-
1. Re: JBoss AS7.1.1-Final & WS-Security
asoldano Jun 17, 2013 3:13 AM (in response to pbalachandran)Caused by: java.lang.ClassCastException: org.apache.ws.security.WSPasswordCallback cannot be cast to org.apache.ws.security.WSPasswordCallback
at com.corelogic.ws.service.KeystorePasswordCallback.handle(KeystorePasswordCallback.java:24) [classes:]
at org.apache.ws.security.components.crypto.Merlin.getPassword(Merlin.java:1377) [wss4j-1.6.10.jar:1.6.10]
at org.apache.ws.security.components.crypto.Merlin.getPrivateKey(Merlin.java:653) [wss4j-1.6.10.jar:1.6.10]
at org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:106) [wss4j-1.6.10.jar:1.6.10]
... 30 moreMy gut feeling is that you have some classloading issues, given the exception above. Perhaps you have the wss4j jar (or other libraries) in your deployment?
-
2. Re: JBoss AS7.1.1-Final & WS-Security
erasmomarciano Jun 17, 2013 3:38 AM (in response to pbalachandran) -
3. Re: JBoss AS7.1.1-Final & WS-Security
pbalachandran Jun 17, 2013 9:27 AM (in response to asoldano)I reduced the pom.xml to contain the essential dependencies - please see attached. I still get the class cast exception. Not sure where wss4j.jar is getting included (must be transitive).
Do I need to put in an exclusion for it and if so within which dependency.
Thank you.
-
pom.xml 2.9 KB
-
-
4. Re: JBoss AS7.1.1-Final & WS-Security
asoldano Jun 17, 2013 10:04 AM (in response to pbalachandran)Simply have a look at the notaryWS.war contents. I assume it will have multiple cxf jars (as well as the wss4j jar) in it. You need to remove them all.
-
5. Re: JBoss AS7.1.1-Final & WS-Security
pbalachandran Jun 17, 2013 11:45 AM (in response to asoldano)Thank you so much for the pointers - I got a good deal further by making the JARs scope "provided". I did not realize that the examples that I based my project on were for Tomcat (which required all these JARs to be packaged), but since JBoss is bundled with CXF, these were not required. However I get another weird error now - it complians it can't find WSPasswordCallback which is in the wss4j.jar. Not sure why JBoss would not be able to find this class.
</pre></p><p><b>root cause</b> <pre>java.lang.NoClassDefFoundError: org/apache/ws/security/WSPasswordCallback
com.corelogic.ws.service.KeystorePasswordCallback.handle(KeystorePasswordCallback.java:24)
org.apache.ws.security.components.crypto.Merlin.getPassword(Merlin.java:1377)
org.apache.ws.security.components.crypto.Merlin.getPrivateKey(Merlin.java:653)
org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:106)
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:397)
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:249)
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:85)
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:207)
org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:91)
org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:169)
org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87)
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:185)
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108)
javax.servlet.http.HttpServlet.service(HttpServlet.java:754)
org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:135)
org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140)
javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
-
6. Re: JBoss AS7.1.1-Final & WS-Security
asoldano Jun 17, 2013 12:02 PM (in response to pbalachandran)You're most likely missing a module dependency to org.apache.ws.security module. Have a look at the doc at https://docs.jboss.org/author/display/JBWS/WS-Security
In few words, you most likely need to have a "Dependencies: org.apache.ws.security" line in your app MANIFEST.MF
-
7. Re: JBoss AS7.1.1-Final & WS-Security
pbalachandran Jun 17, 2013 1:27 PM (in response to asoldano)That was it! I added the manifest and I am able to get responses back. Thank you so much for all the help.