Hello:
I've crossposted this email to WSS4J mailist, but I know a lot of CXF users
use WSS4J for WS-Security implementation, so I hope someone can help me.
I'm using WSS4J with Apache CXF 2.7.3, for signing SOAP messages
So, I'm using WSS4J 1.6.9
These SOAP messages are sent by my WAR application to a remote webservice
When I redeploy my WAR into Tomcat server *without restart it* , I always
get the next exception:
Caused by: org.apache.ws.security.WSSecurityException: Error during
Signature:
at
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:105)
~[wss4j-1.6.9.jar:1.6.9]
at
org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:230)
~[wss4j-1.6.9.jar:1.6.9]
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52)
~[cxf-rt-ws-security-2.7.3.jar:2.7.3]
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:260)
~[cxf-rt-ws-security-2.7.3.jar:2.7.3]
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:136)
~[cxf-rt-ws-security-2.7.3.jar:2.7.3]
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
[cxf-api-2.7.3.jar:2.7.3]
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530)
~[cxf-api-2.7.3.jar:2.7.3]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
~[cxf-api-2.7.3.jar:2.7.3]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
~[cxf-api-2.7.3.jar:2.7.3]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
~[cxf-api-2.7.3.jar:2.7.3]
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
~[cxf-rt-frontend-simple-2.7.3.jar:2.7.3]
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:133)
~[cxf-rt-frontend-jaxws-2.7.3.jar:2.7.3]
... 41 common frames omitted
Caused by: org.apache.ws.security.WSSecurityException: Signature creation
failed
at
org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:558)
~[wss4j-1.6.9.jar:1.6.9]
at
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:99)
~[wss4j-1.6.9.jar:1.6.9]
... 52 common frames omitted
Caused by: java.lang.NullPointerException: null
at
org.apache.jcp.xml.dsig.internal.dom.DOMReference.marshal(DOMReference.java:297)
~[xmlsec-1.5.3.jar:1.5.3]
at
org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo.marshal(DOMSignedInfo.java:268)
~[xmlsec-1.5.3.jar:1.5.3]
at
org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.marshal(DOMXMLSignature.java:216)
~[xmlsec-1.5.3.jar:1.5.3]
at
org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:329)
~[xmlsec-1.5.3.jar:1.5.3]
at
org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:553)
~[wss4j-1.6.9.jar:1.6.9]
... 53 common frames omitted
Any idea ?
I've to restart Tomcat server and all works fine again
Looks like a leak
When fails, if I enable debug logging level, I don't see the the log
message in DOMReference.java , line 297
if (log.isDebugEnabled())
log.debug("Marshalling Reference");
When I restart Tomcat, this log message is shown
My CXF client configuration is
<http-conf:conduit name="https://.*">
<http-conf:tlsClientParameters>
<sec:trustManagers>
<sec:keyStore type="JKS" password="xxx"
resource="truststore.jks"/>
</sec:trustManagers>
</http-conf:tlsClientParameters>
<http-conf:client ConnectionTimeout="5000" ReceiveTimeout="10000" />
</http-conf:conduit>
<jaxws:outInterceptors>
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<constructor-arg>
<map>
<entry key="action" value="Signature"/>
<entry key="user" value="xxx"/>
<entry key="signatureUser" value="xxxx"/>
<entry key="passwordCallbackClass"
value="com.test.KeystorePasswordCallback"/>
<entry key="signaturePropFile" value="keystore.properties"/>
<entry key="signatureKeyIdentifier"
value="DirectReference"/>
<entry key="signatureAlgorithm" value="
http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<entry key="sigCanonicalization" value="
http://www.w3.org/2001/10/xml-exc-c14n#"/>
<entry key="signatureDigestAlgorithm" value="
http://www.w3.org/2000/09/xmldsig#sha1"/>
</map>
</constructor-arg>
</bean>
</jaxws:outInterceptors>
</jaxws:client>
I've crossposted this email to WSS4J mailist, but I know a lot of CXF users
use WSS4J for WS-Security implementation, so I hope someone can help me.
