5 Replies Latest reply on Aug 25, 2011 3:45 PM by rjbaty

    WS-Security Username classloader issue with JBossAS7?

    rjbaty

      Hello,

      I seem to be having an class loader issue configuring a WS-Security Username client using JBossWS-CXF on JBossAS7.  I have added the

       

      Dependencies: org.apache.ws.security, org.jboss.ws.cxf.jbossws-cxf-client services export

       

      Into my MANIFEST.MF to get access to the CXF and Apache WSS4J client libraries from the server so I have gotten past that.  What I believe is happening now is in my client code:

       

      // Create the client WS-Security configuration using Apache CXF APIs.
      Client client = ClientProxy.getClient(endpoint);
      Endpoint cxfEndpoint = client.getEndpoint();
      Map<String,Object> outProps = new HashMap<String, Object>();
      outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
      outProps.put(WSHandlerConstants.USER, "bob");
      outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
      outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, "rjb.ws4.security.client.ClientCallbackHandler");
      WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps); 
      cxfEndpoint.getOutInterceptors().add(wssOut);
      cxfEndpoint.getOutInterceptors().add(new SAAJOutInterceptor());
      

       

      Runs I get a ClassNotFoundException

       

      15:00:42,667 WARN  [org.apache.ws.security.util.Loader] (http--0.0.0.0-8080-1) rjb.ws4.security.client.ClientCallbackHandler from [Module "org.apache.cxf:main" from local module loader @4aeb52 (roots: C:\jboss-7.0.0.GA\modules)]: java.lang.ClassNotFoundException: rjb.ws4.security.client.ClientCallbackHandler from [Module "org.apache.cxf:main" from local module loader @4aeb52 (roots: C:\jboss-7.0.0.GA\modules)]

       

      I believe this is due to the new classloader in JBossAS7.  With the Dependencies I have added in the MANIFEST.MF my project has access to the server modules but in this circumstance wouldn't the callback work the other way around in that CXF or Apache WSS4J be trying to construct the callback class to get the Username password?

       

      Robert

        • 1. Re: WS-Security Username classloader issue with JBossAS7?
          asoldano

          OK, I need to try this but it's most probably an issue related to the AS7 classloading isolation. Which module/jar is rjb.ws4.security.client.ClientCallbackHandler class in? is it in the same jar that has the client code shown above?

          • 2. Re: WS-Security Username classloader issue with JBossAS7?
            rjbaty

            Alessio,

            Correct.

             

            This client code is in a Servlet class in a WAR.  The rjb.ws4.security.client.ClientCallbackHandler class is in the same WAR in a different package.  Yeah, I have a feeling this is due to the AS7 classloading as it seems like its a dependency CXF/WSS4J would have on my WAR with the callback.

             

            All the examples I have seen in JBossWS don't get into WS-Secuiry Username (X509 stuff mostly) and I dug this one up from the CXF documentation here

             

            http://cxf.apache.org/docs/ws-security.html

             

            under the heading Username Token Authentication.

            • 3. Re: WS-Security Username classloader issue with JBossAS7?
              asoldano

              Hi Robert,

              ok, I see the problem, thanks. We did not face this yet probably because the username token tests that are part of the jbossws testsuite run with the client out of container.

              We need to figure out the best way to solve this, as the callback classloading is performed by Apache CXF which is not aware of (and is not supposed to consider) the AS7 modular classloading. I'll have a look at this and fix once I'm back from vacation (unless a colleague of mine or someone else from the community fix it in the mean time).

              • 4. Re: WS-Security Username classloader issue with JBossAS7?
                asoldano

                Hi Robert,

                I've done some testing that proved I was actually wrong, iow I can't reproduce your issue. I've created a modified version of our ws-security username token profile testcase [1] having the client invoked by a servlet which is shipped inside a war archive also containing the client username callback. The client is successfully using the callback handler. Btw, I've checked the wss4j code and noticed that the callback class is loaded using the thread context classloader, which is fine here (for a war deployment, the class contents of the war should always be visible in the TCCL). Can you check you're not perhaps modifying the tccl before the relevant ws-security client code is executed?

                In any case you can have a look at the org.jboss.test.ws.jaxws.samples.wsse.UsernameServletTestCase I've added, the archives that are built, etc.

                The test is passing against current AS 7 master.

                 

                [1] http://source.jboss.org/changelog/JBossWS?cs=14895

                • 5. Re: WS-Security Username classloader issue with JBossAS7?
                  rjbaty

                  Alessio,

                  I upgraded to JBossAS 7.0.1.Final and I can't seem to reproduce this error on my end either.  Hmm, very strange but I appear to be able to use the WS-Security Username code as intended.  Thanks for you time in looking into this.

                   

                  Robert