The issue is solved - had some bad wss4j jar(built one with my "debug"
changes).
I might have other questions but those will be rather performance/tomcat
setup related and not in this topic.
Thank you Colm for support and bugfixes ;).
Regards
Lucas
--
View this message in context:
http://cx
In order to do wss4j logging you need this:
http://www.slf4j.org/manual.html
"To switch logging frameworks, just replace slf4j bindings on your class
path. For example, to switch from java.util.logging to log4j, just replace
slf4j-jdk14-1.7.7.jar with slf4j-log4j12-1.7.7.jar."
While cxf picks ME
CLASSPATH=.;C:\jdk1.6\lib\tools.jar
No progress after doing those:
1 removed all the java.security entries for BC
2 removed all the jars except folder where i unpacked it(one in JRE was in
use)
3 when I copied it to same folder i run it from(where testcxf is located) -
still same issue
2014-11-24
finally got the response in 1.7 - works well now
in 1.6 still "java.lang.IllegalArgumentException: Missing argument" :(
1.6 without BC the same error
--
View this message in context:
http://cxf.547215.n5.nabble.com/possible-wss4j-bug-tp5750539p5751397.html
Sent from the cxf-user mailing list ar
The request was sent in 1.7 - response:
http://pastebin.com/uttdvtCL
--
View this message in context:
http://cxf.547215.n5.nabble.com/possible-wss4j-bug-tp5750539p5751390.html
Sent from the cxf-user mailing list archive at Nabble.com.
result of run on 1.7 without BC and with JCE installed
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: These
policy alternatives can not be satisfied:
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:638)
{http://schemas.xmlsoap.org/ws/2005/07/securitypo
I tried with 3.0.2 myself and applied your fix - used 4 files you changed
http://pastebin.com/GqEHYsaS
Did I pull wrong version?
https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=tag;h=3ec631c97e9eccf62490b176aab61044b3b9ab9f
--
View this message in context:
http://cxf.547215.n5.nabble.com/p
invalid target release: 1.7
can you apply it to older release as well?
the one i used was 3.0.2 - 1.6 limitation
--
View this message in context:
http://cxf.547215.n5.nabble.com/possible-wss4j-bug-tp5750539p5751175.html
Sent from the cxf-user mailing list archive at Nabble.com.
we managed to enable audit:
" XmlException: Cannot read the token from the 'DerivedKeyToken' element
with the 'http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512'
namespace for BinarySecretSecurityToken, with a '' ValueType. If this
element is expected to be valid, ensure that security i
Had it inside cxf.xml but the file was in wrong directory(package instead of
root)
thanks alot - I continue digging.
We try to trace it on .net end. I will let you know if we succeed.
--
View this message in context:
http://cxf.547215.n5.nabble.com/possible-wss4j-bug-tp5750539p5750781.html
Sen
maybe way i capture this soap will tell you more
Only time I get something logged was when i attached interceptor to
bus(http://stackoverflow.com/a/22786371):
MyCxfSoapOutInterceptor outInt = new MyCxfSoapOutInterceptor();
client.getBus().getOutInterceptors().add(outInt);
Maybe I should at
SOAP sent from
java:
http://pastebin.com/fKY27tqW
.net:
http://pastebin.com/BEK2b3Tc
First thing that you can notice is that .net client is sending
SecurityContextToken after Timestamp
while java places BinarySecurityToken there
googled this:
http://cxf.547215.n5.nabble.com/Apache-CXF-with-WS-S
now i get
s:Sender
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>a:InvalidSecurity
An error occurred when verifying security for
the message.
--
View this message in context:
http://cxf.547215.n
Finally the issue is solved though second arose
most likely my keytab/cache was broken
Now the question is what is wrong with wsdl or do i have to tweak it or
wcftestservice somehow in order to make it work?
.net client works fine since we sorted out spn and service configuration
INFO: Can not i
i deleted keytab and cache and recreated them with
ktab -a testuser pwd -k FILE:c:\kerberos\testuser.keytab
Done!
Service key for testuser is saved in c:\kerberos\testuser.keytab
kinit -t c:\kerberos\testuser.keytab testuser pwd -c
FILE:c:/kerberos/krb5cache
will post new debug in a sec
--
Vi
krb5 debug:
Config name: C:\Windows\krb5.ini
>>> KdcAccessibility: reset
>>> KdcAccessibility: reset
Acquire TGT from Cache
>>>KinitOptions cache name is C:\Users\my_user\krb5cc_my_user
>>>DEBUG client principal is my_user@somedomain
>>>DEBUG server principal is
krbtgt/somedomain@somedomain
>>>D
http://pastebin.com/HLnu0QzW
I did little "debug" myself of this part(setting property didn't work and i
had maven build working already)
commented out results from getKerberosTicket:
prev = priv in this case (hex dump is the same and all the rest that
toString from KerberosTicket shows)
count=1
e
I only have version 8 on other machine (it is in another domain as well)
it seems to contact WCFTest properly and there is no problem with TGS_REP at
least
http://pastebin.com/2Bw71Lv5
Do I have to install jce on 8 as well?
I did quick setup here only - jar+login.config+krb5.ini+cxf 3.0.2 libs.
I will test it with 1.7 - though it will not change anything for me if it
works anyway(1.6 limitation).
This is company internal KDC and I am more then sure it can't be exposed.
Only options i see are:
1 I can debug myself with a little help.
2 send you saved sniffed session to private email if thi
Did also for jre and dynamic loading is not needed(5) since BC is listed
this one helped
http://www.itcsolutions.eu/2011/08/22/how-to-use-bouncy-castle-cryptographic-api-in-netbeans-or-eclipse-for-java-jse-projects/
--
View this message in context:
http://cxf.547215.n5.nabble.com/possible-wss4j
I did
1 reinstall jdk (same version - 1.6.0_37-b06)
2 install jce in c:\jdk1.6\jre\lib\security(kept old ones this time)
3 add bcprov-jdk15on-151.jar + bcprov-ext-jdk15on-151.jar to project
libraries(netbeans)
4 add in java.security entry
security.provider.10=org.bouncycastle.jce.provider.BouncyC
aes256-cts-hmac-sha1-96 is used as default when I remove whole section
other than that rc4-hmac is supported only from the list i have in krb5.ini
both result in nullpointer so it is not the case here
this is how response looks like:
http://imgur.com/Ep1ULPW
If you need more data let me know
Also i
I can try shrinking or removing cyphers from krb5.ini to test if it changes
anything.
--
View this message in context:
http://cxf.547215.n5.nabble.com/possible-wss4j-bug-tp5750539p5750552.html
Sent from the cxf-user mailing list archive at Nabble.com.
3.0.2 we are restricted to 1.6(1.6.0_37)
can installing those additional java cryptography that wss4j trunk tests
require break things up?
This is only thing that comes to my mind - didn't revert it so far
--
View this message in context:
http://cxf.547215.n5.nabble.com/possible-wss4j-bug-tp575
24 matches
Mail list logo