4 Replies Latest reply on Apr 24, 2014 8:29 AM by asoldano

getting an Error in JBOSS 7.1.1.Final unwinding now: org.apache.cxf.binding.soap.SoapFault: General security error (No certificates were found for decryption (KeyId))

anilellendula Apr 5, 2014 3:58 PM

Hi All,

am using JBOSS 7.1.1.final version application server, am New to webservice and WS-Securiry Implementation, i would like to develop the webservice provider i.e. server side code which should do decryption of the request which has Timestamp,Signature and Decryption, need to decrypt the message with our certificates withe aes256 algorithm and signature should be with client public certificates binarytoken,so started developing in java with JAX WS and CXF Implemention am getting below error.

09:27:41,162 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (http--0.0.0.0-8080-1) Interceptor for {http://IDX.SBIDXService/V1}SBIDXService#{http://IDX.SBIDXService/V1}Submit has thrown excep

tion, unwinding now: org.apache.cxf.binding.soap.SoapFault: General security error (No certificates were found for decryption (KeyId))

at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:643)

at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:308)

at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:85)

at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)

at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)

at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:207)

at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:91)

at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:169)

at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87)

at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:185)

at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]

Implementation.

1.Created source java classes with WSDL using wsimport, created all classes and placed all classes in my project and created wsdl file in wsdl folder of the project.

2.created new class ISBIDXServiceImple implements ISBIDXService

3. added

@WebService(portName = "SBIDXEndpoint",

serviceName = "SBIDXService",

targetNamespace = "http://IDX.SBIDXService/V1",

wsdlLocation = "WEB-INF/wsdl/SBIDXService.wsdl",

endpointInterface = "sbidxservice.idx.v1.ISBIDXService"

)

@EndpointConfig(configFile = "WEB-INF/jaxws-endpoint-config.xml", configName = "Custom WS-Security Endpoint")

3.added <servlet-name>test1</servlet-name> <servlet-class>sbidxservice.idx.v1.ISBIDXServiceImple</servlet-class> in web.xml

4. created ab.properties in WEB-INF to load our JKS for decrption

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin

org.apache.ws.security.crypto.merlin.keystore.type=jks

org.apache.ws.security.crypto.merlin.keystore.password=africanbank

org.apache.ws.security.crypto.merlin.keystore.alias=le-6327afa4-293a-4ecf-9eca-69e950ccacc0

org.apache.ws.security.crypto.merlin.file=/opt/jboss/jboss-as-7.1.1.Final/preprodafricanbank.jks

5. created client.property in WEB-INF to load client public key JKS for signature.

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin

org.apache.ws.security.crypto.merlin.keystore.type=jks

org.apache.ws.security.crypto.merlin.keystore.password=client

org.apache.ws.security.crypto.merlin.keystore.alias=absaclient

org.apache.ws.security.crypto.merlin.file=/opt/jboss/jboss-as-7.1.1.Final/clientkeystore.jks

6. jaxws-endpoint-config.xml file

<?xml version="1.0" encoding="UTF-8"?>

<jaxws-config xmlns="urn:jboss:jbossws-jaxws-config:4.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:javaee="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="urn:jboss:jbossws-jaxws-config:4.0 schema/jbossws-jaxws-config_4_0.xsd">

<endpoint-config>

<config-name>Custom WS-Security Endpoint</config-name>

<property-name>ws-security.signature.properties</property-name>

<property-value>WEB-INF/client.properties</property-value>

</property>

<property-name>ws-security.encryption.properties</property-name>

<property-value>WEB-INF/ab.properties</property-value>

</property>

<property-name>ws-security.signature.username</property-name>

<property-value>absaclient</property-value>

</property>

<property-name>ws-security.encryption.username</property-name>

<property-value>le-6327afa4-293a-4ecf-9eca-69e950ccacc0</property-value>

</property>

<property-name>ws-security.callback-handler</property-name>

<property-value>sbidxservice.idx.v1.KeystorePasswordCallback</property-value>

</property>

</endpoint-config>

</jaxws-config>

7. created KeystorePasswordCallback.java file

package sbidxservice.idx.v1;

import java.io.IOException;

import java.util.HashMap;

import java.util.Map;

import javax.security.auth.callback.Callback;

import javax.security.auth.callback.CallbackHandler;

import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.ws.security.WSPasswordCallback;

/**

* Really callback for key passwords. Configure it with a map

* of key-alias-to-password mappings. Obviously this could

* be extended to encrypt or obfuscate these passwords if desired.

public class KeystorePasswordCallback implements CallbackHandler

{

private Map<String, String> passwords = new HashMap<String, String>();

public KeystorePasswordCallback() {

passwords.put("le-6327afa4-293a-4ecf-9eca-69e950ccacc0", "africanbank");

passwords.put("absaclient", "client");

}

/** * It attempts to get the password from the private * alias/passwords map. */

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {

for (int i = 0; i < callbacks.length; i++) {

WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];

String pass = passwords.get(pc.getIdentifier());

if (pass != null) {

pc.setPassword(pass);

return;

}

/** * Add an alias/password pair to the callback mechanism. */

public void setAliasPassword(String alias, String password) {

passwords.put(alias, password);

}

9. added Dependencies in MANIFEST.IMF file

Manifest-Version: 1.0

Ant-Version: Apache Ant 1.7.1

Created-By: 17.0-b16 (Sun Microsystems Inc.)

