Problem with loading Apache CXF STS with UT authentication

classic Classic list List threaded Threaded
26 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Problem with loading Apache CXF STS with UT authentication

Gina Choi
This post was updated on .
Hi All,

I had a perfactly running Apache CXF STS with X.509 authentication between
WSC and STS(http://www.jroller.com/gmazza/entry/cxf_sts_tutorial). I
updated DoubleItSTSService.wsdl and cxf-servlet.xml as well as
PasswordCallbackHandler.java file on the STS side to validate user name and
password from WSC. I ran build and deployed STS, but I when run STS service
on the browser(http://localhost:8088/DoubleItSTS), I am getting following
exceptions. Could any one tell me what possibly went wrong?
HTTP Status 500 -
------------------------------

*type* Exception report

*message* **

*description* *The server encountered an internal error () that prevented
it from fulfilling this request.*

*exception*

javax.servlet.ServletException: Servlet.init() for servlet sts threw exception
        org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
        org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
        org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
        org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
        org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
        org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
        org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309)
        java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
        java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
        java.lang.Thread.run(Thread.java:662)

*root cause*

org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'utSTSProviderBean' defined in URL
[jndi:/localhost/DoubleItSTS/WEB-INF/cxf-servlet.xml]: Cannot resolve
reference to bean 'utIssueDelegate' while setting bean property
'issueOperation'; nested exception is
org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'utIssueDelegate' defined in URL
[jndi:/localhost/DoubleItSTS/WEB-INF/cxf-servlet.xml]: Cannot resolve
reference to bean 'utService' while setting bean property 'services';
nested exception is
org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'utService' defined in URL
[jndi:/localhost/DoubleItSTS/WEB-INF/cxf-servlet.xml]: Error setting
property values; nested exception is
org.springframework.beans.NotWritablePropertyException: Invalid
property 'encryptionName' of bean class
[org.apache.cxf.sts.service.StaticService]: Bean property
'encryptionName' is not writable or has an invalid setter method. Does
the parameter type of the setter match the return type of the getter?
        org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:328)
        org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:106)
        org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1325)
        org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1086)
        org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
        org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
        org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
        org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
        org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
        org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:192)
        org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:585)
        org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:895)
        org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:425)
        org.apache.cxf.transport.servlet.CXFServlet.createSpringContext(CXFServlet.java:146)
        org.apache.cxf.transport.servlet.CXFServlet.loadBus(CXFServlet.java:72)
        org.apache.cxf.transport.servlet.CXFNonSpringServlet.init(CXFNonSpringServlet.java:67)
        org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
        org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
        org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
        org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
        org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
        org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
        org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309)
        java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
        java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
        java.lang.Thread.run(Thread.java:662)

*root cause*

org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'utIssueDelegate' defined in URL
[jndi:/localhost/DoubleItSTS/WEB-INF/cxf-servlet.xml]: Cannot resolve
reference to bean 'utService' while setting bean property 'services';
nested exception is
org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'utService' defined in URL
[jndi:/localhost/DoubleItSTS/WEB-INF/cxf-servlet.xml]: Error setting
property values; nested exception is
org.springframework.beans.NotWritablePropertyException: Invalid
property 'encryptionName' of bean class
[org.apache.cxf.sts.service.StaticService]: Bean property
'encryptionName' is not writable or has an invalid setter method. Does
the parameter type of the setter match the return type of the getter?
        org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:328)
        org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:106)
        org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1325)
        org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1086)
        org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
        org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
        org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
        org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
        org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
        org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:192)
        org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:322)
        org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:106)
        org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1325)
        org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1086)
        org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
        org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
        org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
        org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
        org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
        org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:192)
        org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:585)
        org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:895)
        org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:425)
        org.apache.cxf.transport.servlet.CXFServlet.createSpringContext(CXFServlet.java:146)
        org.apache.cxf.transport.servlet.CXFServlet.loadBus(CXFServlet.java:72)
        org.apache.cxf.transport.servlet.CXFNonSpringServlet.init(CXFNonSpringServlet.java:67)
        org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
        org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
        org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
        org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
        org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
        org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
        org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309)
        java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
        java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
        java.lang.Thread.run(Thread.java:662)

*root cause*

org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'utService' defined in URL
[jndi:/localhost/DoubleItSTS/WEB-INF/cxf-servlet.xml]: Error setting
property values; nested exception is
org.springframework.beans.NotWritablePropertyException: Invalid
property 'encryptionName' of bean class
[org.apache.cxf.sts.service.StaticService]: Bean property
'encryptionName' is not writable or has an invalid setter method. Does
the parameter type of the setter match the return type of the getter?
        org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1361)
        org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1086)
        org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
        org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
        org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
        org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
        org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
        org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:192)
        org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:322)
        org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:106)
        org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1325)
        org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1086)
        org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
        org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
        org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
        org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
        org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
        org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:192)
        org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:322)
        org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:106)
        org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1325)
        org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1086)
        org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
        org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
        org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
        org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
        org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
        org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:192)
        org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:585)
        org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:895)
        org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:425)
        org.apache.cxf.transport.servlet.CXFServlet.createSpringContext(CXFServlet.java:146)
        org.apache.cxf.transport.servlet.CXFServlet.loadBus(CXFServlet.java:72)
        org.apache.cxf.transport.servlet.CXFNonSpringServlet.init(CXFNonSpringServlet.java:67)
        org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
        org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
        org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
        org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
        org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
        org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
        org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309)
        java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
        java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
        java.lang.Thread.run(Thread.java:662)

*root cause*

org.springframework.beans.NotWritablePropertyException: Invalid
property 'encryptionName' of bean class
[org.apache.cxf.sts.service.StaticService]: Bean property
'encryptionName' is not writable or has an invalid setter method. Does
the parameter type of the setter match the return type of the getter?
        org.springframework.beans.BeanWrapperImpl.setPropertyValue(BeanWrapperImpl.java:1052)
        org.springframework.beans.BeanWrapperImpl.setPropertyValue(BeanWrapperImpl.java:921)
        org.springframework.beans.AbstractPropertyAccessor.setPropertyValues(AbstractPropertyAccessor.java:76)
        org.springframework.beans.AbstractPropertyAccessor.setPropertyValues(AbstractPropertyAccessor.java:58)
        org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1358)
        org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1086)
        org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
        org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
        org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
        org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
        org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
        org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:192)
        org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:322)
        org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:106)
        org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1325)
        org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1086)
        org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
        org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
        org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
        org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
        org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
        org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:192)
        org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:322)
        org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:106)
        org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1325)
        org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1086)
        org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
        org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
        org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
        org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
        org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
        org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:192)
        org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:585)
        org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:895)
        org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:425)
        org.apache.cxf.transport.servlet.CXFServlet.createSpringContext(CXFServlet.java:146)
        org.apache.cxf.transport.servlet.CXFServlet.loadBus(CXFServlet.java:72)
        org.apache.cxf.transport.servlet.CXFNonSpringServlet.init(CXFNonSpringServlet.java:67)
        org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
        org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
        org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
        org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
        org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
        org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
        org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309)
        java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
        java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
        java.lang.Thread.run(Thread.java:662)
Reply | Threaded
Open this post in threaded view
|

Re: Proglem with loading Apache CXF STS with UT authentication

Glen Mazza (Talend)
Oh, that's right, forgot to mention -- the STS WSDL will also need
updating if you switch from X.509 to UsernameToken authentication,
because that's where you specify the type of authentication required.  
Check the WSDL in the CXF "STS" sample (it's in the CXF distribution:  
http://cxf.apache.org/download.html or just use the link below) to
figure out the modifications needed.  If it still doesn't work even
after you make the changes, you might want to run the CXF STS sample on
your machine following its readme (it's pretty quick to do) to rule out
any problems with your JDK, etc.

Glen

On 05/24/2012 05:58 PM, Gina Choi wrote:

> Hi All,
>
> I had a perfactly running Apache CXF STS with X.509 authentication between
> WSC and STS(http://www.jroller.com/gmazza/entry/cxf_sts_tutorial). I
> updated DoubleItSTSService.wsdl and cxf-servlet.xml as well as
> PasswordCallbackHandler.java file on the STS side to validate user name and
> password from WSC. I ran build and deployed STS, but I when run STS service
> on the browser(http://localhost:8088/DoubleItSTS), I am getting following
> exceptions. Could any one tell me what possibly went wrong?
> HTTP Status 500 -
> ------------------------------
>
> *type* Exception report
>
> *message* **
>
> *description* *The server encountered an internal error () that prevented
> it from fulfilling this request.*
>
> *exception*
>
> javax.servlet.ServletException: Servlet.init() for servlet sts threw exception
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309)
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
> java.lang.Thread.run(Thread.java:662)
>
> *root cause*
>
> org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'utSTSProviderBean' defined in URL
> [jndi:/localhost/DoubleItSTS/WEB-INF/cxf-servlet.xml]: Cannot resolve
> reference to bean 'utIssueDelegate' while setting bean property
> 'issueOperation'; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'utIssueDelegate' defined in URL
> [jndi:/localhost/DoubleItSTS/WEB-INF/cxf-servlet.xml]: Cannot resolve
> reference to bean 'utService' while setting bean property 'services';
> nested exception is
> org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'utService' defined in URL
> [jndi:/localhost/DoubleItSTS/WEB-INF/cxf-servlet.xml]: Error setting
> property values; nested exception is
> org.springframework.beans.NotWritablePropertyException: Invalid
> property 'encryptionName' of bean class
> [org.apache.cxf.sts.service.StaticService]: Bean property
> 'encryptionName' is not writable or has an invalid setter method. Does
> the parameter type of the setter match the return type of the getter?
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:328)
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:106)
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1325)
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1086)
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:192)
> org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:585)
> org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:895)
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:425)
> org.apache.cxf.transport.servlet.CXFServlet.createSpringContext(CXFServlet.java:146)
> org.apache.cxf.transport.servlet.CXFServlet.loadBus(CXFServlet.java:72)
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.init(CXFNonSpringServlet.java:67)
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309)
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
> java.lang.Thread.run(Thread.java:662)
>
> *root cause*
>
> org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'utIssueDelegate' defined in URL
> [jndi:/localhost/DoubleItSTS/WEB-INF/cxf-servlet.xml]: Cannot resolve
> reference to bean 'utService' while setting bean property 'services';
> nested exception is
> org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'utService' defined in URL
> [jndi:/localhost/DoubleItSTS/WEB-INF/cxf-servlet.xml]: Error setting
> property values; nested exception is
> org.springframework.beans.NotWritablePropertyException: Invalid
> property 'encryptionName' of bean class
> [org.apache.cxf.sts.service.StaticService]: Bean property
> 'encryptionName' is not writable or has an invalid setter method. Does
> the parameter type of the setter match the return type of the getter?
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:328)
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:106)
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1325)
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1086)
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:192)
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:322)
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:106)
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1325)
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1086)
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:192)
> org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:585)
> org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:895)
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:425)
> org.apache.cxf.transport.servlet.CXFServlet.createSpringContext(CXFServlet.java:146)
> org.apache.cxf.transport.servlet.CXFServlet.loadBus(CXFServlet.java:72)
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.init(CXFNonSpringServlet.java:67)
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309)
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
> java.lang.Thread.run(Thread.java:662)
>
> *root cause*
>
> org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'utService' defined in URL
> [jndi:/localhost/DoubleItSTS/WEB-INF/cxf-servlet.xml]: Error setting
> property values; nested exception is
> org.springframework.beans.NotWritablePropertyException: Invalid
> property 'encryptionName' of bean class
> [org.apache.cxf.sts.service.StaticService]: Bean property
> 'encryptionName' is not writable or has an invalid setter method. Does
> the parameter type of the setter match the return type of the getter?
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1361)
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1086)
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:192)
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:322)
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:106)
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1325)
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1086)
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:192)
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:322)
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:106)
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1325)
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1086)
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:192)
> org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:585)
> org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:895)
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:425)
> org.apache.cxf.transport.servlet.CXFServlet.createSpringContext(CXFServlet.java:146)
> org.apache.cxf.transport.servlet.CXFServlet.loadBus(CXFServlet.java:72)
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.init(CXFNonSpringServlet.java:67)
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309)
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
> java.lang.Thread.run(Thread.java:662)
>
> *root cause*
>
> org.springframework.beans.NotWritablePropertyException: Invalid
> property 'encryptionName' of bean class
> [org.apache.cxf.sts.service.StaticService]: Bean property
> 'encryptionName' is not writable or has an invalid setter method. Does
> the parameter type of the setter match the return type of the getter?
> org.springframework.beans.BeanWrapperImpl.setPropertyValue(BeanWrapperImpl.java:1052)
> org.springframework.beans.BeanWrapperImpl.setPropertyValue(BeanWrapperImpl.java:921)
> org.springframework.beans.AbstractPropertyAccessor.setPropertyValues(AbstractPropertyAccessor.java:76)
> org.springframework.beans.AbstractPropertyAccessor.setPropertyValues(AbstractPropertyAccessor.java:58)
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1358)
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1086)
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:192)
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:322)
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:106)
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1325)
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1086)
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:192)
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:322)
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:106)
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1325)
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1086)
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:192)
> org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:585)
> org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:895)
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:425)
> org.apache.cxf.transport.servlet.CXFServlet.createSpringContext(CXFServlet.java:146)
> org.apache.cxf.transport.servlet.CXFServlet.loadBus(CXFServlet.java:72)
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.init(CXFNonSpringServlet.java:67)
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309)
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
> java.lang.Thread.run(Thread.java:662)
>


--
Glen Mazza
Talend Community Coders
coders.talend.com
blog: www.jroller.com/gmazza

Reply | Threaded
Open this post in threaded view
|

Re: Proglem with loading Apache CXF STS with UT authentication

Gina Choi
I did carefully update STS wsdl file based on CXF STS core code. Following
is root cause. org.apache.cxf.sts.service.StaticService.java doesn't have
property named encryptionName, but it does has a property called
EncryptionProperties. EncryptionProperties.java has a property named
encryptionName. So, it make sense that it couldn't create a bean. I used
cxf-ut.xml. Am I supposed use cxf-encrypted-ut.xml instead? But
cxf-encrypted-ut.xml is asymmetric.

Invalid property 'encryptionName' of bean class
[org.apache.cxf.sts.service.StaticService]: Bean property
'encryptionName' is not writable or has an invalid setter method. Does
the parameter type of the setter match the return type of the getter?
        org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:328)

In the cxf-ut.xml, there are following lines.

    <bean id="utService"
        class="org.apache.cxf.sts.service.StaticService">
        <property name="endpoints" ref="utEndpoints"/>
        <property name="encryptionName" value="myservicekey"/>
    </bean>
On Thu, May 24, 2012 at 6:12 PM, Glen Mazza <[hidden email]> wrote:

> Oh, that's right, forgot to mention -- the STS WSDL will also need
> updating if you switch from X.509 to UsernameToken authentication, because
> that's where you specify the type of authentication required.  Check the
> WSDL in the CXF "STS" sample (it's in the CXF distribution:
> http://cxf.apache.org/**download.html<http://cxf.apache.org/download.html>or just use the link below) to figure out the modifications needed.  If it
> still doesn't work even after you make the changes, you might want to run
> the CXF STS sample on your machine following its readme (it's pretty quick
> to do) to rule out any problems with your JDK, etc.
>
> Glen
>
>
> On 05/24/2012 05:58 PM, Gina Choi wrote:
>
>> Hi All,
>>
>> I had a perfactly running Apache CXF STS with X.509 authentication between
>> WSC and STS(http://www.jroller.com/**gmazza/entry/cxf_sts_tutorial<http://www.jroller.com/gmazza/entry/cxf_sts_tutorial>
>> )**. I
>> updated DoubleItSTSService.wsdl and cxf-servlet.xml as well as
>> PasswordCallbackHandler.java file on the STS side to validate user name
>> and
>> password from WSC. I ran build and deployed STS, but I when run STS
>> service
>> on the browser(http://localhost:8088/**DoubleItSTS<http://localhost:8088/DoubleItSTS>),
>> I am getting following
>> exceptions. Could any one tell me what possibly went wrong?
>> HTTP Status 500 -
>> ------------------------------
>>
>> *type* Exception report
>>
>> *message* **
>>
>> *description* *The server encountered an internal error () that prevented
>> it from fulfilling this request.*
>>
>> *exception*
>>
>>
>> javax.servlet.**ServletException: Servlet.init() for servlet sts threw
>> exception
>>        org.apache.catalina.**authenticator.**AuthenticatorBase.invoke(**
>> AuthenticatorBase.java:472)
>>        org.apache.catalina.valves.**ErrorReportValve.invoke(**
>> ErrorReportValve.java:98)
>>        org.apache.catalina.valves.**AccessLogValve.invoke(**
>> AccessLogValve.java:927)
>>        org.apache.catalina.connector.**CoyoteAdapter.service(**
>> CoyoteAdapter.java:407)
>>        org.apache.coyote.http11.**AbstractHttp11Processor.**process(**
>> AbstractHttp11Processor.java:**999)
>>        org.apache.coyote.**AbstractProtocol$**AbstractConnectionHandler.*
>> *process(AbstractProtocol.java:**565)
>>        org.apache.tomcat.util.net.**JIoEndpoint$SocketProcessor.**
>> run(JIoEndpoint.java:309)
>>        java.util.concurrent.**ThreadPoolExecutor$Worker.**
>> runTask(ThreadPoolExecutor.**java:886)
>>        java.util.concurrent.**ThreadPoolExecutor$Worker.run(**
>> ThreadPoolExecutor.java:908)
>>        java.lang.Thread.run(Thread.**java:662)
>>
>> *root cause*
>>
>>
>> org.springframework.beans.**factory.BeanCreationException: Error
>> creating bean with name 'utSTSProviderBean' defined in URL
>> [jndi:/localhost/DoubleItSTS/**WEB-INF/cxf-servlet.xml]: Cannot resolve
>> reference to bean 'utIssueDelegate' while setting bean property
>> 'issueOperation'; nested exception is
>> org.springframework.beans.**factory.BeanCreationException: Error
>> creating bean with name 'utIssueDelegate' defined in URL
>> [jndi:/localhost/DoubleItSTS/**WEB-INF/cxf-servlet.xml]: Cannot resolve
>> reference to bean 'utService' while setting bean property 'services';
>> nested exception is
>> org.springframework.beans.**factory.BeanCreationException: Error
>> creating bean with name 'utService' defined in URL
>> [jndi:/localhost/DoubleItSTS/**WEB-INF/cxf-servlet.xml]: Error setting
>> property values; nested exception is
>> org.springframework.beans.**NotWritablePropertyException: Invalid
>> property 'encryptionName' of bean class
>> [org.apache.cxf.sts.service.**StaticService]: Bean property
>> 'encryptionName' is not writable or has an invalid setter method. Does
>> the parameter type of the setter match the return type of the getter?
>>        org.springframework.beans.**factory.support.**
>> BeanDefinitionValueResolver.**resolveReference(**
>> BeanDefinitionValueResolver.**java:328)
>>        org.springframework.beans.**factory.support.**
>> BeanDefinitionValueResolver.**resolveValueIfNecessary(**
>> BeanDefinitionValueResolver.**java:106)
>>        org.springframework.beans.**factory.support.**
>> AbstractAutowireCapableBeanFac**tory.applyPropertyValues(**
>> AbstractAutowireCapableBeanFac**tory.java:1325)
>>        org.springframework.beans.**factory.support.**
>> AbstractAutowireCapableBeanFac**tory.populateBean(**
>> AbstractAutowireCapableBeanFac**tory.java:1086)
>>        org.springframework.beans.**factory.support.**
>> AbstractAutowireCapableBeanFac**tory.doCreateBean(**
>> AbstractAutowireCapableBeanFac**tory.java:517)
>>        org.springframework.beans.**factory.support.**
>> AbstractAutowireCapableBeanFac**tory.createBean(**
>> AbstractAutowireCapableBeanFac**tory.java:456)
>>        org.springframework.beans.**factory.support.**
>> AbstractBeanFactory$1.**getObject(AbstractBeanFactory.**java:293)
>>        org.springframework.beans.**factory.support.**
>> DefaultSingletonBeanRegistry.**getSingleton(**
>> DefaultSingletonBeanRegistry.**java:222)
>>        org.springframework.beans.**factory.support.**
>> AbstractBeanFactory.doGetBean(**AbstractBeanFactory.java:290)
>>        org.springframework.beans.**factory.support.**
>> AbstractBeanFactory.getBean(**AbstractBeanFactory.java:192)
>>        org.springframework.beans.**factory.support.**
>> DefaultListableBeanFactory.**preInstantiateSingletons(**
>> DefaultListableBeanFactory.**java:585)
>>        org.springframework.context.**support.**
>> AbstractApplicationContext.**finishBeanFactoryInitializatio**
>> n(AbstractApplicationContext.**java:895)
>>        org.springframework.context.**support.**
>> AbstractApplicationContext.**refresh(**AbstractApplicationContext.**
>> java:425)
>>        org.apache.cxf.transport.**servlet.CXFServlet.**
>> createSpringContext(**CXFServlet.java:146)
>>        org.apache.cxf.transport.**servlet.CXFServlet.loadBus(**
>> CXFServlet.java:72)
>>        org.apache.cxf.transport.**servlet.CXFNonSpringServlet.**
>> init(CXFNonSpringServlet.java:**67)
>>        org.apache.catalina.**authenticator.**AuthenticatorBase.invoke(**
>> AuthenticatorBase.java:472)
>>        org.apache.catalina.valves.**ErrorReportValve.invoke(**
>> ErrorReportValve.java:98)
>>        org.apache.catalina.valves.**AccessLogValve.invoke(**
>> AccessLogValve.java:927)
>>        org.apache.catalina.connector.**CoyoteAdapter.service(**
>> CoyoteAdapter.java:407)
>>        org.apache.coyote.http11.**AbstractHttp11Processor.**process(**
>> AbstractHttp11Processor.java:**999)
>>        org.apache.coyote.**AbstractProtocol$**AbstractConnectionHandler.*
>> *process(AbstractProtocol.java:**565)
>>        org.apache.tomcat.util.net.**JIoEndpoint$SocketProcessor.**
>> run(JIoEndpoint.java:309)
>>        java.util.concurrent.**ThreadPoolExecutor$Worker.**
>> runTask(ThreadPoolExecutor.**java:886)
>>        java.util.concurrent.**ThreadPoolExecutor$Worker.run(**
>> ThreadPoolExecutor.java:908)
>>        java.lang.Thread.run(Thread.**java:662)
>>
>> *root cause*
>>
>>
>> org.springframework.beans.**factory.BeanCreationException: Error
>> creating bean with name 'utIssueDelegate' defined in URL
>> [jndi:/localhost/DoubleItSTS/**WEB-INF/cxf-servlet.xml]: Cannot resolve
>> reference to bean 'utService' while setting bean property 'services';
>> nested exception is
>> org.springframework.beans.**factory.BeanCreationException: Error
>> creating bean with name 'utService' defined in URL
>> [jndi:/localhost/DoubleItSTS/**WEB-INF/cxf-servlet.xml]: Error setting
>> property values; nested exception is
>> org.springframework.beans.**NotWritablePropertyException: Invalid
>> property 'encryptionName' of bean class
>> [org.apache.cxf.sts.service.**StaticService]: Bean property
>> 'encryptionName' is not writable or has an invalid setter method. Does
>> the parameter type of the setter match the return type of the getter?
>>        org.springframework.beans.**factory.support.**
>> BeanDefinitionValueResolver.**resolveReference(**
>> BeanDefinitionValueResolver.**java:328)
>>        org.springframework.beans.**factory.support.**
>> BeanDefinitionValueResolver.**resolveValueIfNecessary(**
>> BeanDefinitionValueResolver.**java:106)
>>        org.springframework.beans.**factory.support.**
>> AbstractAutowireCapableBeanFac**tory.applyPropertyValues(**
>> AbstractAutowireCapableBeanFac**tory.java:1325)
>>        org.springframework.beans.**factory.support.**
>> AbstractAutowireCapableBeanFac**tory.populateBean(**
>> AbstractAutowireCapableBeanFac**tory.java:1086)
>>        org.springframework.beans.**factory.support.**
>> AbstractAutowireCapableBeanFac**tory.doCreateBean(**
>> AbstractAutowireCapableBeanFac**tory.java:517)
>>        org.springframework.beans.**factory.support.**
>> AbstractAutowireCapableBeanFac**tory.createBean(**
>> AbstractAutowireCapableBeanFac**tory.java:456)
>>        org.springframework.beans.**factory.support.**
>> AbstractBeanFactory$1.**getObject(AbstractBeanFactory.**java:293)
>>        org.springframework.beans.**factory.support.**
>> DefaultSingletonBeanRegistry.**getSingleton(**
>> DefaultSingletonBeanRegistry.**java:222)
>>        org.springframework.beans.**factory.support.**
>> AbstractBeanFactory.doGetBean(**AbstractBeanFactory.java:290)
>>        org.springframework.beans.**factory.support.**
>> AbstractBeanFactory.getBean(**AbstractBeanFactory.java:192)
>>        org.springframework.beans.**factory.support.**
>> BeanDefinitionValueResolver.**resolveReference(**
>> BeanDefinitionValueResolver.**java:322)
>>        org.springframework.beans.**factory.support.**
>> BeanDefinitionValueResolver.**resolveValueIfNecessary(**
>> BeanDefinitionValueResolver.**java:106)
>>        org.springframework.beans.**factory.support.**
>> AbstractAutowireCapableBeanFac**tory.applyPropertyValues(**
>> AbstractAutowireCapableBeanFac**tory.java:1325)
>>        org.springframework.beans.**factory.support.**
>> AbstractAutowireCapableBeanFac**tory.populateBean(**
>> AbstractAutowireCapableBeanFac**tory.java:1086)
>>        org.springframework.beans.**factory.support.**
>> AbstractAutowireCapableBeanFac**tory.doCreateBean(**
>> AbstractAutowireCapableBeanFac**tory.java:517)
>>        org.springframework.beans.**factory.support.**
>> AbstractAutowireCapableBeanFac**tory.createBean(**
>> AbstractAutowireCapableBeanFac**tory.java:456)
>>        org.springframework.beans.**factory.support.**
>> AbstractBeanFactory$1.**getObject(AbstractBeanFactory.**java:293)
>>        org.springframework.beans.**factory.support.**
>> DefaultSingletonBeanRegistry.**getSingleton(**
>> DefaultSingletonBeanRegistry.**java:222)
>>        org.springframework.beans.**factory.support.**
>> AbstractBeanFactory.doGetBean(**AbstractBeanFactory.java:290)
>>        org.springframework.beans.**factory.support.**
>> AbstractBeanFactory.getBean(**AbstractBeanFactory.java:192)
>>        org.springframework.beans.**factory.support.**
>> DefaultListableBeanFactory.**preInstantiateSingletons(**
>> DefaultListableBeanFactory.**java:585)
>>        org.springframework.context.**support.**
>> AbstractApplicationContext.**finishBeanFactoryInitializatio**
>> n(AbstractApplicationContext.**java:895)
>>        org.springframework.context.**support.**
>> AbstractApplicationContext.**refresh(**AbstractApplicationContext.**
>> java:425)
>>        org.apache.cxf.transport.**servlet.CXFServlet.**
>> createSpringContext(**CXFServlet.java:146)
>>        org.apache.cxf.transport.**servlet.CXFServlet.loadBus(**
>> CXFServlet.java:72)
>>        org.apache.cxf.transport.**servlet.CXFNonSpringServlet.**
>> init(CXFNonSpringServlet.java:**67)
>>        org.apache.catalina.**authenticator.**AuthenticatorBase.invoke(**
>> AuthenticatorBase.java:472)
>>        org.apache.catalina.valves.**ErrorReportValve.invoke(**
>> ErrorReportValve.java:98)
>>        org.apache.catalina.valves.**AccessLogValve.invoke(**
>> AccessLogValve.java:927)
>>        org.apache.catalina.connector.**CoyoteAdapter.service(**
>> CoyoteAdapter.java:407)
>>        org.apache.coyote.http11.**AbstractHttp11Processor.**process(**
>> AbstractHttp11Processor.java:**999)
>>        org.apache.coyote.**AbstractProtocol$**AbstractConnectionHandler.*
>> *process(AbstractProtocol.java:**565)
>>        org.apache.tomcat.util.net.**JIoEndpoint$SocketProcessor.**
>> run(JIoEndpoint.java:309)
>>        java.util.concurrent.**ThreadPoolExecutor$Worker.**
>> runTask(ThreadPoolExecutor.**java:886)
>>        java.util.concurrent.**ThreadPoolExecutor$Worker.run(**
>> ThreadPoolExecutor.java:908)
>>        java.lang.Thread.run(Thread.**java:662)
>>
>> *root cause*
>>
>>
>> org.springframework.beans.**factory.BeanCreationException: Error
>> creating bean with name 'utService' defined in URL
>> [jndi:/localhost/DoubleItSTS/**WEB-INF/cxf-servlet.xml]: Error setting
>> property values; nested exception is
>> org.springframework.beans.**NotWritablePropertyException: Invalid
>> property 'encryptionName' of bean class
>> [org.apache.cxf.sts.service.**StaticService]: Bean property
>> 'encryptionName' is not writable or has an invalid setter method. Does
>> the parameter type of the setter match the return type of the getter?
>>        org.springframework.beans.**factory.support.**
>> AbstractAutowireCapableBeanFac**tory.applyPropertyValues(**
>> AbstractAutowireCapableBeanFac**tory.java:1361)
>>        org.springframework.beans.**factory.support.**
>> AbstractAutowireCapableBeanFac**tory.populateBean(**
>> AbstractAutowireCapableBeanFac**tory.java:1086)
>>        org.springframework.beans.**factory.support.**
>> AbstractAutowireCapableBeanFac**tory.doCreateBean(**
>> AbstractAutowireCapableBeanFac**tory.java:517)
>>        org.springframework.beans.**factory.support.**
>> AbstractAutowireCapableBeanFac**tory.createBean(**
>> AbstractAutowireCapableBeanFac**tory.java:456)
>>        org.springframework.beans.**factory.support.**
>> AbstractBeanFactory$1.**getObject(AbstractBeanFactory.**java:293)
>>        org.springframework.beans.**factory.support.**
>> DefaultSingletonBeanRegistry.**getSingleton(**
>> DefaultSingletonBeanRegistry.**java:222)
>>        org.springframework.beans.**factory.support.**
>> AbstractBeanFactory.doGetBean(**AbstractBeanFactory.java:290)
>>        org.springframework.beans.**factory.support.**
>> AbstractBeanFactory.getBean(**AbstractBeanFactory.java:192)
>>        org.springframework.beans.**factory.support.**
>> BeanDefinitionValueResolver.**resolveReference(**
>> BeanDefinitionValueResolver.**java:322)
>>        org.springframework.beans.**factory.support.**
>> BeanDefinitionValueResolver.**resolveValueIfNecessary(**
>> BeanDefinitionValueResolver.**java:106)
>>        org.springframework.beans.**factory.support.**
>> AbstractAutowireCapableBeanFac**tory.applyPropertyValues(**
>> AbstractAutowireCapableBeanFac**tory.java:1325)
>>        org.springframework.beans.**factory.support.**
>> AbstractAutowireCapableBeanFac**tory.populateBean(**
>> AbstractAutowireCapableBeanFac**tory.java:1086)
>>        org.springframework.beans.**factory.support.**
>> AbstractAutowireCapableBeanFac**tory.doCreateBean(**
>> AbstractAutowireCapableBeanFac**tory.java:517)
>>        org.springframework.beans.**factory.support.**
>> AbstractAutowireCapableBeanFac**tory.createBean(**
>> AbstractAutowireCapableBeanFac**tory.java:456)
>>        org.springframework.beans.**factory.support.**
>> AbstractBeanFactory$1.**getObject(AbstractBeanFactory.**java:293)
>>        org.springframework.beans.**factory.support.**
>> DefaultSingletonBeanRegistry.**getSingleton(**
>> DefaultSingletonBeanRegistry.**java:222)
>>        org.springframework.beans.**factory.support.**
>> AbstractBeanFactory.doGetBean(**AbstractBeanFactory.java:290)
>>        org.springframework.beans.**factory.support.**
>> AbstractBeanFactory.getBean(**AbstractBeanFactory.java:192)
>>        org.springframework.beans.**factory.support.**
>> BeanDefinitionValueResolver.**resolveReference(**
>> BeanDefinitionValueResolver.**java:322)
>>        org.springframework.beans.**factory.support.**
>> BeanDefinitionValueResolver.**resolveValueIfNecessary(**
>> BeanDefinitionValueResolver.**java:106)
>>        org.springframework.beans.**factory.support.**
>> AbstractAutowireCapableBeanFac**tory.applyPropertyValues(**
>> AbstractAutowireCapableBeanFac**tory.java:1325)
>>        org.springframework.beans.**factory.support.**
>> AbstractAutowireCapableBeanFac**tory.populateBean(**
>> AbstractAutowireCapableBeanFac**tory.java:1086)
>>        org.springframework.beans.**factory.support.**
>> AbstractAutowireCapableBeanFac**tory.doCreateBean(**
>> AbstractAutowireCapableBeanFac**tory.java:517)
>>        org.springframework.beans.**factory.support.**
>> AbstractAutowireCapableBeanFac**tory.createBean(**
>> AbstractAutowireCapableBeanFac**tory.java:456)
>>        org.springframework.beans.**factory.support.**
>> AbstractBeanFactory$1.**getObject(AbstractBeanFactory.**java:293)
>>        org.springframework.beans.**factory.support.**
>> DefaultSingletonBeanRegistry.**getSingleton(**
>> DefaultSingletonBeanRegistry.**java:222)
>>        org.springframework.beans.**factory.support.**
>> AbstractBeanFactory.doGetBean(**AbstractBeanFactory.java:290)
>>        org.springframework.beans.**factory.support.**
>> AbstractBeanFactory.getBean(**AbstractBeanFactory.java:192)
>>        org.springframework.beans.**factory.support.**
>> DefaultListableBeanFactory.**preInstantiateSingletons(**
>> DefaultListableBeanFactory.**java:585)
>>        org.springframework.context.**support.**
>> AbstractApplicationContext.**finishBeanFactoryInitializatio**
>> n(AbstractApplicationContext.**java:895)
>>        org.springframework.context.**support.**
>> AbstractApplicationContext.**refresh(**AbstractApplicationContext.**
>> java:425)
>>        org.apache.cxf.transport.**servlet.CXFServlet.**
>> createSpringContext(**CXFServlet.java:146)
>>        org.apache.cxf.transport.**servlet.CXFServlet.loadBus(**
>> CXFServlet.java:72)
>>        org.apache.cxf.transport.**servlet.CXFNonSpringServlet.**
>> init(CXFNonSpringServlet.java:**67)
>>        org.apache.catalina.**authenticator.**AuthenticatorBase.invoke(**
>> AuthenticatorBase.java:472)
>>        org.apache.catalina.valves.**ErrorReportValve.invoke(**
>> ErrorReportValve.java:98)
>>        org.apache.catalina.valves.**AccessLogValve.invoke(**
>> AccessLogValve.java:927)
>>        org.apache.catalina.connector.**CoyoteAdapter.service(**
>> CoyoteAdapter.java:407)
>>        org.apache.coyote.http11.**AbstractHttp11Processor.**process(**
>> AbstractHttp11Processor.java:**999)
>>        org.apache.coyote.**AbstractProtocol$**AbstractConnectionHandler.*
>> *process(AbstractProtocol.java:**565)
>>        org.apache.tomcat.util.net.**JIoEndpoint$SocketProcessor.**
>> run(JIoEndpoint.java:309)
>>        java.util.concurrent.**ThreadPoolExecutor$Worker.**
>> runTask(ThreadPoolExecutor.**java:886)
>>        java.util.concurrent.**ThreadPoolExecutor$Worker.run(**
>> ThreadPoolExecutor.java:908)
>>        java.lang.Thread.run(Thread.**java:662)
>>
>> *root cause*
>>
>>
>> org.springframework.beans.**NotWritablePropertyException: Invalid
>> property 'encryptionName' of bean class
>> [org.apache.cxf.sts.service.**StaticService]: Bean property
>> 'encryptionName' is not writable or has an invalid setter method. Does
>> the parameter type of the setter match the return type of the getter?
>>        org.springframework.beans.**BeanWrapperImpl.**setPropertyValue(**
>> BeanWrapperImpl.java:1052)
>>        org.springframework.beans.**BeanWrapperImpl.**setPropertyValue(**
>> BeanWrapperImpl.java:921)
>>        org.springframework.beans.**AbstractPropertyAccessor.**
>> setPropertyValues(**AbstractPropertyAccessor.java:**76)
>>        org.springframework.beans.**AbstractPropertyAccessor.**
>> setPropertyValues(**AbstractPropertyAccessor.java:**58)
>>        org.springframework.beans.**factory.support.**
>> AbstractAutowireCapableBeanFac**tory.applyPropertyValues(**
>> AbstractAutowireCapableBeanFac**tory.java:1358)
>>        org.springframework.beans.**factory.support.**
>> AbstractAutowireCapableBeanFac**tory.populateBean(**
>> AbstractAutowireCapableBeanFac**tory.java:1086)
>>        org.springframework.beans.**factory.support.**
>> AbstractAutowireCapableBeanFac**tory.doCreateBean(**
>> AbstractAutowireCapableBeanFac**tory.java:517)
>>        org.springframework.beans.**factory.support.**
>> AbstractAutowireCapableBeanFac**tory.createBean(**
>> AbstractAutowireCapableBeanFac**tory.java:456)
>>        org.springframework.beans.**factory.support.**
>> AbstractBeanFactory$1.**getObject(AbstractBeanFactory.**java:293)
>>        org.springframework.beans.**factory.support.**
>> DefaultSingletonBeanRegistry.**getSingleton(**
>> DefaultSingletonBeanRegistry.**java:222)
>>        org.springframework.beans.**factory.support.**
>> AbstractBeanFactory.doGetBean(**AbstractBeanFactory.java:290)
>>        org.springframework.beans.**factory.support.**
>> AbstractBeanFactory.getBean(**AbstractBeanFactory.java:192)
>>        org.springframework.beans.**factory.support.**
>> BeanDefinitionValueResolver.**resolveReference(**
>> BeanDefinitionValueResolver.**java:322)
>>        org.springframework.beans.**factory.support.**
>> BeanDefinitionValueResolver.**resolveValueIfNecessary(**
>> BeanDefinitionValueResolver.**java:106)
>>        org.springframework.beans.**factory.support.**
>> AbstractAutowireCapableBeanFac**tory.applyPropertyValues(**
>> AbstractAutowireCapableBeanFac**tory.java:1325)
>>        org.springframework.beans.**factory.support.**
>> AbstractAutowireCapableBeanFac**tory.populateBean(**
>> AbstractAutowireCapableBeanFac**tory.java:1086)
>>        org.springframework.beans.**factory.support.**
>> AbstractAutowireCapableBeanFac**tory.doCreateBean(**
>> AbstractAutowireCapableBeanFac**tory.java:517)
>>        org.springframework.beans.**factory.support.**
>> AbstractAutowireCapableBeanFac**tory.createBean(**
>> AbstractAutowireCapableBeanFac**tory.java:456)
>>        org.springframework.beans.**factory.support.**
>> AbstractBeanFactory$1.**getObject(AbstractBeanFactory.**java:293)
>>        org.springframework.beans.**factory.support.**
>> DefaultSingletonBeanRegistry.**getSingleton(**
>> DefaultSingletonBeanRegistry.**java:222)
>>        org.springframework.beans.**factory.support.**
>> AbstractBeanFactory.doGetBean(**AbstractBeanFactory.java:290)
>>        org.springframework.beans.**factory.support.**
>> AbstractBeanFactory.getBean(**AbstractBeanFactory.java:192)
>>        org.springframework.beans.**factory.support.**
>> BeanDefinitionValueResolver.**resolveReference(**
>> BeanDefinitionValueResolver.**java:322)
>>        org.springframework.beans.**factory.support.**
>> BeanDefinitionValueResolver.**resolveValueIfNecessary(**
>> BeanDefinitionValueResolver.**java:106)
>>        org.springframework.beans.**factory.support.**
>> AbstractAutowireCapableBeanFac**tory.applyPropertyValues(**
>> AbstractAutowireCapableBeanFac**tory.java:1325)
>>        org.springframework.beans.**factory.support.**
>> AbstractAutowireCapableBeanFac**tory.populateBean(**
>> AbstractAutowireCapableBeanFac**tory.java:1086)
>>        org.springframework.beans.**factory.support.**
>> AbstractAutowireCapableBeanFac**tory.doCreateBean(**
>> AbstractAutowireCapableBeanFac**tory.java:517)
>>        org.springframework.beans.**factory.support.**
>> AbstractAutowireCapableBeanFac**tory.createBean(**
>> AbstractAutowireCapableBeanFac**tory.java:456)
>>        org.springframework.beans.**factory.support.**
>> AbstractBeanFactory$1.**getObject(AbstractBeanFactory.**java:293)
>>        org.springframework.beans.**factory.support.**
>> DefaultSingletonBeanRegistry.**getSingleton(**
>> DefaultSingletonBeanRegistry.**java:222)
>>        org.springframework.beans.**factory.support.**
>> AbstractBeanFactory.doGetBean(**AbstractBeanFactory.java:290)
>>        org.springframework.beans.**factory.support.**
>> AbstractBeanFactory.getBean(**AbstractBeanFactory.java:192)
>>        org.springframework.beans.**factory.support.**
>> DefaultListableBeanFactory.**preInstantiateSingletons(**
>> DefaultListableBeanFactory.**java:585)
>>        org.springframework.context.**support.**
>> AbstractApplicationContext.**finishBeanFactoryInitializatio**
>> n(AbstractApplicationContext.**java:895)
>>        org.springframework.context.**support.**
>> AbstractApplicationContext.**refresh(**AbstractApplicationContext.**
>> java:425)
>>        org.apache.cxf.transport.**servlet.CXFServlet.**
>> createSpringContext(**CXFServlet.java:146)
>>        org.apache.cxf.transport.**servlet.CXFServlet.loadBus(**
>> CXFServlet.java:72)
>>        org.apache.cxf.transport.**servlet.CXFNonSpringServlet.**
>> init(CXFNonSpringServlet.java:**67)
>>        org.apache.catalina.**authenticator.**AuthenticatorBase.invoke(**
>> AuthenticatorBase.java:472)
>>        org.apache.catalina.valves.**ErrorReportValve.invoke(**
>> ErrorReportValve.java:98)
>>        org.apache.catalina.valves.**AccessLogValve.invoke(**
>> AccessLogValve.java:927)
>>        org.apache.catalina.connector.**CoyoteAdapter.service(**
>> CoyoteAdapter.java:407)
>>        org.apache.coyote.http11.**AbstractHttp11Processor.**process(**
>> AbstractHttp11Processor.java:**999)
>>        org.apache.coyote.**AbstractProtocol$**AbstractConnectionHandler.*
>> *process(AbstractProtocol.java:**565)
>>        org.apache.tomcat.util.net.**JIoEndpoint$SocketProcessor.**
>> run(JIoEndpoint.java:309)
>>        java.util.concurrent.**ThreadPoolExecutor$Worker.**
>> runTask(ThreadPoolExecutor.**java:886)
>>        java.util.concurrent.**ThreadPoolExecutor$Worker.run(**
>> ThreadPoolExecutor.java:908)
>>        java.lang.Thread.run(Thread.**java:662)
>>
>>
>
> --
> Glen Mazza
> Talend Community Coders
> coders.talend.com
> blog: www.jroller.com/gmazza
>
>
Reply | Threaded
Open this post in threaded view
|

