4 Replies Latest reply on Apr 24, 2014 8:29 AM by Alessio Soldano

    getting an Error in JBOSS 7.1.1.Final   unwinding now: org.apache.cxf.binding.soap.SoapFault: General security error (No certificates were found for decryption (KeyId))

    Anil Ellendula Newbie

      Hi All,

       

      am using JBOSS 7.1.1.final version application server, am New to webservice and WS-Securiry Implementation, i would like to develop the webservice provider i.e. server side code which should do decryption of the request which has Timestamp,Signature and Decryption,  need to decrypt the message with  our certificates withe aes256 algorithm and signature should be with client public certificates binarytoken,so started developing in java with JAX WS and CXF  Implemention am getting below error.

       

      09:27:41,162 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (http--0.0.0.0-8080-1) Interceptor for {http://IDX.SBIDXService/V1}SBIDXService#{http://IDX.SBIDXService/V1}Submit has thrown excep

      tion, unwinding now: org.apache.cxf.binding.soap.SoapFault: General security error (No certificates were found for decryption (KeyId))

              at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:643)

              at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:308)

              at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:85)

              at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)

              at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)

              at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:207)

              at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:91)

              at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:169)

              at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87)

              at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:185)

              at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108)

              at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]

       

       

       

      Implementation.

       

      1.Created source java classes with WSDL using wsimport, created all classes and placed all classes in my project and created wsdl file in wsdl folder of the project.

      2.created new class ISBIDXServiceImple implements ISBIDXService

      3. added

      @WebService(portName = "SBIDXEndpoint",

        serviceName = "SBIDXService",

        targetNamespace = "http://IDX.SBIDXService/V1",

        wsdlLocation = "WEB-INF/wsdl/SBIDXService.wsdl",

        endpointInterface = "sbidxservice.idx.v1.ISBIDXService"

      )

      @EndpointConfig(configFile = "WEB-INF/jaxws-endpoint-config.xml", configName = "Custom WS-Security Endpoint")

       

      3.added <servlet-name>test1</servlet-name>   <servlet-class>sbidxservice.idx.v1.ISBIDXServiceImple</servlet-class> in web.xml

       

      4. created ab.properties in WEB-INF to load our JKS for decrption

       

      org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin

      org.apache.ws.security.crypto.merlin.keystore.type=jks

      org.apache.ws.security.crypto.merlin.keystore.password=africanbank

      org.apache.ws.security.crypto.merlin.keystore.alias=le-6327afa4-293a-4ecf-9eca-69e950ccacc0             

      org.apache.ws.security.crypto.merlin.file=/opt/jboss/jboss-as-7.1.1.Final/preprodafricanbank.jks

       

       

      5. created client.property in  WEB-INF to load client public key JKS for signature.

       

      org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin

      org.apache.ws.security.crypto.merlin.keystore.type=jks

      org.apache.ws.security.crypto.merlin.keystore.password=client

      org.apache.ws.security.crypto.merlin.keystore.alias=absaclient

      org.apache.ws.security.crypto.merlin.file=/opt/jboss/jboss-as-7.1.1.Final/clientkeystore.jks

       

      6. jaxws-endpoint-config.xml file

       

      <?xml version="1.0" encoding="UTF-8"?>

      <jaxws-config xmlns="urn:jboss:jbossws-jaxws-config:4.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  xmlns:javaee="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="urn:jboss:jbossws-jaxws-config:4.0 schema/jbossws-jaxws-config_4_0.xsd">

        <endpoint-config>

            <config-name>Custom WS-Security Endpoint</config-name>

            <property>

                  <property-name>ws-security.signature.properties</property-name>     

                  <property-value>WEB-INF/client.properties</property-value>   

            </property>   

            <property>

                  <property-name>ws-security.encryption.properties</property-name>     

                  <property-value>WEB-INF/ab.properties</property-value>   

            </property>   

            <property>

                  <property-name>ws-security.signature.username</property-name>     

                  <property-value>absaclient</property-value>   

            </property>   

            <property>     

            <property-name>ws-security.encryption.username</property-name>     

            <property-value>le-6327afa4-293a-4ecf-9eca-69e950ccacc0</property-value>  

            </property>   

            <property>     

            <property-name>ws-security.callback-handler</property-name>     

            <property-value>sbidxservice.idx.v1.KeystorePasswordCallback</property-value>   

            </property> 

        </endpoint-config>

      </jaxws-config>

       

