Any chance you can create a small test case and attach to a JIRA? Preferably something that could run standalone or in tomcat. If I can get a test case, I'd have a shot at debugging it.
Dan On Thursday 11 March 2010 8:44:24 pm PrSd wrote: > Dan, > > Things got so crazy in the past week I never got time to test your fix. But > I did not have to. I got the error to go away by accidentally coming up > with a bunch of jars in the web-inf/lib directory that fixed the issue. I > got it to work with cxf-2.0-incubator jar and was very happy. However all > of a sudden I am running into that issue again. I have changed nothing in > the code or on the server. I am baffled. So today I tested your fix with > the latest snapshot - cxf-2.2.7-SNAPSHOT.jar and I still getting the local > part cannot be null error. > > By the way here are the bunch of jars on the WS client WEB-INF/lib that I > got it working last week. > aopalliance-1.0.jar > cxf-2.0-incubator.jar > geronimo-activation_1.1_spec-1.0-M1.jar > geronimo-annotation_1.0_spec-1.1.jar > geronimo-javamail_1.4_spec-1.0-M1.jar > geronimo-ws-metadata_2.0_spec-1.1.1.jar > jaxb-api-2.0.jar > jaxb-impl-2.0.5.jar > jaxws-api-2.0.jar > jcifs-1.3.12.jar > jetty-6.1.3.jar > jetty-util-6.1.3.jar > joda-time-1.6.jar > ldapbp-1.0.jar > neethi-2.0.jar > opensaml-2.3.0.jar > openws-1.3.0.jar > saaj-api-1.3.jar > saaj-impl-1.3.jar > slf4j-api-1.5.10.jar > slf4j-jdk14-1.5.10.jar > spring.jar > spring-beans-2.0.4.jar > spring-context-2.0.4.jar > spring-core-2.0.4.jar > spring-web-2.0.4.jar > spring-ws-core-1.5.8.jar > spring-ws-core-tiger-1.5.8.jar > spring-ws-security-1.5.8.jar > spring-ws-support-1.5.8.jar > spring-xml-1.5.8.jar > velocity-1.5.jar > wsdl4j-1.6.1.jar > wss4j-1.5.1.jar > wstx-asl-3.2.1.jar > xmlParserAPIs.jar > xml-resolver-1.2.jar > XmlSchema-1.2.jar > xmlsec-1.4.3.jar > xmltooling-1.2.1.jar > > In the IBM WAS endorsed directory > resolver-2.9.1.jar > saaj-api.jar > saaj-impl.jar > serializer-2.9.1.jar > wsdl4j-1.6.2.jar > xalan-2.7.1.jar > xercesImpl-2.9.1.jar > xml-apis-2.9.1.jar > > Any thoughts on what the issue could be. It appears the fix did not work > either. I will continue trying but it will need your expertise to resolve > this. > > thanks > Sid > > dkulp wrote: > > Thanks for following up with them. Their hints helped me figure out > > where to > > look. I THINK I see what may be happening here on our side and I've > > just committed a fix. If you could test tomorrows snapshots (or > > checkout the source and build it) to see if that helps, that would be > > great. > > > > Dan > > > > On Mon March 1 2010 11:20:28 pm PrSd wrote: > >> Dan, > >> > >> I approached the folks at OpenSAML. As per Scott Cantor (one of the > >> person > >> heading that project), the issue is not at the SAML end, it is where DOM > >> is > >> first being created. The XML Parser is creating the DOM without > >> namespace awareness which causes the SAML code to fail when it tries > >> creating a QName(localpart). The localName of the DOM attribute is > >> null. > >> > >> Following link is a detailed exchange I had with them > >> https://mail.internet2.edu/wws/arc/mace-opensaml-users/2010-03/msg00025. > >> htm l > >> > >> > >> > >> He clearly mentioned that I need to use a DOM2 or DOM3 Level > >> specification. > >> It is also possible that the CXF client or server side SOAP/SAAJ > >> Interceptors are altering the DOM in a certain way that is causing the > >> umarshalling process using the SAML to fail. > >> > >> I managed to catch hold of the stack trace on the client side. > >> > >> at > >> org.apache.cxf.binding.soap.saaj.SAAJInInterceptor.handleMessage(SAAJInI > >> nte rceptor.java:154) at > >> org.apache.cxf.jaxws.handler.soap.SOAPMessageContextImpl.getMessage(SOAP > >> Mes sageContextImpl.java:78) at > >> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.createProtocolM > >> ess ageContext(SOAPHandlerInterceptor.java:236) at > >> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessageIn > >> ter nal(SOAPHandlerInterceptor.java:144) at > >> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(S > >> OAP HandlerInterceptor.java:119) at > >> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(S > >> OAP HandlerInterceptor.java:69) at > >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC > >> hai n.java:243) at > >> org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:672) at > >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResp > >> ons eInternal(HTTPConduit.java:2210) at > >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResp > >> ons e(HTTPConduit.java:2087) at > >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTP > >> Con duit.java:1985) at > >> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66) > >> > >> at > >> > >> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:640) at > >> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingI > >> nte rceptor.handleMessage(MessageSenderInterceptor.java:62) at > >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC > >> hai n.java:243) at > >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:484) at > >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:310) at > >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:262) at > >> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) at > >> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124) > >> > >> at $Proxy47.findTaskListUsingLoginCreds(Unknown Source) > >> at > >> > >> com.hsc.security.saml.soap.SpringWSClient.main(SpringWSClient.java:77) > >> > >> Q1. Does CXF uses its own DOM Parser when building the SOAPMessages? Is > >> there a way to turn on the namespace awareness at DOM parsing time. > >> Q2. If not, can we turn off the CXF interceptors on both the client and > >> server side and if we do are there any ripple effects. As you are > >> already aware I am using a JAX WS Handler to intercept the SOAP request > >> - Will that > >> be sufficient or I would still need the SOAP and SAAJ interceptors? > >> > >> Eagerly waiting to hear from you > >> > >> thanks > >> Sid > >> > >> dkulp wrote: > >> > This is being thrown from down in Opensaml. I really don't know what > >> > would > >> > cause it. You would probably need to ask on their lists and give > >> > them the > >> > stack trace and the XML of the SAML assertion. > >> > > >> > Dan > >> > >> dkulp wrote: > >> > This is being thrown from down in Opensaml. I really don't know what > >> > would > >> > cause it. You would probably need to ask on their lists and give > >> > them the > >> > stack trace and the XML of the SAML assertion. > >> > > >> > Dan > >> > > >> > On Fri February 26 2010 7:19:15 pm PrSd wrote: > >> >> Daniel, > >> >> > >> >> Here is the stack trace you had requested regarding this issue. I > >> >> just cannot figure out a solution to this > >> >> > >> >> [2/26/10 17:16:11:596 EST] 0000001c SystemErr R > >> >> java.lang.IllegalArgumentException: local part cannot be "null" when > >> >> creating a QName > >> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at > >> >> javax.xml.namespace.QName.<init>(Unknown Source) > >> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at > >> >> javax.xml.namespace.QName.<init>(Unknown Source) > >> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at > >> >> org.opensaml.xml.util.XMLHelper.constructQName(XMLHelper.java:433) > >> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at > >> >> org.opensaml.xml.util.XMLHelper.getNodeQName(XMLHelper.java:171) > >> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at > >> > >> org.opensaml.xml.io.AbstractXMLObjectUnmarshaller.unmarshallAttribute(Ab > >> > >> >> str actXMLObjectUnmarshaller.java:215) [2/26/10 17:16:11:612 EST] > >> >> 0000001c SystemErr R at > >> > >> org.opensaml.xml.io.AbstractXMLObjectUnmarshaller.unmarshall(AbstractXML > >> > >> >> Obj ectUnmarshaller.java:107) [2/26/10 17:16:11:612 EST] 0000001c > >> >> SystemErr R at > >> > >> com.syscom.hsc.web.soap.ServiceSAMLHandler.handleMessage(ServiceSAMLHand > >> > >> >> ler .java:222) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R > >> > >> at > >> > >> com.syscom.hsc.web.soap.ServiceSAMLHandler.handleMessage(ServiceSAMLHan > >> > >> >> dler .java:1) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R > >> > >> at > >> > >> org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeHandleMessage(Ha > >> > >> >> ndle rChainInvoker.java:335) [2/26/10 