Re: Proglem with loading Apache CXF STS with UT authentication

Gina Choi
I finally get UT STS running, but haven't tested with client yet.
cxf-ut.xml is not exactly right. Need to update properties. Let's how does
it work with client.

On Thu, May 24, 2012 at 9:14 PM, Gina Choi <[hidden email]> wrote:

> I did carefully update STS wsdl file based on CXF STS core code. Following
> is root cause. org.apache.cxf.sts.service.StaticService.java doesn't have
> property named encryptionName, but it does has a property called
> EncryptionProperties. EncryptionProperties.java has a property named
> encryptionName. So, it make sense that it couldn't create a bean. I used
> cxf-ut.xml. Am I supposed use cxf-encrypted-ut.xml instead? But
> cxf-encrypted-ut.xml is asymmetric.
>
> Invalid property 'encryptionName' of bean class [org.apache.cxf.sts.service.StaticService]: Bean property 'encryptionName' is not writable or has an invalid setter method. Does the parameter type of the setter match the return type of the getter?
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:328)
>
> In the cxf-ut.xml, there are following lines.
>
>     <bean id="utService"
>         class="org.apache.cxf.sts.service.StaticService">
>         <property name="endpoints" ref="utEndpoints"/>
>         <property name="encryptionName" value="myservicekey"/>
>     </bean>
> On Thu, May 24, 2012 at 6:12 PM, Glen Mazza <[hidden email]> wrote:
>
>> Oh, that's right, forgot to mention -- the STS WSDL will also need
>> updating if you switch from X.509 to UsernameToken authentication, because
>> that's where you specify the type of authentication required.  Check the
>> WSDL in the CXF "STS" sample (it's in the CXF distribution:
>> http://cxf.apache.org/**download.html<http://cxf.apache.org/download.html>or just use the link below) to figure out the modifications needed.  If it
>> still doesn't work even after you make the changes, you might want to run
>> the CXF STS sample on your machine following its readme (it's pretty quick
>> to do) to rule out any problems with your JDK, etc.
>>
>> Glen
>>
>>
>> On 05/24/2012 05:58 PM, Gina Choi wrote:
>>
>>> Hi All,
>>>
>>> I had a perfactly running Apache CXF STS with X.509 authentication
>>> between
>>> WSC and STS(http://www.jroller.com/**gmazza/entry/cxf_sts_tutorial<http://www.jroller.com/gmazza/entry/cxf_sts_tutorial>
>>> )**. I
>>> updated DoubleItSTSService.wsdl and cxf-servlet.xml as well as
>>> PasswordCallbackHandler.java file on the STS side to validate user name
>>> and
>>> password from WSC. I ran build and deployed STS, but I when run STS
>>> service
>>> on the browser(http://localhost:8088/**DoubleItSTS<http://localhost:8088/DoubleItSTS>),
>>> I am getting following
>>> exceptions. Could any one tell me what possibly went wrong?
>>> HTTP Status 500 -
>>> ------------------------------
>>>
>>> *type* Exception report
>>>
>>> *message* **
>>>
>>> *description* *The server encountered an internal error () that prevented
>>> it from fulfilling this request.*
>>>
>>> *exception*
>>>
>>>
>>> javax.servlet.**ServletException: Servlet.init() for servlet sts threw
>>> exception
>>>        org.apache.catalina.**authenticator.**AuthenticatorBase.invoke(**
>>> AuthenticatorBase.java:472)
>>>        org.apache.catalina.valves.**ErrorReportValve.invoke(**
>>> ErrorReportValve.java:98)
>>>        org.apache.catalina.valves.**AccessLogValve.invoke(**
>>> AccessLogValve.java:927)
>>>        org.apache.catalina.connector.**CoyoteAdapter.service(**
>>> CoyoteAdapter.java:407)
>>>        org.apache.coyote.http11.**AbstractHttp11Processor.**process(**
>>> AbstractHttp11Processor.java:**999)
>>>        org.apache.coyote.**AbstractProtocol$**AbstractConnectionHandler.
>>> **process(AbstractProtocol.java:**565)
>>>        org.apache.tomcat.util.net.**JIoEndpoint$SocketProcessor.**
>>> run(JIoEndpoint.java:309)
>>>        java.util.concurrent.**ThreadPoolExecutor$Worker.**
>>> runTask(ThreadPoolExecutor.**java:886)
>>>        java.util.concurrent.**ThreadPoolExecutor$Worker.run(**
>>> ThreadPoolExecutor.java:908)
>>>        java.lang.Thread.run(Thread.**java:662)
>>>
>>> *root cause*
>>>
>>>
>>> org.springframework.beans.**factory.BeanCreationException: Error
>>> creating bean with name 'utSTSProviderBean' defined in URL
>>> [jndi:/localhost/DoubleItSTS/**WEB-INF/cxf-servlet.xml]: Cannot resolve
>>> reference to bean 'utIssueDelegate' while setting bean property
>>> 'issueOperation'; nested exception is
>>> org.springframework.beans.**factory.BeanCreationException: Error
>>> creating bean with name 'utIssueDelegate' defined in URL
>>> [jndi:/localhost/DoubleItSTS/**WEB-INF/cxf-servlet.xml]: Cannot resolve
>>> reference to bean 'utService' while setting bean property 'services';
>>> nested exception is
>>> org.springframework.beans.**factory.BeanCreationException: Error
>>> creating bean with name 'utService' defined in URL
>>> [jndi:/localhost/DoubleItSTS/**WEB-INF/cxf-servlet.xml]: Error setting
>>> property values; nested exception is
>>> org.springframework.beans.**NotWritablePropertyException: Invalid
>>> property 'encryptionName' of bean class
>>> [org.apache.cxf.sts.service.**StaticService]: Bean property
>>> 'encryptionName' is not writable or has an invalid setter method. Does
>>> the parameter type of the setter match the return type of the getter?
>>>        org.springframework.beans.**factory.support.**
>>> BeanDefinitionValueResolver.**resolveReference(**
>>> BeanDefinitionValueResolver.**java:328)
>>>        org.springframework.beans.**factory.support.**
>>> BeanDefinitionValueResolver.**resolveValueIfNecessary(**
>>> BeanDefinitionValueResolver.**java:106)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractAutowireCapableBeanFac**tory.applyPropertyValues(**
>>> AbstractAutowireCapableBeanFac**tory.java:1325)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractAutowireCapableBeanFac**tory.populateBean(**
>>> AbstractAutowireCapableBeanFac**tory.java:1086)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractAutowireCapableBeanFac**tory.doCreateBean(**
>>> AbstractAutowireCapableBeanFac**tory.java:517)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractAutowireCapableBeanFac**tory.createBean(**
>>> AbstractAutowireCapableBeanFac**tory.java:456)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractBeanFactory$1.**getObject(AbstractBeanFactory.**java:293)
>>>        org.springframework.beans.**factory.support.**
>>> DefaultSingletonBeanRegistry.**getSingleton(**
>>> DefaultSingletonBeanRegistry.**java:222)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractBeanFactory.doGetBean(**AbstractBeanFactory.java:290)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractBeanFactory.getBean(**AbstractBeanFactory.java:192)
>>>        org.springframework.beans.**factory.support.**
>>> DefaultListableBeanFactory.**preInstantiateSingletons(**
>>> DefaultListableBeanFactory.**java:585)
>>>        org.springframework.context.**support.**
>>> AbstractApplicationContext.**finishBeanFactoryInitializatio**
>>> n(AbstractApplicationContext.**java:895)
>>>        org.springframework.context.**support.**
>>> AbstractApplicationContext.**refresh(**AbstractApplicationContext.**
>>> java:425)
>>>        org.apache.cxf.transport.**servlet.CXFServlet.**
>>> createSpringContext(**CXFServlet.java:146)
>>>        org.apache.cxf.transport.**servlet.CXFServlet.loadBus(**
>>> CXFServlet.java:72)
>>>        org.apache.cxf.transport.**servlet.CXFNonSpringServlet.**
>>> init(CXFNonSpringServlet.java:**67)
>>>        org.apache.catalina.**authenticator.**AuthenticatorBase.invoke(**
>>> AuthenticatorBase.java:472)
>>>        org.apache.catalina.valves.**ErrorReportValve.invoke(**
>>> ErrorReportValve.java:98)
>>>        org.apache.catalina.valves.**AccessLogValve.invoke(**
>>> AccessLogValve.java:927)
>>>        org.apache.catalina.connector.**CoyoteAdapter.service(**
>>> CoyoteAdapter.java:407)
>>>        org.apache.coyote.http11.**AbstractHttp11Processor.**process(**
>>> AbstractHttp11Processor.java:**999)
>>>        org.apache.coyote.**AbstractProtocol$**AbstractConnectionHandler.
>>> **process(AbstractProtocol.java:**565)
>>>        org.apache.tomcat.util.net.**JIoEndpoint$SocketProcessor.**
>>> run(JIoEndpoint.java:309)
>>>        java.util.concurrent.**ThreadPoolExecutor$Worker.**
>>> runTask(ThreadPoolExecutor.**java:886)
>>>        java.util.concurrent.**ThreadPoolExecutor$Worker.run(**
>>> ThreadPoolExecutor.java:908)
>>>        java.lang.Thread.run(Thread.**java:662)
>>>
>>> *root cause*
>>>
>>>
>>> org.springframework.beans.**factory.BeanCreationException: Error
>>> creating bean with name 'utIssueDelegate' defined in URL
>>> [jndi:/localhost/DoubleItSTS/**WEB-INF/cxf-servlet.xml]: Cannot resolve
>>> reference to bean 'utService' while setting bean property 'services';
>>> nested exception is
>>> org.springframework.beans.**factory.BeanCreationException: Error
>>> creating bean with name 'utService' defined in URL
>>> [jndi:/localhost/DoubleItSTS/**WEB-INF/cxf-servlet.xml]: Error setting
>>> property values; nested exception is
>>> org.springframework.beans.**NotWritablePropertyException: Invalid
>>> property 'encryptionName' of bean class
>>> [org.apache.cxf.sts.service.**StaticService]: Bean property
>>> 'encryptionName' is not writable or has an invalid setter method. Does
>>> the parameter type of the setter match the return type of the getter?
>>>        org.springframework.beans.**factory.support.**
>>> BeanDefinitionValueResolver.**resolveReference(**
>>> BeanDefinitionValueResolver.**java:328)
>>>        org.springframework.beans.**factory.support.**
>>> BeanDefinitionValueResolver.**resolveValueIfNecessary(**
>>> BeanDefinitionValueResolver.**java:106)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractAutowireCapableBeanFac**tory.applyPropertyValues(**
>>> AbstractAutowireCapableBeanFac**tory.java:1325)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractAutowireCapableBeanFac**tory.populateBean(**
>>> AbstractAutowireCapableBeanFac**tory.java:1086)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractAutowireCapableBeanFac**tory.doCreateBean(**
>>> AbstractAutowireCapableBeanFac**tory.java:517)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractAutowireCapableBeanFac**tory.createBean(**
>>> AbstractAutowireCapableBeanFac**tory.java:456)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractBeanFactory$1.**getObject(AbstractBeanFactory.**java:293)
>>>        org.springframework.beans.**factory.support.**
>>> DefaultSingletonBeanRegistry.**getSingleton(**
>>> DefaultSingletonBeanRegistry.**java:222)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractBeanFactory.doGetBean(**AbstractBeanFactory.java:290)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractBeanFactory.getBean(**AbstractBeanFactory.java:192)
>>>        org.springframework.beans.**factory.support.**
>>> BeanDefinitionValueResolver.**resolveReference(**
>>> BeanDefinitionValueResolver.**java:322)
>>>        org.springframework.beans.**factory.support.**
>>> BeanDefinitionValueResolver.**resolveValueIfNecessary(**
>>> BeanDefinitionValueResolver.**java:106)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractAutowireCapableBeanFac**tory.applyPropertyValues(**
>>> AbstractAutowireCapableBeanFac**tory.java:1325)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractAutowireCapableBeanFac**tory.populateBean(**
>>> AbstractAutowireCapableBeanFac**tory.java:1086)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractAutowireCapableBeanFac**tory.doCreateBean(**
>>> AbstractAutowireCapableBeanFac**tory.java:517)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractAutowireCapableBeanFac**tory.createBean(**
>>> AbstractAutowireCapableBeanFac**tory.java:456)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractBeanFactory$1.**getObject(AbstractBeanFactory.**java:293)
>>>        org.springframework.beans.**factory.support.**
>>> DefaultSingletonBeanRegistry.**getSingleton(**
>>> DefaultSingletonBeanRegistry.**java:222)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractBeanFactory.doGetBean(**AbstractBeanFactory.java:290)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractBeanFactory.getBean(**AbstractBeanFactory.java:192)
>>>        org.springframework.beans.**factory.support.**
>>> DefaultListableBeanFactory.**preInstantiateSingletons(**
>>> DefaultListableBeanFactory.**java:585)
>>>        org.springframework.context.**support.**
>>> AbstractApplicationContext.**finishBeanFactoryInitializatio**
>>> n(AbstractApplicationContext.**java:895)
>>>        org.springframework.context.**support.**
>>> AbstractApplicationContext.**refresh(**AbstractApplicationContext.**
>>> java:425)
>>>        org.apache.cxf.transport.**servlet.CXFServlet.**
>>> createSpringContext(**CXFServlet.java:146)
>>>        org.apache.cxf.transport.**servlet.CXFServlet.loadBus(**
>>> CXFServlet.java:72)
>>>        org.apache.cxf.transport.**servlet.CXFNonSpringServlet.**
>>> init(CXFNonSpringServlet.java:**67)
>>>        org.apache.catalina.**authenticator.**AuthenticatorBase.invoke(**
>>> AuthenticatorBase.java:472)
>>>        org.apache.catalina.valves.**ErrorReportValve.invoke(**
>>> ErrorReportValve.java:98)
>>>        org.apache.catalina.valves.**AccessLogValve.invoke(**
>>> AccessLogValve.java:927)
>>>        org.apache.catalina.connector.**CoyoteAdapter.service(**
>>> CoyoteAdapter.java:407)
>>>        org.apache.coyote.http11.**AbstractHttp11Processor.**process(**
>>> AbstractHttp11Processor.java:**999)
>>>        org.apache.coyote.**AbstractProtocol$**AbstractConnectionHandler.
>>> **process(AbstractProtocol.java:**565)
>>>        org.apache.tomcat.util.net.**JIoEndpoint$SocketProcessor.**
>>> run(JIoEndpoint.java:309)
>>>        java.util.concurrent.**ThreadPoolExecutor$Worker.**
>>> runTask(ThreadPoolExecutor.**java:886)
>>>        java.util.concurrent.**ThreadPoolExecutor$Worker.run(**
>>> ThreadPoolExecutor.java:908)
>>>        java.lang.Thread.run(Thread.**java:662)
>>>
>>> *root cause*
>>>
>>>
>>> org.springframework.beans.**factory.BeanCreationException: Error
>>> creating bean with name 'utService' defined in URL
>>> [jndi:/localhost/DoubleItSTS/**WEB-INF/cxf-servlet.xml]: Error setting
>>> property values; nested exception is
>>> org.springframework.beans.**NotWritablePropertyException: Invalid
>>> property 'encryptionName' of bean class
>>> [org.apache.cxf.sts.service.**StaticService]: Bean property
>>> 'encryptionName' is not writable or has an invalid setter method. Does
>>> the parameter type of the setter match the return type of the getter?
>>>        org.springframework.beans.**factory.support.**
>>> AbstractAutowireCapableBeanFac**tory.applyPropertyValues(**
>>> AbstractAutowireCapableBeanFac**tory.java:1361)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractAutowireCapableBeanFac**tory.populateBean(**
>>> AbstractAutowireCapableBeanFac**tory.java:1086)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractAutowireCapableBeanFac**tory.doCreateBean(**
>>> AbstractAutowireCapableBeanFac**tory.java:517)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractAutowireCapableBeanFac**tory.createBean(**
>>> AbstractAutowireCapableBeanFac**tory.java:456)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractBeanFactory$1.**getObject(AbstractBeanFactory.**java:293)
>>>        org.springframework.beans.**factory.support.**
>>> DefaultSingletonBeanRegistry.**getSingleton(**
>>> DefaultSingletonBeanRegistry.**java:222)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractBeanFactory.doGetBean(**AbstractBeanFactory.java:290)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractBeanFactory.getBean(**AbstractBeanFactory.java:192)
>>>        org.springframework.beans.**factory.support.**
>>> BeanDefinitionValueResolver.**resolveReference(**
>>> BeanDefinitionValueResolver.**java:322)
>>>        org.springframework.beans.**factory.support.**
>>> BeanDefinitionValueResolver.**resolveValueIfNecessary(**
>>> BeanDefinitionValueResolver.**java:106)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractAutowireCapableBeanFac**tory.applyPropertyValues(**
>>> AbstractAutowireCapableBeanFac**tory.java:1325)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractAutowireCapableBeanFac**tory.populateBean(**
>>> AbstractAutowireCapableBeanFac**tory.java:1086)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractAutowireCapableBeanFac**tory.doCreateBean(**
>>> AbstractAutowireCapableBeanFac**tory.java:517)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractAutowireCapableBeanFac**tory.createBean(**
>>> AbstractAutowireCapableBeanFac**tory.java:456)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractBeanFactory$1.**getObject(AbstractBeanFactory.**java:293)
>>>        org.springframework.beans.**factory.support.**
>>> DefaultSingletonBeanRegistry.**getSingleton(**
>>> DefaultSingletonBeanRegistry.**java:222)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractBeanFactory.doGetBean(**AbstractBeanFactory.java:290)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractBeanFactory.getBean(**AbstractBeanFactory.java:192)
>>>        org.springframework.beans.**factory.support.**
>>> BeanDefinitionValueResolver.**resolveReference(**
>>> BeanDefinitionValueResolver.**java:322)
>>>        org.springframework.beans.**factory.support.**
>>> BeanDefinitionValueResolver.**resolveValueIfNecessary(**
>>> BeanDefinitionValueResolver.**java:106)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractAutowireCapableBeanFac**tory.applyPropertyValues(**
>>> AbstractAutowireCapableBeanFac**tory.java:1325)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractAutowireCapableBeanFac**tory.populateBean(**
>>> AbstractAutowireCapableBeanFac**tory.java:1086)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractAutowireCapableBeanFac**tory.doCreateBean(**
>>> AbstractAutowireCapableBeanFac**tory.java:517)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractAutowireCapableBeanFac**tory.createBean(**
>>> AbstractAutowireCapableBeanFac**tory.java:456)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractBeanFactory$1.**getObject(AbstractBeanFactory.**java:293)
>>>        org.springframework.beans.**factory.support.**
>>> DefaultSingletonBeanRegistry.**getSingleton(**
>>> DefaultSingletonBeanRegistry.**java:222)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractBeanFactory.doGetBean(**AbstractBeanFactory.java:290)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractBeanFactory.getBean(**AbstractBeanFactory.java:192)
>>>        org.springframework.beans.**factory.support.**
>>> DefaultListableBeanFactory.**preInstantiateSingletons(**
>>> DefaultListableBeanFactory.**java:585)
>>>        org.springframework.context.**support.**
>>> AbstractApplicationContext.**finishBeanFactoryInitializatio**
>>> n(AbstractApplicationContext.**java:895)
>>>        org.springframework.context.**support.**
>>> AbstractApplicationContext.**refresh(**AbstractApplicationContext.**
>>> java:425)
>>>        org.apache.cxf.transport.**servlet.CXFServlet.**
>>> createSpringContext(**CXFServlet.java:146)
>>>        org.apache.cxf.transport.**servlet.CXFServlet.loadBus(**
>>> CXFServlet.java:72)
>>>        org.apache.cxf.transport.**servlet.CXFNonSpringServlet.**
>>> init(CXFNonSpringServlet.java:**67)
>>>        org.apache.catalina.**authenticator.**AuthenticatorBase.invoke(**
>>> AuthenticatorBase.java:472)
>>>        org.apache.catalina.valves.**ErrorReportValve.invoke(**
>>> ErrorReportValve.java:98)
>>>        org.apache.catalina.valves.**AccessLogValve.invoke(**
>>> AccessLogValve.java:927)
>>>        org.apache.catalina.connector.**CoyoteAdapter.service(**
>>> CoyoteAdapter.java:407)
>>>        org.apache.coyote.http11.**AbstractHttp11Processor.**process(**
>>> AbstractHttp11Processor.java:**999)
>>>        org.apache.coyote.**AbstractProtocol$**AbstractConnectionHandler.
>>> **process(AbstractProtocol.java:**565)
>>>        org.apache.tomcat.util.net.**JIoEndpoint$SocketProcessor.**
>>> run(JIoEndpoint.java:309)
>>>        java.util.concurrent.**ThreadPoolExecutor$Worker.**
>>> runTask(ThreadPoolExecutor.**java:886)
>>>        java.util.concurrent.**ThreadPoolExecutor$Worker.run(**
>>> ThreadPoolExecutor.java:908)
>>>        java.lang.Thread.run(Thread.**java:662)
>>>
>>> *root cause*
>>>
>>>
>>> org.springframework.beans.**NotWritablePropertyException: Invalid
>>> property 'encryptionName' of bean class
>>> [org.apache.cxf.sts.service.**StaticService]: Bean property
>>> 'encryptionName' is not writable or has an invalid setter method. Does
>>> the parameter type of the setter match the return type of the getter?
>>>        org.springframework.beans.**BeanWrapperImpl.**setPropertyValue(**
>>> BeanWrapperImpl.java:1052)
>>>        org.springframework.beans.**BeanWrapperImpl.**setPropertyValue(**
>>> BeanWrapperImpl.java:921)
>>>        org.springframework.beans.**AbstractPropertyAccessor.**
>>> setPropertyValues(**AbstractPropertyAccessor.java:**76)
>>>        org.springframework.beans.**AbstractPropertyAccessor.**
>>> setPropertyValues(**AbstractPropertyAccessor.java:**58)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractAutowireCapableBeanFac**tory.applyPropertyValues(**
>>> AbstractAutowireCapableBeanFac**tory.java:1358)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractAutowireCapableBeanFac**tory.populateBean(**
>>> AbstractAutowireCapableBeanFac**tory.java:1086)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractAutowireCapableBeanFac**tory.doCreateBean(**
>>> AbstractAutowireCapableBeanFac**tory.java:517)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractAutowireCapableBeanFac**tory.createBean(**
>>> AbstractAutowireCapableBeanFac**tory.java:456)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractBeanFactory$1.**getObject(AbstractBeanFactory.**java:293)
>>>        org.springframework.beans.**factory.support.**
>>> DefaultSingletonBeanRegistry.**getSingleton(**
>>> DefaultSingletonBeanRegistry.**java:222)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractBeanFactory.doGetBean(**AbstractBeanFactory.java:290)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractBeanFactory.getBean(**AbstractBeanFactory.java:192)
>>>        org.springframework.beans.**factory.support.**
>>> BeanDefinitionValueResolver.**resolveReference(**
>>> BeanDefinitionValueResolver.**java:322)
>>>        org.springframework.beans.**factory.support.**
>>> BeanDefinitionValueResolver.**resolveValueIfNecessary(**
>>> BeanDefinitionValueResolver.**java:106)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractAutowireCapableBeanFac**tory.applyPropertyValues(**
>>> AbstractAutowireCapableBeanFac**tory.java:1325)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractAutowireCapableBeanFac**tory.populateBean(**
>>> AbstractAutowireCapableBeanFac**tory.java:1086)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractAutowireCapableBeanFac**tory.doCreateBean(**
>>> AbstractAutowireCapableBeanFac**tory.java:517)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractAutowireCapableBeanFac**tory.createBean(**
>>> AbstractAutowireCapableBeanFac**tory.java:456)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractBeanFactory$1.**getObject(AbstractBeanFactory.**java:293)
>>>        org.springframework.beans.**factory.support.**
>>> DefaultSingletonBeanRegistry.**getSingleton(**
>>> DefaultSingletonBeanRegistry.**java:222)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractBeanFactory.doGetBean(**AbstractBeanFactory.java:290)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractBeanFactory.getBean(**AbstractBeanFactory.java:192)
>>>        org.springframework.beans.**factory.support.**
>>> BeanDefinitionValueResolver.**resolveReference(**
>>> BeanDefinitionValueResolver.**java:322)
>>>        org.springframework.beans.**factory.support.**
>>> BeanDefinitionValueResolver.**resolveValueIfNecessary(**
>>> BeanDefinitionValueResolver.**java:106)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractAutowireCapableBeanFac**tory.applyPropertyValues(**
>>> AbstractAutowireCapableBeanFac**tory.java:1325)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractAutowireCapableBeanFac**tory.populateBean(**
>>> AbstractAutowireCapableBeanFac**tory.java:1086)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractAutowireCapableBeanFac**tory.doCreateBean(**
>>> AbstractAutowireCapableBeanFac**tory.java:517)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractAutowireCapableBeanFac**tory.createBean(**
>>> AbstractAutowireCapableBeanFac**tory.java:456)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractBeanFactory$1.**getObject(AbstractBeanFactory.**java:293)
>>>        org.springframework.beans.**factory.support.**
>>> DefaultSingletonBeanRegistry.**getSingleton(**
>>> DefaultSingletonBeanRegistry.**java:222)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractBeanFactory.doGetBean(**AbstractBeanFactory.java:290)
>>>        org.springframework.beans.**factory.support.**
>>> AbstractBeanFactory.getBean(**AbstractBeanFactory.java:192)
>>>        org.springframework.beans.**factory.support.**
>>> DefaultListableBeanFactory.**preInstantiateSingletons(**
>>> DefaultListableBeanFactory.**java:585)
>>>        org.springframework.context.**support.**
>>> AbstractApplicationContext.**finishBeanFactoryInitializatio**
>>> n(AbstractApplicationContext.**java:895)
>>>        org.springframework.context.**support.**
>>> AbstractApplicationContext.**refresh(**AbstractApplicationContext.**
>>> java:425)
>>>        org.apache.cxf.transport.**servlet.CXFServlet.**
>>> createSpringContext(**CXFServlet.java:146)
>>>        org.apache.cxf.transport.**servlet.CXFServlet.loadBus(**
>>> CXFServlet.java:72)
>>>        org.apache.cxf.transport.**servlet.CXFNonSpringServlet.**
>>> init(CXFNonSpringServlet.java:**67)
>>>        org.apache.catalina.**authenticator.**AuthenticatorBase.invoke(**
>>> AuthenticatorBase.java:472)
>>>        org.apache.catalina.valves.**ErrorReportValve.invoke(**
>>> ErrorReportValve.java:98)
>>>        org.apache.catalina.valves.**AccessLogValve.invoke(**
>>> AccessLogValve.java:927)
>>>        org.apache.catalina.connector.**CoyoteAdapter.service(**
>>> CoyoteAdapter.java:407)
>>>        org.apache.coyote.http11.**AbstractHttp11Processor.**process(**
>>> AbstractHttp11Processor.java:**999)
>>>        org.apache.coyote.**AbstractProtocol$**AbstractConnectionHandler.
>>> **process(AbstractProtocol.java:**565)
>>>        org.apache.tomcat.util.net.**JIoEndpoint$SocketProcessor.**
>>> run(JIoEndpoint.java:309)
>>>        java.util.concurrent.**ThreadPoolExecutor$Worker.**
>>> runTask(ThreadPoolExecutor.**java:886)
>>>        java.util.concurrent.**ThreadPoolExecutor$Worker.run(**
>>> ThreadPoolExecutor.java:908)
>>>        java.lang.Thread.run(Thread.**java:662)
>>>
>>>
>>
>> --
>> Glen Mazza
>> Talend Community Coders
>> coders.talend.com
>> blog: www.jroller.com/gmazza
>>
>>
>
Reply | Threaded
Open this post in threaded view
|

Re: Proglem with loading Apache CXF STS with UT authentication

Glen Mazza (Talend)
In reply to this post by Gina Choi
Hmm, the sample doesn't have encryptionName under utService:
http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/sts/wssec-sts.xml?revision=1190520&view=markup#l69

I'm not sure why you're placing such a property in.