       

       

      7. created KeystorePasswordCallback.java file

      package sbidxservice.idx.v1;

       

      import java.io.IOException;

      import java.util.HashMap;

      import java.util.Map;

       

      import javax.security.auth.callback.Callback;

      import javax.security.auth.callback.CallbackHandler;

      import javax.security.auth.callback.UnsupportedCallbackException;

       

      import org.apache.ws.security.WSPasswordCallback;

       

      /**

      * Really callback for key passwords.  Configure it with a map

      * of key-alias-to-password mappings.  Obviously this could

      * be extended to encrypt or obfuscate these passwords if desired.

      */

      public class KeystorePasswordCallback implements CallbackHandler

      {

       

          private Map<String, String> passwords = new HashMap<String, String>();

       

          public KeystorePasswordCallback() {      

          passwords.put("le-6327afa4-293a-4ecf-9eca-69e950ccacc0", "africanbank");      

          passwords.put("absaclient", "client");   

          }     

          /**     * It attempts to get the password from the private     * alias/passwords map.     */  

         

          public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {      

          for (int i = 0; i < callbacks.length; i++) {         

          WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];           

          String pass = passwords.get(pc.getIdentifier());         

          if (pass != null) {            

          pc.setPassword(pass);            

          return;         

          }      

          }   

          }     

         

         

          /**     * Add an alias/password pair to the callback mechanism.     */  

         

          public void setAliasPassword(String alias, String password) {      

          passwords.put(alias, password);   

          }

      }

       

       

       

      9. added Dependencies in MANIFEST.IMF file

      Manifest-Version: 1.0

      Ant-Version: Apache Ant 1.7.1

      Created-By: 17.0-b16 (Sun Microsystems Inc.)

      Dependencies: org.apache.ws.security ,org.springframework.ws, com.sun.xml.messaging.saaj, javax.xml.soap, com.sun.xml.parsers

       

       

      10.added below policy assertion to wsdl file

       

      <wsp:Policy wsu:Id="SecurityServiceSignThenEncryptPolicy" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">   

        <wsp:ExactlyOne>     

        <wsp:All>       

        <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">         

        <wsp:Policy>           

        <sp:InitiatorToken>             

        <wsp:Policy>               

        <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">                 

        <wsp:Policy>                 

        <sp:WssX509V3Token10/>                 

        </wsp:Policy>                 

        </sp:X509Token>             

        </wsp:Policy>           

        </sp:InitiatorToken>           

        <sp:RecipientToken>             

        <wsp:Policy>               

        <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">                 

        <wsp:Policy>                

        <sp:WssX509V3Token10/>                 

        </wsp:Policy>               

        </sp:X509Token>             

        </wsp:Policy>           

        </sp:RecipientToken>           

        <sp:AlgorithmSuite>             

        <wsp:Policy>               

        <sp:Basic256Rsa15/>             

        </wsp:Policy>           

        </sp:AlgorithmSuite>           

        <sp:Layout>             

        <wsp:Policy>               

        <sp:Lax/>             

        </wsp:Policy>           

        </sp:Layout>           

        <sp:IncludeTimestamp/>

        <sp:OnlySignEntireHeadersAndBody/>               

        </wsp:Policy>       

        </sp:AsymmetricBinding>             

        <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">         

        <wsp:Policy>           

        <sp:MustSupportRefKeyIdentifier/>

        <sp:MustSupportRefIssuerSerial/>         

        </wsp:Policy>       

        </sp:Wss10>   

      <sp:Trust10  xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">

        <wsp:Policy>

        <sp:MustSupportIssuedTokens/>

        <sp:RequireClientEntropy/>

        <sp:RequireServerEntropy/>

        </wsp:Policy>

        </sp:Trust10> 

        </wsp:All>   

        </wsp:ExactlyOne> 

        </wsp:Policy>

       

      11. added all jars in JBOSS servers.

      12. created war and deployed to JBOSS 7.1.1.final

      13.created SOAPUI project with my project WSDL

      14. while testing sample request getting above ERROR.

       

       

      PLEASE help me to resolve my issue.

