You might want to just try Geronimo 2.1.2. The vote apparently passed last night: http://www.nabble.com/-VOTE--Geronimo-Server-2.1.2-Release-to18746852s134.html so it should be made available shortly. You can download the candidates.
2.1.2 is using CXF 2.0.8. Dan On Tuesday 05 August 2008 6:03:51 am [EMAIL PROTECTED] wrote: > Hi Glen, > > because I got stuck in solving the problem with Geronimo 2.1.1 and > included CXF 2.0.2 I thought maybe CXF 2.0.8 solves my problem? > > So I tried to change the WS-Stack of my Geronimo from the old version to > CXF 2.0.8. I had certain essays: > > 1) http://www.jroller.com/gmazza/date/20080612: > -> In Geronimo is no <prefer-application-packages> available, I tried with > <inverse-classloading/> but I got a lot of problems with the classloader. > If I added all JARS necessary - see file WHICH_JARS - I got class cast > exceptions, adding a certain minimum leads to NoClassDefError. > <hidden-classes> or <non-overridable-classes> won't help? > 2) Adding CXF under Services - Repository with a dependency-entry in the > deployment plan: > <dependency> > <groupId>org.apache.cxf</groupId> > <artifactId>cxf</artifactId> > <version>2.0.8</version> > <type>jar</type> > </dependency> > changed nothing. > 3) ??? > > Can you please help? > > -Josef > > > > > [EMAIL PROTECTED] > 04.08.2008 16:09 > Bitte antworten an > [email protected] > > > An > [email protected] > Kopie > > Thema > Antwort: Re: Antwort: Re: Antwort: Re: WS-Stack Apache CXF asks for > Axis2-Classes > > > > > > > Hi Dan, > > I checked your blog and I didn't found big differences in the > code(Server-Part is in my case more JEE5 like - see > http://depressedprogrammer.wordpress.com/2007/07/31/cxf-ws-security-using-j >sr-181-interceptor-annotations-xfire-migration/ > > ). > > The difference I see compared with your blog-example is in the request > itself: > > 1) from http://cwiki.apache.org/CXF20DOC/ws-security.html: > <wsse:Security > xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1 >.0.xsd > > " > soap:mustUnderstand="1"> > <wsse:UsernameToken > xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1 >.0.xsd > > " > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility- >1.0.xsd > > " > wsu:Id="UsernameToken-25268096"> > <wsse:Username > xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1 >.0.xsd > > "> > joe > </wsse:Username> > <wsse:Password > xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1 >.0.xsd > > " > Type=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-prof >ile-1.0#PasswordDigest > > "> > ymyLPVTLrQMBJo82akcw4aBSlJQ= > </wsse:Password> > <wsse:Nonce > xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1 >.0.xsd > > "> > MK3TTlJxaevzcFaxV/oKyw== > </wsse:Nonce> > <wsu:Created > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility- >1.0.xsd > > "> > 2008-07-16T23:05:07.300Z > </wsu:Created> > </wsse:UsernameToken> > </wsse:Security> > > 2) my request: > <wsse:Security > xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1 >.0.xsd > > " > soap:mustUnderstand="1"> > <wsse:UsernameToken > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility- >1.0.xsd > > " > wsu:Id="UsernameToken-12189822"> > <wsse:Username> > blabla > </wsse:Username> > <wsse:Password > Type=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-prof >ile-1.0#PasswordDigest > > "> > uIqdbKqsp5VCvM4bPTps1PmnMZI=</wsse:Password> > <wsse:Nonce>YmoBKVpJrAjM2P3ss7MUNg==</wsse:Nonce> > <wsu:Created> > 2008-08-04T10:08:15.245Z > </wsu:Created> > </wsse:UsernameToken> > </wsse:Security> > > > I miss the namespace > xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1 >.0.xsd > > " > and not only me but also the WSSecurityUtil.class in line 92: > > list = > soapHeaderElement.getElementsByTagNameNS(WSConstants.WSSE_NS, > WSConstants.WSSE_LN); > > And therefore the method > public static Element getSecurityHeader(Document doc, String actor, > SOAPConstants sc) { > > results in an null-Element. The class WSSecurityEngine and in the end > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor throws the error: > > WARNUNG: Request does not contain required Security header > > What am I doing wrong with WS-Security 1.1 ???? I have now the sources for > > apacche-cxf-2.0.2 and wss4j-1.5.1, if I can debug to a certain step let me > > know. > > -Josef > > > > > > Glen Mazza <[EMAIL PROTECTED]> > 26.07.2008 03:03 > Bitte antworten an > [email protected] > > > An > [email protected] > Kopie > > Thema > Re: Antwort: Re: Antwort: Re: WS-Stack Apache CXF asks for Axis2-Classes > > > > > > > > Have you checked our documentation on this: > http://cwiki.apache.org/CXF20DOC/ws-security.html > > Also I blogged about this recently, maybe something you can use: > http://www.jroller.com/gmazza/entry/using_cxf_and_wss4j_to > > HTH, > Glen > > Josef.Eisele wrote: > > Hi Dan, > > > > I solved the last problem copying libraries (xmlsec-1.3.0.jar, > > wss4j-1.5.1.jar, cxr-rt-ws-securitity-2.0.2-...) from the WAR-Part to > > the > > > EAR-Part: > > (WebContent/WEB-INF/lib -> EarContent/lib) > > > > One Problem solved another arises: > > > > Client writes the SecurityHeader: > > .. > > <wsse:Security xmlns:wsse=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1 >.0.xsd > > > " soap:mustUnderstand="1"> > > <wsse:UsernameToken xmlns:wsu=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility- >1.0.xsd > > > " wsu:Id="UsernameToken-12189822"> > > <wsse:Username>chef</wsse:Username> > > <wsse:Password Type=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-prof >ile-1.0#PasswordDigest > > > ">MxsuASsgtCzGlTTif0kcbqXIHxM=</wsse:Password> > > <wsse:Nonce>HAYlnYvfdo0dddeYXGsxdw==</wsse:Nonce> > > <wsu:Created>2008-07-25T11:22:20.886Z</wsu:Created> > > </wsse:UsernameToken> > > </wsse:Security> > > ... > > > > Server is configured with the interceptor: > > @InInterceptors(interceptors={ "de.mypath.WSSecurityInterceptor" }) > > > > In this class I configure 3 Interceptors: > > public void handleMessage(Message message) throws Fault { > > Map<String, Object> props = new HashMap<String, > > Object>(); > > > props.put(WSHandlerConstants.ACTION, > > WSHandlerConstants.USERNAME_TOKEN); > > props.put(WSHandlerConstants.PASSWORD_TYPE, > > WSConstants.PW_DIGEST); > > props.put(WSHandlerConstants.PW_CALLBACK_CLASS, > > ServerPasswordCallback.class.getName()); > > > > WSS4JInInterceptor wss4jInInterceptor = new > > WSS4JInInterceptor(props); > > ValidateUserTokenInterceptor userTokenInterceptor = new > > ValidateUserTokenInterceptor(Phase.POST_PROTOCOL); > > > > message.getInterceptorChain().add(wss4jInInterceptor); > > //org.apache.cxf.binding.soap.SoapFault: No SOAPMessage > > DOM was found. Please enable the SAAJInInterceptor. > > message.getInterceptorChain().add(new > > SAAJInInterceptor()); > > message.getInterceptorChain().add(userTokenInterceptor); > > } > > > > UserTokenInterceptor works fine, SAAJInInterceptor is necessary > > otherwise > > > excepton but now I get an exception on the wss4jInInterceptor: > > > > 25.07.2008 13:03:44 org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor > > handleMessage > > WARNUNG: Request does not contain required Security header > > 25.07.2008 13:03:44 org.apache.cxf.phase.PhaseInterceptorChain > > doIntercept > > > INFO: Interceptor has thrown exception, unwinding now > > org.apache.cxf.binding.soap.SoapFault: Request does not contain required > > > > > > Security header. > > at > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInIn >terceptor.java:153) > > > at > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInIn >terceptor.java:60) > > > at > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai >n.java:208) > > > at > > org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:429) > > at > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleRespons >e(HTTPConduit.java:1955) > > > at > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPCon >duit.java:1791) > > > at > > org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66) > > at > > org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:575) > > at > > org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInte >rceptor.handleMessage(MessageSenderInterceptor.java:62) > > > at > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai >n.java:208) > > > at > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:276) > > > at > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:222) > > > at > > org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) > > at > > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135) > > > > How do I know what is wrong with my SecurityHeader? > > > > -Josef > > > > > > > > > > Daniel Kulp <[EMAIL PROTECTED]> > > 23.07.2008 14:42 > > Bitte antworten an > > [email protected] > > > > > > An > > [email protected] > > Kopie > > [EMAIL PROTECTED] > > Thema > > Re: Antwort: Re: WS-Stack Apache CXF asks for Axis2-Classes > > > > On Jul 23, 2008, at 7:24 AM, [EMAIL PROTECTED] wrote: > >> Hi Kevin, Lin, Daniel, Glen, > >> > >> @Daniel: Your VM-Parameters solved this problem. Thank you very much > >> for > >> your help. > > > > Yea, but it definitely shouldn't have been necessary. > > > >> @Glen: Thank you very much for your tipp, we will wait for Geronimo > >> 2.1.2 > >> and then we have Apache CXF2.0.6... > > > > Actually, CXF 2.0.8. :-) > > > >> @All: Now I have two new issues ;-) > >> 1) The client is written like described in > >> http://cwiki.apache.org/CXF20DOC/ws-security.html. For the server > >> part - > >> because of JavaEE5 - we choose > > http://depressedprogrammer.wordpress.com/2007/07/31/cxf-ws-security-using-j >sr-181-interceptor-annotations-xfire-migration/ > > >> . > >> In the first run I added > >> @InInterceptors > >> (interceptors={ "de.myapp.WSSecurityInterceptor" }) to > >> the WS-Implementation-Class and nothing happend. Afterwards I had a > >> try > >> with the interface class and added the same > >> @InInterceptors(interceptors={ "de.myapp.WSSecurityInterceptor" }). > >> After this changed the class de.myapp.WSSecurityInterceptor was > >> accessed. > >> Why do I have to add @... in implementation AND interface? > > > > Not sure on that. Feel free to log a CXF bug. It should be > > possible to just put it on the implementation. The interface should > > be shareable between clients/servers and having interceptors defined > > on it that should just be there for the server is not a good thing. > > > >> 2) In the handleMessage(Message message) I receive after: > >> ... > >> props.put(WSHandlerConstants.PASSWORD_TYPE, > >> WSConstants.PW_TEXT); > >> props.put(WSHandlerConstants.PW_CALLBACK_CLASS, > >> ServerPasswordCallback.class.getName()); > >> > >> WSS4JInInterceptor wss4jInHandler = new > >> WSS4JInInterceptor(props); > >> ... > >> > >> ......................... > >> > >> Caused by: com.ctc.wstx.exc.WstxEOFException: Unexpected EOF in prolog > >> at [row,col {unknown-source}]: [1,0] > >> at > >> com.ctc.wstx.sr.StreamScanner.throwUnexpectedEOF(StreamScanner.java: > >> 661) > >> at > >> com.ctc.wstx.sr.BasicStreamReader.handleEOF(BasicStreamReader.java: > >> 2134) > >> at > > > > With CXF 2.0.2, that stack could result from a BUNCH of things. We > > actually would get that stack if the server sent back and html error > > page without setting a 404 or similar. Several things can cause > > it. If you can tcpdump or wireshark the wire transfers to see what's > > going on, that would be helpful. Good news is that this changed in > > 2.0.5 to get a better error message. :-) > > > > > > --- > > Daniel Kulp > > [EMAIL PROTECTED] > > http://www.dankulp.com/blog > > > > > > > > > > > > > > BGS Beratungsgesellschaft > > Software Systemplanung AG > > > > > > > > > > Niederlassung Rhein/Main > > Robert-Koch-Straße 41 > > 55129 Mainz > > Fon: +49 (0) 6131 / 914-0 > > Fax: +49 (0) 6131 / 914-400 > > www.bgs-ag.de > > Geschäftssitz Mainz > > Registergericht > > Amtsgericht Mainz > > HRB 62 50 > > > > Aufsichtsratsvorsitzender > > Klaus Hellwig > > Vorstand > > Hanspeter Gau > > Hermann Kiefer > > Nils Manegold -- Daniel Kulp [EMAIL PROTECTED] http://www.dankulp.com/blog