Dependencies: org.apache.ws.security ,org.springframework.ws, com.sun.xml.messaging.saaj, javax.xml.soap, com.sun.xml.parsers

10.added below policy assertion to wsdl file

<wsp:Policy wsu:Id="SecurityServiceSignThenEncryptPolicy" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">

<wsp:ExactlyOne>

<wsp:All>

<sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">

<wsp:Policy>

<sp:InitiatorToken>

<wsp:Policy>

<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">

<wsp:Policy>

<sp:WssX509V3Token10/>

</wsp:Policy>

</sp:X509Token>

</wsp:Policy>

</sp:InitiatorToken>

<sp:RecipientToken>

<wsp:Policy>

<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">

<wsp:Policy>

<sp:WssX509V3Token10/>

</wsp:Policy>

</sp:X509Token>

</wsp:Policy>

</sp:RecipientToken>

<sp:AlgorithmSuite>

<wsp:Policy>

<sp:Basic256Rsa15/>

</wsp:Policy>

</sp:AlgorithmSuite>

<sp:Layout>

<wsp:Policy>

<sp:Lax/>

</wsp:Policy>

</sp:Layout>

<sp:IncludeTimestamp/>

<sp:OnlySignEntireHeadersAndBody/>

</wsp:Policy>

</sp:AsymmetricBinding>

<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">

<wsp:Policy>

<sp:MustSupportRefKeyIdentifier/>

<sp:MustSupportRefIssuerSerial/>

</wsp:Policy>

</sp:Wss10>

<sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">

<wsp:Policy>

<sp:MustSupportIssuedTokens/>

<sp:RequireClientEntropy/>

<sp:RequireServerEntropy/>

</wsp:Policy>

</sp:Trust10>

</wsp:All>

</wsp:ExactlyOne>

</wsp:Policy>

11. added all jars in JBOSS servers.

12. created war and deployed to JBOSS 7.1.1.final

13.created SOAPUI project with my project WSDL

14. while testing sample request getting above ERROR.

PLEASE help me to resolve my issue.

SecondWebServiceImp.zip 52.4 KB
1049447SBIDXService 2014-04-03_09-27-57-AM.xml 6.1 KB

1. Re: getting an Error in JBOSS 7.1.1.Final unwinding now: org.apache.cxf.binding.soap.SoapFault: General security error (No certificates were found for decryption (KeyId))

anilellendula Apr 8, 2014 1:22 PM (in response to anilellendula)
Hi,
i have done change that Keystore contains public + private key for server, along with public key for client, now am getting below error,

i am export my project from webmethods designer as a WAR file. add opening war file in 7 -zip file manger and deleting all *.jar file from SecondWebServiceImp.war\WEB-INF\lib\ by keeping wss4j-1.5.8.jar in it and placing.war file into jboss-as-7.1.1.Final/standalone/deployments location.

PFA project and jks file

Can any one help how to resolve below issue as am new to JBOSS and JAVA -WS security, this is my first time am working.

09:27:22,720 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (http--0.0.0.0-8080-2) Interceptor for {http://IDX.SBIDXService/V1}SBIDXService#{http://IDX.SBIDXService/V1}Submit has thrown excep
tion, unwinding now: org.apache.cxf.binding.soap.SoapFault: The signature or decryption was inva@@lid
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:641)
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:308)
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:85)
        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
        at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
        at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:207)
        at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:91)
        at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:169)
        at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87)
        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:185)
        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
        at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:135)
        at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) [jbossws-spi-2.0.3.GA.jar:2.0.3.GA]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [jbossweb-7.0.13.Final.jar:]
        at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]
        at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_45]
Caused by: org.apache.ws.security.WSSecurityException: The signature or decryption was invalid
        at org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:120) [wss4j-1.5.8.jar:1.5.8]
        at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:397) [wss4j-1.5.8.jar:1.5.8]
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:249)
        ... 26 more
Caused by: java.lang.ClassCastException: org.apache.ws.security.WSPasswordCallback cannot be cast to org.apache.ws.security.WSPasswordCallback
        at sbidxservice.idx.v1.KeystorePasswordCallback.handle(KeystorePasswordCallback.java:34) [classes:]
        at org.apache.ws.security.components.crypto.Merlin.getPassword(Merlin.java:1377) [wss4j-1.5.8.jar:1.5.8]
        at org.apache.ws.security.components.crypto.Merlin.getPrivateKey(Merlin.java:653) [wss4j-1.5.8.jar:1.5.8]
        at org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:106) [wss4j-1.5.8.jar:1.5.8]

SecondWebServiceImp.zip 52.0 KB

preprodafricanbank.jks.zip 4.9 KB
Actions
2. Re: Re: getting an Error in JBOSS 7.1.1.Final   unwinding now: org.apache.cxf.binding.soap.SoapFault: General security error (No certificates were found for decryption (KeyId))

anilellendula Apr 9, 2014 6:05 AM (in response to anilellendula)