        • 1. Re: getting an Error in JBOSS 7.1.1.Final   unwinding now: org.apache.cxf.binding.soap.SoapFault: General security error (No certificates were found for decryption (KeyId))
          Anil Ellendula Newbie

          Hi,

          i have done  change that Keystore contains public + private key for server, along with public key for client, now am getting below error,


          i am export my project from webmethods designer as a WAR file. add opening war  file in 7 -zip file manger and deleting all *.jar file from SecondWebServiceImp.war\WEB-INF\lib\ by keeping wss4j-1.5.8.jar in it and placing.war file into jboss-as-7.1.1.Final/standalone/deployments location.

           

          PFA project and jks file

           

          Can any one help how to resolve below issue as am new to JBOSS and JAVA -WS security, this is my first time am working.

           

          09:27:22,720 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (http--0.0.0.0-8080-2) Interceptor for {http://IDX.SBIDXService/V1}SBIDXService#{http://IDX.SBIDXService/V1}Submit has thrown excep

          tion, unwinding now: org.apache.cxf.binding.soap.SoapFault: The signature or decryption was inva@@lid

                  at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:641)

                  at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:308)

                  at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:85)

                  at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)

                  at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)

                  at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:207)

                  at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:91)

                  at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:169)

                  at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87)

                  at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:185)

                  at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108)

                  at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]

                  at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:135)

                  at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) [jbossws-spi-2.0.3.GA.jar:2.0.3.GA]

                  at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]

                  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) [jbossweb-7.0.13.Final.jar:]

                  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]

                  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.13.Final.jar:]

                  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [jbossweb-7.0.13.Final.jar:]

                  at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]

                  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]

                  at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]

                  at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]

                  at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]

                  at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]

                  at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]

                  at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]

                  at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_45]

          Caused by: org.apache.ws.security.WSSecurityException: The signature or decryption was invalid

                  at org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:120) [wss4j-1.5.8.jar:1.5.8]

                  at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:397) [wss4j-1.5.8.jar:1.5.8]

                  at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:249)

                  ... 26 more

          Caused by: java.lang.ClassCastException: org.apache.ws.security.WSPasswordCallback cannot be cast to org.apache.ws.security.WSPasswordCallback

                  at sbidxservice.idx.v1.KeystorePasswordCallback.handle(KeystorePasswordCallback.java:34) [classes:]

                  at org.apache.ws.security.components.crypto.Merlin.getPassword(Merlin.java:1377) [wss4j-1.5.8.jar:1.5.8]

                  at org.apache.ws.security.components.crypto.Merlin.getPrivateKey(Merlin.java:653) [wss4j-1.5.8.jar:1.5.8]

                  at org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:106) [wss4j-1.5.8.jar:1.5.8]

          • 2. Re: Re: getting an Error in JBOSS 7.1.1.Final   unwinding now: org.apache.cxf.binding.soap.SoapFault: General security error (No certificates were found for decryption (KeyId))
            Anil Ellendula Newbie

            Hi All,

             

             

            If i remove wss4j-1.5.8.jar and other CFX jars from SecondWebServiceImp.war\WEB-INF\lib\ and placing.war file into jboss-as-7.1.1.Final/standalone/deployments location, if i test from SOAP -UI getting below error

             

             

            09:27:38,033 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/SecondWebServiceImp].[test1]] (http--0.0.0.0-8080-1) Servlet.service() for servlet test1 threw exception: jav

            a.lang.ClassNotFoundException: org.apache.ws.security.WSPasswordCallback from [Module "deployment.SecondWebServiceImp.war:main" from Service Module Loader]

                    at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:190)

                    at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:468)

                    at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:456)

                    at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:423)

                    at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398)

                    at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:120)

                    at sbidxservice.idx.v1.KeystorePasswordCallback.handle(KeystorePasswordCallback.java:35) [classes:]

                    at org.apache.ws.security.components.crypto.Merlin.getPassword(Merlin.java:1377)

                    at org.apache.ws.security.components.crypto.Merlin.getPrivateKey(Merlin.java:653)

                    at org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:106)

                    at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:397)

                    at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:249)

                    at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:85)

                    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)

                    at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)

                    at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:207)

                    at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:91)

                    at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:169)

                    at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87)

                    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:185)

                    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108)

                    at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]

                    at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:135)

                    at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) [jbossws-spi-2.0.3.GA.jar:2.0.3.GA]

                    at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]