Glen

On 05/24/2012 09:14 PM, Gina Choi wrote:

> I did carefully update STS wsdl file based on CXF STS core code.
> Following is root cause. org.apache.cxf.sts.service.StaticService.java
> doesn't have property named encryptionName, but it does has a
> property called EncryptionProperties. EncryptionProperties.java has a
> property named encryptionName. So, it make sense that it couldn't
> create a bean. I used cxf-ut.xml. Am I supposed use
> cxf-encrypted-ut.xml instead? But cxf-encrypted-ut.xml is asymmetric.
> Invalid property 'encryptionName' of bean class [org.apache.cxf.sts.service.StaticService]: Bean property 'encryptionName' is not writable or has an invalid setter method. Does the parameter type of the setter match the return type of the getter?
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:328)
> In the cxf-ut.xml, there are following lines.
> <bean id="utService"
>         class="org.apache.cxf.sts.service.StaticService">
> <property name="endpoints" ref="utEndpoints"/>
> <property name="encryptionName" value="myservicekey"/>
> </bean>
> On Thu, May 24, 2012 at 6:12 PM, Glen Mazza <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     Oh, that's right, forgot to mention -- the STS WSDL will also need
>     updating if you switch from X.509 to UsernameToken authentication,
>     because that's where you specify the type of authentication
>     required.  Check the WSDL in the CXF "STS" sample (it's in the CXF
>     distribution: http://cxf.apache.org/ download.html
>     <http://cxf.apache.org/download.html> or just use the link below)
>     to figure out the modifications needed.  If it still doesn't work
>     even after you make the changes, you might want to run the CXF STS
>     sample on your machine following its readme (it's pretty quick to
>     do) to rule out any problems with your JDK, etc.
>
>     Glen
>
>
>     On 05/24/2012 05:58 PM, Gina Choi wrote:
>
>         Hi All,
>
>         I had a perfactly running Apache CXF STS with X.509
>         authentication between
>         WSC and STS(http://www.jroller.com/
>         gmazza/entry/cxf_sts_tutorial
>         <http://www.jroller.com/gmazza/entry/cxf_sts_tutorial>) . I
>         updated DoubleItSTSService.wsdl and cxf-servlet.xml as well as
>         PasswordCallbackHandler.java file on the STS side to validate
>         user name and
>         password from WSC. I ran build and deployed STS, but I when
>         run STS service
>         on the browser(http://localhost:8088/ DoubleItSTS
>         <http://localhost:8088/DoubleItSTS>), I am getting following
>         exceptions. Could any one tell me what possibly went wrong?
>         HTTP Status 500 -
>         ------------------------------
>
>         *type* Exception report
>
>         *message* **
>
>         *description* *The server encountered an internal error ()
>         that prevented
>         it from fulfilling this request.*
>
>         *exception*
>
>
>         javax.servlet. ServletException: Servlet.init() for servlet
>         sts threw exception
>                org.apache.catalina. authenticator.
>         AuthenticatorBase.invoke( AuthenticatorBase.java:472)
>                org.apache.catalina.valves. ErrorReportValve.invoke(
>         ErrorReportValve.java:98)
>                org.apache.catalina.valves. AccessLogValve.invoke(
>         AccessLogValve.java:927)
>                org.apache.catalina.connector. CoyoteAdapter.service(
>         CoyoteAdapter.java:407)
>                org.apache.coyote.http11. AbstractHttp11Processor.
>         process( AbstractHttp11Processor.java: 999)
>                org.apache.coyote. AbstractProtocol$
>         AbstractConnectionHandler. process(AbstractProtocol.java: 565)
>         org.apache.tomcat.util.net
>         <http://org.apache.tomcat.util.net>.
>         JIoEndpoint$SocketProcessor. run(JIoEndpoint.java:309)
>                java.util.concurrent. ThreadPoolExecutor$Worker.
>         runTask(ThreadPoolExecutor. java:886)
>                java.util.concurrent. ThreadPoolExecutor$Worker.run(
>         ThreadPoolExecutor.java:908)
>                java.lang.Thread.run(Thread. java:662)
>
>         *root cause*
>
>
>         org.springframework.beans. factory.BeanCreationException: Error
>         creating bean with name 'utSTSProviderBean' defined in URL
>         [jndi:/localhost/DoubleItSTS/ WEB-INF/cxf-servlet.xml]: Cannot
>         resolve
>         reference to bean 'utIssueDelegate' while setting bean property
>         'issueOperation'; nested exception is
>         org.springframework.beans. factory.BeanCreationException: Error
>         creating bean with name 'utIssueDelegate' defined in URL
>         [jndi:/localhost/DoubleItSTS/ WEB-INF/cxf-servlet.xml]: Cannot
>         resolve
>         reference to bean 'utService' while setting bean property
>         'services';
>         nested exception is
>         org.springframework.beans. factory.BeanCreationException: Error
>         creating bean with name 'utService' defined in URL
>         [jndi:/localhost/DoubleItSTS/ WEB-INF/cxf-servlet.xml]: Error
>         setting
>         property values; nested exception is
>         org.springframework.beans. NotWritablePropertyException: Invalid
>         property 'encryptionName' of bean class
>         [org.apache.cxf.sts.service. StaticService]: Bean property
>         'encryptionName' is not writable or has an invalid setter
>         method. Does
>         the parameter type of the setter match the return type of the
>         getter?
>                org.springframework.beans. factory.support.
>         BeanDefinitionValueResolver. resolveReference(
>         BeanDefinitionValueResolver. java:328)
>                org.springframework.beans. factory.support.
>         BeanDefinitionValueResolver. resolveValueIfNecessary(
>         BeanDefinitionValueResolver. java:106)
>                org.springframework.beans. factory.support.
>         AbstractAutowireCapableBeanFac tory.applyPropertyValues(
>         AbstractAutowireCapableBeanFac tory.java:1325)
>                org.springframework.beans. factory.support.
>         AbstractAutowireCapableBeanFac tory.populateBean(
>         AbstractAutowireCapableBeanFac tory.java:1086)
>                org.springframework.beans. factory.support.
>         AbstractAutowireCapableBeanFac tory.doCreateBean(
>         AbstractAutowireCapableBeanFac tory.java:517)
>                org.springframework.beans. factory.support.
>         AbstractAutowireCapableBeanFac tory.createBean(
>         AbstractAutowireCapableBeanFac tory.java:456)
>                org.springframework.beans. factory.support.
>         AbstractBeanFactory$1. getObject(AbstractBeanFactory. java:293)
>                org.springframework.beans. factory.support.
>         DefaultSingletonBeanRegistry. getSingleton(
>         DefaultSingletonBeanRegistry. java:222)
>                org.springframework.beans. factory.support.
>         AbstractBeanFactory.doGetBean( AbstractBeanFactory.java:290)
>                org.springframework.beans. factory.support.
>         AbstractBeanFactory.getBean( AbstractBeanFactory.java:192)
>                org.springframework.beans. factory.support.
>         DefaultListableBeanFactory. preInstantiateSingletons(
>         DefaultListableBeanFactory. java:585)
>                org.springframework.context. support.
>         AbstractApplicationContext. finishBeanFactoryInitializatio
>         n(AbstractApplicationContext. java:895)
>                org.springframework.context. support.
>         AbstractApplicationContext. refresh(
>         AbstractApplicationContext. java:425)
>                org.apache.cxf.transport. servlet.CXFServlet.
>         createSpringContext( CXFServlet.java:146)
>                org.apache.cxf.transport. servlet.CXFServlet.loadBus(
>         CXFServlet.java:72)
>                org.apache.cxf.transport. servlet.CXFNonSpringServlet.
>         init(CXFNonSpringServlet.java: 67)
>                org.apache.catalina. authenticator.
>         AuthenticatorBase.invoke( AuthenticatorBase.java:472)
>                org.apache.catalina.valves. ErrorReportValve.invoke(
>         ErrorReportValve.java:98)
>                org.apache.catalina.valves. AccessLogValve.invoke(
>         AccessLogValve.java:927)
>                org.apache.catalina.connector. CoyoteAdapter.service(
>         CoyoteAdapter.java:407)
>                org.apache.coyote.http11. AbstractHttp11Processor.
>         process( AbstractHttp11Processor.java: 999)
>                org.apache.coyote. AbstractProtocol$
>         AbstractConnectionHandler. process(AbstractProtocol.java: 565)
>         org.apache.tomcat.util.net
>         <http://org.apache.tomcat.util.net>.
>         JIoEndpoint$SocketProcessor. run(JIoEndpoint.java:309)
>                java.util.concurrent. ThreadPoolExecutor$Worker.
>         runTask(ThreadPoolExecutor. java:886)
>                java.util.concurrent. ThreadPoolExecutor$Worker.run(
>         ThreadPoolExecutor.java:908)
>                java.lang.Thread.run(Thread. java:662)
>
>         *root cause*
>
>
>         org.springframework.beans. factory.BeanCreationException: Error
>         creating bean with name 'utIssueDelegate' defined in URL
>         [jndi:/localhost/DoubleItSTS/ WEB-INF/cxf-servlet.xml]: Cannot
>         resolve
>         reference to bean 'utService' while setting bean property
>         'services';
>         nested exception is
>         org.springframework.beans. factory.BeanCreationException: Error
>         creating bean with name 'utService' defined in URL
>         [jndi:/localhost/DoubleItSTS/ WEB-INF/cxf-servlet.xml]: Error
>         setting
>         property values; nested exception is
>         org.springframework.beans. NotWritablePropertyException: Invalid
>         property 'encryptionName' of bean class
>         [org.apache.cxf.sts.service. StaticService]: Bean property
>         'encryptionName' is not writable or has an invalid setter
>         method. Does
>         the parameter type of the setter match the return type of the
>         getter?
>                org.springframework.beans. factory.support.
>         BeanDefinitionValueResolver. resolveReference(
>         BeanDefinitionValueResolver. java:328)
>                org.springframework.beans. factory.support.
>         BeanDefinitionValueResolver. resolveValueIfNecessary(
>         BeanDefinitionValueResolver. java:106)
>                org.springframework.beans. factory.support.
>         AbstractAutowireCapableBeanFac tory.applyPropertyValues(
>         AbstractAutowireCapableBeanFac tory.java:1325)
>                org.springframework.beans. factory.support.
>         AbstractAutowireCapableBeanFac tory.populateBean(
>         AbstractAutowireCapableBeanFac tory.java:1086)
>                org.springframework.beans. factory.support.
>         AbstractAutowireCapableBeanFac tory.doCreateBean(
>         AbstractAutowireCapableBeanFac tory.java:517)
>                org.springframework.beans. factory.support.
>         AbstractAutowireCapableBeanFac tory.createBean(
>         AbstractAutowireCapableBeanFac tory.java:456)
>                org.springframework.beans. factory.support.
>         AbstractBeanFactory$1. getObject(AbstractBeanFactory. java:293)
>                org.springframework.beans. factory.support.
>         DefaultSingletonBeanRegistry. getSingleton(
>         DefaultSingletonBeanRegistry. java:222)
>                org.springframework.beans. factory.support.
>         AbstractBeanFactory.doGetBean( AbstractBeanFactory.java:290)
>                org.springframework.beans. factory.support.
>         AbstractBeanFactory.getBean( AbstractBeanFactory.java:192)
>                org.springframework.beans. factory.support.
>         BeanDefinitionValueResolver. resolveReference(
>         BeanDefinitionValueResolver. java:322)
>                org.springframework.beans. factory.support.
>         BeanDefinitionValueResolver. resolveValueIfNecessary(
>         BeanDefinitionValueResolver. java:106)
>                org.springframework.beans. factory.support.
>         AbstractAutowireCapableBeanFac tory.applyPropertyValues(
>         AbstractAutowireCapableBeanFac tory.java:1325)
>                org.springframework.beans. factory.support.
>         AbstractAutowireCapableBeanFac tory.populateBean(
>         AbstractAutowireCapableBeanFac tory.java:1086)
>                org.springframework.beans. factory.support.
>         AbstractAutowireCapableBeanFac tory.doCreateBean(
>         AbstractAutowireCapableBeanFac tory.java:517)
>                org.springframework.beans. factory.support.
>         AbstractAutowireCapableBeanFac tory.createBean(
>         AbstractAutowireCapableBeanFac tory.java:456)
>                org.springframework.beans. factory.support.
>         AbstractBeanFactory$1. getObject(AbstractBeanFactory. java:293)
>                org.springframework.beans. factory.support.
>         DefaultSingletonBeanRegistry. getSingleton(
>         DefaultSingletonBeanRegistry. java:222)
>                org.springframework.beans. factory.support.
>         AbstractBeanFactory.doGetBean( AbstractBeanFactory.java:290)
>                org.springframework.beans. factory.support.
>         AbstractBeanFactory.getBean( AbstractBeanFactory.java:192)
>                org.springframework.beans. factory.support.
>         DefaultListableBeanFactory. preInstantiateSingletons(
>         DefaultListableBeanFactory. java:585)
>                org.springframework.context. support.
>         AbstractApplicationContext. finishBeanFactoryInitializatio
>         n(AbstractApplicationContext. java:895)
>                org.springframework.context. support.
>         AbstractApplicationContext. refresh(
>         AbstractApplicationContext. java:425)
>                org.apache.cxf.transport. servlet.CXFServlet.
>         createSpringContext( CXFServlet.java:146)
>                org.apache.cxf.transport. servlet.CXFServlet.loadBus(
>         CXFServlet.java:72)
>                org.apache.cxf.transport. servlet.CXFNonSpringServlet.
>         init(CXFNonSpringServlet.java: 67)
>                org.apache.catalina. authenticator.
>         AuthenticatorBase.invoke( AuthenticatorBase.java:472)
>                org.apache.catalina.valves. ErrorReportValve.invoke(
>         ErrorReportValve.java:98)
>                org.apache.catalina.valves. AccessLogValve.invoke(
>         AccessLogValve.java:927)
>                org.apache.catalina.connector. CoyoteAdapter.service(
>         CoyoteAdapter.java:407)
>                org.apache.coyote.http11. AbstractHttp11Processor.
>         process( AbstractHttp11Processor.java: 999)
>                org.apache.coyote. AbstractProtocol$
>         AbstractConnectionHandler. process(AbstractProtocol.java: 565)
>         org.apache.tomcat.util.net
>         <http://org.apache.tomcat.util.net>.
>         JIoEndpoint$SocketProcessor. run(JIoEndpoint.java:309)
>                java.util.concurrent. ThreadPoolExecutor$Worker.
>         runTask(ThreadPoolExecutor. java:886)
>                java.util.concurrent. ThreadPoolExecutor$Worker.run(
>         ThreadPoolExecutor.java:908)
>                java.lang.Thread.run(Thread. java:662)
>
>         *root cause*
>
>
>         org.springframework.beans. factory.BeanCreationException: Error
>         creating bean with name 'utService' defined in URL
>         [jndi:/localhost/DoubleItSTS/ WEB-INF/cxf-servlet.xml]: Error
>         setting
>         property values; nested exception is
>         org.springframework.beans. NotWritablePropertyException: Invalid
>         property 'encryptionName' of bean class
>         [org.apache.cxf.sts.service. StaticService]: Bean property
>         'encryptionName' is not writable or has an invalid setter
>         method. Does
>         the parameter type of the setter match the return type of the
>         getter?
>                org.springframework.beans. factory.support.
>         AbstractAutowireCapableBeanFac tory.applyPropertyValues(
>         AbstractAutowireCapableBeanFac tory.java:1361)
>                org.springframework.beans. factory.support.
>         AbstractAutowireCapableBeanFac tory.populateBean(
>         AbstractAutowireCapableBeanFac tory.java:1086)
>                org.springframework.beans. factory.support.
>         AbstractAutowireCapableBeanFac tory.doCreateBean(
>         AbstractAutowireCapableBeanFac tory.java:517)
>                org.springframework.beans. factory.support.
>         AbstractAutowireCapableBeanFac tory.createBean(
>         AbstractAutowireCapableBeanFac tory.java:456)
>                org.springframework.beans. factory.support.
>         AbstractBeanFactory$1. getObject(AbstractBeanFactory. java:293)
>                org.springframework.beans. factory.support.
>         DefaultSingletonBeanRegistry. getSingleton(
>         DefaultSingletonBeanRegistry. java:222)
>                org.springframework.beans. factory.support.
>         AbstractBeanFactory.doGetBean( AbstractBeanFactory.java:290)
>                org.springframework.beans. factory.support.
>         AbstractBeanFactory.getBean( AbstractBeanFactory.java:192)
>                org.springframework.beans. factory.support.
>         BeanDefinitionValueResolver. resolveReference(
>         BeanDefinitionValueResolver. java:322)
>                org.springframework.beans. factory.support.
>         BeanDefinitionValueResolver. resolveValueIfNecessary(
>         BeanDefinitionValueResolver. java:106)
>                org.springframework.beans. factory.support.
>         AbstractAutowireCapableBeanFac tory.applyPropertyValues(
>         AbstractAutowireCapableBeanFac tory.java:1325)
>                org.springframework.beans. factory.support.
>         AbstractAutowireCapableBeanFac tory.populateBean(
>         AbstractAutowireCapableBeanFac tory.java:1086)
>                org.springframework.beans. factory.support.
>         AbstractAutowireCapableBeanFac tory.doCreateBean(
>         AbstractAutowireCapableBeanFac tory.java:517)
>                org.springframework.beans. factory.support.
>         AbstractAutowireCapableBeanFac tory.createBean(
>         AbstractAutowireCapableBeanFac tory.java:456)
>                org.springframework.beans. factory.support.
>         AbstractBeanFactory$1. getObject(AbstractBeanFactory. java:293)
>                org.springframework.beans. factory.support.
>         DefaultSingletonBeanRegistry. getSingleton(
>         DefaultSingletonBeanRegistry. java:222)
>                org.springframework.beans. factory.support.
>         AbstractBeanFactory.doGetBean( AbstractBeanFactory.java:290)
>                org.springframework.beans. factory.support.
>         AbstractBeanFactory.getBean( AbstractBeanFactory.java:192)
>                org.springframework.beans. factory.support.
>         BeanDefinitionValueResolver. resolveReference(
>         BeanDefinitionValueResolver. java:322)
>                org.springframework.beans. factory.support.
>         BeanDefinitionValueResolver. resolveValueIfNecessary(
>         BeanDefinitionValueResolver. java:106)
>                org.springframework.beans. factory.support.
>         AbstractAutowireCapableBeanFac tory.applyPropertyValues(
>         AbstractAutowireCapableBeanFac tory.java:1325)
>                org.springframework.beans. factory.support.
>         AbstractAutowireCapableBeanFac tory.populateBean(
>         AbstractAutowireCapableBeanFac tory.java:1086)
>                org.springframework.beans. factory.support.
>         AbstractAutowireCapableBeanFac tory.doCreateBean(
>         AbstractAutowireCapableBeanFac tory.java:517)
>                org.springframework.beans. factory.support.
>         AbstractAutowireCapableBeanFac tory.createBean(
>         AbstractAutowireCapableBeanFac tory.java:456)
>                org.springframework.beans. factory.support.
>         AbstractBeanFactory$1. getObject(AbstractBeanFactory. java:293)
>                org.springframework.beans. factory.support.
>         DefaultSingletonBeanRegistry. getSingleton(
>         DefaultSingletonBeanRegistry. java:222)
>                org.springframework.beans. factory.support.
>         AbstractBeanFactory.doGetBean( AbstractBeanFactory.java:290)
>                org.springframework.beans. factory.support.
>         AbstractBeanFactory.getBean( AbstractBeanFactory.java:192)
>                org.springframework.beans. factory.support.
>         DefaultListableBeanFactory. preInstantiateSingletons(
>         DefaultListableBeanFactory. java:585)
>                org.springframework.context. support.
>         AbstractApplicationContext. finishBeanFactoryInitializatio
>         n(AbstractApplicationContext. java:895)
>                org.springframework.context. support.
>         AbstractApplicationContext. refresh(
>         AbstractApplicationContext. java:425)
>                org.apache.cxf.transport. servlet.CXFServlet.
>         createSpringContext( CXFServlet.java:146)
>                org.apache.cxf.transport. servlet.CXFServlet.loadBus(
>         CXFServlet.java:72)
>                org.apache.cxf.transport. servlet.CXFNonSpringServlet.
>         init(CXFNonSpringServlet.java: 67)
>                org.apache.catalina. authenticator.
>         AuthenticatorBase.invoke( AuthenticatorBase.java:472)
>                org.apache.catalina.valves. ErrorReportValve.invoke(
>         ErrorReportValve.java:98)
>                org.apache.catalina.valves. AccessLogValve.invoke(
>         AccessLogValve.java:927)
>                org.apache.catalina.connector. CoyoteAdapter.service(
>         CoyoteAdapter.java:407)
>                org.apache.coyote.http11. AbstractHttp11Processor.
>         process( AbstractHttp11Processor.java: 999)
>                org.apache.coyote. AbstractProtocol$
>         AbstractConnectionHandler. process(AbstractProtocol.java: 565)
>         org.apache.tomcat.util.net
>         <http://org.apache.tomcat.util.net>.
>         JIoEndpoint$SocketProcessor. run(JIoEndpoint.java:309)
>                java.util.concurrent. ThreadPoolExecutor$Worker.
>         runTask(ThreadPoolExecutor. java:886)
>                java.util.concurrent. ThreadPoolExecutor$Worker.run(
>         ThreadPoolExecutor.java:908)
>                java.lang.Thread.run(Thread. java:662)
>
>         *root cause*
>
>
>         org.springframework.beans. NotWritablePropertyException: Invalid
>         property 'encryptionName' of bean class
>         [org.apache.cxf.sts.service. StaticService]: Bean property
>         'encryptionName' is not writable or has an invalid setter
>         method. Does
>         the parameter type of the setter match the return type of the
>         getter?
>                org.springframework.beans. BeanWrapperImpl.
>         setPropertyValue( BeanWrapperImpl.java:1052)
>                org.springframework.beans. BeanWrapperImpl.
>         setPropertyValue( BeanWrapperImpl.java:921)
>                org.springframework.beans. AbstractPropertyAccessor.
>         setPropertyValues( AbstractPropertyAccessor.java: 76)
>                org.springframework.beans. AbstractPropertyAccessor.
>         setPropertyValues( AbstractPropertyAccessor.java: 58)
>                org.springframework.beans. factory.support.
>         AbstractAutowireCapableBeanFac tory.applyPropertyValues(
>         AbstractAutowireCapableBeanFac tory.java:1358)
>                org.springframework.beans. factory.support.
>         AbstractAutowireCapableBeanFac tory.populateBean(
>         AbstractAutowireCapableBeanFac tory.java:1086)
>                org.springframework.beans. factory.support.
>         AbstractAutowireCapableBeanFac tory.doCreateBean(
>         AbstractAutowireCapableBeanFac tory.java:517)
>                org.springframework.beans. factory.support.
>         AbstractAutowireCapableBeanFac tory.createBean(
>         AbstractAutowireCapableBeanFac tory.java:456)
>                org.springframework.beans. factory.support.
>         AbstractBeanFactory$1. getObject(AbstractBeanFactory. java:293)
>                org.springframework.beans. factory.support.
>         DefaultSingletonBeanRegistry. getSingleton(
>         DefaultSingletonBeanRegistry. java:222)
>                org.springframework.beans. factory.support.
>         AbstractBeanFactory.doGetBean( AbstractBeanFactory.java:290)
>                org.springframework.beans. factory.support.
>         AbstractBeanFactory.getBean( AbstractBeanFactory.java:192)
>                org.springframework.beans. factory.support.
>         BeanDefinitionValueResolver. resolveReference(
>         BeanDefinitionValueResolver. java:322)
>                org.springframework.beans. factory.support.
>         BeanDefinitionValueResolver. resolveValueIfNecessary(
>         BeanDefinitionValueResolver. java:106)
>                org.springframework.beans. factory.support.
>         AbstractAutowireCapableBeanFac tory.applyPropertyValues(
>         AbstractAutowireCapableBeanFac tory.java:1325)
>                org.springframework.beans. factory.support.
>         AbstractAutowireCapableBeanFac tory.populateBean(
>         AbstractAutowireCapableBeanFac tory.java:1086)
>                org.springframework.beans. factory.support.
>         AbstractAutowireCapableBeanFac tory.doCreateBean(
>         AbstractAutowireCapableBeanFac tory.java:517)
>                org.springframework.beans. factory.support.
>         AbstractAutowireCapableBeanFac tory.createBean(
>         AbstractAutowireCapableBeanFac tory.java:456)
>                org.springframework.beans. factory.support.
>         AbstractBeanFactory$1. getObject(AbstractBeanFactory. java:293)
>                org.springframework.beans. factory.support.
>         DefaultSingletonBeanRegistry. getSingleton(
>         DefaultSingletonBeanRegistry. java:222)
>                org.springframework.beans. factory.support.
>         AbstractBeanFactory.doGetBean( AbstractBeanFactory.java:290)
>                org.springframework.beans. factory.support.
>         AbstractBeanFactory.getBean( AbstractBeanFactory.java:192)
>                org.springframework.beans. factory.support.
>         BeanDefinitionValueResolver. resolveReference(
>         BeanDefinitionValueResolver. java:322)
>                org.springframework.beans. factory.support.
>         BeanDefinitionValueResolver. resolveValueIfNecessary(
>         BeanDefinitionValueResolver. java:106)
>                org.springframework.beans. factory.support.
>         AbstractAutowireCapableBeanFac tory.applyPropertyValues(
>         AbstractAutowireCapableBeanFac tory.java:1325)
>                org.springframework.beans. factory.support.
>         AbstractAutowireCapableBeanFac tory.populateBean(
>         AbstractAutowireCapableBeanFac tory.java:1086)
>                org.springframework.beans. factory.support.
>         AbstractAutowireCapableBeanFac tory.doCreateBean(
>         AbstractAutowireCapableBeanFac tory.java:517)
>                org.springframework.beans. factory.support.
>         AbstractAutowireCapableBeanFac tory.createBean(
>         AbstractAutowireCapableBeanFac tory.java:456)
>                org.springframework.beans. factory.support.
>         AbstractBeanFactory$1. getObject(AbstractBeanFactory. java:293)
>                org.springframework.beans. factory.support.
>         DefaultSingletonBeanRegistry. getSingleton(
>         DefaultSingletonBeanRegistry. java:222)
>                org.springframework.beans. factory.support.
>         AbstractBeanFactory.doGetBean( AbstractBeanFactory.java:290)
>                org.springframework.beans. factory.support.
>         AbstractBeanFactory.getBean( AbstractBeanFactory.java:192)
>                org.springframework.beans. factory.support.
>         DefaultListableBeanFactory. preInstantiateSingletons(
>         DefaultListableBeanFactory. java:585)
>                org.springframework.context. support.
>         AbstractApplicationContext. finishBeanFactoryInitializatio
>         n(AbstractApplicationContext. java:895)
>                org.springframework.context. support.
>         AbstractApplicationContext. refresh(
>         AbstractApplicationContext. java:425)
>                org.apache.cxf.transport. servlet.CXFServlet.
>         createSpringContext( CXFServlet.java:146)
>                org.apache.cxf.transport. servlet.CXFServlet.loadBus(
>         CXFServlet.java:72)
>                org.apache.cxf.transport. servlet.CXFNonSpringServlet.
>         init(CXFNonSpringServlet.java: 67)
>                org.apache.catalina. authenticator.
>         AuthenticatorBase.invoke( AuthenticatorBase.java:472)
>                org.apache.catalina.valves. ErrorReportValve.invoke(
>         ErrorReportValve.java:98)
>                org.apache.catalina.valves. AccessLogValve.invoke(
>         AccessLogValve.java:927)
>                org.apache.catalina.connector. CoyoteAdapter.service(
>         CoyoteAdapter.java:407)
>                org.apache.coyote.http11. AbstractHttp11Processor.
>         process( AbstractHttp11Processor.java: 999)
>                org.apache.coyote. AbstractProtocol$
>         AbstractConnectionHandler. process(AbstractProtocol.java: 565)
>         org.apache.tomcat.util.net
>         <http://org.apache.tomcat.util.net>.
>         JIoEndpoint$SocketProcessor. run(JIoEndpoint.java:309)
>                java.util.concurrent. ThreadPoolExecutor$Worker.
>         runTask(ThreadPoolExecutor. java:886)
>                java.util.concurrent. ThreadPoolExecutor$Worker.run(
>         ThreadPoolExecutor.java:908)
>                java.lang.Thread.run(Thread. java:662)
>
>
>
>     --
>     Glen Mazza
>     Talend Community Coders
>     coders.talend.com <http://coders.talend.com>
>     blog: www.jroller.com/gmazza <http://www.jroller.com/gmazza>
>
>


--
Glen Mazza
Talend Community Coders
coders.talend.com
blog: www.jroller.com/gmazza

Reply | Threaded
Open this post in threaded view
|

Re: Proglem with loading Apache CXF STS with UT authentication

Gina Choi
Hi Glen,

I was looking at
http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/cxf-ut.xml?view=markup
.

Later I was able to fix it based on apache-cxf-2.6.0-src.
You have DoubleItSTSService.wsdl file under \client\src\main\resources as
well. What is role of the wsdl file in client side? The content should be
same as sts side?

Thanks.

Gina

On Thu, May 24, 2012 at 10:06 PM, Glen Mazza <[hidden email]> wrote:

> Hmm, the sample doesn't have encryptionName under utService:
> http://svn.apache.org/viewvc/**cxf/trunk/distribution/src/**
> main/release/samples/sts/src/**demo/wssec/sts/wssec-sts.xml?**
> revision=1190520&view=markup#**l69<http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/sts/wssec-sts.xml?revision=1190520&view=markup#l69>
>
> I'm not sure why you're placing such a property in.
>
> Glen
Reply | Threaded
Open this post in threaded view
|

Re: Proglem with loading Apache CXF STS with UT authentication

Gina Choi
Please ignore my previous email. I am confused myself.

Thanks.

