3 Replies Latest reply on Mar 5, 2009 11:01 AM by bryan.kearney

    WSSecurityEngine: No crypto property file supplied for decry

    bryan.kearney

      I am running CXF 2.1.4 inside of Jboss 5.0.1. My goal is to publish an endpoint using Reliable Messageing (and therefore Addressing) as well as Signing and Enrypting the messages.I am following the various examples at the jboss site, and the cxf fite.

      currently, my client and server are connexting but each is throwing a similar exception:

      Caused by: org.apache.cxf.binding.soap.SoapFault: General security error (WSSecurityEngine: No crypto property file supplied for decryption)
       at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75)
       at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46)
       at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35)
       at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:226)
       at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:96)
       at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
       at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
       at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:226)
       at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:641)
      


      I have configured the in bound interceptors per the instructions


       <bean id="Sign_Request" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
      <constructor-arg>
      <map>
       <entry key="action" value="Timestamp Signature Encrypt" />
       <entry key="signaturePropFile" value="cxf.properties" />
       <entry key="decryptionPropFile" value="cxf.properties" />
       <entry key="passwordCallbackClass" value="com.redhat.vdc.backend.PasswordCallbackHandler" />
      </map>
      </constructor-arg>
      </bean>
      


      And I have even tried replacing decryptionPropFile with WSHandlerConstants.DEC_PROP_FILE with no help.

      Has anyone else seen this?

      -- bk



        • 1. Re: WSSecurityEngine: No crypto property file supplied for d
          asoldano

          Could you provide the structure of your archives? IOW, where do you have the cxf.properties file? is it in META-INF (client side and server side with ejb3 endpoint) or WEB-INF/classes (server side with pojo endpoint)? I suspect the properties file is not found because it's not loadable given the current classpath.
          Btw which kind of endpoint are you using?

          • 2. Re: WSSecurityEngine: No crypto property file supplied for d
            bryan.kearney

            Lets try server first. My CXF endpoint is in a single ejb jar within the ear. The jar file looks like:

             0 Wed Mar 04 14:45:44 GMT-05:00 2009 META-INF/
             127 Wed Mar 04 14:45:42 GMT-05:00 2009 META-INF/MANIFEST.MF
             0 Wed Mar 04 12:51:52 GMT-05:00 2009 META-INF/wsdl/
             0 Wed Mar 04 12:51:58 GMT-05:00 2009 com/
             0 Wed Mar 04 12:51:58 GMT-05:00 2009 com/redhat/
             0 Wed Mar 04 12:51:58 GMT-05:00 2009 com/redhat/vdc/
             0 Wed Mar 04 12:51:58 GMT-05:00 2009 com/redhat/vdc/backend/
             2523 Wed Mar 04 12:51:52 GMT-05:00 2009 META-INF/wsdl/com.redhat.vdc.backend.WCFBackendBean.wsdl
             10140 Wed Mar 04 12:51:52 GMT-05:00 2009 META-INF/wsdl/WCFBackendBean_schema1.xsd
             634 Wed Mar 04 12:51:52 GMT-05:00 2009 META-INF/solidiceserver.cer
             1675 Wed Mar 04 12:51:52 GMT-05:00 2009 META-INF/solidiceserver.jks
             334 Wed Mar 04 12:51:52 GMT-05:00 2009 META-INF/cxf.properties
             634 Wed Mar 04 12:51:52 GMT-05:00 2009 META-INF/solidiceclient.cer
             3490 Wed Mar 04 12:51:52 GMT-05:00 2009 META-INF/jbossws-cxf.xml
             357 Wed Mar 04 12:51:52 GMT-05:00 2009 META-INF/README
             1673 Wed Mar 04 12:51:52 GMT-05:00 2009 META-INF/solidiceclient.jks
             2362 Wed Mar 04 12:51:58 GMT-05:00 2009 com/redhat/vdc/backend/PasswordCallbackHandler.class
             1879 Wed Mar 04 12:51:58 GMT-05:00 2009 com/redhat/vdc/backend/WCFBackendBean.class
             0 Wed Mar 04 14:45:44 GMT-05:00 2009 META-INF/maven/
             0 Wed Mar 04 14:45:44 GMT-05:00 2009 META-INF/maven/com.redhat.vdc/
             0 Wed Mar 04 14:45:44 GMT-05:00 2009 META-INF/maven/com.redhat.vdc/wcf-cxf/
             3036 Wed Feb 25 16:20:00 GMT-05:00 2009 META-INF/maven/com.redhat.vdc/wcf-cxf/pom.xml
             121 Wed Mar 04 14:45:42 GMT-05:00 2009 META-INF/maven/com.redhat.vdc/wcf-cxf/pom.properties
            


            The code for the bean itself is this:

            package com.redhat.vdc.backend;
            
            import javax.ejb.EJB;
            import javax.ejb.Stateless;
            import javax.jws.WebMethod;
            import javax.jws.WebParam;
            import javax.jws.WebResult;
            import javax.jws.WebService;
            import javax.jws.soap.SOAPBinding;
            
            import org.jboss.wsf.spi.annotation.WebContext;
            
            import com.redhat.vdc.action.VdcActionParameters;
            import com.redhat.vdc.action.VdcActionType;
            import com.redhat.vdc.action.VdcReturnValue;
            import com.redhat.vdc.common.utils.VdcException;
            