                    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) [jbossweb-7.0.13.Final.jar:]

                    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]

                    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.13.Final.jar:]

                    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [jbossweb-7.0.13.Final.jar:]

                    at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]

                    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]

                    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]

                    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]

                    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]

            server.log lines 1312-1358/1435 94%

             

             

             

            If i keep wss4j-1.5.8.jar and  revmoving all other jars from SecondWebServiceImp.war\WEB-INF\lib\ and placing.war file into jboss-as-7.1.1.Final/standalone/deployments location, if i test from SOAP -UI getting below error



            09:27:22,720 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (http--0.0.0.0-8080-2) Interceptor for {http://IDX.SBIDXService/V1}SBIDXService#{http://IDX.SBIDXService/V1}Submit has thrown excep

            tion, unwinding now: org.apache.cxf.binding.soap.SoapFault: The signature or decryption was invalid

                    at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:641)

                    at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:308)

                    at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:85)

                    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)

                    at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)

                    at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:207)

                    at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:91)

                    at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:169)

                    at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87)

                    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:185)

                    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108)

                    at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]

                    at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:135)

                    at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) [jbossws-spi-2.0.3.GA.jar:2.0.3.GA]

                    at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]

                    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) [jbossweb-7.0.13.Final.jar:]

                    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]

                    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.13.Final.jar:]

                    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [jbossweb-7.0.13.Final.jar:]

                    at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]

                    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]

                    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]

                    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]

                    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]

                    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]

                    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]

                    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]

                    at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_45]

            Caused by: org.apache.ws.security.WSSecurityException: The signature or decryption was invalid

                    at org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:120) [wss4j-1.5.8.jar:1.5.8]

                    at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:397) [wss4j-1.5.8.jar:1.5.8]

                    at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:249)

                    ... 26 more

            Caused by: java.lang.ClassCastException: org.apache.ws.security.WSPasswordCallback cannot be cast to org.apache.ws.security.WSPasswordCallback

                    at sbidxservice.idx.v1.KeystorePasswordCallback.handle(KeystorePasswordCallback.java:34) [classes:]

                    at org.apache.ws.security.components.crypto.Merlin.getPassword(Merlin.java:1377) [wss4j-1.5.8.jar:1.5.8]

                    at org.apache.ws.security.components.crypto.Merlin.getPrivateKey(Merlin.java:653) [wss4j-1.5.8.jar:1.5.8]

                    at org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:106) [wss4j-1.5.8.jar:1.5.8]

            • 3. Re: getting an Error in JBOSS 7.1.1.Final   unwinding now: org.apache.cxf.binding.soap.SoapFault: General security error (No certificates were found for decryption (KeyId))
              Guzman Llambi­as Novice

              Hi!

               

              I had a similar issue with EAP 5 and the problem was that I was using a wrong wss4j lib. Check the cxf version you are using in jboss 7.1

               

              Caused by: java.lang.ClassCastException: org.apache.ws.security.WSPasswordCallback cannot be cast to org.apache.ws.security.WSPasswordCallback

                      at sbidxservice.idx.v1.KeystorePasswordCallback.handle(KeystorePasswordCallback.java:34) [classes:]

                      at org.apache.ws.security.components.crypto.Merlin.getPassword(Merlin.java:1377) [wss4j-1.5.8.jar:1.5.8]

                      at org.apache.ws.security.components.crypto.Merlin.getPrivateKey(Merlin.java:653) [wss4j-1.5.8.jar:1.5.8]

                      at org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:106) [wss4j-1.5.8.jar:1.5.8]

              • 4. Re: getting an Error in JBOSS 7.1.1.Final   unwinding now: org.apache.cxf.binding.soap.SoapFault: General security error (No certificates were found for decryption (KeyId))
                Alessio Soldano Master

                I think you problems come from you trying to use a wrong version of WSS4J (1.5.x instead of 1.6.x). I can't remember for sure, but perhaps the WSPasswordCallback class was not in the same place in 1.5 and 1.6.

                 

                The "java.lang.ClassCastException: org.apache.ws.security.WSPasswordCallback cannot be cast to org.apache.ws.security.WSPasswordCallback" is kind of expected if you put the wss4j lib in your deployment (you shouldn't, use the org.apache.ws.security module dependency).