Gina
On Fri, May 25, 2012 at 10:08 AM, Gina Choi <[hidden email]> wrote:

> Hi Glen,
>
> I was looking at
> http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/cxf-ut.xml?view=markup
> .
>
> Later I was able to fix it based on apache-cxf-2.6.0-src.
> You have DoubleItSTSService.wsdl file under \client\src\main\resources as
> well. What is role of the wsdl file in client side? The content should be
> same as sts side?
>
> Thanks.
>
> Gina
>
> On Thu, May 24, 2012 at 10:06 PM, Glen Mazza <[hidden email]> wrote:
>
>> Hmm, the sample doesn't have encryptionName under utService:
>> http://svn.apache.org/viewvc/**cxf/trunk/distribution/src/**
>> main/release/samples/sts/src/**demo/wssec/sts/wssec-sts.xml?**
>> revision=1190520&view=markup#**l69<http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/sts/wssec-sts.xml?revision=1190520&view=markup#l69>
>>
>> I'm not sure why you're placing such a property in.
>>
>> Glen
>
>
Reply | Threaded
Open this post in threaded view
|

Re: Proglem with loading Apache CXF STS with UT authentication

Glen Mazza (Talend)
In reply to this post by Gina Choi
That file is referenced in the cxf.xml
(https://github.com/gmazza/blog-samples/blob/master/cxf_sts_tutorial/client/src/main/resources/cxf.xml)
and used by the SOAP client to determine the authentication method it
needs to use when interacting with the STS.  (It might be redundant in
cases where the SOAP client makes a MEX--MetadataExchange--call to
retrieve that same WSDL--I'd have to look more into that.)

Yes, it should be the same as the STS WSDL -- it looks duplicative only
because the sample tutorial bundles the STS and WSC together but
normally separate teams would be handling each component, each with a
copy of the WSDL in their own project

Glen

On 05/25/2012 10:08 AM, Gina Choi wrote:

> Hi Glen,
> I was looking at
> http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/cxf-ut.xml?view=markup.
> Later I was able to fix it based on apache-cxf-2.6.0-src.
> You have DoubleItSTSService.wsdl file under \client\src\main\resources
> as well. What is role of the wsdl file in client side? The content
> should be same as sts side?
> Thanks.
> Gina
> On Thu, May 24, 2012 at 10:06 PM, Glen Mazza <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     Hmm, the sample doesn't have encryptionName under utService:
>     http://svn.apache.org/viewvc/ cxf/trunk/distribution/src/
>     main/release/samples/sts/src/ demo/wssec/sts/wssec-sts.xml?
>     revision=1190520&view=markup# l69
>     <http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/sts/wssec-sts.xml?revision=1190520&view=markup#l69>
>
>     I'm not sure why you're placing such a property in.
>
>     Glen
>


--
Glen Mazza
Talend Community Coders
coders.talend.com
blog: www.jroller.com/gmazza

Reply | Threaded
Open this post in threaded view
|

Re: Proglem with loading Apache CXF STS with UT authentication

Gina Choi
Both web service and STS up running, but when I execute client on the
command line, I am seeing following error message in Tomcat log. Have been
try to figure this out.

---------------------------
ID: 1
Response-Code: 500
Encoding: UTF-8
Content-Type: text/xml
Headers: {}
Payload: <soap:Envelope xmlns:soap="
http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><soap:Fault><faultcode>soap:Client</faultcode><faultstring>Generalsecurity
error (No certificates were found for decryption
(KeyId))</faultstring></soap:Fault></soap:Body></soap:Envelope>
--------------------------------------
May 25, 2012 12:42:12 PM
org.apache.cxf.services.SecurityTokenService.UT_Port.STS
INFO: Inbound Message
----------------------------
ID: 2
Address: http://localhost:8088/DoubleItSTS/UT
Encoding: UTF-8
Http-Method: POST
Content-Type: text/xml; charset=UTF-8
Headers: {Accept=[*/*], cache-control=[no-cache], connection=[keep-alive],
content-type=[text/xml; charset=UTF-8], host=[localhost:8088],
pragma=[no-cache], SOAPAction=["
http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"],
transfer-encoding=[chunked], user-agent=[Apache CXF 2.6.0]}
Payload: <soap:Envelope xmlns:soap="
http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><Action xmlns="
http://www.w3.org/2005/08/addressing" xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="Id-22089110">
http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</Action><MessageID
xmlns="http://www.w3.org/2005/08/addressing" xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="Id-8082967">urn:uuid:8aae248b-5070-483f-aeb6-7f25e4949d2b</MessageID><To
xmlns="http://www.w3.org/2005/08/addressing" xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="Id-12116">http://localhost:8088/DoubleItSTS/UT</To><ReplyTo xmlns="
http://www.w3.org/2005/08/addressing" xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="Id-2314373"><Address>http://www.w3.org/2005/08/addressing/anonymous</Address></ReplyTo><wsse:Security
xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
soap:mustUnderstand="1"><wsu:Timestamp
wsu:Id="TS-1"><wsu:Created>2012-05-25T16:42:12.623Z</wsu:Created><wsu:Expires>2012-05-25T16:47:12.623Z</wsu:Expires></wsu:Timestamp><xenc:EncryptedKey
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Id="EK-86B5117A9FA78EFD2213379641328211"><xenc:EncryptionMethod Algorithm="
http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/><ds:KeyInfo xmlns:ds="
http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReferencexmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:KeyIdentifierEncodingType="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">yGuKymFPtTn/J/Hq7DHGxcwJ9IA=</wsse:KeyIdentifier></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>z13XYFuuSxQxtzB/X+9rLUoTZeWoCqKdARCF97Zw8MvvrTuipnLxlOGVr5sk81DzT6cA2EB92KS+AXT1S7y1TMESb3aLWLiCOle4o+ima89bTByqRe2GukztJ8GiLANkMzvoc8uiluL4IaWw+ORdCn2iMhX0j6T/E9V+f6mes0g=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey><wsc:DerivedKeyTokenxmlns:wsc="
http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
wsu:Id="DK-3"><wsse:SecurityTokenReference xmlns:wsse11="
http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
wsse11:TokenType="
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"
wsu:Id="STR-86B5117A9FA78EFD2213379641328412"><wsse:Reference
URI="#EK-86B5117A9FA78EFD2213379641328211" ValueType="
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"/></wsse:SecurityTokenReference><wsc:Offset>0</wsc:Offset><wsc:Length>24</wsc:Length><wsc:Nonce>/jXB+2ccMwuCF/6ee7G1nQ==</wsc:Nonce></wsc:DerivedKeyToken><wsc:DerivedKeyTokenxmlns:wsc="
http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
wsu:Id="DK-5"><wsse:SecurityTokenReference xmlns:wsse11="
http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
wsse11:TokenType="
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"
wsu:Id="STR-86B5117A9FA78EFD2213379641328785"><wsse:Reference
URI="#EK-86B5117A9FA78EFD2213379641328211" ValueType="
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"/></wsse:SecurityTokenReference><wsc:Offset>0</wsc:Offset><wsc:Length>32</wsc:Length><wsc:Nonce>x6Kqo/t5hcDb4C53M3Gd9A==</wsc:Nonce></wsc:DerivedKeyToken><xenc:ReferenceListxmlns:xenc="
http://www.w3.org/2001/04/xmlenc#"><xenc:DataReferenceURI="#ED-6"/><xenc:DataReference
URI="#ED-7"/><xenc:DataReference
URI="#ED-8"/></xenc:ReferenceList><xenc:EncryptedData xmlns:xenc="
http://www.w3.org/2001/04/xmlenc#" Id="ED-8" Type="
http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="
http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><ds:KeyInfo xmlns:ds="
http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReferencexmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:ReferenceURI="#DK-5"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>7S/6iJi2pElMDqqqEPNcECQWmHQmSBiKq42bBVaWJahH4+UIvFGj2RYIpKbQxS1S4LkUyHsAvKJzdK0A+kXi+QO+SJwhWG8jNe5Vc6tvyuSS+v9/9yZP12Ys/CUH3pLuRcXtsewsW2LcotgJ2jFckM2OTc4RIeYql2HGN0jjpVxpq5TPbFyaUuU4WrHvm83H5aC7RwdB7qi/EZIYcR6Cb8yukAlNTsjVAmcLw82e4RamsGNICLvM1rXXyoflo6tyyc6cbMTYp+boBBD8BbeulElF/kEoM1BJrgm8c+WsZE2cy600p1cYHnjzLGIHTRd1iuaikykm/NO5CzljwUiEPuJ2CGGQTMxdDXf8XbSrmVY=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData><xenc:EncryptedData
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="ED-7" Type="
http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="
http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><ds:KeyInfo xmlns:ds="
http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReferencexmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:ReferenceURI="#DK-5"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>j6AsZeds87wz/EuoP6oyHbpFBKxuGjpCSe1Zqsin0PAjYS91XyiZ1klBjhrljAMXcKMmjYU6uSv9wrSSefk96GWkjJj77WzglISqfyOelZVVik+S0mcDG+rVZ11HWhOBEol6RYg+yBvGa4L2vp2os1m1DcuLmcKN+7+Iv+lWfWzFQEjWL/wY7maBczmNdTj071bmx9SfvaPD5Ei8Sa5lGy45RSpMq0D4qI2cipi3+6rgYQ04j/T4dPFFLiuSbZmqIWTJMWqeIemnXll6x3noyjRuLXh/lTGIPhKqtEmqxU2vHr2hsPvACA1lJqA5K8pd+Yfh54q6tG0X3hiaZ5KWoimZXDuJnZCqV+Vd3iEXatziFrDVdv2QjdajUHHEuYBEhmHNh8XUqKUDGFIWxnwIKIrKSYgbAB99FOCtrwqyzgpFNQCGB8NZyQJGPgihfpNR7aAt+XpNLF7R77Mq8gTgvHi7CFHv1VD9lXcrX/sP8JwYp3Sx3sQCDwK2ptkW/CDWEIxD9QV955h6pWzOb6cPE/Sb3/YKMEw/HEjAVdq8R/AQ8Ag0eZokqA/85MRm8yvvHwE6s7pkoRlKVwLxXPgqWWP9QBzxiLhaC9qhbtWsLEKmYuorL2tbWW9PvCRrABu4uqhSDeB2UcYENv9abcXZlnM9dm6bzz+ej4/bU3kSUQxi4AlcVuAoJJZQTOvywLGw6OUSZJzI55HnoZ1Db82bEuLdYOk9uYEJvkNVH5BdrqgfOBnUpzGhLQYmFv3JGJNGigyRD0AJnMAYo5Yf7ouLsuQIT0m/j/I8vK+9J3V1jGG4TLBWfO8yJ7Ts53AEcXm90GGUwFE0fSbnjEYW4xIe9O02wsVySsJaDisVifbMZ4FzDsZ+ybhDJ+MQJ3AFWlRV/6IJnS41XjcOqZHdvjdjqeNfD7WyZQUqW8g7MYDzr3wvrkLDi9gsmS98nXRtVBwU5SlkuBV3o1+TChEdK4OnIZdkQI20g4IlE40laAyLd/xIM1qiQjxd1glPuLfPUwPTaH5ZMoH0AJvYle/BRQBtx7reIhldPcd39rrjjjsweOCaIICFHAzjONTjbOd4Q8Br3F86NT4J5MPEN9CIZzoT3FUMZ9+B8HJHwGl6ZQtc3qAr/4RtLWTsdo/lOKNFgAxpJo3kkuHpE01Qjsk3Tqdu1/KjAVmExShJX6fHDYzBPEki3IFE8R+wf7fuy8VOmKabFFilGeTOcVZOmQrblU5Y54GBVjR9z7XIYtA417zXhkR0lzUqqxwARANEGCwn/b65wbhbXmVAUjOMm12FVdQFuXKVgQetu6ezfInDmNH/PxCCvW83DPm2qmlJ9+IcUrQk7MqzB38gxkH19WPb/64gUF09jz+OY5yM4R6PY0tSi9UkQL/i5lH0QVzB/OgdU6rThBqKCpRUdzs1YJPmrzCGdSQXB+MrWpwvhV1+yBct3uhg/vYxxUrZoiOIwfrB1As266/e9bodXbx/PmWQtbcSLlmZ0PKKQf33/OZ8xF9AoY+DbDzlcUiEHANlP0dT5IhgpkXV2G65oxBTxxxQZ4ZzkpyZLfXoTUsuqRj83DITksXOI51Eqg1ijqWf7Dd0lVqdm2lassW/OLdks7Khv9eY0Ss7JDB8Vzk60RHah8+HvZAv2VQJ1qjaOHti3AeP3RoswWApD1BnlUYwdJVyfwvg2GprROxRkjirtnsggQS4xl4+nmUrDM2aM567wM5qftOywvq2wtCNNY9knNG/Wg953EPSDx00JtTif1kqdiBXuzffqWrkPebyq5JB90VlzKnmC82m48e43zBNGyekJuNiBGOap7rSG8C5SAoEX9XyYZeRQZOzlsAdc5lZkkOVVKr+iwFRn3f3cAhr7GeM7rWodx+0fzUAE+z/1DUwbyboNobPd8k4/lWXmnT5wokWT5mpybk+P4Qur1P2Qm5q6YVxDqYCANwYOyOrB3qFdCXBcCZRu54JiZHCXyZRYnTkKPHddSRsDrKM0jT8HlNY+J5Vuv8aKA4vnbo+P+b4TXvYYUwtWGbsRaSUyYSIRV7HE583zzxVpgBt2T+3eSjfjBWfkVTAEhOK1CdZdt1pBZ9tnf5EYAoENHRsPVsAfcISOAdK+XxAo+K3lXo7PZ75AuY6wmfawUerwMbLuqJxGtkRa7b0i6pY1RuNw91Zbs42NDtUUIV2nTfkBFG4VL1QVGwsG5Z6pmw33sARTl55qCXOIVUC8TChk4vhh3FDclI7ui1elVQdDDeQ7O+aYMb4Yhhh03kHiadCuwDSMN8QG+7GKFSI1e0LDOjUEhwOZwumQdC9xLoES7Oj1lvLEu4eNOxacN70Oa8LVN1QTZh37fqEptuKoOVjkWJ6XyLCpdmlotbMaQ+5a0ABMsb6X/kDLeFwvlZYkCWh6VH9uWuPl293yGqgDHW3h2GkfPMqdVIa+/nzcFVK8sT+UPxKwNMsMB/tGG4KVx9O9fs2nTNncVtR00XvPTWiNVNA7b1wmLkXiiowYtY7CRlZhCI+smsg5vL358v4ZjYlGfJ2Tyjt1oD2mdMP6+O4hPkkS9oWlTWY8jzogT4X5dZs566wvDP4Xs8R40T0yqSnSkuEvJYpKynJURE58Nwlpqme/0lY2vLWr4igu60kKe6CpX0BynXo4NRdF+Zs0+WzUL7LFiqKIExBSrLtqcSUnPJGyCIAE7B0I6SbykEYk9pEGHrR7r6K0Wp8FSYpXTmr1QylpL2kSKIMsCGCxV7uzOTAXAToP8Nb46WUPDhoABmAoqGBu8XPfrCZF9lMKfzpL2x2VQyU/JVWnNvLcCGCPRboagBY+c/EZlmhkhbZ9NSkTs5GDDMISWHss1OX83yOZUpjcGZYtCNFDdSuDR9Tuu6SadiTdC2N604YJmUv0lldjrAvsTlTeMehJEqaeo+t/Oda7KvsTHPNQ4anUpbXocQYHPYBjoiYMjt+fYd38WDCjW5Nte3s30qIflelXe5bMrIRVGkJuixv0Oyl1YPGRS/VChfnOXfzEY7tqbNIeF1oMC1pzNO/HnebZTc0jlbN7PQyi5yWZB4P+g/5c04yxOo8emSaN3YGwjtpAsP1MJXXfVcNPSC2rEQo2EEDfBfAk9KuHG8sHBbX2iDyDXBM0yj7gwW5Q43I9DLJJxNS3ZNd3NPqK/DsQpbJ6VVVR6hxHFXVnPcFQ61Y+t7O5WZBanOym3/z+Wq00ZHmyxOh9m7zPsdh1xyy6shsu1FJHdZHljSEYno3owKof89mGEyhuZ9sIilwj/e9iUnSOPPCPgkqpZShQagvFEKOHnCb02XIy8uo/g8Z9ACfcQnjAElapl9L8aoLi94/A5/U0XQUtsghZOSedyFlszkHS8GvNQMxVvZ2cE3bsM5naVU6/8aEIpnLakjo+aomtyaOygp0kjff99uW4WjforGLZznY45fYj717aZGDNz5XYrpULCyW6Oi2t4XF+pRy/gL/ULFs1l36WlmpwC/zj/mkApfZuDqSj3zuR+faBCfgenSHJHOpwxk/KG7bnAFh9D7YKx8VKXvHirrZJD1yMLYTrGzVsoADmjMwMjG6Zy3mT7vaiDlo1SrixnT0OKqAR9+i2HwyTVLMxvZWKq4FZwm85gcAoRdi46cBsst/h5HivQfKoM53/SDSgZACG7Sqq97pn1XlzHZ0NNfcd7Nky/4DLri+sYWkEX51jh3/p4gGGOCtI4QxHQGI0tmmwccB4hJFj4p2qvFkqocSUr5lmSx2VPAcQ3bnnnd/C5+9C2Z5TxL9MM1+lW7Q6nyEs0fJGCHJlxHHEjXqpy0zC44d1wtCeO0CnUnOwOb0drd8WcKn7hQSe9iQ+UdQPBw1V1LpdpRVIQk4bNyI44FwDv7MTF1tfKsDcHZeCKa1T6CQ1WgOe2CLhMYAnr0aRHRmrDKKZoAHYtGP5t4LmmGgvWTpB4LofWqhVR/r9xbS/6YOSVFOyjnq1Yq3yqPbg/5DmFpltjVPGT1oulwgdE3b/16n5qsoCHyJumY9poKkzSuwqf8+12tj5NDu8aNLM90at3wmjEMoQDFM98WVRE82CCOcuzot5eGQixmEkzN/lhpnplEeVK1w5SLAaW6HqT9zJYnClYHPqjhG8Cd8Dc6B95UOxX/1AdAJg4nQ8OGTZbVolH3APhiO4frsydSKb9SZ9ZG0Fm+d4c5iUXmB0d076HfAZi4erj6oPaLhnNstmOFEkyQP7OVSDo1F3st6S/AjOMVq4DCWRwCysELggvdj5qT3GLpLdgY7XDmS8QNKqdHP/noLkTotAQMsYEXyQmOJ86IJ5zvr4krCEUMsV2VyvpSSmTubl61jtxYUAYlBzoGVRJDsXXFL+Mr5C+RX2HssUx3Xnl+DRC7WfgwkLbS9vs0QqdIfvJyrKaLyuWbIzsjjnvsyLB2LzqcYj2oi96+s7iWETqvRoBCmZZs8O/6xdS7Ss4FagRbEoENpc5qeJe5f80uTsg3cGA8zDzxEldOieg+PphIpnpNYS2PmrNMKEDD640161RnEJLYzojaFA58t0+vV2bxBZtjmKZ7nujMHjHcmJLsfv8UoH8FPzB39tJS41P0QRI0UDKQ0DANcuufJGAkYAz1hfhiT+zdUs1oH+dlHYw4ETtj7THKrCytgDea2s2gXFd3wSpts6AdfGqS2/Tfek4kTdejcqmd0uE/horn4KUTJ3hffuQ/W53x9iQqwyUSNZzGgqoMKoY8DJQBVCUtdyHrQ8Sq+3HSXpcA224tJgCjFLBWE6i7jb4ASBvzF3NgwPvGTVkAbDxWPWAefu3ryUgVb29ipKznbJIkMYvdvd3y4U5JNYu8yxliPMaixmo7EuYJz/E2IOaV+arxO+OA3G1T787L+9FzK5Ibo0pAkVgyKQIKYPklPjRTBoSNoxh7wvbaRhnHvRo8MYse4yGts2y48J+o69+hmbJdUaX3UgvwC88gQNoPX8mUuiJ4JN752gw==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></wsse:Security></soap:Header><soap:Body
xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="Id-10623141"><xenc:EncryptedData xmlns:xenc="
http://www.w3.org/2001/04/xmlenc#" Id="ED-6" Type="
http://www.w3.org/2001/04/xmlenc#Content"><xenc:EncryptionMethod Algorithm="
http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><ds:KeyInfo xmlns:ds="
http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReferencexmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:ReferenceURI="#DK-5"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>R5MO17Yyg162316WY2xNN3rnhCKxZj2n9C2kcFMw3e5pkyPXrKJKua9qHBzZTLVUADx1AO+Y+WEeAl8JIAkfvPy7ShWN0hKHIKAyc3J/ir+w+xZ9iQ59LaSgg4s8iVLutxvLJCm3IviJGDz9Hy44RsZp2o3fuaAO4CiOO6BmgSVY8cs7XbKSFUbzqba5oCD4IsGgf7DKpzLYMytIbTzJ7bobaNsfn9qH8JkX0VH8skEPINOemE1SvlsL5ad8fRqF00FOTUAN6UDf5P7qW1Qc10heEQGwDtawF3FrmJtC50ZXpAGopFSou5NaFMjuH+AsElA4a7P0A3+PlCBal3sLOiCdsoAvgTF7zSiDITVtzD73nQPVH3l++Hx+XqIesTvv9zsfWNJL097dQ4J0HefGbCu86Cz1FKwSaZMgomiICe6qA6L1f5Pd6fC2z03iJB0xDZzCAs+ue1CcSy5ui/sx9K+MQchg9lyo6tgK4aj6kvbFR5iA3U9sHtAYrHlyGJgDBOv0CiNKdh4LQ3905iydR0FCalhwmEg02qnSy9xGz7osgnesKsAcY1Rx4yW7JXkViSelKBEI0HXxCnSFb/AwfMfp49Np+xoQcbLihxBtw1XQfOyQkuWPUdRfuTv27T/mVcZaTaIltU5L2CS9EKmqcTr33QZwXNb14jMrwTVzigTcykmHHFS9KKtYBWRsyp1yzctrM59JFYVgGghtybqawgQHxIxV5gN+sP7kTZp0Uy7+5U/D76gDvYarz38xxakwZDasFae3o60hw3coYRwm+GqLPDKEI+X3Un4JAnzxpz1qYIn3M6f+jGTFEUfPafKFrylQYB400Yf/GNHvVkmkMczOspI6oSjWKQWGJZo8MeZjashkggDd7qtazyyoY3Fo2wHmResoI070h2Ch4GxpsNCRSdplOSZKxLSvwqHhdBksW8VeDt2BDgAsuSGznHk2oASLokREmQ3fgci4KzEvy53/MDWo7S02sk0FqF5OfuiQXt0AFPEydJ5ybnlS49xh4HTAG167gZHZGWHzHhPel5npEh+GyVe9yrYzzJ4yal4kXpIbVeyfB5csZGXmic2T/XPCQ97miGCohjEz7q0FXYFUPpROQkvbzSXkRp8naxGpU+dc9JN3fbBHmq0f358cnYOhPs5BEk8Yn/IHtUHLs43n8wogb5958uuOTsH9/E1iZUlDr88iHMousDG5ABxJaZBdyTaark10tavCF0lumYemso3v+77zfHTqsY4D+En69b5U96WHtQz50qzwXZuMZ0dFP5U/pPMlStKGPhVm8W6GD+rHdJjV9yScnyTack3YwBnKCWaqO/zXNG4EzdhHlxKzlW5gGNdSUtqM2HmjtGuNvg/UHe/+VVsJyP21wmxR1FOQfVPyrZS5gsULntB1toXltfpWByVDxJRpGaI9B0bkUuJFCmRcC/H1ej6tkH16+fjzwd8h/2YdJI3bW38mUYPmfE+4fKQZ2ptzGk/PNpGylkyFRBe6tvXhj9RuB1h0bxIX72y8/UJEtGVvEr0VMVcfqKkghTlOtY18C06I1zH0U7zDJbVC/2eO5xQykuj3td2Qj6cPC8q/4xq16FTUpqB6fqunATslBV+/xTEXowkp/8T6Otdivo7ft1OJxY7qtT5mu7GrRoGEMDBN+puH/UNVxLO1MeAUUA7SUxl7V7vcXWvQZURf4VhFf88iOOhKy09Gf23VECFVYryO+75Kthsx92SU+wWzWebApb8DdPkjTRTU3kFT4tgmGDW0czuptk91g4n87rud0orK3bheNmxwqHIbQmwNplFBWkU3QKd82WcBMnykajjyBJfRwbk=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></soap:Body></soap:Envelope>
--------------------------------------
May 25, 2012 12:42:12 PM
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage
WARNING:
org.apache.ws.security.WSSecurityException: General security error (No
certificates were found for decryption (KeyId))
 at
org.apache.ws.security.processor.EncryptedKeyProcessor.getCertificatesFromEncryptedKey(EncryptedKeyProcessor.java:255)
 at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:102)
 at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:397)
 at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:289)
 at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97)
 at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
 at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:122)
 at
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:211)
 at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:213)
 at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:193)
 at
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:129)
 at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:187)
 at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:110)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
 at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:166)
 at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
 at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
 at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
 at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
 at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
 at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
 at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
 at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
 at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
 at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
 at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
 at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
 at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307)
 at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
 at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
 at java.lang.Thread.run(Thread.java:662)
May 25, 2012 12:42:12 PM org.apache.cxf.phase.PhaseInterceptorChain
doDefaultLogging
WARNING: Interceptor for {
http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService#{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Issuehas
thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: General security error (No
certificates were found for decryption (KeyId))
 at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:778)
 at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:357)
 at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97)
 at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
 at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:122)
 at
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:211)
 at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:213)
 at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:193)
 at
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:129)
 at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:187)
 at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:110)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
 at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:166)
 at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
 at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
 at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
 at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
 at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
 at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
 at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
 at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
 at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
 at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
 at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
 at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
 at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307)
 at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
 at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
 at java.lang.Thread.run(Thread.java:662)
Caused by: org.apache.ws.security.WSSecurityException: General security
error (No certificates were found for decryption (KeyId))
 at
org.apache.ws.security.processor.EncryptedKeyProcessor.getCertificatesFromEncryptedKey(EncryptedKeyProcessor.java:255)
 at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:102)
 at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:397)
 at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:289)
 ... 27 more
May 25, 2012 12:42:12 PM
org.apache.cxf.services.SecurityTokenService.UT_Port.STS
INFO: Outbound Message
---------------------------
ID: 2
Response-Code: 500
Encoding: UTF-8
Content-Type: text/xml
Headers: {}
Payload: <soap:Envelope xmlns:soap="
http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><soap:Fault><faultcode>soap:Client</faultcode><faultstring>Generalsecurity
error (No certificates were found for decryption
(KeyId))</faultstring></soap:Fault></soap:Body></soap:Envelope>
--------------------------------------

On Fri, May 25, 2012 at 10:21 AM, Glen Mazza <[hidden email]> wrote:

> That file is referenced in the cxf.xml (https://github.com/gmazza/**
> blog-samples/blob/master/cxf_**sts_tutorial/client/src/main/**
> resources/cxf.xml<https://github.com/gmazza/blog-samples/blob/master/cxf_sts_tutorial/client/src/main/resources/cxf.xml>)
> and used by the SOAP client to determine the authentication method it needs
> to use when interacting with the STS.  (It might be redundant in cases
> where the SOAP client makes a MEX--MetadataExchange--call to retrieve that
> same WSDL--I'd have to look more into that.)
>
> Yes, it should be the same as the STS WSDL -- it looks duplicative only
> because the sample tutorial bundles the STS and WSC together but normally
> separate teams would be handling each component, each with a copy of the
> WSDL in their own project
>
> Glen
>
>
> On 05/25/2012 10:08 AM, Gina Choi wrote:
>
>> Hi Glen,
>> I was looking at http://svn.apache.org/viewvc/**
>> cxf/fediz/trunk/services/sts/**src/main/webapp/WEB-INF/cxf-**
>> ut.xml?view=markup<http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/cxf-ut.xml?view=markup>
>> .
>> Later I was able to fix it based on apache-cxf-2.6.0-src.
>> You have DoubleItSTSService.wsdl file under \client\src\main\resources as
>> well. What is role of the wsdl file in client side? The content should be
>> same as sts side?
>> Thanks.
>> Gina
>> On Thu, May 24, 2012 at 10:06 PM, Glen Mazza <[hidden email] <mailto:
>> [hidden email]>> wrote:
>>
>>    Hmm, the sample doesn't have encryptionName under utService:
>>    http://svn.apache.org/viewvc/ cxf/trunk/distribution/src/
>>    main/release/samples/sts/src/ demo/wssec/sts/wssec-sts.xml?
>>    revision=1190520&view=markup# l69
>>    <http://svn.apache.org/viewvc/**cxf/trunk/distribution/src/**
>> main/release/samples/sts/src/**demo/wssec/sts/wssec-sts.xml?**
>> revision=1190520&view=markup#**l69<http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/sts/wssec-sts.xml?revision=1190520&view=markup#l69>
>> >
>>
>>    I'm not sure why you're placing such a property in.
>>
>>    Glen
>>
>>
>
> --
> Glen Mazza
> Talend Community Coders
> coders.talend.com
> blog: www.jroller.com/gmazza
>
>
Reply | Threaded
Open this post in threaded view
|

Re: Proglem with loading Apache CXF STS with UT authentication

Gina Choi

I have attached zip file of the project in case anyone like to check it out.
 
Thanks.
 
Gina
On Fri, May 25, 2012 at 12:44 PM, Gina Choi <[hidden email]> wrote:
Both web service and STS up running, but when I execute client on the command line, I am seeing following error message in Tomcat log. Have been try to figure this out.
 