            @WebService(serviceName = "WCFBackendBean", wsdlLocation = "META-INF/wsdl/com.redhat.vdc.backend.WCFBackendBean.wsdl")
            @WebContext(contextRoot = "/backend", urlPattern = "/*")
            @SOAPBinding(style = SOAPBinding.Style.DOCUMENT)
            @Stateless(name = "WCFBackend")
            public class WCFBackendBean {
            
             @EJB(beanName = "Backend")
             Backend backend;
            
             static {
             //com.sun.xml.ws.transport.http.HttpAdapter.dump=true ;
             }
            
             @WebMethod
             @WebResult(name = "vdcReturnValue")
             public VdcReturnValue runAction(
             @WebParam(name = "actionType") VdcActionType type,
             @WebParam(name = "parameters") VdcActionParameters params) {
            
             try {
             return backend.runAction(type, params);
             } catch (VdcException e) {
             throw e;
             } catch (Exception e) {
             throw new VdcException(e);
             }
             }
            }
            



            cxf.properties:

            org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
            org.apache.ws.security.crypto.merlin.keystore.type=jks
            org.apache.ws.security.crypto.merlin.keystore.password=password
            org.apache.ws.security.crypto.merlin.keystore.alias=solidiceserver
            org.apache.ws.security.crypto.merlin.file=solidiceserver.jks
            


            And jbossws-cxf.xml

            <beans xmlns='http://www.springframework.org/schema/beans'
             xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xmlns:beans='http://www.springframework.org/schema/beans'
             xmlns:jaxws='http://cxf.apache.org/jaxws' xmlns:wsp='http://www.w3.org/2006/07/ws-policy'
             xmlns:p='http://cxf.apache.org/policy'
             xsi:schemaLocation='http://www.springframework.org/schema/beans
             http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
             http://cxf.apache.org/policy
             http://cxf.apache.org/schemas/policy.xsd
             http://www.w3.org/2006/07/ws-policy
             http://www.w3.org/2006/11/ws-policy.xsd
             http://cxf.apache.org/jaxws
             http://cxf.apache.org/schemas/jaxws.xsd'>
            
             <bean id="Sign_Request" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
             <constructor-arg>
             <map>
             <entry key="action" value="Timestamp Signature Encrypt" />
             <entry key="signaturePropFile" value="cxf.properties" />
             <entry key="decryptionPropFile" value="cxf.properties" />
             <entry key="passwordCallbackClass"
             value="com.redhat.vdc.backend.PasswordCallbackHandler" />
             </map>
             </constructor-arg>
             </bean>
            
             <bean id="Sign_Response" class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
             <constructor-arg>
             <map>
             <entry key="action" value="Timestamp Signature Encrypt" />
             <entry key="user" value="solidice" />
             <entry key="signaturePropFile" value="cxf.properties" />
             <entry key="encryptionPropFile" value="cxf.properties" />
             <entry key="encryptionUser" value="solidiceserver" />
             <entry key="signatureKeyIdentifier" value="DirectReference" />
             <entry key="passwordCallbackClass"
             value="com.redhat.vdc.backend.PasswordCallbackHandler" />
             <entry key="signatureParts"
             value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body" />
             <entry key="encryptionParts"
             value="{Element}{http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body" />
             <!-- <entry key="encryptionKeyTransportAlgorithm" value="http://www.w3.org/2001/04/xmlenc#rsa-1_5" /> -->
             <entry key="encryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
             </map>
             </constructor-arg>
             </bean>
            
            
             <wsp:Policy wsu:Id="wsrm10policy"
             xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
             <wswa:UsingAddressing xmlns:wswa="http://www.w3.org/2006/05/addressing/wsdl" />
             <wsrmp:RMAssertion xmlns:wsrmp="http://schemas.xmlsoap.org/ws/2005/02/rm/policy" />
             </wsp:Policy>
            
             <!-- address='http://@jboss.bind.address@:8080/backend' -->
             <jaxws:endpoint id='WCFBackend'
             implementor='com.redhat.vdc.backend.WCFBackendBean'>
             <jaxws:invoker>
             <bean class='org.jboss.wsf.stack.cxf.InvokerJSE' />
             </jaxws:invoker>
             <jaxws:features>
             <p:policies namespace="http://www.w3.org/2006/07/ws-policy">
             <wsp:PolicyReference URI="#wsrm10policy"
             xmlns:wsp="http://www.w3.org/2006/07/ws-policy" />
             </p:policies>
             </jaxws:features>
             <jaxws:outInterceptors>
             <!-- <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"/> -->
             <ref bean="Sign_Response"/>
             </jaxws:outInterceptors>
             <jaxws:inInterceptors>
             <ref bean="Sign_Request"/>
             <!-- <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"/> -->
             </jaxws:inInterceptors>
             </jaxws:endpoint>
            
            </beans>
            



            • 3. Re: WSSecurityEngine: No crypto property file supplied for d
              bryan.kearney

              BTW:

              This is a good post on the subject:

              http://www.jroller.com/gmazza/date/20080729