Hi All,

If i remove wss4j-1.5.8.jar and other CFX jars from SecondWebServiceImp.war\WEB-INF\lib\ and placing.war file into jboss-as-7.1.1.Final/standalone/deployments location, if i test from SOAP -UI getting below error

09:27:38,033 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/SecondWebServiceImp].[test1]] (http--0.0.0.0-8080-1) Servlet.service() for servlet test1 threw exception: jav
a.lang.ClassNotFoundException: org.apache.ws.security.WSPasswordCallback from [Module "deployment.SecondWebServiceImp.war:main" from Service Module Loader]
        at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:190)
        at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:468)
        at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:456)
        at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:423)
        at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398)
        at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:120)
        at sbidxservice.idx.v1.KeystorePasswordCallback.handle(KeystorePasswordCallback.java:35) [classes:]
        at org.apache.ws.security.components.crypto.Merlin.getPassword(Merlin.java:1377)
        at org.apache.ws.security.components.crypto.Merlin.getPrivateKey(Merlin.java:653)
        at org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:106)
        at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:397)
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:249)
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:85)
        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
        at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
        at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:207)
        at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:91)
        at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:169)
        at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87)
        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:185)
        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
        at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:135)
        at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) [jbossws-spi-2.0.3.GA.jar:2.0.3.GA]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [jbossweb-7.0.13.Final.jar:]
        at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]
server.log lines 1312-1358/1435 94%

If i keep wss4j-1.5.8.jar and revmoving all other jars from SecondWebServiceImp.war\WEB-INF\lib\ and placing.war file into jboss-as-7.1.1.Final/standalone/deployments location, if i test from SOAP -UI getting below error

09:27:22,720 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (http--0.0.0.0-8080-2) Interceptor for {http://IDX.SBIDXService/V1}SBIDXService#{http://IDX.SBIDXService/V1}Submit has thrown excep
tion, unwinding now: org.apache.cxf.binding.soap.SoapFault: The signature or decryption was invalid
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:641)
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:308)
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:85)
        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
        at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
        at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:207)
        at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:91)
        at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:169)
        at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87)
        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:185)
        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
        at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:135)
        at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) [jbossws-spi-2.0.3.GA.jar:2.0.3.GA]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [jbossweb-7.0.13.Final.jar:]
        at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]
        at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_45]
Caused by: org.apache.ws.security.WSSecurityException: The signature or decryption was invalid
        at org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:120) [wss4j-1.5.8.jar:1.5.8]
        at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:397) [wss4j-1.5.8.jar:1.5.8]
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:249)
        ... 26 more
Caused by: java.lang.ClassCastException: org.apache.ws.security.WSPasswordCallback cannot be cast to org.apache.ws.security.WSPasswordCallback
        at sbidxservice.idx.v1.KeystorePasswordCallback.handle(KeystorePasswordCallback.java:34) [classes:]
        at org.apache.ws.security.components.crypto.Merlin.getPassword(Merlin.java:1377) [wss4j-1.5.8.jar:1.5.8]
        at org.apache.ws.security.components.crypto.Merlin.getPrivateKey(Merlin.java:653) [wss4j-1.5.8.jar:1.5.8]
        at org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:106) [wss4j-1.5.8.jar:1.5.8]
Actions
3. Re: getting an Error in JBOSS 7.1.1.Final   unwinding now: org.apache.cxf.binding.soap.SoapFault: General security error (No certificates were found for decryption (KeyId))

gllambi Apr 19, 2014 3:56 PM (in response to anilellendula)

Hi!

I had a similar issue with EAP 5 and the problem was that I was using a wrong wss4j lib. Check the cxf version you are using in jboss 7.1

Caused by: java.lang.ClassCastException: org.apache.ws.security.WSPasswordCallback cannot be cast to org.apache.ws.security.WSPasswordCallback

        at sbidxservice.idx.v1.KeystorePasswordCallback.handle(KeystorePasswordCallback.java:34) [classes:]

        at org.apache.ws.security.components.crypto.Merlin.getPassword(Merlin.java:1377) [wss4j-1.5.8.jar:1.5.8]

        at org.apache.ws.security.components.crypto.Merlin.getPrivateKey(Merlin.java:653) [wss4j-1.5.8.jar:1.5.8]

        at org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:106) [wss4j-1.5.8.jar:1.5.8]
Actions
4. Re: getting an Error in JBOSS 7.1.1.Final unwinding now: org.apache.cxf.binding.soap.SoapFault: General security error (No certificates were found for decryption (KeyId))

asoldano Apr 24, 2014 8:29 AM (in response to anilellendula)

I think you problems come from you trying to use a wrong version of WSS4J (1.5.x instead of 1.6.x). I can't remember for sure, but perhaps the WSPasswordCallback class was not in the same place in 1.5 and 1.6.

The "java.lang.ClassCastException: org.apache.ws.security.WSPasswordCallback cannot be cast to org.apache.ws.security.WSPasswordCallback" is kind of expected if you put the wss4j lib in your deployment (you shouldn't, use the org.apache.ws.security module dependency).
Actions

Go to original post