17:16:11:612 EST] 0000001c > >> >> SystemErr R > >> >> > >> >> at > >> > >> org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeHandlerChain(Hand > >> > >> >> ler ChainInvoker.java:253) [2/26/10 17:16:11:612 EST] 0000001c > >> > >> SystemErr > >> > >> >> R > >> >> > >> >> at > >> > >> org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeProtocolHandlers( > >> > >> >> Han dlerChainInvoker.java:131) [2/26/10 17:16:11:612 EST] 0000001c > >> >> SystemErr > >> >> > >> >> R at > >> > >> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessageIn > >> > >> >> ter nal(SOAPHandlerInterceptor.java:152) [2/26/10 17:16:11:612 EST] > >> >> 0000001c SystemErr R at > >> > >> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(S > >> > >> >> OAP HandlerInterceptor.java:119) [2/26/10 17:16:11:612 EST] 0000001c > >> >> SystemErr > >> >> > >> >> R at > >> > >> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(S > >> > >> >> OAP HandlerInterceptor.java:69) [2/26/10 17:16:11:612 EST] 0000001c > >> >> SystemErr > >> >> > >> >> R at > >> > >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC > >> > >> >> hai n.java:243) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R > >> >> > >> >> at > >> > >> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiat > >> > >> >> ionO bserver.java:109) [2/26/10 17:16:11:612 EST] 0000001c SystemErr > >> >> R at > >> > >> org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestin > >> > >> >> ati on.java:98) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R > >> >> > >> >> at > >> > >> org.apache.cxf.transport.servlet.ServletController.invokeDestination(Se > >> > >> >> rvle tController.java:406) [2/26/10 17:16:11:612 EST] 0000001c > >> > >> SystemErr > >> > >> >> R > >> >> > >> >> at > >> > >> org.apache.cxf.transport.servlet.ServletController.invoke(ServletControl > >> > >> >> ler .java:178) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R > >> > >> at > >> > >> org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFS > >> > >> >> ervl et.java:142) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R > >> >> > >> >> at > >> > >> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(Abst > >> > >> >> ract HTTPServlet.java:179) [2/26/10 17:16:11:612 EST] 0000001c > >> > >> SystemErr > >> > >> >> R > >> >> > >> >> at > >> > >> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTP > >> > >> >> Ser vlet.java:103) [2/26/10 17:16:11:612 EST] 0000001c SystemErr > >> >> R > >> >> > >> >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:763) > >> >> > >> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at > >> > >> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTT > >> > >> >> PSe rvlet.java:159) [2/26/10 17:16:11:612 EST] 0000001c SystemErr > >> > >> R > >> > >> >> at > >> > >> com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.j > >> > >> >> ava: 1096) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R > >> >> at > >> > >> com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWra > >> > >> >> pper .java:570) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R > >> >> > >> >> at > >> > >> com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletW > >> > >> >> rapp er.java:478) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R > >> >> > >> >> at > >> > >> com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(Cache > >> > >> >> Serv letWrapper.java:90) [2/26/10 17:16:11:612 EST] 0000001c > >> >> SystemErr > >> >> > >> >> R > >> >> > >> >> at > >> > >> com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:748 > >> > >> >> ) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at > >> > >> com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1 > >> > >> >> 466 ) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at > >> > >> com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:1 > >> > >> >> 19) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at > >> > >> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscriminatio > >> > >> >> n(H ttpInboundLink.java:458) [2/26/10 17:16:11:612 EST] 0000001c > >> >> SystemErr R at > >> > >> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformatio > >> > >> >> n(H ttpInboundLink.java:387) [2/26/10 17:16:11:612 