tags:

views:

288

answers:

0
Q: 

cxf-bc ws-security callback classnotfoundexception

I'm trying to implement authentication with SSL as a ws-security policy on a service inside of SMX4. So far I've been able to implement SSL and the transport policy, but I've not been able to get the authentication part to work. I've tried to attack this at many different angles but I'm just missing something. I was wondering if you guys can help me. I don't know how it cannot find my callback class since I've exported package in the cxf.bundle config in the pom.

Error response:

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"&gt;
  <soap:Body>
   <soap:Fault>
     <faultcode>soap:Client</faultcode>
     <faultstring>com.mycompany.useraccount.ServerPasswordCallback; nested exception is: java.lang.ClassNotFoundException: com.mycompany.useraccount.ServerPasswordCallback</faultstring>
   </soap:Fault>
  </soap:Body>
</soap:Envelope>

Client request:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:typ="http://www.mycompany.com/UserAccount/types"&gt;
<soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing"&gt;
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"&gt;
<wsu:Timestamp wsu:Id="Timestamp-14" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"&gt;
  <wsu:Created>2010-06-01T19:55:10.984Z</wsu:Created>
  <wsu:Expires>2010-06-01T19:56:10.984Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-13" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"&gt;
<wsse:Username>joe</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"&gt;joespassword&lt;/wsse:Password&gt;
  <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"&gt;o6HCEhy9dHH6zkBhdp/FLw==&lt;/wsse:Nonce&gt;
  <wsu:Created>2010-06-01T19:55:03.718Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
<wsa:Action>http://www.mycompany.com/UserAccount/UserAccountPortType/ApproveDenyAccountRequest&lt;/wsa:Action&gt;
</soapenv:Header>
<soapenv:Body>
  <typ:ApproveDenyUserRequest>
  <typ:pendingId>13</typ:pendingId>
  <typ:approval>1</typ:approval>
  </typ:ApproveDenyUserRequest>
 </soapenv:Body>
</soapenv:Envelope>

Servicemix log:

15:55:16,812 | WARN | 7@qtp-31267377-2 | WSS4JInInterceptor | security.wss4j.WSS4JInInterceptor 255 | org.apache.ws.security.WSSecurityException: 
com.mycompany.useraccount.ServerPasswordCallback; nested exception is:
java.lang.ClassNotFoundException: com.mycompany.useraccount.ServerPasswordCallback
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.getCallback(WSS4JInInterceptor.java:477)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:195)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:78)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:109)
at org.apache.servicemix.cxfbc.CxfBcConsumer$JbiChainInitiationObserver.onMessage(CxfBcConsumer.java:678)
at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:312)
at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:276)
at org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:70)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230)
at org.mortbay.jetty.handler.HandlerList.handle(HandlerList.java:49)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:326)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:938)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:755)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:218)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
at org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228)
at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:680)
at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
Caused by: java.lang.ClassNotFoundException:   com.mycompany.useraccount.ServerPasswordCallback
at org.eclipse.osgi.internal.loader.BundleLoader.findClassInternal(BundleLoader.java:494)
at org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:410)
at org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:398)
at org.eclipse.osgi.internal.baseadaptor.DefaultClassLoader.loadClass(DefaultClassLoader.java:105)
at java.lang.ClassLoader.loadClass(ClassLoader.java:252)
at org.apache.cxf.common.classloader.ClassLoaderUtils.loadClass2(ClassLoaderUtils.java:236)
at org.apache.cxf.common.classloader.ClassLoaderUtils.loadClass(ClassLoaderUtils.java:222)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.getCallback(WSS4JInInterceptor.java:475)
... 21 more
15:55:16,812 | WARN | 7@qtp-31267377-2 | PhaseInterceptorChain | ache.cxf.common.logging.LogUtils 361 | Interceptor for {http://www.mycompany.com/UserAccount}UserAccountService has thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: com.mycompany.useraccount.ServerPasswordCallback; nested exception is:
java.lang.ClassNotFoundException: com.mycompany.useraccount.ServerPasswordCallback
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:583)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:256)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:78)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:109)
at org.apache.servicemix.cxfbc.CxfBcConsumer$JbiChainInitiationObserver.onMessage(CxfBcConsumer.java:678)
at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:312)
at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:276)
at org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:70)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230)
at org.mortbay.jetty.handler.HandlerList.handle(HandlerList.java:49)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:326)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:938)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:755)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:218)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
at org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228)
at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:680)
at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
Caused by: org.apache.ws.security.WSSecurityException: com.mycompany.useraccount.ServerPasswordCallback; nested exception is:
java.lang.ClassNotFoundException: com.mycompany.useraccount.ServerPasswordCallback
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.getCallback(WSS4JInInterceptor.java:477)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:195)
... 20 more
Caused by: java.lang.ClassNotFoundException: com.mycompany.useraccount.ServerPasswordCallback
at org.eclipse.osgi.internal.loader.BundleLoader.findClassInternal(BundleLoader.java:494)
at org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:410)
at org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:398)
at org.eclipse.osgi.internal.baseadaptor.DefaultClassLoader.loadClass(DefaultClassLoader.java:105)
at java.lang.ClassLoader.loadClass(ClassLoader.java:252)
at org.apache.cxf.common.classloader.ClassLoaderUtils.loadClass2(ClassLoaderUtils.java:236)
at org.apache.cxf.common.classloader.ClassLoaderUtils.loadClass(ClassLoaderUtils.java:222)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.getCallback(WSS4JInInterceptor.java:475)
... 21 more

xbeans.xml:

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:cxfbc="http://servicemix.apache.org/cxfbc/1.0"
xmlns:nwec="http://www.mycompany.com/UserAccount"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
xmlns:http="http://cxf.apache.org/transports/http/configuration"
xmlns:sec="http://cxf.apache.org/configuration/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util.xsd
http://servicemix.apache.org/cxfbc/1.0
http://repo2.maven.org/maven2/org/apache/servicemix/servicemix-cxf-bc/2010.01/servicemix-cxf-bc-2010.01.xsd
http://cxf.apache.org/transports/http-jetty/configuration
http://cxf.apache.org/schemas/configuration/http-jetty.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd" >

 <import resource="classpath:META-INF/cxf/cxf.xml" />
 <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
 <import resource="classpath:META-INF/cxf/cxf-extension-http.xml" />
 <import resource="classpath:META-INF/cxf/osgi/cxf-extension-osgi.xml" />
 <import resource="classpath:META-INF/cxf/cxf-extension-policy.xml" />
 <import resource="classpath:META-INF/cxf/cxf-extension-ws-security.xml" />

<cxfbc:consumer wsdl="classpath:wsdl/UserAccount.wsdl"
 targetService="nwec:UserAccountService" targetEndpoint="endpoint"
 useJBIWrapper="false" useSOAPEnvelope="false" properties="#properties"
 locationURI="https://localhost:9001/useraccount"&gt;
</cxfbc:consumer>

<util:map id="properties">
  <entry value="com.mycompany.useraccount.ServerPasswordCallback">
    <key>
      <util:constant
        static-field="org.apache.cxf.ws.security.SecurityConstants.CALLBACK_HANDLER" />
    </key>
    </entry>
</util:map>

<httpj:engine-factory bus="cxf">
<httpj:engine port="9001">
<httpj:tlsServerParameters>
<sec:keyManagers keyPassword="password">
<sec:keyStore type="JKS" password="password" resource="certs/cherry.jks" />
</sec:keyManagers>
<sec:cipherSuitesFilter>
<sec:include>.*_WITH_3DES_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:exclude>.*_WITH_NULL_.*</sec:exclude>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
<sec:clientAuthentication want="false"
required="false" />
</httpj:tlsServerParameters>
</httpj:engine>
</httpj:engine-factory>

<bean id="cxf" class="org.apache.cxf.bus.CXFBusImpl" />

<bean class="org.apache.servicemix.common.osgi.EndpointExporter" />

</beans>

wsdl:

pom:

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"&gt;

</configuration>
</plugin>
</plugins>
</build>
<properties>
<cxf.version>2.2.6</cxf.version>
</properties>

</project>

related questions

Is WS-Security truly interoperable across platforms?
Connecting to WS-Security protected Web Service with PHP
Any good step by step tutorial to implement a secure token service with Java?
How to use Forms Auth when SSL is on a proxy in front of the IIS Farm (WCF) ?
JAX-WS Consuming web service with WS-Security and WS-Addressing
How do I build a secure webservice with .Net?
How do I add a <UsernameToken> header programatically to a SOAP message in JAX-WS?
How do you build an EAR with policy files included using WLS Ant Tasks?
How do you use TLS/SSL Http Authentication with a CXF client to a web service?
webservice using security UserNameToken
User/Pass Authentication using RESTful WCF & Windows Forms
Spring-WS: how to use WebserviceTemplate with pre-generated SOAP-envelope
how to protect the ws discovery ad hoc network from man-in-the-middle attacks
How to use WS-Security with EJB3 ?
Developing a secure WS client for consuming a Axis2 Web Service with Rampart WS Security module?
Standard web services v Secure web services
Using WCF to send a signed Request and receive an unsigned Response
TLS handshake event in Tomcat, is there something like that ?
Encryption of SOAP message in Axis 2
Specify parts of the header that have to be signed and/or encrypted in WCF with binding that support standards
How do I create a cold fusion web service client that uses ws-security?
Ruby and WS-Security
How can I authenticate using client credentials in WCF just once?
Calling .NET Web Service (WSE 2/3, WS-Security) from Java
Where can I find some good WS-Security introductions and tutorials?