---------------------------
ID: 1
Response-Code: 500
Encoding: UTF-8
Content-Type: text/xml
Headers: {}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><soap:Fault><faultcode>soap:Client</faultcode><faultstring>General security error (No certificates were found for decryption (KeyId))</faultstring></soap:Fault></soap:Body></soap:Envelope>
--------------------------------------
May 25, 2012 12:42:12 PM org.apache.cxf.services.SecurityTokenService.UT_Port.STS
INFO: Inbound Message
----------------------------
ID: 2
Address: http://localhost:8088/DoubleItSTS/UT
Encoding: UTF-8
Http-Method: POST
Content-Type: text/xml; charset=UTF-8
Headers: {Accept=[*/*], cache-control=[no-cache], connection=[keep-alive], content-type=[text/xml; charset=UTF-8], host=[localhost:8088], pragma=[no-cache], SOAPAction=["http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"], transfer-encoding=[chunked], user-agent=[Apache CXF 2.6.0]}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><Action xmlns="http://www.w3.org/2005/08/addressing" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-22089110">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</Action><MessageID xmlns="http://www.w3.org/2005/08/addressing" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-8082967">urn:uuid:8aae248b-5070-483f-aeb6-7f25e4949d2b</MessageID><To xmlns="http://www.w3.org/2005/08/addressing" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-12116">http://localhost:8088/DoubleItSTS/UT</To><ReplyTo xmlns="http://www.w3.org/2005/08/addressing" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-2314373"><Address>http://www.w3.org/2005/08/addressing/anonymous</Address></ReplyTo><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1"><wsu:Timestamp wsu:Id="TS-1"><wsu:Created>2012-05-25T16:42:12.623Z</wsu:Created><wsu:Expires>2012-05-25T16:47:12.623Z</wsu:Expires></wsu:Timestamp><xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EK-86B5117A9FA78EFD2213379641328211"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">yGuKymFPtTn/J/Hq7DHGxcwJ9IA=</wsse:KeyIdentifier></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>z13XYFuuSxQxtzB/X+9rLUoTZeWoCqKdARCF97Zw8MvvrTuipnLxlOGVr5sk81DzT6cA2EB92KS+AXT1S7y1TMESb3aLWLiCOle4o+ima89bTByqRe2GukztJ8GiLANkMzvoc8uiluL4IaWw+ORdCn2iMhX0j6T/E9V+f6mes0g=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey><wsc:DerivedKeyToken xmlns:wsc="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" wsu:Id="DK-3"><wsse:SecurityTokenReference xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" wsu:Id="STR-86B5117A9FA78EFD2213379641328412"><wsse:Reference URI="#EK-86B5117A9FA78EFD2213379641328211" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"/></wsse:SecurityTokenReference><wsc:Offset>0</wsc:Offset><wsc:Length>24</wsc:Length><wsc:Nonce>/jXB+2ccMwuCF/6ee7G1nQ==</wsc:Nonce></wsc:DerivedKeyToken><wsc:DerivedKeyToken xmlns:wsc="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" wsu:Id="DK-5"><wsse:SecurityTokenReference xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" wsu:Id="STR-86B5117A9FA78EFD2213379641328785"><wsse:Reference URI="#EK-86B5117A9FA78EFD2213379641328211" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"/></wsse:SecurityTokenReference><wsc:Offset>0</wsc:Offset><wsc:Length>32</wsc:Length><wsc:Nonce>x6Kqo/t5hcDb4C53M3Gd9A==</wsc:Nonce></wsc:DerivedKeyToken><xenc:ReferenceList xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:DataReference URI="#ED-6"/><xenc:DataReference URI="#ED-7"/><xenc:DataReference URI="#ED-8"/></xenc:ReferenceList><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="ED-8" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:Reference URI="#DK-5"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>7S/6iJi2pElMDqqqEPNcECQWmHQmSBiKq42bBVaWJahH4+UIvFGj2RYIpKbQxS1S4LkUyHsAvKJzdK0A+kXi+QO+SJwhWG8jNe5Vc6tvyuSS+v9/9yZP12Ys/CUH3pLuRcXtsewsW2LcotgJ2jFckM2OTc4RIeYql2HGN0jjpVxpq5TPbFyaUuU4WrHvm83H5aC7RwdB7qi/EZIYcR6Cb8yukAlNTsjVAmcLw82e4RamsGNICLvM1rXXyoflo6tyyc6cbMTYp+boBBD8BbeulElF/kEoM1BJrgm8c+WsZE2cy600p1cYHnjzLGIHTRd1iuaikykm/NO5CzljwUiEPuJ2CGGQTMxdDXf8XbSrmVY=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="ED-7" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:Reference URI="#DK-5"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>j6AsZeds87wz/EuoP6oyHbpFBKxuGjpCSe1Zqsin0PAjYS91XyiZ1klBjhrljAMXcKMmjYU6uSv9wrSSefk96GWkjJj77WzglISqfyOelZVVik+S0mcDG+rVZ11HWhOBEol6RYg+yBvGa4L2vp2os1m1DcuLmcKN+7+Iv+lWfWzFQEjWL/wY7maBczmNdTj071bmx9SfvaPD5Ei8Sa5lGy45RSpMq0D4qI2cipi3+6rgYQ04j/T4dPFFLiuSbZmqIWTJMWqeIemnXll6x3noyjRuLXh/lTGIPhKqtEmqxU2vHr2hsPvACA1lJqA5K8pd+Yfh54q6tG0X3hiaZ5KWoimZXDuJnZCqV+Vd3iEXatziFrDVdv2QjdajUHHEuYBEhmHNh8XUqKUDGFIWxnwIKIrKSYgbAB99FOCtrwqyzgpFNQCGB8NZyQJGPgihfpNR7aAt+XpNLF7R77Mq8gTgvHi7CFHv1VD9lXcrX/sP8JwYp3Sx3sQCDwK2ptkW/CDWEIxD9QV955h6pWzOb6cPE/Sb3/YKMEw/HEjAVdq8R/AQ8Ag0eZokqA/85MRm8yvvHwE6s7pkoRlKVwLxXPgqWWP9QBzxiLhaC9qhbtWsLEKmYuorL2tbWW9PvCRrABu4uqhSDeB2UcYENv9abcXZlnM9dm6bzz+ej4/bU3kSUQxi4AlcVuAoJJZQTOvywLGw6OUSZJzI55HnoZ1Db82bEuLdYOk9uYEJvkNVH5BdrqgfOBnUpzGhLQYmFv3JGJNGigyRD0AJnMAYo5Yf7ouLsuQIT0m/j/I8vK+9J3V1jGG4TLBWfO8yJ7Ts53AEcXm90GGUwFE0fSbnjEYW4xIe9O02wsVySsJaDisVifbMZ4FzDsZ+ybhDJ+MQJ3AFWlRV/6IJnS41XjcOqZHdvjdjqeNfD7WyZQUqW8g7MYDzr3wvrkLDi9gsmS98nXRtVBwU5SlkuBV3o1+TChEdK4OnIZdkQI20g4IlE40laAyLd/xIM1qiQjxd1glPuLfPUwPTaH5ZMoH0AJvYle/BRQBtx7reIhldPcd39rrjjjsweOCaIICFHAzjONTjbOd4Q8Br3F86NT4J5MPEN9CIZzoT3FUMZ9+B8HJHwGl6ZQtc3qAr/4RtLWTsdo/lOKNFgAxpJo3kkuHpE01Qjsk3Tqdu1/KjAVmExShJX6fHDYzBPEki3IFE8R+wf7fuy8VOmKabFFilGeTOcVZOmQrblU5Y54GBVjR9z7XIYtA417zXhkR0lzUqqxwARANEGCwn/b65wbhbXmVAUjOMm12FVdQFuXKVgQetu6ezfInDmNH/PxCCvW83DPm2qmlJ9+IcUrQk7MqzB38gxkH19WPb/64gUF09jz+OY5yM4R6PY0tSi9UkQL/i5lH0QVzB/OgdU6rThBqKCpRUdzs1YJPmrzCGdSQXB+MrWpwvhV1+yBct3uhg/vYxxUrZoiOIwfrB1As266/e9bodXbx/PmWQtbcSLlmZ0PKKQf33/OZ8xF9AoY+DbDzlcUiEHANlP0dT5IhgpkXV2G65oxBTxxxQZ4ZzkpyZLfXoTUsuqRj83DITksXOI51Eqg1ijqWf7Dd0lVqdm2lassW/OLdks7Khv9eY0Ss7JDB8Vzk60RHah8+HvZAv2VQJ1qjaOHti3AeP3RoswWApD1BnlUYwdJVyfwvg2GprROxRkjirtnsggQS4xl4+nmUrDM2aM567wM5qftOywvq2wtCNNY9knNG/Wg953EPSDx00JtTif1kqdiBXuzffqWrkPebyq5JB90VlzKnmC82m48e43zBNGyekJuNiBGOap7rSG8C5SAoEX9XyYZeRQZOzlsAdc5lZkkOVVKr+iwFRn3f3cAhr7GeM7rWodx+0fzUAE+z/1DUwbyboNobPd8k4/lWXmnT5wokWT5mpybk+P4Qur1P2Qm5q6YVxDqYCANwYOyOrB3qFdCXBcCZRu54JiZHCXyZRYnTkKPHddSRsDrKM0jT8HlNY+J5Vuv8aKA4vnbo+P+b4TXvYYUwtWGbsRaSUyYSIRV7HE583zzxVpgBt2T+3eSjfjBWfkVTAEhOK1CdZdt1pBZ9tnf5EYAoENHRsPVsAfcISOAdK+XxAo+K3lXo7PZ75AuY6wmfawUerwMbLuqJxGtkRa7b0i6pY1RuNw91Zbs42NDtUUIV2nTfkBFG4VL1QVGwsG5Z6pmw33sARTl55qCXOIVUC8TChk4vhh3FDclI7ui1elVQdDDeQ7O+aYMb4Yhhh03kHiadCuwDSMN8QG+7GKFSI1e0LDOjUEhwOZwumQdC9xLoES7Oj1lvLEu4eNOxacN70Oa8LVN1QTZh37fqEptuKoOVjkWJ6XyLCpdmlotbMaQ+5a0ABMsb6X/kDLeFwvlZYkCWh6VH9uWuPl293yGqgDHW3h2GkfPMqdVIa+/nzcFVK8sT+UPxKwNMsMB/tGG4KVx9O9fs2nTNncVtR00XvPTWiNVNA7b1wmLkXiiowYtY7CRlZhCI+smsg5vL358v4ZjYlGfJ2Tyjt1oD2mdMP6+O4hPkkS9oWlTWY8jzogT4X5dZs566wvDP4Xs8R40T0yqSnSkuEvJYpKynJURE58Nwlpqme/0lY2vLWr4igu60kKe6CpX0BynXo4NRdF+Zs0+WzUL7LFiqKIExBSrLtqcSUnPJGyCIAE7B0I6SbykEYk9pEGHrR7r6K0Wp8FSYpXTmr1QylpL2kSKIMsCGCxV7uzOTAXAToP8Nb46WUPDhoABmAoqGBu8XPfrCZF9lMKfzpL2x2VQyU/JVWnNvLcCGCPRboagBY+c/EZlmhkhbZ9NSkTs5GDDMISWHss1OX83yOZUpjcGZYtCNFDdSuDR9Tuu6SadiTdC2N604YJmUv0lldjrAvsTlTeMehJEqaeo+t/Oda7KvsTHPNQ4anUpbXocQYHPYBjoiYMjt+fYd38WDCjW5Nte3s30qIflelXe5bMrIRVGkJuixv0Oyl1YPGRS/VChfnOXfzEY7tqbNIeF1oMC1pzNO/HnebZTc0jlbN7PQyi5yWZB4P+g/5c04yxOo8emSaN3YGwjtpAsP1MJXXfVcNPSC2rEQo2EEDfBfAk9KuHG8sHBbX2iDyDXBM0yj7gwW5Q43I9DLJJxNS3ZNd3NPqK/DsQpbJ6VVVR6hxHFXVnPcFQ61Y+t7O5WZBanOym3/z+Wq00ZHmyxOh9m7zPsdh1xyy6shsu1FJHdZHljSEYno3owKof89mGEyhuZ9sIilwj/e9iUnSOPPCPgkqpZShQagvFEKOHnCb02XIy8uo/g8Z9ACfcQnjAElapl9L8aoLi94/A5/U0XQUtsghZOSedyFlszkHS8GvNQMxVvZ2cE3bsM5naVU6/8aEIpnLakjo+aomtyaOygp0kjff99uW4WjforGLZznY45fYj717aZGDNz5XYrpULCyW6Oi2t4XF+pRy/gL/ULFs1l36WlmpwC/zj/mkApfZuDqSj3zuR+faBCfgenSHJHOpwxk/KG7bnAFh9D7YKx8VKXvHirrZJD1yMLYTrGzVsoADmjMwMjG6Zy3mT7vaiDlo1SrixnT0OKqAR9+i2HwyTVLMxvZWKq4FZwm85gcAoRdi46cBsst/h5HivQfKoM53/SDSgZACG7Sqq97pn1XlzHZ0NNfcd7Nky/4DLri+sYWkEX51jh3/p4gGGOCtI4QxHQGI0tmmwccB4hJFj4p2qvFkqocSUr5lmSx2VPAcQ3bnnnd/C5+9C2Z5TxL9MM1+lW7Q6nyEs0fJGCHJlxHHEjXqpy0zC44d1wtCeO0CnUnOwOb0drd8WcKn7hQSe9iQ+UdQPBw1V1LpdpRVIQk4bNyI44FwDv7MTF1tfKsDcHZeCKa1T6CQ1WgOe2CLhMYAnr0aRHRmrDKKZoAHYtGP5t4LmmGgvWTpB4LofWqhVR/r9xbS/6YOSVFOyjnq1Yq3yqPbg/5DmFpltjVPGT1oulwgdE3b/16n5qsoCHyJumY9poKkzSuwqf8+12tj5NDu8aNLM90at3wmjEMoQDFM98WVRE82CCOcuzot5eGQixmEkzN/lhpnplEeVK1w5SLAaW6HqT9zJYnClYHPqjhG8Cd8Dc6B95UOxX/1AdAJg4nQ8OGTZbVolH3APhiO4frsydSKb9SZ9ZG0Fm+d4c5iUXmB0d076HfAZi4erj6oPaLhnNstmOFEkyQP7OVSDo1F3st6S/AjOMVq4DCWRwCysELggvdj5qT3GLpLdgY7XDmS8QNKqdHP/noLkTotAQMsYEXyQmOJ86IJ5zvr4krCEUMsV2VyvpSSmTubl61jtxYUAYlBzoGVRJDsXXFL+Mr5C+RX2HssUx3Xnl+DRC7WfgwkLbS9vs0QqdIfvJyrKaLyuWbIzsjjnvsyLB2LzqcYj2oi96+s7iWETqvRoBCmZZs8O/6xdS7Ss4FagRbEoENpc5qeJe5f80uTsg3cGA8zDzxEldOieg+PphIpnpNYS2PmrNMKEDD640161RnEJLYzojaFA58t0+vV2bxBZtjmKZ7nujMHjHcmJLsfv8UoH8FPzB39tJS41P0QRI0UDKQ0DANcuufJGAkYAz1hfhiT+zdUs1oH+dlHYw4ETtj7THKrCytgDea2s2gXFd3wSpts6AdfGqS2/Tfek4kTdejcqmd0uE/horn4KUTJ3hffuQ/W53x9iQqwyUSNZzGgqoMKoY8DJQBVCUtdyHrQ8Sq+3HSXpcA224tJgCjFLBWE6i7jb4ASBvzF3NgwPvGTVkAbDxWPWAefu3ryUgVb29ipKznbJIkMYvdvd3y4U5JNYu8yxliPMaixmo7EuYJz/E2IOaV+arxO+OA3G1T787L+9FzK5Ibo0pAkVgyKQIKYPklPjRTBoSNoxh7wvbaRhnHvRo8MYse4yGts2y48J+o69+hmbJdUaX3UgvwC88gQNoPX8mUuiJ4JN752gw==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></wsse:Security></soap:Header><soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-10623141"><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="ED-6" Type="http://www.w3.org/2001/04/xmlenc#Content"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:Reference URI="#DK-5"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>R5MO17Yyg162316WY2xNN3rnhCKxZj2n9C2kcFMw3e5pkyPXrKJKua9qHBzZTLVUADx1AO+Y+WEeAl8JIAkfvPy7ShWN0hKHIKAyc3J/ir+w+xZ9iQ59LaSgg4s8iVLutxvLJCm3IviJGDz9Hy44RsZp2o3fuaAO4CiOO6BmgSVY8cs7XbKSFUbzqba5oCD4IsGgf7DKpzLYMytIbTzJ7bobaNsfn9qH8JkX0VH8skEPINOemE1SvlsL5ad8fRqF00FOTUAN6UDf5P7qW1Qc10heEQGwDtawF3FrmJtC50ZXpAGopFSou5NaFMjuH+AsElA4a7P0A3+PlCBal3sLOiCdsoAvgTF7zSiDITVtzD73nQPVH3l++Hx+XqIesTvv9zsfWNJL097dQ4J0HefGbCu86Cz1FKwSaZMgomiICe6qA6L1f5Pd6fC2z03iJB0xDZzCAs+ue1CcSy5ui/sx9K+MQchg9lyo6tgK4aj6kvbFR5iA3U9sHtAYrHlyGJgDBOv0CiNKdh4LQ3905iydR0FCalhwmEg02qnSy9xGz7osgnesKsAcY1Rx4yW7JXkViSelKBEI0HXxCnSFb/AwfMfp49Np+xoQcbLihxBtw1XQfOyQkuWPUdRfuTv27T/mVcZaTaIltU5L2CS9EKmqcTr33QZwXNb14jMrwTVzigTcykmHHFS9KKtYBWRsyp1yzctrM59JFYVgGghtybqawgQHxIxV5gN+sP7kTZp0Uy7+5U/D76gDvYarz38xxakwZDasFae3o60hw3coYRwm+GqLPDKEI+X3Un4JAnzxpz1qYIn3M6f+jGTFEUfPafKFrylQYB400Yf/GNHvVkmkMczOspI6oSjWKQWGJZo8MeZjashkggDd7qtazyyoY3Fo2wHmResoI070h2Ch4GxpsNCRSdplOSZKxLSvwqHhdBksW8VeDt2BDgAsuSGznHk2oASLokREmQ3fgci4KzEvy53/MDWo7S02sk0FqF5OfuiQXt0AFPEydJ5ybnlS49xh4HTAG167gZHZGWHzHhPel5npEh+GyVe9yrYzzJ4yal4kXpIbVeyfB5csZGXmic2T/XPCQ97miGCohjEz7q0FXYFUPpROQkvbzSXkRp8naxGpU+dc9JN3fbBHmq0f358cnYOhPs5BEk8Yn/IHtUHLs43n8wogb5958uuOTsH9/E1iZUlDr88iHMousDG5ABxJaZBdyTaark10tavCF0lumYemso3v+77zfHTqsY4D+En69b5U96WHtQz50qzwXZuMZ0dFP5U/pPMlStKGPhVm8W6GD+rHdJjV9yScnyTack3YwBnKCWaqO/zXNG4EzdhHlxKzlW5gGNdSUtqM2HmjtGuNvg/UHe/+VVsJyP21wmxR1FOQfVPyrZS5gsULntB1toXltfpWByVDxJRpGaI9B0bkUuJFCmRcC/H1ej6tkH16+fjzwd8h/2YdJI3bW38mUYPmfE+4fKQZ2ptzGk/PNpGylkyFRBe6tvXhj9RuB1h0bxIX72y8/UJEtGVvEr0VMVcfqKkghTlOtY18C06I1zH0U7zDJbVC/2eO5xQykuj3td2Qj6cPC8q/4xq16FTUpqB6fqunATslBV+/xTEXowkp/8T6Otdivo7ft1OJxY7qtT5mu7GrRoGEMDBN+puH/UNVxLO1MeAUUA7SUxl7V7vcXWvQZURf4VhFf88iOOhKy09Gf23VECFVYryO+75Kthsx92SU+wWzWebApb8DdPkjTRTU3kFT4tgmGDW0czuptk91g4n87rud0orK3bheNmxwqHIbQmwNplFBWkU3QKd82WcBMnykajjyBJfRwbk=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></soap:Body></soap:Envelope>
--------------------------------------
May 25, 2012 12:42:12 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage
WARNING:
org.apache.ws.security.WSSecurityException: General security error (No certificates were found for decryption (KeyId))
 at org.apache.ws.security.processor.EncryptedKeyProcessor.getCertificatesFromEncryptedKey(EncryptedKeyProcessor.java:255)
 at org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:102)
 at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:397)
 at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:289)
 at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97)
 at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
 at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:122)
 at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:211)
 at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:213)
 at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:193)
 at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:129)
 at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:187)
 at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:110)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
 at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:166)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
 at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
 at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
 at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
 at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
 at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307)
 at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
 at java.lang.Thread.run(Thread.java:662)
May 25, 2012 12:42:12 PM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
WARNING: Interceptor for {http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService#{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Issue has thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: General security error (No certificates were found for decryption (KeyId))
 at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:778)
 at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:357)
 at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97)
 at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
 at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:122)
 at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:211)
 at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:213)
 at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:193)
 at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:129)
 at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:187)
 at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:110)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
 at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:166)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
 at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
 at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
 at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
 at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
 at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307)
 at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
 at java.lang.Thread.run(Thread.java:662)
Caused by: org.apache.ws.security.WSSecurityException: General security error (No certificates were found for decryption (KeyId))
 at org.apache.ws.security.processor.EncryptedKeyProcessor.getCertificatesFromEncryptedKey(EncryptedKeyProcessor.java:255)
 at org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:102)
 at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:397)
 at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:289)
 ... 27 more
May 25, 2012 12:42:12 PM org.apache.cxf.services.SecurityTokenService.UT_Port.STS
INFO: Outbound Message
---------------------------
ID: 2
Response-Code: 500
Encoding: UTF-8
Content-Type: text/xml
Headers: {}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><soap:Fault><faultcode>soap:Client</faultcode><faultstring>General security error (No certificates were found for decryption (KeyId))</faultstring></soap:Fault></soap:Body></soap:Envelope>
--------------------------------------
 
On Fri, May 25, 2012 at 10:21 AM, Glen Mazza <[hidden email]> wrote:
That file is referenced in the cxf.xml (https://github.com/gmazza/blog-samples/blob/master/cxf_sts_tutorial/client/src/main/resources/cxf.xml) and used by the SOAP client to determine the authentication method it needs to use when interacting with the STS.  (It might be redundant in cases where the SOAP client makes a MEX--MetadataExchange--call to retrieve that same WSDL--I'd have to look more into that.)

Yes, it should be the same as the STS WSDL -- it looks duplicative only because the sample tutorial bundles the STS and WSC together but normally separate teams would be handling each component, each with a copy of the WSDL in their own project

Glen


On 05/25/2012 10:08 AM, Gina Choi wrote:
Hi Glen,
I was looking at http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/cxf-ut.xml?view=markup.
Later I was able to fix it based on apache-cxf-2.6.0-src.
You have DoubleItSTSService.wsdl file under \client\src\main\resources as well. What is role of the wsdl file in client side? The content should be same as sts side?
Thanks.
Gina
On Thu, May 24, 2012 at 10:06 PM, Glen Mazza <[hidden email] <mailto:[hidden email]>> wrote:

   Hmm, the sample doesn't have encryptionName under utService:
   http://svn.apache.org/viewvc/ cxf/trunk/distribution/src/
   main/release/samples/sts/src/ demo/wssec/sts/wssec-sts.xml?
   revision=1190520&view=markup# l69
   <http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/sts/wssec-sts.xml?revision=1190520&view=markup#l69>

   I'm not sure why you're placing such a property in.

   Glen



--
Glen Mazza
Talend Community Coders
coders.talend.com
blog: www.jroller.com/gmazza




CXFSymmetricUT.zip (50K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Proglem with loading Apache CXF STS with UT authentication

coheigea
Administrator
In reply to this post by Gina Choi
The STS is complaining that it can't find the private key to decrypt the
request. What does your STS configuration look like? Is the private key in
a keystore that is pointed to be a crypto.properties file?

Colm.

On Fri, May 25, 2012 at 5:44 PM, Gina Choi <[hidden email]> wrote:

> Both web service and STS up running, but when I execute client on the
> command line, I am seeing following error message in Tomcat log. Have been
> try to figure this out.
>
> ---------------------------
> ID: 1
> Response-Code: 500
> Encoding: UTF-8
> Content-Type: text/xml
> Headers: {}
> Payload: <soap:Envelope xmlns:soap="
> http://schemas.xmlsoap.org/soap/envelope/
> "><soap:Body><soap:Fault><faultcode>soap:Client</faultcode><faultstring>Generalsecurity
> error (No certificates were found for decryption
> (KeyId))</faultstring></soap:Fault></soap:Body></soap:Envelope>
> --------------------------------------
> May 25, 2012 12:42:12 PM
> org.apache.cxf.services.SecurityTokenService.UT_Port.STS
> INFO: Inbound Message
> ----------------------------
> ID: 2
> Address: http://localhost:8088/DoubleItSTS/UT
> Encoding: UTF-8
> Http-Method: POST
> Content-Type: text/xml; charset=UTF-8
> Headers: {Accept=[*/*], cache-control=[no-cache], connection=[keep-alive],
> content-type=[text/xml; charset=UTF-8], host=[localhost:8088],
> pragma=[no-cache], SOAPAction=["
> http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"],
> transfer-encoding=[chunked], user-agent=[Apache CXF 2.6.0]}
> Payload: <soap:Envelope xmlns:soap="
> http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><Action xmlns="
> http://www.w3.org/2005/08/addressing" xmlns:wsu="
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> wsu:Id="Id-22089110">
> http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue
> </Action><MessageID
> xmlns="http://www.w3.org/2005/08/addressing" xmlns:wsu="
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
>
> wsu:Id="Id-8082967">urn:uuid:8aae248b-5070-483f-aeb6-7f25e4949d2b</MessageID><To
> xmlns="http://www.w3.org/2005/08/addressing" xmlns:wsu="
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> wsu:Id="Id-12116">http://localhost:8088/DoubleItSTS/UT</To><ReplyTo
> xmlns="
> http://www.w3.org/2005/08/addressing" xmlns:wsu="
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> wsu:Id="Id-2314373"><Address>
> http://www.w3.org/2005/08/addressing/anonymous
> </Address></ReplyTo><wsse:Security
> xmlns:wsse="
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> "
> xmlns:wsu="
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> soap:mustUnderstand="1"><wsu:Timestamp
>
> wsu:Id="TS-1"><wsu:Created>2012-05-25T16:42:12.623Z</wsu:Created><wsu:Expires>2012-05-25T16:47:12.623Z</wsu:Expires></wsu:Timestamp><xenc:EncryptedKey
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
> Id="EK-86B5117A9FA78EFD2213379641328211"><xenc:EncryptionMethod Algorithm="
> http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/><ds:KeyInfo xmlns:ds="
> http://www.w3.org/2000/09/xmldsig#
> "><wsse:SecurityTokenReferencexmlns:wsse="
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> "><wsse:KeyIdentifierEncodingType="
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
> "
> ValueType="
>
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
> ">yGuKymFPtTn/J/Hq7DHGxcwJ9IA=</wsse:KeyIdentifier></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>z13XYFuuSxQxtzB/X+9rLUoTZeWoCqKdARCF97Zw8MvvrTuipnLxlOGVr5sk81DzT6cA2EB92KS+AXT1S7y1TMESb3aLWLiCOle4o+ima89bTByqRe2GukztJ8GiLANkMzvoc8uiluL4IaWw+ORdCn2iMhX0j6T/E9V+f6mes0g=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey><wsc:DerivedKeyTokenxmlns:wsc="
> http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> wsu:Id="DK-3"><wsse:SecurityTokenReference xmlns:wsse11="
> http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
> wsse11:TokenType="
>
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
> "
> wsu:Id="STR-86B5117A9FA78EFD2213379641328412"><wsse:Reference
> URI="#EK-86B5117A9FA78EFD2213379641328211" ValueType="
>
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
> "/></wsse:SecurityTokenReference><wsc:Offset>0</wsc:Offset><wsc:Length>24</wsc:Length><wsc:Nonce>/jXB+2ccMwuCF/6ee7G1nQ==</wsc:Nonce></wsc:DerivedKeyToken><wsc:DerivedKeyTokenxmlns:wsc="
> http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> wsu:Id="DK-5"><wsse:SecurityTokenReference xmlns:wsse11="
> http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
> wsse11:TokenType="
>
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
> "
> wsu:Id="STR-86B5117A9FA78EFD2213379641328785"><wsse:Reference
> URI="#EK-86B5117A9FA78EFD2213379641328211" ValueType="
>
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
> "/></wsse:SecurityTokenReference><wsc:Offset>0</wsc:Offset><wsc:Length>32</wsc:Length><wsc:Nonce>x6Kqo/t5hcDb4C53M3Gd9A==</wsc:Nonce></wsc:DerivedKeyToken><xenc:ReferenceListxmlns:xenc="
> http://www.w3.org/2001/04/xmlenc#
> "><xenc:DataReferenceURI="#ED-6"/><xenc:DataReference
> URI="#ED-7"/><xenc:DataReference
> URI="#ED-8"/></xenc:ReferenceList><xenc:EncryptedData xmlns:xenc="
> http://www.w3.org/2001/04/xmlenc#" Id="ED-8" Type="
> http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod
> Algorithm="
> http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><ds:KeyInfo xmlns:ds="
> http://www.w3.org/2000/09/xmldsig#
> "><wsse:SecurityTokenReferencexmlns:wsse="
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> "><wsse:ReferenceURI="#DK-5"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>7S/6iJi2pElMDqqqEPNcECQWmHQmSBiKq42bBVaWJahH4+UIvFGj2RYIpKbQxS1S4LkUyHsAvKJzdK0A+kXi+QO+SJwhWG8jNe5Vc6tvyuSS+v9/9yZP12Ys/CUH3pLuRcXtsewsW2LcotgJ2jFckM2OTc4RIeYql2HGN0jjpVxpq5TPbFyaUuU4WrHvm83H5aC7RwdB7qi/EZIYcR6Cb8yukAlNTsjVAmcLw82e4RamsGNICLvM1rXXyoflo6tyyc6cbMTYp+boBBD8BbeulElF/kEoM1BJrgm8c+WsZE2cy600p1cYHnjzLGIHTRd1iuaikykm/NO5CzljwUiEPuJ2CGGQTMxdDXf8XbSrmVY=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData><xenc:EncryptedData
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="ED-7" Type="
> http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod
> Algorithm="
> http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><ds:KeyInfo xmlns:ds="
> http://www.w3.org/2000/09/xmldsig#
> "><wsse:SecurityTokenReferencexmlns:wsse="
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> "><wsse:ReferenceURI="#DK-5"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>j6AsZeds87wz/EuoP6oyHbpFBKxuGjpCSe1Zqsin0PAjYS91XyiZ1klBjhrljAMXcKMmjYU6uSv9wrSSefk96GWkjJj77WzglISqfyOelZVVik+S0mcDG+rVZ11HWhOBEol6RYg+yBvGa4L2vp2os1m1DcuLmcKN+7+Iv+lWfWzFQEjWL/wY7maBczmNdTj071bmx9SfvaPD5Ei8Sa5lGy45RSpMq0D4qI2cipi3+6rgYQ04j/T4dPFFLiuSbZmqIWTJMWqeIemnXll6x3noyjRuLXh/lTGIPhKqtEmqxU2vHr2hsPvACA1lJqA5K8pd+Yfh54q6tG0X3hiaZ5KWoimZXDuJnZCqV+Vd3iEXatziFrDVdv2QjdajUHHEuYBEhmHNh8XUqKUDGFIWxnwIKIrKSYgbAB99FOCtrwqyzgpFNQCGB8NZyQJGPgihfpNR7aAt+XpNLF7R77Mq8gTgvHi7CFHv1VD9lXcrX/sP8JwYp3Sx3sQCDwK2ptkW/CDWEIxD9QV955h6pWzOb6cPE/Sb3/YKMEw/HEjAVdq8R/AQ8Ag0eZokqA/85MRm8yvvHwE6s7pkoRlKVwLxXPgqWWP9QBzxiLhaC9qhbtWsLEKmYuorL2tbWW9PvCRrABu4uqhSDeB2UcYENv9abcXZlnM9dm6bzz+ej4/bU3kSUQxi4AlcVuAoJJZQTOvywLGw6OUSZJzI55HnoZ1Db82bEuLdYOk9uYEJvkNVH5BdrqgfOBnUpzGhLQYmFv3JGJNGigyRD0AJnMAYo5Yf7ouLsuQIT0m/j/I8vK+9J3V1jGG4TLBWfO8yJ7Ts53AEcXm90GGUwFE0fSbnjEYW4xIe9O02wsVySsJaDisVifbMZ4FzDsZ+ybhDJ+MQJ3AFWlRV/6IJnS41XjcOqZHdvjdjqeNfD7WyZQUqW8g7MYDzr3wvrkLDi9gsmS98nXRtVBwU5SlkuBV3o1+TChEdK4OnIZdkQI20g4IlE40laAyLd/xIM1qiQjxd1glPuLfPUwPTaH5ZMoH0AJvYle/BRQBtx7reIhldPcd39rrjjjsweOCaIICFHAzjONTjbOd4Q8Br3F86NT4J5MPEN9CIZzoT3FUMZ9+B8HJHwGl6ZQtc3qAr/4RtLWTsdo/lOKNFgAxpJo3kkuHpE01Qjsk3Tqdu1/KjAVmExShJX6fHDYzBPEki3IFE8R+wf7fuy8VOmKabFFilGeTOcVZOmQrblU5Y54GBVjR9z7XIYtA417zXhkR0lzUqqxwARANEGCwn/b65wbhbXmVAUjOMm12FVdQFuXKVgQetu6ezfInDmNH/PxCCvW83DPm2qmlJ9+IcUrQk7MqzB38gxkH19WPb/64gUF09jz+OY5yM4R6PY0tSi9UkQL/i5lH0QVzB/OgdU6rThBqKCpRUdzs1YJPmrzCGdSQXB+MrWpwvhV1+yBct3uhg/vYxxUrZoiOIwfrB1As266/e9bodXbx/PmWQtbcSLlmZ0PKKQf33/OZ8xF9AoY+DbDzlcUiEHANlP0dT5IhgpkXV2G65oxBTxxxQZ4ZzkpyZLfXoTUsuqRj83DITksXOI51Eqg1ijqWf7Dd0lVqdm2lassW/OLdks7Khv9eY0Ss7JDB8Vzk60RHah8+HvZAv2VQJ1qjaOHti3AeP3RoswWApD1BnlUYwdJVyfwvg2GprROxRkjirtnsggQS4xl4+nmUrDM2aM567wM5qftOywvq2wtCNNY9knNG/Wg953EPSDx00JtTif1kqdiBXuzffqWrkPebyq5JB90VlzKnmC82m48e43zBNGyekJuNiBGOap7rSG8C5SAoEX9XyYZeRQZOzlsAdc5lZkkOVVKr+iwFRn3f3cAhr7GeM7rWodx+0fzUAE+z/1DUwbyboNobPd8k4/lWXmnT5wokWT5mpybk+P4Qur1P2Qm5q6YVxDqYCANwYOyOrB3qFdCXBcCZRu54JiZHCXyZRYnTkKPHddSRsDrKM0jT8HlNY+J5Vuv8aKA4vnbo+P+b4TXvYYUwtWGbsRaSUyYSIRV7HE583zzxVpgBt2T+3eSjfjBWfkVTAEhOK1CdZdt1pBZ9tnf5EYAoENHRsPVsAfcISOAdK+XxAo+K3lXo7PZ75AuY6wmfawUerwMbLuqJxGtkRa7b0i6pY1RuNw91Zbs42NDtUUIV2nTfkBFG4VL1QVGwsG5Z6pmw33sARTl55qCXOIVUC8TChk4vhh3FDclI7ui1elVQdDDeQ7O+aYMb4Yhhh03kHiadCuwDSMN8QG+7GKFSI1e0LDOjUEhwOZwumQdC9xLoES7Oj1lvLEu4eNOxacN70Oa8LVN1QTZh37fqEptuKoOVjkWJ6XyLCpdmlotbMaQ+5a0ABMsb6X/kDLeFwvlZYkCWh6VH9uWuPl293yGqgDHW3h2GkfPMqdVIa+/nzcFVK8sT+UPxKwNMsMB/tGG4KVx9O9fs2nTNncVtR00XvPTWiNVNA7b1wmLkXiiowYtY7CRlZhCI+smsg5vL358v4ZjYlGfJ2Tyjt1oD2mdMP6+O4hPkkS9oWlTWY8jzogT4X5dZs566wvDP4Xs8R40T0yqSnSkuEvJYpKynJURE58Nwlpqme/0lY2vLWr4igu60kKe6CpX0BynXo4NRdF+Zs0+WzUL7LFiqKIExBSrLtqcSUnPJGyCIAE7B0I6SbykEYk9pEGHrR7r6K0Wp8FSYpXTmr1QylpL2kSKIMsCGCxV7uzOTAXAToP8Nb46WUPDhoABmAoqGBu8XPfrCZF9lMKfzpL2x2VQyU/JVWnNvLcCGCPRboagBY+c/EZlmhkhbZ9NSkTs5GDDMISWHss1OX83yOZUpjcGZYtCNFDdSuDR9Tuu6SadiTdC2N604YJmUv0lldjrAvsTlTeMehJEqaeo+t/Oda7KvsTHPNQ4anUpbXocQYHPYBjoiYMjt+fYd38WDCjW5Nte3s30qIflelXe5bMrIRVGkJuixv0Oyl1YPGRS/VChfnOXfzEY7tqbNIeF1oMC1pzNO/HnebZTc0jlbN7PQyi5yWZB4P+g/5c04yxOo8emSaN3YGwjtpAsP1MJXXfVcNPSC2rEQo2EEDfBfAk9KuHG8sHBbX2iDyDXBM0yj7gwW5Q43I9DLJJxNS3ZNd3NPqK/DsQpbJ6VVVR6hxHFXVnPcFQ61Y+t7O5WZBanOym3/z+Wq00ZHmyxOh9m7zPsdh1xyy6shsu1FJHdZHljSEYno3owKof89mGEyhuZ9sIilwj/e9iUnSOPPCPgkqpZShQagvFEKOHnCb02XIy8uo/g8Z9ACfcQnjAElapl9L8aoLi94/A5/U0XQUtsghZOSedyFlszkHS8GvNQMxVvZ2cE3bsM5naVU6/8aEIpnLakjo+aomtyaOygp0kjff99uW4WjforGLZznY45fYj717aZGDNz5XYrpULCyW6Oi2t4XF+pRy/gL/ULFs1l36WlmpwC/zj/mkApfZuDqSj3zuR+faBCfgenSHJHOpwxk/KG7bnAFh9D7YKx8VKXvHirrZJD1yMLYTrGzVsoADmjMwMjG6Zy3mT7vaiDlo1SrixnT0OKqAR9+i2HwyTVLMxvZWKq4FZwm85gcAoRdi46cBsst/h5HivQfKoM53/SDSgZACG7Sqq97pn1XlzHZ0NNfcd7Nky/4DLri+sYWkEX51jh3/p4gGGOCtI4QxHQGI0tmmwccB4hJFj4p2qvFkqocSUr5lmSx2VPAcQ3bnnnd/C5+9C2Z5TxL9MM1+lW7Q6nyEs0fJGCHJlxHHEjXqpy0zC44d1wtCeO0CnUnOwOb0drd8WcKn7hQSe9iQ+UdQPBw1V1LpdpRVIQk4bNyI44FwDv7MTF1tfKsDcHZeCKa1T6CQ1WgOe2CLhMYAnr0aRHRmrDKKZoAHYtGP5t4LmmGgvWTpB4LofWqhVR/r9xbS/6YOSVFOyjnq1Yq3yqPbg/5DmFpltjVPGT1oulwgdE3b/16n5qsoCHyJumY9poKkzSuwqf8+12tj5NDu8aNLM90at3wmjEMoQDFM98WVRE82CCOcuzot5eGQixmEkzN/lhpnplEeVK1w5SLAaW6HqT9zJYnClYHPqjhG8Cd8Dc6B95UOxX/1AdAJg4nQ8OGTZbVolH3APhiO4frsydSKb9SZ9ZG0Fm+d4c5iUXmB0d076HfAZi4erj6oPaLhnNstmOFEkyQP7OVSDo1F3st6S/AjOMVq4DCWRwCysELggvdj5qT3GLpLdgY7XDmS8QNKqdHP/noLkTotAQMsYEXyQmOJ86IJ5zvr4krCEUMsV2VyvpSSmTubl61jtxYUAYlBzoGVRJDsXXFL+Mr5C+RX2HssUx3Xnl+DRC7WfgwkLbS9vs0QqdIfvJyrKaLyuWbIzsjjnvsyLB2LzqcYj2oi96+s7iWETqvRoBCmZZs8O/6xdS7Ss4FagRbEoENpc5qeJe5f80uTsg3cGA8zDzxEldOieg+PphIpnpNYS2PmrNMKEDD640161RnEJLYzojaFA58t0+vV2bxBZtjmKZ7nujMHjHcmJLsfv8UoH8FPzB39tJS41P0QRI0UDKQ0DANcuufJGAkYAz1hfhiT+zdUs1oH+dlHYw4ETtj7THKrCytgDea2s2gXFd3wSpts6AdfGqS2/Tfek4kTdejcqmd0uE/horn4KUTJ3hffuQ/W53x9iQqwyUSNZzGgqoMKoY8DJQBVCUtdyHrQ8Sq+3HSXpcA224tJgCjFLBWE6i7jb4ASBvzF3NgwPvGTVkAbDxWPWAefu3ryUgVb29ipKznbJIkMYvdvd3y4U5JNYu8yxliPMaixmo7EuYJz/E2IOaV+arxO+OA3G1T787L+9FzK5Ibo0pAkVgyKQIKYPklPjRTBoSNoxh7wvbaRhnHvRo8MYse4yGts2y48J+o69+hmbJdUaX3UgvwC88gQNoPX8mUuiJ4JN752gw==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></wsse:Security></soap:Header><soap:Body
> xmlns:wsu="
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> wsu:Id="Id-10623141"><xenc:EncryptedData xmlns:xenc="
> http://www.w3.org/2001/04/xmlenc#" Id="ED-6" Type="
> http://www.w3.org/2001/04/xmlenc#Content"><xenc:EncryptionMethod
> Algorithm="
> http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><ds:KeyInfo xmlns:ds="
> http://www.w3.org/2000/09/xmldsig#
> "><wsse:SecurityTokenReferencexmlns:wsse="
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> "><wsse:ReferenceURI="#DK-5"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>R5MO17Yyg162316WY2xNN3rnhCKxZj2n9C2kcFMw3e5pkyPXrKJKua9qHBzZTLVUADx1AO+Y+WEeAl8JIAkfvPy7ShWN0hKHIKAyc3J/ir+w+xZ9iQ59LaSgg4s8iVLutxvLJCm3IviJGDz9Hy44RsZp2o3fuaAO4CiOO6BmgSVY8cs7XbKSFUbzqba5oCD4IsGgf7DKpzLYMytIbTzJ7bobaNsfn9qH8JkX0VH8skEPINOemE1SvlsL5ad8fRqF00FOTUAN6UDf5P7qW1Qc10heEQGwDtawF3FrmJtC50ZXpAGopFSou5NaFMjuH+AsElA4a7P0A3+PlCBal3sLOiCdsoAvgTF7zSiDITVtzD73nQPVH3l++Hx+XqIesTvv9zsfWNJL097dQ4J0HefGbCu86Cz1FKwSaZMgomiICe6qA6L1f5Pd6fC2z03iJB0xDZzCAs+ue1CcSy5ui/sx9K+MQchg9lyo6tgK4aj6kvbFR5iA3U9sHtAYrHlyGJgDBOv0CiNKdh4LQ3905iydR0FCalhwmEg02qnSy9xGz7osgnesKsAcY1Rx4yW7JXkViSelKBEI0HXxCnSFb/AwfMfp49Np+xoQcbLihxBtw1XQfOyQkuWPUdRfuTv27T/mVcZaTaIltU5L2CS9EKmqcTr33QZwXNb14jMrwTVzigTcykmHHFS9KKtYBWRsyp1yzctrM59JFYVgGghtybqawgQHxIxV5gN+sP7kTZp0Uy7+5U/D76gDvYarz38xxakwZDasFae3o60hw3coYRwm+GqLPDKEI+X3Un4JAnzxpz1qYIn3M6f+jGTFEUfPafKFrylQYB400Yf/GNHvVkmkMczOspI6oSjWKQWGJZo8MeZjashkggDd7qtazyyoY3Fo2wHmResoI070h2Ch4GxpsNCRSdplOSZKxLSvwqHhdBksW8VeDt2BDgAsuSGznHk2oASLokREmQ3fgci4KzEvy53/MDWo7S02sk0FqF5OfuiQXt0AFPEydJ5ybnlS49xh4HTAG167gZHZGWHzHhPel5npEh+GyVe9yrYzzJ4yal4kXpIbVeyfB5csZGXmic2T/XPCQ97miGCohjEz7q0FXYFUPpROQkvbzSXkRp8naxGpU+dc9JN3fbBHmq0f358cnYOhPs5BEk8Yn/IHtUHLs43n8wogb5958uuOTsH9/E1iZUlDr88iHMousDG5ABxJaZBdyTaark10tavCF0lumYemso3v+77zfHTqsY4D+En69b5U96WHtQz50qzwXZuMZ0dFP5U/pPMlStKGPhVm8W6GD+rHdJjV9yScnyTack3YwBnKCWaqO/zXNG4EzdhHlxKzlW5gGNdSUtqM2HmjtGuNvg/UHe/+VVsJyP21wmxR1FOQfVPyrZS5gsULntB1toXltfpWByVDxJRpGaI9B0bkUuJFCmRcC/H1ej6tkH16+fjzwd8h/2YdJI3bW38mUYPmfE+4fKQZ2ptzGk/PNpGylkyFRBe6tvXhj9RuB1h0bxIX72y8/UJEtGVvEr0VMVcfqKkghTlOtY18C06I1zH0U7zDJbVC/2eO5xQykuj3td2Qj6cPC8q/4xq16FTUpqB6fqunATslBV+/xTEXowkp/8T6Otdivo7ft1OJxY7qtT5mu7GrRoGEMDBN+puH/UNVxLO1MeAUUA7SUxl7V7vcXWvQZURf4VhFf88iOOhKy09Gf23VECFVYryO+75Kthsx92SU+wWzWebApb8DdPkjTRTU3kFT4tgmGDW0czuptk91g4n87rud0orK3bheNmxwqHIbQmwNplFBWkU3QKd82WcBMnykajjyBJfRwbk=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></soap:Body></soap:Envelope>
> --------------------------------------
> May 25, 2012 12:42:12 PM
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage
> WARNING:
> org.apache.ws.security.WSSecurityException: General security error (No
> certificates were found for decryption (KeyId))
>  at
>
> org.apache.ws.security.processor.EncryptedKeyProcessor.getCertificatesFromEncryptedKey(EncryptedKeyProcessor.java:255)
>  at
>
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:102)
>  at
>
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:397)
>  at
>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:289)
>  at
>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97)
>  at
>
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
>  at
>
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:122)
>  at
>
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:211)
>  at
>
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:213)
>  at
>
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:193)
>  at
>
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:129)
>  at
>
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:187)
>  at
>
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:110)
>  at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
>  at
>
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:166)
>  at
>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
>  at
>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>  at
>
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
>  at
>
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
>  at
>
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
>  at
>
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
>  at
>
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
>  at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
>  at
>
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
>  at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
>  at
>
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
>  at
>
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
>  at
>
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307)
>  at
>
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
>  at
>
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
>  at java.lang.Thread.run(Thread.java:662)
> May 25, 2012 12:42:12 PM org.apache.cxf.phase.PhaseInterceptorChain
> doDefaultLogging
> WARNING: Interceptor for {
>
> http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService#{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Issuehas
> thrown exception, unwinding now
> org.apache.cxf.binding.soap.SoapFault: General security error (No
> certificates were found for decryption (KeyId))
>  at
>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:778)
>  at
>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:357)
>  at
>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97)
>  at
>
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
>  at
>
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:122)
>  at
>
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:211)
>  at
>
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:213)
>  at
>
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:193)
>  at
>
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:129)
>  at
>
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:187)
>  at
>
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:110)
>  at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
>  at
>
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:166)
>  at
>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
>  at
>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>  at
>
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
>  at
>
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
>  at
>
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
>  at
>
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
>  at
>
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
>  at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
>  at
>
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
>  at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
>  at
>
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
>  at
>
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
>  at
>
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307)
>  at
>
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
>  at
>
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
>  at java.lang.Thread.run(Thread.java:662)
> Caused by: org.apache.ws.security.WSSecurityException: General security
> error (No certificates were found for decryption (KeyId))
>  at
>
> org.apache.ws.security.processor.EncryptedKeyProcessor.getCertificatesFromEncryptedKey(EncryptedKeyProcessor.java:255)
>  at
>
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:102)
>  at
>
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:397)
>  at
>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:289)
>  ... 27 more
> May 25, 2012 12:42:12 PM
> org.apache.cxf.services.SecurityTokenService.UT_Port.STS
> INFO: Outbound Message
> ---------------------------
> ID: 2
> Response-Code: 500
> Encoding: UTF-8
> Content-Type: text/xml
> Headers: {}
> Payload: <soap:Envelope xmlns:soap="
> http://schemas.xmlsoap.org/soap/envelope/
> "><soap:Body><soap:Fault><faultcode>soap:Client</faultcode><faultstring>Generalsecurity
> error (No certificates were found for decryption
> (KeyId))</faultstring></soap:Fault></soap:Body></soap:Envelope>
> --------------------------------------
>
> On Fri, May 25, 2012 at 10:21 AM, Glen Mazza <[hidden email]> wrote:
>
> > That file is referenced in the cxf.xml (https://github.com/gmazza/**
> > blog-samples/blob/master/cxf_**sts_tutorial/client/src/main/**
> > resources/cxf.xml<
> https://github.com/gmazza/blog-samples/blob/master/cxf_sts_tutorial/client/src/main/resources/cxf.xml
> >)
> > and used by the SOAP client to determine the authentication method it
> needs
> > to use when interacting with the STS.  (It might be redundant in cases
> > where the SOAP client makes a MEX--MetadataExchange--call to retrieve
> that
> > same WSDL--I'd have to look more into that.)
> >
> > Yes, it should be the same as the STS WSDL -- it looks duplicative only
> > because the sample tutorial bundles the STS and WSC together but normally
> > separate teams would be handling each component, each with a copy of the
> > WSDL in their own project
> >
> > Glen
> >
> >
> > On 05/25/2012 10:08 AM, Gina Choi wrote:
> >
> >> Hi Glen,
> >> I was looking at http://svn.apache.org/viewvc/**
> >> cxf/fediz/trunk/services/sts/**src/main/webapp/WEB-INF/cxf-**
> >> ut.xml?view=markup<
> http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/cxf-ut.xml?view=markup
> >
> >> .
> >> Later I was able to fix it based on apache-cxf-2.6.0-src.
> >> You have DoubleItSTSService.wsdl file under \client\src\main\resources
> as
> >> well. What is role of the wsdl file in client side? The content should
> be
> >> same as sts side?
> >> Thanks.
> >> Gina
> >> On Thu, May 24, 2012 at 10:06 PM, Glen Mazza <[hidden email]<mailto:
> >> [hidden email]>> wrote:
> >>
> >>    Hmm, the sample doesn't have encryptionName under utService:
> >>    http://svn.apache.org/viewvc/ cxf/trunk/distribution/src/
> >>    main/release/samples/sts/src/ demo/wssec/sts/wssec-sts.xml?
> >>    revision=1190520&view=markup# l69
> >>    <http://svn.apache.org/viewvc/**cxf/trunk/distribution/src/**
> >> main/release/samples/sts/src/**demo/wssec/sts/wssec-sts.xml?**
> >> revision=1190520&view=markup#**l69<
> http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/sts/wssec-sts.xml?revision=1190520&view=markup#l69
> >
> >> >
> >>
> >>    I'm not sure why you're placing such a property in.
> >>
> >>    Glen
> >>
> >>
> >
> > --
> > Glen Mazza
> > Talend Community Coders
> > coders.talend.com
> > blog: www.jroller.com/gmazza
> >
> >
>



--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
Reply | Threaded
Open this post in threaded view
|

Re: Proglem with loading Apache CXF STS with UT authentication

Gina Choi
I have this in my stsKeystore.properties. I think that I get
keystore.password wrong. The value that I put is password for strust store.

org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=stsspass
org.apache.ws.security.crypto.merlin.keystore.alias=mystskey
org.apache.ws.security.crypto.merlin.keystore.file=stsstore.jks

The other thing that I might get it wrong is password callback handler. In
case of mystskey and my servicekey, should I put password for sts
truststore? Password for myservicekey is definitely wrong.


                }else if ("mystskey".equals(pc.getIdentifier())) {
                    pc.setPassword("stskpass");
                    break;
                }else if ("myservicekey".equals(pc.getIdentifier())) {
                    pc.setPassword("sspass");
                    break;
                }

On Fri, May 25, 2012 at 2:23 PM, Colm O hEigeartaigh <[hidden email]>wrote:

> The STS is complaining that it can't find the private key to decrypt the
> request. What does your STS configuration look like? Is the private key in
> a keystore that is pointed to be a crypto.properties file?
>
> Colm.
>
> On Fri, May 25, 2012 at 5:44 PM, Gina Choi <[hidden email]> wrote:
>
> > Both web service and STS up running, but when I execute client on the
> > command line, I am seeing following error message in Tomcat log. Have
> been
> > try to figure this out.
> >
> > ---------------------------
> > ID: 1
> > Response-Code: 500
> > Encoding: UTF-8
> > Content-Type: text/xml
> > Headers: {}
> > Payload: <soap:Envelope xmlns:soap="
> > http://schemas.xmlsoap.org/soap/envelope/
> >
> "><soap:Body><soap:Fault><faultcode>soap:Client</faultcode><faultstring>Generalsecurity
> > error (No certificates were found for decryption
> > (KeyId))</faultstring></soap:Fault></soap:Body></soap:Envelope>
> > --------------------------------------
> > May 25, 2012 12:42:12 PM
> > org.apache.cxf.services.SecurityTokenService.UT_Port.STS
> > INFO: Inbound Message
> > ----------------------------
> > ID: 2
> > Address: http://localhost:8088/DoubleItSTS/UT
> > Encoding: UTF-8
> > Http-Method: POST
> > Content-Type: text/xml; charset=UTF-8
> > Headers: {Accept=[*/*], cache-control=[no-cache],
> connection=[keep-alive],
> > content-type=[text/xml; charset=UTF-8], host=[localhost:8088],
> > pragma=[no-cache], SOAPAction=["
> > http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"],
> > transfer-encoding=[chunked], user-agent=[Apache CXF 2.6.0]}
> > Payload: <soap:Envelope xmlns:soap="
> > http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><Action xmlns="
> > http://www.w3.org/2005/08/addressing" xmlns:wsu="
> >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> > "
> > wsu:Id="Id-22089110">
> > http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue
> > </Action><MessageID
> > xmlns="http://www.w3.org/2005/08/addressing" xmlns:wsu="
> >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> > "
> >
> >
> wsu:Id="Id-8082967">urn:uuid:8aae248b-5070-483f-aeb6-7f25e4949d2b</MessageID><To
> > xmlns="http://www.w3.org/2005/08/addressing" xmlns:wsu="
> >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> > "
> > wsu:Id="Id-12116">http://localhost:8088/DoubleItSTS/UT</To><ReplyTo
> > xmlns="
> > http://www.w3.org/2005/08/addressing" xmlns:wsu="
> >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> > "
> > wsu:Id="Id-2314373"><Address>
> > http://www.w3.org/2005/08/addressing/anonymous
> > </Address></ReplyTo><wsse:Security
> > xmlns:wsse="
> >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> > "
> > xmlns:wsu="
> >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> > "
> > soap:mustUnderstand="1"><wsu:Timestamp
> >
> >
> wsu:Id="TS-1"><wsu:Created>2012-05-25T16:42:12.623Z</wsu:Created><wsu:Expires>2012-05-25T16:47:12.623Z</wsu:Expires></wsu:Timestamp><xenc:EncryptedKey
> > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
> > Id="EK-86B5117A9FA78EFD2213379641328211"><xenc:EncryptionMethod
> Algorithm="
> > http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/><ds:KeyInfo xmlns:ds="
> > http://www.w3.org/2000/09/xmldsig#
> > "><wsse:SecurityTokenReferencexmlns:wsse="
> >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> > "><wsse:KeyIdentifierEncodingType="
> >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
> > "
> > ValueType="
> >
> >
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
> >
> ">yGuKymFPtTn/J/Hq7DHGxcwJ9IA=</wsse:KeyIdentifier></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>z13XYFuuSxQxtzB/X+9rLUoTZeWoCqKdARCF97Zw8MvvrTuipnLxlOGVr5sk81DzT6cA2EB92KS+AXT1S7y1TMESb3aLWLiCOle4o+ima89bTByqRe2GukztJ8GiLANkMzvoc8uiluL4IaWw+ORdCn2iMhX0j6T/E9V+f6mes0g=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey><wsc:DerivedKeyTokenxmlns:wsc="
> > http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> > wsu:Id="DK-3"><wsse:SecurityTokenReference xmlns:wsse11="
> > http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
> > wsse11:TokenType="
> >
> >
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
> > "
> > wsu:Id="STR-86B5117A9FA78EFD2213379641328412"><wsse:Reference
> > URI="#EK-86B5117A9FA78EFD2213379641328211" ValueType="
> >
> >
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
> >
> "/></wsse:SecurityTokenReference><wsc:Offset>0</wsc:Offset><wsc:Length>24</wsc:Length><wsc:Nonce>/jXB+2ccMwuCF/6ee7G1nQ==</wsc:Nonce></wsc:DerivedKeyToken><wsc:DerivedKeyTokenxmlns:wsc="
> > http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> > wsu:Id="DK-5"><wsse:SecurityTokenReference xmlns:wsse11="
> > http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
> > wsse11:TokenType="
> >
> >
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
> > "
> > wsu:Id="STR-86B5117A9FA78EFD2213379641328785"><wsse:Reference
> > URI="#EK-86B5117A9FA78EFD2213379641328211" ValueType="
> >
> >
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
> >
> "/></wsse:SecurityTokenReference><wsc:Offset>0</wsc:Offset><wsc:Length>32</wsc:Length><wsc:Nonce>x6Kqo/t5hcDb4C53M3Gd9A==</wsc:Nonce></wsc:DerivedKeyToken><xenc:ReferenceListxmlns:xenc="
> > http://www.w3.org/2001/04/xmlenc#
> > "><xenc:DataReferenceURI="#ED-6"/><xenc:DataReference
> > URI="#ED-7"/><xenc:DataReference
> > URI="#ED-8"/></xenc:ReferenceList><xenc:EncryptedData xmlns:xenc="
> > http://www.w3.org/2001/04/xmlenc#" Id="ED-8" Type="
> > http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod
> > Algorithm="
> > http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><ds:KeyInfo xmlns:ds="
> > http://www.w3.org/2000/09/xmldsig#
> > "><wsse:SecurityTokenReferencexmlns:wsse="
> >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> >
> "><wsse:ReferenceURI="#DK-5"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>7S/6iJi2pElMDqqqEPNcECQWmHQmSBiKq42bBVaWJahH4+UIvFGj2RYIpKbQxS1S4LkUyHsAvKJzdK0A+kXi+QO+SJwhWG8jNe5Vc6tvyuSS+v9/9yZP12Ys/CUH3pLuRcXtsewsW2LcotgJ2jFckM2OTc4RIeYql2HGN0jjpVxpq5TPbFyaUuU4WrHvm83H5aC7RwdB7qi/EZIYcR6Cb8yukAlNTsjVAmcLw82e4RamsGNICLvM1rXXyoflo6tyyc6cbMTYp+boBBD8BbeulElF/kEoM1BJrgm8c+WsZE2cy600p1cYHnjzLGIHTRd1iuaikykm/NO5CzljwUiEPuJ2CGGQTMxdDXf8XbSrmVY=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData><xenc:EncryptedData
> > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="ED-7" Type="
> > http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod
> > Algorithm="
> > http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><ds:KeyInfo xmlns:ds="
> > http://www.w3.org/2000/09/xmldsig#
> > "><wsse:SecurityTokenReferencexmlns:wsse="
> >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> >
> "><wsse:ReferenceURI="#DK-5"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>j6AsZeds87wz/EuoP6oyHbpFBKxuGjpCSe1Zqsin0PAjYS91XyiZ1klBjhrljAMXcKMmjYU6uSv9wrSSefk96GWkjJj77WzglISqfyOelZVVik+S0mcDG+rVZ11HWhOBEol6RYg+yBvGa4L2vp2os1m1DcuLmcKN+7+Iv+lWfWzFQEjWL/wY7maBczmNdTj071bmx9SfvaPD5Ei8Sa5lGy45RSpMq0D4qI2cipi3+6rgYQ04j/T4dPFFLiuSbZmqIWTJMWqeIemnXll6x3noyjRuLXh/lTGIPhKqtEmqxU2vHr2hsPvACA1lJqA5K8pd+Yfh54q6tG0X3hiaZ5KWoimZXDuJnZCqV+Vd3iEXatziFrDVdv2QjdajUHHEuYBEhmHNh8XUqKUDGFIWxnwIKIrKSYgbAB99FOCtrwqyzgpFNQCGB8NZyQJGPgihfpNR7aAt+XpNLF7R77Mq8gTgvHi7CFHv1VD9lXcrX/sP8JwYp3Sx3sQCDwK2ptkW/CDWEIxD9QV955h6pWzOb6cPE/Sb3/YKMEw/HEjAVdq8R/AQ8Ag0eZokqA/85MRm8yvvHwE6s7pkoRlKVwLxXPgqWWP9QBzxiLhaC9qhbtWsLEKmYuorL2tbWW9PvCRrABu4uqhSDeB2UcYENv9abcXZlnM9dm6bzz+ej4/bU3kSUQxi4AlcVuAoJJZQTOvywLGw6OUSZJzI55HnoZ1Db82bEuLdYOk9uYEJvkNVH5BdrqgfOBnUpzGhLQYmFv3JGJNGigyRD0AJnMAYo5Yf7ouLsuQIT0m/j/I8vK+9J3V1jGG4TLBWfO8yJ7Ts53AEcXm90GGUwFE0fSbnjEYW4xIe9O02wsVySsJaDisVifbMZ4FzDsZ+ybhDJ+MQJ3AFWlRV/6IJnS41XjcOqZHdvjdjqeNfD7WyZQUqW8g7MYDzr3wvrkLDi9gsmS98nXRtVBwU5SlkuBV3o1+TChEdK4OnIZdkQI20g4IlE40laAyLd/xIM1qiQjxd1glPuLfPUwPTaH5ZMoH0AJvYle/BRQBtx7reIhldPcd39rrjjjsweOCaIICFHAzjONTjbOd4Q8Br3F86NT4J5MPEN9CIZzoT3FUMZ9+B8HJHwGl6ZQtc3qAr/4RtLWTsdo/lOKNFgAxpJo3kkuHpE01Qjsk3Tqdu1/KjAVmExShJX6fHDYzBPEki3IFE8R+wf7fuy8VOmKabFFilGeTOcVZOmQrblU5Y54GBVjR9z7XIYtA417zXhkR0lzUqqxwARANEGCwn/b65wbhbXmVAUjOMm12FVdQFuXKVgQetu6ezfInDmNH/PxCCvW83DPm2qmlJ9+IcUrQk7MqzB38gxkH19WPb/64gUF09jz+OY5yM4R6PY0tSi9UkQL/i5lH0QVzB/OgdU6rThBqKCpRUdzs1YJPmrzCGdSQXB+MrWpwvhV1+yBct3uhg/vYxxUrZoiOIwfrB1As266/e9bodXbx/PmWQtbcSLlmZ0PKKQf33/OZ8xF9AoY+DbDzlcUiEHANlP0dT5IhgpkXV2G65oxBTxxxQZ4ZzkpyZLfXoTUsuqRj83DITksXOI51Eqg1ijqWf7Dd0lVqdm2lassW/OLdks7Khv9eY0Ss7JDB8Vzk60RHah8+HvZAv2VQJ1qjaOHti3AeP3RoswWApD1BnlUYwdJVyfwvg2GprROxRkjirtnsggQS4xl4+nmUrDM2aM567wM5qftOywvq2wtCNNY9knNG/Wg953EPSDx00JtTif1kqdiBXuzffqWrkPebyq5JB90VlzKnmC82m48e43zBNGyekJuNiBGOap7rSG8C5SAoEX9XyYZeRQZOzlsAdc5lZkkOVVKr+iwFRn3f3cAhr7GeM7rWodx+0fzUAE+z/1DUwbyboNobPd8k4/lWXmnT5wokWT5mpybk+P4Qur1P2Qm5q6YVxDqYCANwYOyOrB3qFdCXBcCZRu54JiZHCXyZRYnTkKPHddSRsDrKM0jT8HlNY+J5Vuv8aKA4vnbo+P+b4TXvYYUwtWGbsRaSUyYSIRV7HE583zzxVpgBt2T+3eSjfjBWfkVTAEhOK1CdZdt1pBZ9tnf5EYAoENHRsPVsAfcISOAdK+XxAo+K3lXo7PZ75AuY6wmfawUerwMbLuqJxGtkRa7b0i6pY1RuNw91Zbs42NDtUUIV2nTfkBFG4VL1QVGwsG5Z6pmw33sARTl55qCXOIVUC8TChk4vhh3FDclI7ui1elVQdDDeQ7O+aYMb4Yhhh03kHiadCuwDSMN8QG+7GKFSI1e0LDOjUEhwOZwumQdC9xLoES7Oj1lvLEu4eNOxacN70Oa8LVN1QTZh37fqEptuKoOVjkWJ6XyLCpdmlotbMaQ+5a0ABMsb6X/kDLeFwvlZYkCWh6VH9uWuPl293yGqgDHW3h2GkfPMqdVIa+/nzcFVK8sT+UPxKwNMsMB/tGG4KVx9O9fs2nTNncVtR00XvPTWiNVNA7b1wmLkXiiowYtY7CRlZhCI+smsg5vL358v4ZjYlGfJ2Tyjt1oD2mdMP6+O4hPkkS9oWlTWY8jzogT4X5dZs566wvDP4Xs8R40T0yqSnSkuEvJYpKynJURE58Nwlpqme/0lY2vLWr4igu60kKe6CpX0BynXo4NRdF+Zs0+WzUL7LFiqKIExBSrLtqcSUnPJGyCIAE7B0I6SbykEYk9pEGHrR7r6K0Wp8FSYpXTmr1QylpL2kSKIMsCGCxV7uzOTAXAToP8Nb46WUPDhoABmAoqGBu8XPfrCZF9lMKfzpL2x2VQyU/JVWnNvLcCGCPRboagBY+c/EZlmhkhbZ9NSkTs5GDDMISWHss1OX83yOZUpjcGZYtCNFDdSuDR9Tuu6SadiTdC2N604YJmUv0lldjrAvsTlTeMehJEqaeo+t/Oda7KvsTHPNQ4anUpbXocQYHPYBjoiYMjt+fYd38WDCjW5Nte3s30qIflelXe5bMrIRVGkJuixv0Oyl1YPGRS/VChfnOXfzEY7tqbNIeF1oMC1pzNO/HnebZTc0jlbN7PQyi5yWZB4P+g/5c04yxOo8emSaN3YGwjtpAsP1MJXXfVcNPSC2rEQo2EEDfBfAk9KuHG8sHBbX2iDyDXBM0yj7gwW5Q43I9DLJJxNS3ZNd3NPqK/DsQpbJ6VVVR6hxHFXVnPcFQ61Y+t7O5WZBanOym3/z+Wq00ZHmyxOh9m7zPsdh1xyy6shsu1FJHdZHljSEYno3owKof89mGEyhuZ9sIilwj/e9iUnSOPPCPgkqpZShQagvFEKOHnCb02XIy8uo/g8Z9ACfcQnjAElapl9L8aoLi94/A5/U0XQUtsghZOSedyFlszkHS8GvNQMxVvZ2cE3bsM5naVU6/8aEIpnLakjo+aomtyaOygp0kjff99uW4WjforGLZznY45fYj717aZGDNz5XYrpULCyW6Oi2t4XF+pRy/gL/ULFs1l36WlmpwC/zj/mkApfZuDqSj3zuR+faBCfgenSHJHOpwxk/KG7bnAFh9D7YKx8VKXvHirrZJD1yMLYTrGzVsoADmjMwMjG6Zy3mT7vaiDlo1SrixnT0OKqAR9+i2HwyTVLMxvZWKq4FZwm85gcAoRdi46cBsst/h5HivQfKoM53/SDSgZACG7Sqq97pn1XlzHZ0NNfcd7Nky/4DLri+sYWkEX51jh3/p4gGGOCtI4QxHQGI0tmmwccB4hJFj4p2qvFkqocSUr5lmSx2VPAcQ3bnnnd/C5+9C2Z5TxL9MM1+lW7Q6nyEs0fJGCHJlxHHEjXqpy0zC44d1wtCeO0CnUnOwOb0drd8WcKn7hQSe9iQ+UdQPBw1V1LpdpRVIQk4bNyI44FwDv7MTF1tfKsDcHZeCKa1T6CQ1WgOe2CLhMYAnr0aRHRmrDKKZoAHYtGP5t4LmmGgvWTpB4LofWqhVR/r9xbS/6YOSVFOyjnq1Yq3yqPbg/5DmFpltjVPGT1oulwgdE3b/16n5qsoCHyJumY9poKkzSuwqf8+12tj5NDu8aNLM90at3wmjEMoQDFM98WVRE82CCOcuzot5eGQixmEkzN/lhpnplEeVK1w5SLAaW6HqT9zJYnClYHPqjhG8Cd8Dc6B95UOxX/1AdAJg4nQ8OGTZbVolH3APhiO4frsydSKb9SZ9ZG0Fm+d4c5iUXmB0d076HfAZi4erj6oPaLhnNstmOFEkyQP7OVSDo1F3st6S/AjOMVq4DCWRwCysELggvdj5qT3GLpLdgY7XDmS8QNKqdHP/noLkTotAQMsYEXyQmOJ86IJ5zvr4krCEUMsV2VyvpSSmTubl61jtxYUAYlBzoGVRJDsXXFL+Mr5C+RX2HssUx3Xnl+DRC7WfgwkLbS9vs0QqdIfvJyrKaLyuWbIzsjjnvsyLB2LzqcYj2oi96+s7iWETqvRoBCmZZs8O/6xdS7Ss4FagRbEoENpc5qeJe5f80uTsg3cGA8zDzxEldOieg+PphIpnpNYS2PmrNMKEDD640161RnEJLYzojaFA58t0+vV2bxBZtjmKZ7nujMHjHcmJLsfv8UoH8FPzB39tJS41P0QRI0UDKQ0DANcuufJGAkYAz1hfhiT+zdUs1oH+dlHYw4ETtj7THKrCytgDea2s2gXFd3wSpts6AdfGqS2/Tfek4kTdejcqmd0uE/horn4KUTJ3hffuQ/W53x9iQqwyUSNZzGgqoMKoY8DJQBVCUtdyHrQ8Sq+3HSXpcA224tJgCjFLBWE6i7jb4ASBvzF3NgwPvGTVkAbDxWPWAefu3ryUgVb29ipKznbJIkMYvdvd3y4U5JNYu8yxliPMaixmo7EuYJz/E2IOaV+arxO+OA3G1T787L+9FzK5Ibo0pAkVgyKQIKYPklPjRTBoSNoxh7wvbaRhnHvRo8MYse4yGts2y48J+o69+hmbJdUaX3UgvwC88gQNoPX8mUuiJ4JN752gw==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></wsse:Security></soap:Header><soap:Body
> > xmlns:wsu="
> >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> > "
> > wsu:Id="Id-10623141"><xenc:EncryptedData xmlns:xenc="
> > http://www.w3.org/2001/04/xmlenc#" Id="ED-6" Type="
> > http://www.w3.org/2001/04/xmlenc#Content"><xenc:EncryptionMethod
> > Algorithm="
> > http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><ds:KeyInfo xmlns:ds="
> > http://www.w3.org/2000/09/xmldsig#
> > "><wsse:SecurityTokenReferencexmlns:wsse="
> >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> >
> "><wsse:ReferenceURI="#DK-5"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>R5MO17Yyg162316WY2xNN3rnhCKxZj2n9C2kcFMw3e5pkyPXrKJKua9qHBzZTLVUADx1AO+Y+WEeAl8JIAkfvPy7ShWN0hKHIKAyc3J/ir+w+xZ9iQ59LaSgg4s8iVLutxvLJCm3IviJGDz9Hy44RsZp2o3fuaAO4CiOO6BmgSVY8cs7XbKSFUbzqba5oCD4IsGgf7DKpzLYMytIbTzJ7bobaNsfn9qH8JkX0VH8skEPINOemE1SvlsL5ad8fRqF00FOTUAN6UDf5P7qW1Qc10heEQGwDtawF3FrmJtC50ZXpAGopFSou5NaFMjuH+AsElA4a7P0A3+PlCBal3sLOiCdsoAvgTF7zSiDITVtzD73nQPVH3l++Hx+XqIesTvv9zsfWNJL097dQ4J0HefGbCu86Cz1FKwSaZMgomiICe6qA6L1f5Pd6fC2z03iJB0xDZzCAs+ue1CcSy5ui/sx9K+MQchg9lyo6tgK4aj6kvbFR5iA3U9sHtAYrHlyGJgDBOv0CiNKdh4LQ3905iydR0FCalhwmEg02qnSy9xGz7osgnesKsAcY1Rx4yW7JXkViSelKBEI0HXxCnSFb/AwfMfp49Np+xoQcbLihxBtw1XQfOyQkuWPUdRfuTv27T/mVcZaTaIltU5L2CS9EKmqcTr33QZwXNb14jMrwTVzigTcykmHHFS9KKtYBWRsyp1yzctrM59JFYVgGghtybqawgQHxIxV5gN+sP7kTZp0Uy7+5U/D76gDvYarz38xxakwZDasFae3o60hw3coYRwm+GqLPDKEI+X3Un4JAnzxpz1qYIn3M6f+jGTFEUfPafKFrylQYB400Yf/GNHvVkmkMczOspI6oSjWKQWGJZo8MeZjashkggDd7qtazyyoY3Fo2wHmResoI070h2Ch4GxpsNCRSdplOSZKxLSvwqHhdBksW8VeDt2BDgAsuSGznHk2oASLokREmQ3fgci4KzEvy53/MDWo7S02sk0FqF5OfuiQXt0AFPEydJ5ybnlS49xh4HTAG167gZHZGWHzHhPel5npEh+GyVe9yrYzzJ4yal4kXpIbVeyfB5csZGXmic2T/XPCQ97miGCohjEz7q0FXYFUPpROQkvbzSXkRp8naxGpU+dc9JN3fbBHmq0f358cnYOhPs5BEk8Yn/IHtUHLs43n8wogb5958uuOTsH9/E1iZUlDr88iHMousDG5ABxJaZBdyTaark10tavCF0lumYemso3v+77zfHTqsY4D+En69b5U96WHtQz50qzwXZuMZ0dFP5U/pPMlStKGPhVm8W6GD+rHdJjV9yScnyTack3YwBnKCWaqO/zXNG4EzdhHlxKzlW5gGNdSUtqM2HmjtGuNvg/UHe/+VVsJyP21wmxR1FOQfVPyrZS5gsULntB1toXltfpWByVDxJRpGaI9B0bkUuJFCmRcC/H1ej6tkH16+fjzwd8h/2YdJI3bW38mUYPmfE+4fKQZ2ptzGk/PNpGylkyFRBe6tvXhj9RuB1h0bxIX72y8/UJEtGVvEr0VMVcfqKkghTlOtY18C06I1zH0U7zDJbVC/2eO5xQykuj3td2Qj6cPC8q/4xq16FTUpqB6fqunATslBV+/xTEXowkp/8T6Otdivo7ft1OJxY7qtT5mu7GrRoGEMDBN+puH/UNVxLO1MeAUUA7SUxl7V7vcXWvQZURf4VhFf88iOOhKy09Gf23VECFVYryO+75Kthsx92SU+wWzWebApb8DdPkjTRTU3kFT4tgmGDW0czuptk91g4n87rud0orK3bheNmxwqHIbQmwNplFBWkU3QKd82WcBMnykajjyBJfRwbk=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></soap:Body></soap:Envelope>
> > --------------------------------------
> > May 25, 2012 12:42:12 PM
> > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage
> > WARNING:
> > org.apache.ws.security.WSSecurityException: General security error (No
> > certificates were found for decryption (KeyId))
> >  at
> >
> >
> org.apache.ws.security.processor.EncryptedKeyProcessor.getCertificatesFromEncryptedKey(EncryptedKeyProcessor.java:255)
> >  at
> >
> >
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:102)
> >  at
> >
> >
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:397)
> >  at
> >
> >
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:289)
> >  at
> >
> >
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97)
> >  at
> >
> >
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
> >  at
> >
> >
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:122)
> >  at
> >
> >
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:211)
> >  at
> >
> >
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:213)
> >  at
> >
> >
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:193)
> >  at
> >
> >
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:129)
> >  at
> >
> >
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:187)
> >  at
> >
> >
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:110)
> >  at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
> >  at
> >
> >
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:166)
> >  at
> >
> >
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
> >  at
> >
> >
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
> >  at
> >
> >
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
> >  at
> >
> >
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
> >  at
> >
> >
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
> >  at
> >
> >
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
> >  at
> >
> >
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
> >  at
> > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
> >  at
> >
> >
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
> >  at
> >
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
> >  at
> >
> >
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
> >  at
> >
> >
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
> >  at
> >
> >
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307)
> >  at
> >
> >
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
> >  at
> >
> >
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
> >  at java.lang.Thread.run(Thread.java:662)
> > May 25, 2012 12:42:12 PM org.apache.cxf.phase.PhaseInterceptorChain
> > doDefaultLogging
> > WARNING: Interceptor for {
> >
> >
> http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService#{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Issuehas
> > thrown exception, unwinding now
> > org.apache.cxf.binding.soap.SoapFault: General security error (No
> > certificates were found for decryption (KeyId))
> >  at
> >
> >
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:778)
> >  at
> >
> >
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:357)
> >  at
> >
> >
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97)
> >  at
> >
> >
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
> >  at
> >
> >
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:122)
> >  at
> >
> >
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:211)
> >  at
> >
> >
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:213)
> >  at
> >
> >
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:193)
> >  at
> >
> >
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:129)
> >  at
> >
> >
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:187)
> >  at
> >
> >
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:110)
> >  at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
> >  at
> >
> >
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:166)
> >  at
> >
> >
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
> >  at
> >
> >
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
> >  at
> >
> >
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
> >  at
> >
> >
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
> >  at
> >
> >
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
> >  at
> >
> >
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
> >  at
> >
> >
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
> >  at
> > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
> >  at
> >
> >
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
> >  at
> >
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
> >  at
> >
> >
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
> >  at
> >
> >
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
> >  at
> >
> >
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307)
> >  at
> >
> >
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
> >  at
> >
> >
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
> >  at java.lang.Thread.run(Thread.java:662)
> > Caused by: org.apache.ws.security.WSSecurityException: General security
> > error (No certificates were found for decryption (KeyId))
> >  at
> >
> >
> org.apache.ws.security.processor.EncryptedKeyProcessor.getCertificatesFromEncryptedKey(EncryptedKeyProcessor.java:255)
> >  at
> >
> >
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:102)
> >  at
> >
> >
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:397)
> >  at
> >
> >
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:289)
> >  ... 27 more
> > May 25, 2012 12:42:12 PM
> > org.apache.cxf.services.SecurityTokenService.UT_Port.STS
> > INFO: Outbound Message
> > ---------------------------
> > ID: 2
> > Response-Code: 500
> > Encoding: UTF-8
> > Content-Type: text/xml
> > Headers: {}
> > Payload: <soap:Envelope xmlns:soap="
> > http://schemas.xmlsoap.org/soap/envelope/
> >
> "><soap:Body><soap:Fault><faultcode>soap:Client</faultcode><faultstring>Generalsecurity
> > error (No certificates were found for decryption
> > (KeyId))</faultstring></soap:Fault></soap:Body></soap:Envelope>
> > --------------------------------------
> >
> > On Fri, May 25, 2012 at 10:21 AM, Glen Mazza <[hidden email]> wrote:
> >
> > > That file is referenced in the cxf.xml (https://github.com/gmazza/**
> > > blog-samples/blob/master/cxf_**sts_tutorial/client/src/main/**
> > > resources/cxf.xml<
> >
> https://github.com/gmazza/blog-samples/blob/master/cxf_sts_tutorial/client/src/main/resources/cxf.xml
> > >)
> > > and used by the SOAP client to determine the authentication method it
> > needs
> > > to use when interacting with the STS.  (It might be redundant in cases
> > > where the SOAP client makes a MEX--MetadataExchange--call to retrieve
> > that
> > > same WSDL--I'd have to look more into that.)
> > >
> > > Yes, it should be the same as the STS WSDL -- it looks duplicative only
> > > because the sample tutorial bundles the STS and WSC together but
> normally
> > > separate teams would be handling each component, each with a copy of
> the
> > > WSDL in their own project
> > >
> > > Glen
> > >
> > >
> > > On 05/25/2012 10:08 AM, Gina Choi wrote:
> > >
> > >> Hi Glen,
> > >> I was looking at http://svn.apache.org/viewvc/**
> > >> cxf/fediz/trunk/services/sts/**src/main/webapp/WEB-INF/cxf-**
> > >> ut.xml?view=markup<
> >
> http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/cxf-ut.xml?view=markup
> > >
> > >> .
> > >> Later I was able to fix it based on apache-cxf-2.6.0-src.
> > >> You have DoubleItSTSService.wsdl file under \client\src\main\resources
> > as
> > >> well. What is role of the wsdl file in client side? The content should
> > be
> > >> same as sts side?
> > >> Thanks.
> > >> Gina
> > >> On Thu, May 24, 2012 at 10:06 PM, Glen Mazza <[hidden email]
> <mailto:
> > >> [hidden email]>> wrote:
> > >>
> > >>    Hmm, the sample doesn't have encryptionName under utService:
> > >>    http://svn.apache.org/viewvc/ cxf/trunk/distribution/src/
> > >>    main/release/samples/sts/src/ demo/wssec/sts/wssec-sts.xml?
> > >>    revision=1190520&view=markup# l69
> > >>    <http://svn.apache.org/viewvc/**cxf/trunk/distribution/src/**
> > >> main/release/samples/sts/src/**demo/wssec/sts/wssec-sts.xml?**
> > >> revision=1190520&view=markup#**l69<
> >
> http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/sts/wssec-sts.xml?revision=1190520&view=markup#l69
> > >
> > >> >
> > >>
> > >>    I'm not sure why you're placing such a property in.
> > >>
> > >>    Glen
> > >>
> > >>
> > >
> > > --
> > > Glen Mazza
> > > Talend Community Coders
> > > coders.talend.com
> > > blog: www.jroller.com/gmazza
> > >
> > >
> >
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
Reply | Threaded
Open this post in threaded view
|

