggestions are welcome. Thanks in advance for your feedback. Thank You, Liu Cong