I'm using WSS4J with Apache CXF 2.7.3, for signing SOAP messages
So, I'm using WSS4J 1.6.9
These SOAP messages are sent by my WAR application to a remote webservice
When I redeploy my WAR into Tomcat server *without restart it* , I always
get the next exception:
Caused by: org.apache.ws.security.WSSecurityException: Error during
Signature:
at
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:105)
~[wss4j-1.6.9.jar:1.6.9]
at
org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:230)
~[wss4j-1.6.9.jar:1.6.9]
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52)
~[cxf-rt-ws-security-2.7.3.jar:2.7.3]
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:260)
~[cxf-rt-ws-security-2.7.3.jar:2.7.3]
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:136)
~[cxf-rt-ws-security-2.7.3.jar:2.7.3]
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
[cxf-api-2.7.3.jar:2.7.3]
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530)
~[cxf-api-2.7.3.jar:2.7.3]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
~[cxf-api-2.7.3.jar:2.7.3]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
~[cxf-api-2.7.3.jar:2.7.3]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
~[cxf-api-2.7.3.jar:2.7.3]
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
~[cxf-rt-frontend-simple-2.7.3.jar:2.7.3]
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:133)
~[cxf-rt-frontend-jaxws-2.7.3.jar:2.7.3]
... 41 common frames omitted
Caused by: org.apache.ws.security.WSSecurityException: Signature creation
failed
at
org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:558)
~[wss4j-1.6.9.jar:1.6.9]
at
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:99)
~[wss4j-1.6.9.jar:1.6.9]
... 52 common frames omitted
Caused by: java.lang.NullPointerException: null
at
org.apache.jcp.xml.dsig.internal.dom.DOMReference.marshal(DOMReference.java:297)
~[xmlsec-1.5.3.jar:1.5.3]
at
org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo.marshal(DOMSignedInfo.java:268)
~[xmlsec-1.5.3.jar:1.5.3]
at
org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.marshal(DOMXMLSignature.java:216)
~[xmlsec-1.5.3.jar:1.5.3]
at
org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:329)
~[xmlsec-1.5.3.jar:1.5.3]
at
org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:553)
~[wss4j-1.6.9.jar:1.6.9]
... 53 common frames omitted
Any idea ?
I've to restart Tomcat server and all works fine again
Looks like a leak
When fails, if I enable debug logging level, I don't see the the log
message in DOMReference.java , line 297
if (log.isDebugEnabled())
log.debug("Marshalling Reference");
When I restart Tomcat, this log message is shown
My CXF client configuration is
<http-conf:conduit name="https://.*">
<http-conf:tlsClientParameters>
<sec:trustManagers>
<sec:keyStore type="JKS" password="xxx"
resource="truststore.jks"/>
</sec:trustManagers>
</http-conf:tlsClientParameters>
<http-conf:client ConnectionTimeout="5000" ReceiveTimeout="10000" />
</http-conf:conduit>
<jaxws:outInterceptors>
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<constructor-arg>
<map>
<entry key="action" value="Signature"/>
<entry key="user" value="xxx"/>
<entry key="signatureUser" value="xxxx"/>
<entry key="passwordCallbackClass"
value="com.test.KeystorePasswordCallback"/>
<entry key="signaturePropFile" value="keystore.properties"/>
<entry key="signatureKeyIdentifier"
value="DirectReference"/>
<entry key="signatureAlgorithm" value="
http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<entry key="sigCanonicalization" value="
http://www.w3.org/2001/10/xml-exc-c14n#"/>
<entry key="signatureDigestAlgorithm" value="
http://www.w3.org/2000/09/xmldsig#sha1"/>
</map>
</constructor-arg>
</bean>
</jaxws:outInterceptors>
</jaxws:client>