Re: Proglem with loading Apache CXF STS with UT authentication

coheigea
Administrator
The certificate you are using on the client side to encrypt the message to
the STS does not match with the private key of the STS:

Client:

>  keytool -list -keystore src/main/resources/clientstore.jks -alias
mystskey -v
Enter keystore password:
Alias name: mystskey
Creation date: 07-Oct-2011
Entry type: trustedCertEntry

Owner: EMAILADDRESS=[hidden email], CN=Tom Token, O=Sample STS Key --
NOT FOR PRODUCTION USE, L=Baltimore, ST=Maryland, C=US

STS:

>  keytool -list -keystore src/main/resources/stsstore.jks -alias mystskey
-v
Enter keystore password:
Alias name: mystskey
Creation date: 10-Apr-2012
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: EMAILADDRESS=[hidden email], CN=stscn, OU=SCT, O=SDL, L=wakefield,
ST=massachusetts, C=US

Also, your client configuration should look something like this instead:

<jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItPort"
createdFromAPI="true">
       <jaxws:properties>
            <entry key="ws-security.callback-handler"
value="client.ClientCallbackHandler"/>
            <entry key="ws-security.signature.username"
value="myclientkey"/>
            <entry key="ws-security.encryption.username"
value="myservicekey"/>
            <entry key="ws-security.signature.properties"
value="clientKeystore.properties"/>
            <entry key="ws-security.encryption.properties"
value="clientKeystore.properties"/>
            <entry key="ws-security.sts.client">
                <bean class="org.apache.cxf.ws.security.trust.STSClient">
                    <constructor-arg ref="cxf"/>
                    <property name="wsdlLocation"
value="DoubleItSTSService.wsdl"/>
                    <property name="serviceName" value="{
http://docs.oasis-open.org/ws-sx/ws-trust/200512/}DoubleItSTSService"/>
                    <property name="endpointName" value="{
http://docs.oasis-open.org/ws-sx/ws-trust/200512/}DoubleItSTSPort"/>
                    <property name="properties">
                        <map>
                            <entry key="ws-security.signature.username"
value="myclientkey"/>
                            <entry key="ws-security.callback-handler"
value="client.ClientCallbackHandler"/>
                            <entry key="ws-security.username"
value="alice"/>
                            <entry key="ws-security.signature.properties"
value="clientKeystore.properties"/>
                            <entry key="ws-security.encryption.properties"
value="clientKeystore.properties"/>
                            <entry key="ws-security.encryption.username"
value="mystskey"/>
                        </map>
                    </property>
                </bean>
           </entry>
       </jaxws:properties>
   </jaxws:client>

Colm.



On Fri, May 25, 2012 at 7:49 PM, Gina Choi <[hidden email]> wrote:

> I have this in my stsKeystore.properties. I think that I get
> keystore.password wrong. The value that I put is password for strust store.
>
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=stsspass
> org.apache.ws.security.crypto.merlin.keystore.alias=mystskey
> org.apache.ws.security.crypto.merlin.keystore.file=stsstore.jks
>
> The other thing that I might get it wrong is password callback handler. In
> case of mystskey and my servicekey, should I put password for sts
> truststore? Password for myservicekey is definitely wrong.
>
>
>                }else if ("mystskey".equals(pc.getIdentifier())) {
>                    pc.setPassword("stskpass");
>                    break;
>                }else if ("myservicekey".equals(pc.getIdentifier())) {
>                    pc.setPassword("sspass");
>                    break;
>                }
>
> On Fri, May 25, 2012 at 2:23 PM, Colm O hEigeartaigh <[hidden email]
> >wrote:
>
> > The STS is complaining that it can't find the private key to decrypt the
> > request. What does your STS configuration look like? Is the private key
> in
> > a keystore that is pointed to be a crypto.properties file?
> >
> > Colm.
> >
> > On Fri, May 25, 2012 at 5:44 PM, Gina Choi <[hidden email]> wrote:
> >
> > > Both web service and STS up running, but when I execute client on the
> > > command line, I am seeing following error message in Tomcat log. Have
> > been
> > > try to figure this out.
> > >
> > > ---------------------------
> > > ID: 1
> > > Response-Code: 500
> > > Encoding: UTF-8
> > > Content-Type: text/xml
> > > Headers: {}
> > > Payload: <soap:Envelope xmlns:soap="
> > > http://schemas.xmlsoap.org/soap/envelope/
> > >
> >
> "><soap:Body><soap:Fault><faultcode>soap:Client</faultcode><faultstring>Generalsecurity
> > > error (No certificates were found for decryption
> > > (KeyId))</faultstring></soap:Fault></soap:Body></soap:Envelope>
> > > --------------------------------------
> > > May 25, 2012 12:42:12 PM
> > > org.apache.cxf.services.SecurityTokenService.UT_Port.STS
> > > INFO: Inbound Message
> > > ----------------------------
> > > ID: 2
> > > Address: http://localhost:8088/DoubleItSTS/UT
> > > Encoding: UTF-8
> > > Http-Method: POST
> > > Content-Type: text/xml; charset=UTF-8
> > > Headers: {Accept=[*/*], cache-control=[no-cache],
> > connection=[keep-alive],
> > > content-type=[text/xml; charset=UTF-8], host=[localhost:8088],
> > > pragma=[no-cache], SOAPAction=["
> > > http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"],
> > > transfer-encoding=[chunked], user-agent=[Apache CXF 2.6.0]}
> > > Payload: <soap:Envelope xmlns:soap="
> > > http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><Action
> xmlns="
> > > http://www.w3.org/2005/08/addressing" xmlns:wsu="
> > >
> > >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> > > "
> > > wsu:Id="Id-22089110">
> > > http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue
> > > </Action><MessageID
> > > xmlns="http://www.w3.org/2005/08/addressing" xmlns:wsu="
> > >
> > >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> > > "
> > >
> > >
> >
> wsu:Id="Id-8082967">urn:uuid:8aae248b-5070-483f-aeb6-7f25e4949d2b</MessageID><To
> > > xmlns="http://www.w3.org/2005/08/addressing" xmlns:wsu="
> > >
> > >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> > > "
> > > wsu:Id="Id-12116">http://localhost:8088/DoubleItSTS/UT</To><ReplyTo
> > > xmlns="
> > > http://www.w3.org/2005/08/addressing" xmlns:wsu="
> > >
> > >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> > > "
> > > wsu:Id="Id-2314373"><Address>
> > > http://www.w3.org/2005/08/addressing/anonymous
> > > </Address></ReplyTo><wsse:Security
> > > xmlns:wsse="
> > >
> > >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> > > "
> > > xmlns:wsu="
> > >
> > >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> > > "
> > > soap:mustUnderstand="1"><wsu:Timestamp
> > >
> > >
> >
> wsu:Id="TS-1"><wsu:Created>2012-05-25T16:42:12.623Z</wsu:Created><wsu:Expires>2012-05-25T16:47:12.623Z</wsu:Expires></wsu:Timestamp><xenc:EncryptedKey
> > > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
> > > Id="EK-86B5117A9FA78EFD2213379641328211"><xenc:EncryptionMethod
> > Algorithm="
> > > http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/><ds:KeyInfo
> xmlns:ds="
> > > http://www.w3.org/2000/09/xmldsig#
> > > "><wsse:SecurityTokenReferencexmlns:wsse="
> > >
> > >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> > > "><wsse:KeyIdentifierEncodingType="
> > >
> > >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
> > > "
> > > ValueType="
> > >
> > >
> >
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
> > >
> >
> ">yGuKymFPtTn/J/Hq7DHGxcwJ9IA=</wsse:KeyIdentifier></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>z13XYFuuSxQxtzB/X+9rLUoTZeWoCqKdARCF97Zw8MvvrTuipnLxlOGVr5sk81DzT6cA2EB92KS+AXT1S7y1TMESb3aLWLiCOle4o+ima89bTByqRe2GukztJ8GiLANkMzvoc8uiluL4IaWw+ORdCn2iMhX0j6T/E9V+f6mes0g=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey><wsc:DerivedKeyTokenxmlns:wsc="
> > > http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> > > wsu:Id="DK-3"><wsse:SecurityTokenReference xmlns:wsse11="
> > > http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
> > > wsse11:TokenType="
> > >
> > >
> >
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
> > > "
> > > wsu:Id="STR-86B5117A9FA78EFD2213379641328412"><wsse:Reference
> > > URI="#EK-86B5117A9FA78EFD2213379641328211" ValueType="
> > >
> > >
> >
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
> > >
> >
> "/></wsse:SecurityTokenReference><wsc:Offset>0</wsc:Offset><wsc:Length>24</wsc:Length><wsc:Nonce>/jXB+2ccMwuCF/6ee7G1nQ==</wsc:Nonce></wsc:DerivedKeyToken><wsc:DerivedKeyTokenxmlns:wsc="
> > > http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> > > wsu:Id="DK-5"><wsse:SecurityTokenReference xmlns:wsse11="
> > > http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
> > > wsse11:TokenType="
> > >
> > >
> >
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
> > > "
> > > wsu:Id="STR-86B5117A9FA78EFD2213379641328785"><wsse:Reference
> > > URI="#EK-86B5117A9FA78EFD2213379641328211" ValueType="
> > >
> > >
> >
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
> > >
> >
> "/></wsse:SecurityTokenReference><wsc:Offset>0</wsc:Offset><wsc:Length>32</wsc:Length><wsc:Nonce>x6Kqo/t5hcDb4C53M3Gd9A==</wsc:Nonce></wsc:DerivedKeyToken><xenc:ReferenceListxmlns:xenc="
> > > http://www.w3.org/2001/04/xmlenc#
> > > "><xenc:DataReferenceURI="#ED-6"/><xenc:DataReference
> > > URI="#ED-7"/><xenc:DataReference
> > > URI="#ED-8"/></xenc:ReferenceList><xenc:EncryptedData xmlns:xenc="
> > > http://www.w3.org/2001/04/xmlenc#" Id="ED-8" Type="
> > > http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod
> > > Algorithm="
> > > http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><ds:KeyInfo xmlns:ds="
> > > http://www.w3.org/2000/09/xmldsig#
> > > "><wsse:SecurityTokenReferencexmlns:wsse="
> > >
> > >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> > >
> >
> "><wsse:ReferenceURI="#DK-5"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>7S/6iJi2pElMDqqqEPNcECQWmHQmSBiKq42bBVaWJahH4+UIvFGj2RYIpKbQxS1S4LkUyHsAvKJzdK0A+kXi+QO+SJwhWG8jNe5Vc6tvyuSS+v9/9yZP12Ys/CUH3pLuRcXtsewsW2LcotgJ2jFckM2OTc4RIeYql2HGN0jjpVxpq5TPbFyaUuU4WrHvm83H5aC7RwdB7qi/EZIYcR6Cb8yukAlNTsjVAmcLw82e4RamsGNICLvM1rXXyoflo6tyyc6cbMTYp+boBBD8BbeulElF/kEoM1BJrgm8c+WsZE2cy600p1cYHnjzLGIHTRd1iuaikykm/NO5CzljwUiEPuJ2CGGQTMxdDXf8XbSrmVY=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData><xenc:EncryptedData
> > > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="ED-7" Type="
> > > http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod
> > > Algorithm="
> > > http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><ds:KeyInfo xmlns:ds="
> > > http://www.w3.org/2000/09/xmldsig#
> > > "><wsse:SecurityTokenReferencexmlns:wsse="
> > >
> > >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> > >
> >
> "><wsse:ReferenceURI="#DK-5"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>j6AsZeds87wz/EuoP6oyHbpFBKxuGjpCSe1Zqsin0PAjYS91XyiZ1klBjhrljAMXcKMmjYU6uSv9wrSSefk96GWkjJj77WzglISqfyOelZVVik+S0mcDG+rVZ11HWhOBEol6RYg+yBvGa4L2vp2os1m1DcuLmcKN+7+Iv+lWfWzFQEjWL/wY7maBczmNdTj071bmx9SfvaPD5Ei8Sa5lGy45RSpMq0D4qI2cipi3+6rgYQ04j/T4dPFFLiuSbZmqIWTJMWqeIemnXll6x3noyjRuLXh/lTGIPhKqtEmqxU2vHr2hsPvACA1lJqA5K8pd+Yfh54q6tG0X3hiaZ5KWoimZXDuJnZCqV+Vd3iEXatziFrDVdv2QjdajUHHEuYBEhmHNh8XUqKUDGFIWxnwIKIrKSYgbAB99FOCtrwqyzgpFNQCGB8NZyQJGPgihfpNR7aAt+XpNLF7R77Mq8gTgvHi7CFHv1VD9lXcrX/sP8JwYp3Sx3sQCDwK2ptkW/CDWEIxD9QV955h6pWzOb6cPE/Sb3/YKMEw/HEjAVdq8R/AQ8Ag0eZokqA/85MRm8yvvHwE6s7pkoRlKVwLxXPgqWWP9QBzxiLhaC9qhbtWsLEKmYuorL2tbWW9PvCRrABu4uqhSDeB2UcYENv9abcXZlnM9dm6bzz+ej4/bU3kSUQxi4AlcVuAoJJZQTOvywLGw6OUSZJzI55HnoZ1Db82bEuLdYOk9uYEJvkNVH5BdrqgfOBnUpzGhLQYmFv3JGJNGigyRD0AJnMAYo5Yf7ouLsuQIT0m/j/I8vK+9J3V1jGG4TLBWfO8yJ7Ts53AEcXm90GGUwFE0fSbnjEYW4xIe9O02wsVySsJaDisVifbMZ4FzDsZ+ybhDJ+MQJ3AFWlRV/6IJnS41XjcOqZHdvjdjqeNfD7WyZQUqW8g7MYDzr3wvrkLDi9gsmS98nXRtVBwU5SlkuBV3o1+TChEdK4OnIZdkQI20g4IlE40laAyLd/xIM1qiQjxd1glPuLfPUwPTaH5ZMoH0AJvYle/BRQBtx7reIhldPcd39rrjjjsweOCaIICFHAzjONTjbOd4Q8Br3F86NT4J5MPEN9CIZzoT3FUMZ9+B8HJHwGl6ZQtc3qAr/4RtLWTsdo/lOKNFgAxpJo3kkuHpE01Qjsk3Tqdu1/KjAVmExShJX6fHDYzBPEki3IFE8R+wf7fuy8VOmKabFFilGeTOcVZOmQrblU5Y54GBVjR9z7XIYtA417zXhkR0lzUqqxwARANEGCwn/b65wbhbXmVAUjOMm12FVdQFuXKVgQetu6ezfInDmNH/PxCCvW83DPm2qmlJ9+IcUrQk7MqzB38gxkH19WPb/64gUF09jz+OY5yM4R6PY0tSi9UkQL/i5lH0QVzB/OgdU6rThBqKCpRUdzs1YJPmrzCGdSQXB+MrWpwvhV1+yBct3uhg/vYxxUrZoiOIwfrB1As266/e9bodXbx/PmWQtbcSLlmZ0PKKQf33/OZ8xF9AoY+DbDzlcUiEHANlP0dT5IhgpkXV2G65oxBTxxxQZ4ZzkpyZLfXoTUsuqRj83DITksXOI51Eqg1ijqWf7Dd0lVqdm2lassW/OLdks7Khv9eY0Ss7JDB8Vzk60RHah8+HvZAv2VQJ1qjaOHti3AeP3RoswWApD1BnlUYwdJVyfwvg2GprROxRkjirtnsggQS4xl4+nmUrDM2aM567wM5qftOywvq2wtCNNY9knNG/Wg953EPSDx00JtTif1kqdiBXuzffqWrkPebyq5JB90VlzKnmC82m48e43zBNGyekJuNiBGOap7rSG8C5SAoEX9XyYZeRQZOzlsAdc5lZkkOVVKr+iwFRn3f3cAhr7GeM7rWodx+0fzUAE+z/1DUwbyboNobPd8k4/lWXmnT5wokWT5mpybk+P4Qur1P2Qm5q6YVxDqYCANwYOyOrB3qFdCXBcCZRu54JiZHCXyZRYnTkKPHddSRsDrKM0jT8HlNY+J5Vuv8aKA4vnbo+P+b4TXvYYUwtWGbsRaSUyYSIRV7HE583zzxVpgBt2T+3eSjfjBWfkVTAEhOK1CdZdt1pBZ9tnf5EYAoENHRsPVsAfcISOAdK+XxAo+K3lXo7PZ75AuY6wmfawUerwMbLuqJxGtkRa7b0i6pY1RuNw91Zbs42NDtUUIV2nTfkBFG4VL1QVGwsG5Z6pmw33sARTl55qCXOIVUC8TChk4vhh3FDclI7ui1elVQdDDeQ7O+aYMb4Yhhh03kHiadCuwDSMN8QG+7GKFSI1e0LDOjUEhwOZwumQdC9xLoES7Oj1lvLEu4eNOxacN70Oa8LVN1QTZh37fqEptuKoOVjkWJ6XyLCpdmlotbMaQ+5a0ABMsb6X/kDLeFwvlZYkCWh6VH9uWuPl293yGqgDHW3h2GkfPMqdVIa+/nzcFVK8sT+UPxKwNMsMB/tGG4KVx9O9fs2nTNncVtR00XvPTWiNVNA7b1wmLkXiiowYtY7CRlZhCI+smsg5vL358v4ZjYlGfJ2Tyjt1oD2mdMP6+O4hPkkS9oWlTWY8jzogT4X5dZs566wvDP4Xs8R40T0yqSnSkuEvJYpKynJURE58Nwlpqme/0lY2vLWr4igu60kKe6CpX0BynXo4NRdF+Zs0+WzUL7LFiqKIExBSrLtqcSUnPJGyCIAE7B0I6SbykEYk9pEGHrR7r6K0Wp8FSYpXTmr1QylpL2kSKIMsCGCxV7uzOTAXAToP8Nb46WUPDhoABmAoqGBu8XPfrCZF9lMKfzpL2x2VQyU/JVWnNvLcCGCPRboagBY+c/EZlmhkhbZ9NSkTs5GDDMISWHss1OX83yOZUpjcGZYtCNFDdSuDR9Tuu6SadiTdC2N604YJmUv0lldjrAvsTlTeMehJEqaeo+t/Oda7KvsTHPNQ4anUpbXocQYHPYBjoiYMjt+fYd38WDCjW5Nte3s30qIflelXe5bMrIRVGkJuixv0Oyl1YPGRS/VChfnOXfzEY7tqbNIeF1oMC1pzNO/HnebZTc0jlbN7PQyi5yWZB4P+g/5c04yxOo8emSaN3YGwjtpAsP1MJXXfVcNPSC2rEQo2EEDfBfAk9KuHG8sHBbX2iDyDXBM0yj7gwW5Q43I9DLJJxNS3ZNd3NPqK/DsQpbJ6VVVR6hxHFXVnPcFQ61Y+t7O5WZBanOym3/z+Wq00ZHmyxOh9m7zPsdh1xyy6shsu1FJHdZHljSEYno3owKof89mGEyhuZ9sIilwj/e9iUnSOPPCPgkqpZShQagvFEKOHnCb02XIy8uo/g8Z9ACfcQnjAElapl9L8aoLi94/A5/U0XQUtsghZOSedyFlszkHS8GvNQMxVvZ2cE3bsM5naVU6/8aEIpnLakjo+aomtyaOygp0kjff99uW4WjforGLZznY45fYj717aZGDNz5XYrpULCyW6Oi2t4XF+pRy/gL/ULFs1l36WlmpwC/zj/mkApfZuDqSj3zuR+faBCfgenSHJHOpwxk/KG7bnAFh9D7YKx8VKXvHirrZJD1yMLYTrGzVsoADmjMwMjG6Zy3mT7vaiDlo1SrixnT0OKqAR9+i2HwyTVLMxvZWKq4FZwm85gcAoRdi46cBsst/h5HivQfKoM53/SDSgZACG7Sqq97pn1XlzHZ0NNfcd7Nky/4DLri+sYWkEX51jh3/p4gGGOCtI4QxHQGI0tmmwccB4hJFj4p2qvFkqocSUr5lmSx2VPAcQ3bnnnd/C5+9C2Z5TxL9MM1+lW7Q6nyEs0fJGCHJlxHHEjXqpy0zC44d1wtCeO0CnUnOwOb0drd8WcKn7hQSe9iQ+UdQPBw1V1LpdpRVIQk4bNyI44FwDv7MTF1tfKsDcHZeCKa1T6CQ1WgOe2CLhMYAnr0aRHRmrDKKZoAHYtGP5t4LmmGgvWTpB4LofWqhVR/r9xbS/6YOSVFOyjnq1Yq3yqPbg/5DmFpltjVPGT1oulwgdE3b/16n5qsoCHyJumY9poKkzSuwqf8+12tj5NDu8aNLM90at3wmjEMoQDFM98WVRE82CCOcuzot5eGQixmEkzN/lhpnplEeVK1w5SLAaW6HqT9zJYnClYHPqjhG8Cd8Dc6B95UOxX/1AdAJg4nQ8OGTZbVolH3APhiO4frsydSKb9SZ9ZG0Fm+d4c5iUXmB0d076HfAZi4erj6oPaLhnNstmOFEkyQP7OVSDo1F3st6S/AjOMVq4DCWRwCysELggvdj5qT3GLpLdgY7XDmS8QNKqdHP/noLkTotAQMsYEXyQmOJ86IJ5zvr4krCEUMsV2VyvpSSmTubl61jtxYUAYlBzoGVRJDsXXFL+Mr5C+RX2HssUx3Xnl+DRC7WfgwkLbS9vs0QqdIfvJyrKaLyuWbIzsjjnvsyLB2LzqcYj2oi96+s7iWETqvRoBCmZZs8O/6xdS7Ss4FagRbEoENpc5qeJe5f80uTsg3cGA8zDzxEldOieg+PphIpnpNYS2PmrNMKEDD640161RnEJLYzojaFA58t0+vV2bxBZtjmKZ7nujMHjHcmJLsfv8UoH8FPzB39tJS41P0QRI0UDKQ0DANcuufJGAkYAz1hfhiT+zdUs1oH+dlHYw4ETtj7THKrCytgDea2s2gXFd3wSpts6AdfGqS2/Tfek4kTdejcqmd0uE/horn4KUTJ3hffuQ/W53x9iQqwyUSNZzGgqoMKoY8DJQBVCUtdyHrQ8Sq+3HSXpcA224tJgCjFLBWE6i7jb4ASBvzF3NgwPvGTVkAbDxWPWAefu3ryUgVb29ipKznbJIkMYvdvd3y4U5JNYu8yxliPMaixmo7EuYJz/E2IOaV+arxO+OA3G1T787L+9FzK5Ibo0pAkVgyKQIKYPklPjRTBoSNoxh7wvbaRhnHvRo8MYse4yGts2y48J+o69+hmbJdUaX3UgvwC88gQNoPX8mUuiJ4JN752gw==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></wsse:Security></soap:Header><soap:Body
> > > xmlns:wsu="
> > >
> > >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> > > "
> > > wsu:Id="Id-10623141"><xenc:EncryptedData xmlns:xenc="
> > > http://www.w3.org/2001/04/xmlenc#" Id="ED-6" Type="
> > > http://www.w3.org/2001/04/xmlenc#Content"><xenc:EncryptionMethod
> > > Algorithm="
> > > http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><ds:KeyInfo xmlns:ds="
> > > http://www.w3.org/2000/09/xmldsig#
> > > "><wsse:SecurityTokenReferencexmlns:wsse="
> > >
> > >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> > >
> >
> "><wsse:ReferenceURI="#DK-5"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>R5MO17Yyg162316WY2xNN3rnhCKxZj2n9C2kcFMw3e5pkyPXrKJKua9qHBzZTLVUADx1AO+Y+WEeAl8JIAkfvPy7ShWN0hKHIKAyc3J/ir+w+xZ9iQ59LaSgg4s8iVLutxvLJCm3IviJGDz9Hy44RsZp2o3fuaAO4CiOO6BmgSVY8cs7XbKSFUbzqba5oCD4IsGgf7DKpzLYMytIbTzJ7bobaNsfn9qH8JkX0VH8skEPINOemE1SvlsL5ad8fRqF00FOTUAN6UDf5P7qW1Qc10heEQGwDtawF3FrmJtC50ZXpAGopFSou5NaFMjuH+AsElA4a7P0A3+PlCBal3sLOiCdsoAvgTF7zSiDITVtzD73nQPVH3l++Hx+XqIesTvv9zsfWNJL097dQ4J0HefGbCu86Cz1FKwSaZMgomiICe6qA6L1f5Pd6fC2z03iJB0xDZzCAs+ue1CcSy5ui/sx9K+MQchg9lyo6tgK4aj6kvbFR5iA3U9sHtAYrHlyGJgDBOv0CiNKdh4LQ3905iydR0FCalhwmEg02qnSy9xGz7osgnesKsAcY1Rx4yW7JXkViSelKBEI0HXxCnSFb/AwfMfp49Np+xoQcbLihxBtw1XQfOyQkuWPUdRfuTv27T/mVcZaTaIltU5L2CS9EKmqcTr33QZwXNb14jMrwTVzigTcykmHHFS9KKtYBWRsyp1yzctrM59JFYVgGghtybqawgQHxIxV5gN+sP7kTZp0Uy7+5U/D76gDvYarz38xxakwZDasFae3o60hw3coYRwm+GqLPDKEI+X3Un4JAnzxpz1qYIn3M6f+jGTFEUfPafKFrylQYB400Yf/GNHvVkmkMczOspI6oSjWKQWGJZo8MeZjashkggDd7qtazyyoY3Fo2wHmResoI070h2Ch4GxpsNCRSdplOSZKxLSvwqHhdBksW8VeDt2BDgAsuSGznHk2oASLokREmQ3fgci4KzEvy53/MDWo7S02sk0FqF5OfuiQXt0AFPEydJ5ybnlS49xh4HTAG167gZHZGWHzHhPel5npEh+GyVe9yrYzzJ4yal4kXpIbVeyfB5csZGXmic2T/XPCQ97miGCohjEz7q0FXYFUPpROQkvbzSXkRp8naxGpU+dc9JN3fbBHmq0f358cnYOhPs5BEk8Yn/IHtUHLs43n8wogb5958uuOTsH9/E1iZUlDr88iHMousDG5ABxJaZBdyTaark10tavCF0lumYemso3v+77zfHTqsY4D+En69b5U96WHtQz50qzwXZuMZ0dFP5U/pPMlStKGPhVm8W6GD+rHdJjV9yScnyTack3YwBnKCWaqO/zXNG4EzdhHlxKzlW5gGNdSUtqM2HmjtGuNvg/UHe/+VVsJyP21wmxR1FOQfVPyrZS5gsULntB1toXltfpWByVDxJRpGaI9B0bkUuJFCmRcC/H1ej6tkH16+fjzwd8h/2YdJI3bW38mUYPmfE+4fKQZ2ptzGk/PNpGylkyFRBe6tvXhj9RuB1h0bxIX72y8/UJEtGVvEr0VMVcfqKkghTlOtY18C06I1zH0U7zDJbVC/2eO5xQykuj3td2Qj6cPC8q/4xq16FTUpqB6fqunATslBV+/xTEXowkp/8T6Otdivo7ft1OJxY7qtT5mu7GrRoGEMDBN+puH/UNVxLO1MeAUUA7SUxl7V7vcXWvQZURf4VhFf88iOOhKy09Gf23VECFVYryO+75Kthsx92SU+wWzWebApb8DdPkjTRTU3kFT4tgmGDW0czuptk91g4n87rud0orK3bheNmxwqHIbQmwNplFBWkU3QKd82WcBMnykajjyBJfRwbk=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></soap:Body></soap:Envelope>
> > > --------------------------------------
> > > May 25, 2012 12:42:12 PM
> > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage
> > > WARNING:
> > > org.apache.ws.security.WSSecurityException: General security error (No
> > > certificates were found for decryption (KeyId))
> > >  at
> > >
> > >
> >
> org.apache.ws.security.processor.EncryptedKeyProcessor.getCertificatesFromEncryptedKey(EncryptedKeyProcessor.java:255)
> > >  at
> > >
> > >
> >
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:102)
> > >  at
> > >
> > >
> >
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:397)
> > >  at
> > >
> > >
> >
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:289)
> > >  at
> > >
> > >
> >
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97)
> > >  at
> > >
> > >
> >
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
> > >  at
> > >
> > >
> >
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:122)
> > >  at
> > >
> > >
> >
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:211)
> > >  at
> > >
> > >
> >
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:213)
> > >  at
> > >
> > >
> >
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:193)
> > >  at
> > >
> > >
> >
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:129)
> > >  at
> > >
> > >
> >
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:187)
> > >  at
> > >
> > >
> >
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:110)
> > >  at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
> > >  at
> > >
> > >
> >
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:166)
> > >  at
> > >
> > >
> >
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
> > >  at
> > >
> > >
> >
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
> > >  at
> > >
> > >
> >
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
> > >  at
> > >
> > >
> >
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
> > >  at
> > >
> > >
> >
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
> > >  at
> > >
> > >
> >
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
> > >  at
> > >
> > >
> >
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
> > >  at
> > >
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
> > >  at
> > >
> > >
> >
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
> > >  at
> > >
> >
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
> > >  at
> > >
> > >
> >
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
> > >  at
> > >
> > >
> >
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
> > >  at
> > >
> > >
> >
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307)
> > >  at
> > >
> > >
> >
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
> > >  at
> > >
> > >
> >
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
> > >  at java.lang.Thread.run(Thread.java:662)
> > > May 25, 2012 12:42:12 PM org.apache.cxf.phase.PhaseInterceptorChain
> > > doDefaultLogging
> > > WARNING: Interceptor for {
> > >
> > >
> >
> http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService#{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Issuehas
> > > thrown exception, unwinding now
> > > org.apache.cxf.binding.soap.SoapFault: General security error (No
> > > certificates were found for decryption (KeyId))
> > >  at
> > >
> > >
> >
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:778)
> > >  at
> > >
> > >
> >
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:357)
> > >  at
> > >
> > >
> >
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97)
> > >  at
> > >
> > >
> >
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
> > >  at
> > >
> > >
> >
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:122)
> > >  at
> > >
> > >
> >
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:211)
> > >  at
> > >
> > >
> >
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:213)
> > >  at
> > >
> > >
> >
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:193)
> > >  at
> > >
> > >
> >
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:129)
> > >  at
> > >
> > >
> >
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:187)
> > >  at
> > >
> > >
> >
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:110)
> > >  at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
> > >  at
> > >
> > >
> >
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:166)
> > >  at
> > >
> > >
> >
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
> > >  at
> > >
> > >
> >
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
> > >  at
> > >
> > >
> >
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
> > >  at
> > >
> > >
> >
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
> > >  at
> > >
> > >
> >
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
> > >  at
> > >
> > >
> >
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
> > >  at
> > >
> > >
> >
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
> > >  at
> > >
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
> > >  at
> > >
> > >
> >
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
> > >  at
> > >
> >
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
> > >  at
> > >
> > >
> >
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
> > >  at
> > >
> > >
> >
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
> > >  at
> > >
> > >
> >
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307)
> > >  at
> > >
> > >
> >
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
> > >  at
> > >
> > >
> >
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
> > >  at java.lang.Thread.run(Thread.java:662)
> > > Caused by: org.apache.ws.security.WSSecurityException: General security
> > > error (No certificates were found for decryption (KeyId))
> > >  at
> > >
> > >
> >
> org.apache.ws.security.processor.EncryptedKeyProcessor.getCertificatesFromEncryptedKey(EncryptedKeyProcessor.java:255)
> > >  at
> > >
> > >
> >
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:102)
> > >  at
> > >
> > >
> >
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:397)
> > >  at
> > >
> > >
> >
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:289)
> > >  ... 27 more
> > > May 25, 2012 12:42:12 PM
> > > org.apache.cxf.services.SecurityTokenService.UT_Port.STS
> > > INFO: Outbound Message
> > > ---------------------------
> > > ID: 2
> > > Response-Code: 500
> > > Encoding: UTF-8
> > > Content-Type: text/xml
> > > Headers: {}
> > > Payload: <soap:Envelope xmlns:soap="
> > > http://schemas.xmlsoap.org/soap/envelope/
> > >
> >
> "><soap:Body><soap:Fault><faultcode>soap:Client</faultcode><faultstring>Generalsecurity
> > > error (No certificates were found for decryption
> > > (KeyId))</faultstring></soap:Fault></soap:Body></soap:Envelope>
> > > --------------------------------------
> > >
> > > On Fri, May 25, 2012 at 10:21 AM, Glen Mazza <[hidden email]>
> wrote:
> > >
> > > > That file is referenced in the cxf.xml (https://github.com/gmazza/**
> > > > blog-samples/blob/master/cxf_**sts_tutorial/client/src/main/**
> > > > resources/cxf.xml<
> > >
> >
> https://github.com/gmazza/blog-samples/blob/master/cxf_sts_tutorial/client/src/main/resources/cxf.xml
> > > >)
> > > > and used by the SOAP client to determine the authentication method it
> > > needs
> > > > to use when interacting with the STS.  (It might be redundant in
> cases
> > > > where the SOAP client makes a MEX--MetadataExchange--call to retrieve
> > > that
> > > > same WSDL--I'd have to look more into that.)
> > > >
> > > > Yes, it should be the same as the STS WSDL -- it looks duplicative
> only
> > > > because the sample tutorial bundles the STS and WSC together but
> > normally
> > > > separate teams would be handling each component, each with a copy of
> > the
> > > > WSDL in their own project
> > > >
> > > > Glen
> > > >
> > > >
> > > > On 05/25/2012 10:08 AM, Gina Choi wrote:
> > > >
> > > >> Hi Glen,
> > > >> I was looking at http://svn.apache.org/viewvc/**
> > > >> cxf/fediz/trunk/services/sts/**src/main/webapp/WEB-INF/cxf-**
> > > >> ut.xml?view=markup<
> > >
> >
> http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/cxf-ut.xml?view=markup
> > > >
> > > >> .
> > > >> Later I was able to fix it based on apache-cxf-2.6.0-src.
> > > >> You have DoubleItSTSService.wsdl file under
> \client\src\main\resources
> > > as
> > > >> well. What is role of the wsdl file in client side? The content
> should
> > > be
> > > >> same as sts side?
> > > >> Thanks.
> > > >> Gina
> > > >> On Thu, May 24, 2012 at 10:06 PM, Glen Mazza <[hidden email]
> > <mailto:
> > > >> [hidden email]>> wrote:
> > > >>
> > > >>    Hmm, the sample doesn't have encryptionName under utService:
> > > >>    http://svn.apache.org/viewvc/ cxf/trunk/distribution/src/
> > > >>    main/release/samples/sts/src/ demo/wssec/sts/wssec-sts.xml?
> > > >>    revision=1190520&view=markup# l69
> > > >>    <http://svn.apache.org/viewvc/**cxf/trunk/distribution/src/**
> > > >> main/release/samples/sts/src/**demo/wssec/sts/wssec-sts.xml?**
> > > >> revision=1190520&view=markup#**l69<
> > >
> >
> http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/sts/wssec-sts.xml?revision=1190520&view=markup#l69
> > > >
> > > >> >
> > > >>
> > > >>    I'm not sure why you're placing such a property in.
> > > >>
> > > >>    Glen
> > > >>
> > > >>
> > > >
> > > > --
> > > > Glen Mazza
> > > > Talend Community Coders
> > > > coders.talend.com
> > > > blog: www.jroller.com/gmazza
> > > >
> > > >
> > >
> >
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
>



