tags:

views:

617

answers:

2
Q: 

Axis client with changing keystorefile. org.apache.ws.security.WSSecurityException: General security error (No certificates for user user1 were found for signature)

Hi,

I have a problem with axis2-client inside JAX-WS web service. This JAX-WS web service is inside Tomcat container. Keystorefile is retrieved dynamically from database. When I start Tomcat I can use ws-client normally and it works fine, but if i change the keystore it fails with stacktrace shown below. If I restart Tomcat it works fine. Does rampart or tomcat have some static variables that aren't flushed until Tomcat is restarted? I use rampart-module 1.3 to sign message for a secure web service. I think inflow and outflow configs are correct since I have been printing them in the log.

The Stacktrace in Tomcat Catalina log:

org.apache.axis2.AxisFault: Error during Signature: ; nested exception is: org.apache.ws.security.WSSecurityException: General security error (No certificates for user user1 were found for signature) at org.apache.rampart.handler.WSDoAllSender.processMessage(WSDoAllSender.java:67) at org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:72) at org.apache.axis2.engine.Phase.invoke(Phase.java:318) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251) at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:416) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:402) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)

A: 

Ok, I've found out this much:

My dynamic keystore change fails because Password Callback Handler validates wrong certificate. Handler gets the password on the first call to service and certificate is saved somewhere in the memory. If I use "hardcoded"-password -> my service will work fine if the first call is made with matching certificate.

Does anybody know how to clear old certificate from the memory/cache? Restarting Tomcat will work but I need bit more dynamic solution

Raine  2009-12-18 15:12:03
A: 

Ok I found out the solution. The trick was to use PolicyBased configuration. I was using old ParameterBased configuration. Here is a link to great blog by Thilina:

How to build rampart-config programmatically..

Remember to define policy.xml file when following this tutorial. This was something that I first forgot to do :)

raine  2009-12-29 12:30:03

related questions

Ant cannot find a class needed by an externally defined taskdef
Changing port on which an Axis web service is listening to
Excel VBA: Is there any way to format chart axes through VBA only?
AXIS 1.4 adds elements to custom fault type
What does this Java error message entail? And how can i fix it?
Implementation of WS-ReliableMessaging for Axis 1.4.
Webservice with castor Serialzer
undeclared identifier SO_EXCLUSIVEADDRUSE when building Apache Axis2/C
Https WebService message: Message did not contain a valid Security Element
unmarshalling an axis generated (multiref containing) soap response with jaxb
Using complex data types from Java in Axis webservice
Patterns : Java class conversion from axis objects.
How can I automatically calculate axis scale and intervals?
spring + tomcat + axis2 == jax-ws web service ?
Encryption of SOAP message in Axis 2
Don't understand how Axis works if I haven't installed it?
How do I fix this error: http_client.c(227) Error creating a socket. Most probably error returned by OS
Web Service throwing exception using Axis2 Java
Webservice toolkits in Java that can interface with WCF
Controlling flex chart axes
Microsoft Reporting Services WebServices and Java
apache axis ConfigurationException
Is there a way to tell WCF to use security in the request, but ignore it on the response?
How can I get Axis 1.4 to not generate several prefixes for the same XML namespace?
What is the difference between an endpoint, a service, and a port when working with webservices?