12 Replies Latest reply on Jun 9, 2012 9:04 AM by gertv

    WSS4J x.509 security  problem Fuse 4.4.1

    joatham.perezexposito

      Hi all,

       

      Currently I have the problem described in this issue.

       

      http://fusesource.com/issues/browse/ESB-1245

       

      This bug is solved, I put my file in the folder etc?.

       

      Thank´s

        • 1. Re: WSS4J x.509 security  problem Fuse 4.4.1
          ffang

          Hi,

           

          To configuration WSS4JIn/OutInterceptor, you actually have two ways to configure

          signature properties(or other wss4j properties) file

           

          1. use signaturePropFile

          This generally pass in a url for the properties file, that's could cause problems in OSGi world as it need the properties files available on the classpath of another bundle(cxf or wss4j), but we can't specify all necessary resources for a given bundle(cxf or wss4j) beforehand, so during runtime you could see such

          java.lang.RuntimeException: CryptoFactory: Cannot load properties: MyKeystore.properties

          As the solution posted in ESB-1245, you need put those properties files in a fragment bundle and attach it to cxf bundle, here cxf bundle play the role as host bundle.

           

          Or

          2. use signaturePropRefId instead.

          This way you just pass a java.util.Properties or org.apache.ws.security.components.crypto.Crypto object, which works more graceful in OSGi world

           

          Freeman

          • 2. Re: WSS4J x.509 security  problem Fuse 4.4.1
            joatham.perezexposito

            Thank´s.

             

            Is there any method to define a single bus.xml for all my cxf-bc components, and only one file. jks and keystore.properties ?

            • 3. Re: WSS4J x.509 security  problem Fuse 4.4.1
              watermelonjam_arnoldd

              Just a note on option 1:

               

              I've got a fragment bundle with the requisite security artifacts as part of a feature definition.  The feature installed fine on FUSE 4.3.x, and the CXF bundle got refreshed automatically to pick up the fragment.  On FUSE ESB 4.4, there's now a problem installing the feature:

               

              caused by: Unable to resolve 281.0: missing requirement host; (&(bundle-symbolic-name=org.apache.cxf.bundle)(bundle-version>=2.4.3)(!(bundle-version>=3.0.0)))]

               

              ...where 281 is the id of the security fragment bundle.  I suspect (perhaps wrongly) that this may be related to the new "You are about to access system bundle ..." console behaviour that requires confirmation.  If I put the security fragment bundle in the deploy directory, and refresh the CXF bundle, type yes at the prompt - the fragment is properly attached with no error.

               

              I can then remove the security bundle entry from the feature file, and the feature installs properly thereafter.

               

              D.

              • 4. Re: WSS4J x.509 security  problem Fuse 4.4.1
                ffang

                Hi,

                 

                I think the error comes from that when you install the feature which have the fragment bundle, the CXF bundle not get installed yet, so that run into such error. You can add cxf feature in your customer feature also which ensure CXF bundle get installed when install your customer feature.

                 

                Besides the fragment bundle way to pick properties, I really recommend the way to use

                signaturePropRefId in OSGi container(The option2 I mentioned before, which is more graceful in OSGi container), the configuration looks like

                 

                $$</prop>

                </util:properties>

                 

                Freeman

                • 5. Re: WSS4J x.509 security  problem Fuse 4.4.1
                  joatham.perezexposito

                  Good afternoon,

                   

                  I have made &#8203;&#8203;this choice and is the most correct. The problem is that it can not find the path specified in $ . I am using fuse esb 4.4.1 .

                   

                  What is the problem?

                  • 6. Re: WSS4J x.509 security  problem Fuse 4.4.1
                    ffang

                    Hi,

                     

                    I guess you use signaturePropRefId way, right?

                    If so, you need put $   in your bundle, for an instance, the $   is server-truststore.jks, then you need have something like

                    ./src/main/resources/server-truststore.jks

                    in your bundle.

                     

                    Freeman

                    • 7. Re: WSS4J x.509 security  problem Fuse 4.4.1
                      joatham.perezexposito

                      You can not outsource and use one common to several services?

                      • 8. Re: WSS4J x.509 security  problem Fuse 4.4.1
                        ffang

                        Hi,

                         

                        Yes, you can.

                         

                        For example if you put server-truststore.jks in $FUSE_ESB/etc folder, then you  can use

                         

                         

                         

                        Freeman

                        • 9. Re: WSS4J x.509 security  problem Fuse 4.4.1
                          joatham.perezexposito

                          No, I've tried but not working. Do I need defined any environment variables  in fuse?

                          • 10. Re: WSS4J x.509 security  problem Fuse 4.4.1
                            ffang

                            Hi,

                             

                            It works for me?

                             

                            How you start FUSE ESB?

                             

                            I start FUSE ESB like

                            cd $FUSE_ESB/bin

                            ./servicemix

                             

                            Freeman

                            • 11. Re: WSS4J x.509 security  problem Fuse 4.4.1
                              joatham.perezexposito

                              I've tried it on multiple machines, and only works in one machine.

                              • 12. Re: WSS4J x.509 security  problem Fuse 4.4.1
                                gertv

                                L.S.,

                                 

                                Are those two machines on the same OS/JVM/... versions?  If not, it would be good to know about the differences so we can start looking at a platform-specific issue for that particular setup.

                                 

                                Regards,

                                 

                                Gert Vanthienen