EST] 0000001c > >> >> SystemErr R at > >> > >> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLi > >> > >> >> nk. java:267) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R > >> > >> at > >> > >> com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDisc > >> > >> >> rimi nators(NewConnectionInitialReadCallback.java:214) [2/26/10 > >> >> 17:16:11:612 EST] 0000001c SystemErr R at > >> > >> com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(Ne > >> > >> >> wCo nnectionInitialReadCallback.java:113) [2/26/10 17:16:11:612 EST] > >> >> 0000001c SystemErr R at > >> > >> com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(Ai > >> > >> >> oRe adCompletionListener.java:165) [2/26/10 17:16:11:612 EST] > >> >> 0000001c SystemErr R at > >> > >> com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture. > >> > >> >> jav a:217) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R > >> >> at > >> > >> com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelF > >> > >> >> utur e.java:161) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R > >> >> > >> >> at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136) > >> >> > >> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at > >> >> com.ibm.io.async.ResultHandler.complete(ResultHandler.java:195) > >> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at > >> > >> com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java > >> > >> >> :74 3) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at > >> >> > >> >> com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:873) > >> >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at > >> >> com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1473) > >> > > >> > ----------- > >> > > >> >> > Here is the SAML Assertion that is being sent into the SOAP Header > >> >> > <soap:Envelope > >> > >> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";> > >> > >> >> > <soap:Header> > >> >> > <wsse:Security > >> > >> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse > >> > >> >> c > >> >> > >> >> > urity-secext-1.0.xsd"> > >> >> > > >> >> > <saml2:Assertion > >> >> > xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="123" > >> >> > IssueInstant="2010-02-24T19:10:32.724Z" Version="2.0"> > >> >> > > >> >> > <saml2:Issuer>http://localhost:9088</saml2:Issuer> > >> >> > > >> >> > <saml2:Subject> > >> >> > > >> >> > <saml2:NameID > >> > >> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">p8adm > >> > >> >> i > >> >> > >> >> > n</saml2:NameID> </saml2:Subject> > >> >> > > >> >> > <saml2:AuthnStatement > >> >> > > >> >> > AuthnInstant="2010-02-24T19:10:32.787Z"> > >> >> > > >> >> > <saml2:AuthnContext> > >> > >> <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509< > >> > >> >> / > >> >> > >> >> > saml2:AuthnContextClassRef> > >> >> > > >> >> > </saml2:AuthnContext> > >> >> > > >> >> > </saml2:AuthnStatement> > >> >> > > >> >> > <saml2:AuthzDecisionStatement Decision="Permit" > >> >> > Resource="DoubleIt"> > >> >> > > >> >> > <saml2:Action > >> > >> Namespace="urn:doubleit:doubleitactions">DoubleEvenNumbers</saml2:Action > >> > >> >> > </saml2:AuthzDecisionStatement> > >> >> > > >> >> > <saml2:AttributeStatement> > >> >> > > >> >> > <saml2:Attribute Name="degree" > >> >> > NameFormat="http://www.example.org/DoubleIt/Security";> > >> >> > > >> >> > <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"; > >> >> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > >> >> > xsi:type="xs:string">Mathematics</saml2:AttributeValue> > >> >> > </saml2:Attribute></saml2:AttributeStatement> > >> >> > > >> >> > </saml2:Assertion></wsse:Security></soap:Header> > >> >> > > >> >> > <soap:Body><findTaskListUsingLoginCreds > >> >> > xmlns="http://web.hsc.syscom.com/";><username > >> >> > xmlns="http://web.hsc.syscom.com/";>kpham</username><password > >> >> > xmlns="http://web.hsc.syscom.com/";>hdfuhgdg</password><category > >> > >> xmlns="http://web.hsc.syscom.com/";>GETFULLEOPINWRK</category><maxResults > >> > >> > >> xmlns="http://web.hsc.syscom.com/";>-1</maxResults></findTaskListUsingLog > >> > >> >> i > >> >> > >> >> > nCreds></soap:Body></soap:Envelope> -- Daniel Kulp [email protected] http://dankulp.com/blog