--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
Reply | Threaded
Open this post in threaded view
|

Re: Proglem with loading Apache CXF STS with UT authentication

Gina Choi
Hi Colm,

The client configuration file you provided worked as it is. Thank you. But
I don't have client certificate in both WSP and STS truststore. I also
don't have WSP certificate in client truststore either. Following two
entries are referenced in client configuration file, but they seems get
ignored. Otherwise if request from client to WSP and STS are signed using
clientkey, but without client certificate in both WSP and STS
truststore, how WSP and STS verify client signature?


<entry key="ws-security.signature.username" value="myclientkey"/>
<entry key="ws-security.encryption.username" value="myservicekey"


Thanks.

Gina
On Mon, May 28, 2012 at 6:11 AM, Colm O hEigeartaigh <[hidden email]>wrote:

> The certificate you are using on the client side to encrypt the message to
> the STS does not match with the private key of the STS:
>
> Client:
>
> >  keytool -list -keystore src/main/resources/clientstore.jks -alias
> mystskey -v
> Enter keystore password:
> Alias name: mystskey
> Creation date: 07-Oct-2011
> Entry type: trustedCertEntry
>
> Owner: EMAILADDRESS=[hidden email], CN=Tom Token, O=Sample STS Key --
> NOT FOR PRODUCTION USE, L=Baltimore, ST=Maryland, C=US
>
> STS:
>
> >  keytool -list -keystore src/main/resources/stsstore.jks -alias mystskey
> -v
> Enter keystore password:
> Alias name: mystskey
> Creation date: 10-Apr-2012
> Entry type: PrivateKeyEntry
> Certificate chain length: 1
> Certificate[1]:
> Owner: EMAILADDRESS=[hidden email], CN=stscn, OU=SCT, O=SDL, L=wakefield,
> ST=massachusetts, C=US
>
> Also, your client configuration should look something like this instead:
>
> <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItPort
> "
> createdFromAPI="true">
>        <jaxws:properties>
>            <entry key="ws-security.callback-handler"
> value="client.ClientCallbackHandler"/>
>            <entry key="ws-security.signature.username"
> value="myclientkey"/>
>            <entry key="ws-security.encryption.username"
> value="myservicekey"/>
>            <entry key="ws-security.signature.properties"
> value="clientKeystore.properties"/>
>            <entry key="ws-security.encryption.properties"
> value="clientKeystore.properties"/>
>            <entry key="ws-security.sts.client">
>                <bean class="org.apache.cxf.ws.security.trust.STSClient">
>                    <constructor-arg ref="cxf"/>
>                    <property name="wsdlLocation"
> value="DoubleItSTSService.wsdl"/>
>                    <property name="serviceName" value="{
> http://docs.oasis-open.org/ws-sx/ws-trust/200512/}DoubleItSTSService"/>
>                    <property name="endpointName" value="{
> http://docs.oasis-open.org/ws-sx/ws-trust/200512/}DoubleItSTSPort"/>
>                    <property name="properties">
>                        <map>
>                            <entry key="ws-security.signature.username"
> value="myclientkey"/>
>                            <entry key="ws-security.callback-handler"
> value="client.ClientCallbackHandler"/>
>                            <entry key="ws-security.username"
> value="alice"/>
>                            <entry key="ws-security.signature.properties"
> value="clientKeystore.properties"/>
>                            <entry key="ws-security.encryption.properties"
> value="clientKeystore.properties"/>
>                            <entry key="ws-security.encryption.username"
> value="mystskey"/>
>                        </map>
>                    </property>
>                </bean>
>           </entry>
>       </jaxws:properties>
>   </jaxws:client>
>
> Colm.
>
Reply | Threaded
Open this post in threaded view
|

Re: Proglem with loading Apache CXF STS with UT authentication

coheigea
Administrator
Hi Gina,

If i recall correctly, the STS was using the SymmetricBinding. For this
case, the client only needs to know the certificate of the STS (specified
via ws-security.encryption.username" in the STSClient bean). It doesn't
need any signature username configuration, as this is not used in the
Symmetric binding.

I don't know what security policy your WSP is using and so I can't comment
on the rest of it.

Colm.

On Thu, May 31, 2012 at 6:09 PM, Gina Choi <[hidden email]> wrote:

> Hi Colm,
>
> The client configuration file you provided worked as it is. Thank you. But
> I don't have client certificate in both WSP and STS truststore. I also
> don't have WSP certificate in client truststore either. Following two
> entries are referenced in client configuration file, but they seems get
> ignored. Otherwise if request from client to WSP and STS are signed using
> clientkey, but without client certificate in both WSP and STS
> truststore, how WSP and STS verify client signature?
>
>
> <entry key="ws-security.signature.username" value="myclientkey"/>
> <entry key="ws-security.encryption.username" value="myservicekey"
>
>
> Thanks.
>
> Gina
> On Mon, May 28, 2012 at 6:11 AM, Colm O hEigeartaigh <[hidden email]>wrote:
>
>> The certificate you are using on the client side to encrypt the message to
>> the STS does not match with the private key of the STS:
>>
>> Client:
>>
>> >  keytool -list -keystore src/main/resources/clientstore.jks -alias
>> mystskey -v
>> Enter keystore password:
>> Alias name: mystskey
>> Creation date: 07-Oct-2011
>> Entry type: trustedCertEntry
>>
>> Owner: EMAILADDRESS=[hidden email], CN=Tom Token, O=Sample STS Key
>> --
>> NOT FOR PRODUCTION USE, L=Baltimore, ST=Maryland, C=US
>>
>> STS:
>>
>> >  keytool -list -keystore src/main/resources/stsstore.jks -alias mystskey
>> -v
>> Enter keystore password:
>> Alias name: mystskey
>> Creation date: 10-Apr-2012
>> Entry type: PrivateKeyEntry
>> Certificate chain length: 1
>> Certificate[1]:
>> Owner: EMAILADDRESS=[hidden email], CN=stscn, OU=SCT, O=SDL, L=wakefield,
>> ST=massachusetts, C=US
>>
>> Also, your client configuration should look something like this instead:
>>
>> <jaxws:client name="{
>> http://www.example.org/contract/DoubleIt}DoubleItPort"
>> createdFromAPI="true">
>>        <jaxws:properties>
>>            <entry key="ws-security.callback-handler"
>> value="client.ClientCallbackHandler"/>
>>            <entry key="ws-security.signature.username"
>> value="myclientkey"/>
>>            <entry key="ws-security.encryption.username"
>> value="myservicekey"/>
>>            <entry key="ws-security.signature.properties"
>> value="clientKeystore.properties"/>
>>            <entry key="ws-security.encryption.properties"
>> value="clientKeystore.properties"/>
>>            <entry key="ws-security.sts.client">
>>                <bean class="org.apache.cxf.ws.security.trust.STSClient">
>>                    <constructor-arg ref="cxf"/>
>>                    <property name="wsdlLocation"
>> value="DoubleItSTSService.wsdl"/>
>>                    <property name="serviceName" value="{
>> http://docs.oasis-open.org/ws-sx/ws-trust/200512/}DoubleItSTSService"/>
>>                    <property name="endpointName" value="{
>> http://docs.oasis-open.org/ws-sx/ws-trust/200512/}DoubleItSTSPort"/>
>>                    <property name="properties">
>>                        <map>
>>                            <entry key="ws-security.signature.username"
>> value="myclientkey"/>
>>                            <entry key="ws-security.callback-handler"
>> value="client.ClientCallbackHandler"/>
>>                            <entry key="ws-security.username"
>> value="alice"/>
>>                            <entry key="ws-security.signature.properties"
>> value="clientKeystore.properties"/>
>>                            <entry key="ws-security.encryption.properties"
>> value="clientKeystore.properties"/>
>>                            <entry key="ws-security.encryption.username"
>> value="mystskey"/>
>>                        </map>
>>                    </property>
>>                </bean>
>>           </entry>
>>       </jaxws:properties>
>>   </jaxws:client>
>>
>> Colm.
>>
>


--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
Reply | Threaded
Open this post in threaded view
|

Re: Proglem with loading Apache CXF STS with UT authentication

Gina Choi
Hi Colm,

Thanks for your response. You are right. When I use Apache CXF STS, I used
SymmetricBinding and WSP is using SymmetricBinding. Now, I keep WSP the
same, but try to use ADFS2.0 as STS and the end point that I try to use is
using TransportBinding. What certificate requirement do I need to satisfy
in this case?
org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler is
throwing null pointer exception.

at
org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.doIssuedTokenSignature(TransportBindingHandler.java:429)
Following is content of the STS policy.

  <wsp:Policy wsu:Id="UserNameWSTrustBinding_IWSTrust13Async2_policy">
    <wsp:ExactlyOne>
      <wsp:All>
        <sp:TransportBinding xmlns:sp="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
          <wsp:Policy>
            <sp:TransportToken>
              <wsp:Policy>
                <sp:HttpsToken>
                  <wsp:Policy />
                </sp:HttpsToken>
              </wsp:Policy>
            </sp:TransportToken>
            <sp:AlgorithmSuite>
              <wsp:Policy>
                <sp:Basic256 />
              </wsp:Policy>
            </sp:AlgorithmSuite>
            <sp:Layout>
              <wsp:Policy>
                <sp:Strict />
              </wsp:Policy>
            </sp:Layout>
            <sp:IncludeTimestamp />
          </wsp:Policy>
        </sp:TransportBinding>
        <sp:SignedEncryptedSupportingTokens xmlns:sp="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
          <wsp:Policy>
            <sp:UsernameToken sp:IncludeToken="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient
">
              <wsp:Policy>
                <sp:WssUsernameToken10 />
              </wsp:Policy>
            </sp:UsernameToken>
          </wsp:Policy>
        </sp:SignedEncryptedSupportingTokens>
        <sp:EndorsingSupportingTokens xmlns:sp="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
          <wsp:Policy>
            <sp:KeyValueToken sp:IncludeToken="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never
"
            wsp:Optional="true">
              <wsp:Policy />
            </sp:KeyValueToken>
            <sp:SignedParts>
              <sp:Header Name="To"
              Namespace="http://www.w3.org/2005/08/addressing" />
            </sp:SignedParts>
          </wsp:Policy>
        </sp:EndorsingSupportingTokens>
        <sp:Wss11 xmlns:sp="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
          <wsp:Policy>
            <sp:MustSupportRefKeyIdentifier />
            <sp:MustSupportRefIssuerSerial />
            <sp:MustSupportRefThumbprint />
            <sp:MustSupportRefEncryptedKey />
          </wsp:Policy>
        </sp:Wss11>
        <sp:Trust13 xmlns:sp="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
          <wsp:Policy>
            <sp:MustSupportIssuedTokens />
            <sp:RequireClientEntropy />
            <sp:RequireServerEntropy />
          </wsp:Policy>
        </sp:Trust13>
        <wsaw:UsingAddressing />
      </wsp:All>
    </wsp:ExactlyOne>
  </wsp:Policy>

Thanks.

Gina
On Fri, Jun 1, 2012 at 4:20 AM, Colm O hEigeartaigh <[hidden email]>wrote:

> Hi Gina,
>
> If i recall correctly, the STS was using the SymmetricBinding. For this
> case, the client only needs to know the certificate of the STS (specified
> via ws-security.encryption.username" in the STSClient bean). It doesn't
> need any signature username configuration, as this is not used in the
> Symmetric binding.
>
> I don't know what security policy your WSP is using and so I can't comment
> on the rest of it.
>
> Colm.
>
>
> On Thu, May 31, 2012 at 6:09 PM, Gina Choi <[hidden email]> wrote:
>
>> Hi Colm,
>>
>> The client configuration file you provided worked as it is. Thank you.
>> But I don't have client certificate in both WSP and STS truststore. I also
>> don't have WSP certificate in client truststore either. Following two
>> entries are referenced in client configuration file, but they seems get
>> ignored. Otherwise if request from client to WSP and STS are signed using
>> clientkey, but without client certificate in both WSP and STS
>> truststore, how WSP and STS verify client signature?
>>
>>
>> <entry key="ws-security.signature.username" value="myclientkey"/>
>> <entry key="ws-security.encryption.username" value="myservicekey"
>>
>>
>> Thanks.
>>
>> Gina
>> On Mon, May 28, 2012 at 6:11 AM, Colm O hEigeartaigh <[hidden email]
>> > wrote:
>>
>>> The certificate you are using on the client side to encrypt the message
>>> to
>>> the STS does not match with the private key of the STS:
>>>
>>> Client:
>>>
>>> >  keytool -list -keystore src/main/resources/clientstore.jks -alias
>>> mystskey -v
>>> Enter keystore password:
>>> Alias name: mystskey
>>> Creation date: 07-Oct-2011
>>> Entry type: trustedCertEntry
>>>
>>> Owner: EMAILADDRESS=[hidden email], CN=Tom Token, O=Sample STS Key
>>> --
>>> NOT FOR PRODUCTION USE, L=Baltimore, ST=Maryland, C=US
>>>
>>> STS:
>>>
>>> >  keytool -list -keystore src/main/resources/stsstore.jks -alias
>>> mystskey
>>> -v
>>> Enter keystore password:
>>> Alias name: mystskey
>>> Creation date: 10-Apr-2012
>>> Entry type: PrivateKeyEntry
>>> Certificate chain length: 1
>>> Certificate[1]:
>>> Owner: EMAILADDRESS=[hidden email], CN=stscn, OU=SCT, O=SDL, L=wakefield,
>>> ST=massachusetts, C=US
>>>
>>> Also, your client configuration should look something like this instead:
>>>
>>> <jaxws:client name="{
>>> http://www.example.org/contract/DoubleIt}DoubleItPort"
>>> createdFromAPI="true">
>>>        <jaxws:properties>
>>>            <entry key="ws-security.callback-handler"
>>> value="client.ClientCallbackHandler"/>
>>>            <entry key="ws-security.signature.username"
>>> value="myclientkey"/>
>>>            <entry key="ws-security.encryption.username"
>>> value="myservicekey"/>
>>>            <entry key="ws-security.signature.properties"
>>> value="clientKeystore.properties"/>
>>>            <entry key="ws-security.encryption.properties"
>>> value="clientKeystore.properties"/>
>>>            <entry key="ws-security.sts.client">
>>>                <bean class="org.apache.cxf.ws.security.trust.STSClient">
>>>                    <constructor-arg ref="cxf"/>
>>>                    <property name="wsdlLocation"
>>> value="DoubleItSTSService.wsdl"/>
>>>                    <property name="serviceName" value="{
>>> http://docs.oasis-open.org/ws-sx/ws-trust/200512/}DoubleItSTSService"/>
>>>                    <property name="endpointName" value="{
>>> http://docs.oasis-open.org/ws-sx/ws-trust/200512/}DoubleItSTSPort"/>
>>>                    <property name="properties">
>>>                        <map>
>>>                            <entry key="ws-security.signature.username"
>>> value="myclientkey"/>
>>>                            <entry key="ws-security.callback-handler"
>>> value="client.ClientCallbackHandler"/>
>>>                            <entry key="ws-security.username"
>>> value="alice"/>
>>>                            <entry key="ws-security.signature.properties"
>>> value="clientKeystore.properties"/>
>>>                            <entry key="ws-security.encryption.properties"
>>> value="clientKeystore.properties"/>
>>>                            <entry key="ws-security.encryption.username"
>>> value="mystskey"/>
>>>                        </map>
>>>                    </property>
>>>                </bean>
>>>           </entry>
>>>       </jaxws:properties>
>>>   </jaxws:client>
>>>
>>> Colm.
>>>
>>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
Reply | Threaded
Open this post in threaded view
|

Re: Proglem with loading Apache CXF STS with UT authentication

coheigea
Administrator
The client needs to configure the HTTP conduit with the keystore that
contains the certificate of the STS, e.g.:

 <http:conduit name="<a href="https://localhost:.*">https://localhost:.*">
      <http:tlsClientParameters disableCNCheck="true">
        <sec:trustManagers>
          <sec:keyStore type="jks" password="cspass"
resource="clientstore.jks"/>
        </sec:trustManagers>
      </http:tlsClientParameters>
   </http:conduit>

What NPE are you getting? The following policy (KeyValueToken) is not
supported, but you could remove it as it is optional and see if that works:

<sp:EndorsingSupportingTokens xmlns:sp="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
            <sp:KeyValueToken sp:IncludeToken="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never
"
            wsp:Optional="true">
              <wsp:Policy />
            </sp:KeyValueToken>
            <sp:SignedParts>
              <sp:Header Name="To"
              Namespace="http://www.w3.org/2005/08/addressing" />
            </sp:SignedParts>
          </wsp:Policy>
        </sp:
EndorsingSupportingTokens>

Colm.


On Fri, Jun 1, 2012 at 4:57 PM, Gina Choi <[hidden email]> wrote:

> Hi Colm,
>
> Thanks for your response. You are right. When I use Apache CXF STS, I used
> SymmetricBinding and WSP is using SymmetricBinding. Now, I keep WSP the
> same, but try to use ADFS2.0 as STS and the end point that I try to use is
> using TransportBinding. What certificate requirement do I need to satisfy
> in this case?
> org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler is
> throwing null pointer exception.
>
> at
> org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.doIssuedTokenSignature(TransportBindingHandler.java:429)
> Following is content of the STS policy.
>
>   <wsp:Policy wsu:Id="UserNameWSTrustBinding_IWSTrust13Async2_policy">
>     <wsp:ExactlyOne>
>       <wsp:All>
>         <sp:TransportBinding xmlns:sp="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
>           <wsp:Policy>
>             <sp:TransportToken>
>               <wsp:Policy>
>                 <sp:HttpsToken>
>                   <wsp:Policy />
>                 </sp:HttpsToken>
>               </wsp:Policy>
>             </sp:TransportToken>
>             <sp:AlgorithmSuite>
>               <wsp:Policy>
>                 <sp:Basic256 />
>               </wsp:Policy>
>             </sp:AlgorithmSuite>
>             <sp:Layout>
>               <wsp:Policy>
>                 <sp:Strict />
>               </wsp:Policy>
>             </sp:Layout>
>             <sp:IncludeTimestamp />
>           </wsp:Policy>
>         </sp:TransportBinding>
>         <sp:SignedEncryptedSupportingTokens xmlns:sp="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
>           <wsp:Policy>
>             <sp:UsernameToken sp:IncludeToken="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient
> ">
>               <wsp:Policy>
>                 <sp:WssUsernameToken10 />
>               </wsp:Policy>
>             </sp:UsernameToken>
>           </wsp:Policy>
>         </sp:SignedEncryptedSupportingTokens>
>         <sp:EndorsingSupportingTokens xmlns:sp="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
>           <wsp:Policy>
>             <sp:KeyValueToken sp:IncludeToken="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never
> "
>             wsp:Optional="true">
>               <wsp:Policy />
>             </sp:KeyValueToken>
>             <sp:SignedParts>
>               <sp:Header Name="To"
>               Namespace="http://www.w3.org/2005/08/addressing" />
>             </sp:SignedParts>
>           </wsp:Policy>
>         </sp:EndorsingSupportingTokens>
>         <sp:Wss11 xmlns:sp="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
>           <wsp:Policy>
>             <sp:MustSupportRefKeyIdentifier />
>             <sp:MustSupportRefIssuerSerial />
>             <sp:MustSupportRefThumbprint />
>             <sp:MustSupportRefEncryptedKey />
>           </wsp:Policy>
>         </sp:Wss11>
>         <sp:Trust13 xmlns:sp="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
>           <wsp:Policy>
>             <sp:MustSupportIssuedTokens />
>             <sp:RequireClientEntropy />
>             <sp:RequireServerEntropy />
>           </wsp:Policy>
>         </sp:Trust13>
>         <wsaw:UsingAddressing />
>       </wsp:All>
>     </wsp:ExactlyOne>
>   </wsp:Policy>
>
> Thanks.
>
> Gina
> On Fri, Jun 1, 2012 at 4:20 AM, Colm O hEigeartaigh <[hidden email]>wrote:
>
>> Hi Gina,
>>
>> If i recall correctly, the STS was using the SymmetricBinding. For this
>> case, the client only needs to know the certificate of the STS (specified
>> via ws-security.encryption.username" in the STSClient bean). It doesn't
>> need any signature username configuration, as this is not used in the
>> Symmetric binding.
>>
>> I don't know what security policy your WSP is using and so I can't
>> comment on the rest of it.
>>
>> Colm.
>>
>>
>> On Thu, May 31, 2012 at 6:09 PM, Gina Choi <[hidden email]> wrote:
>>
>>> Hi Colm,
>>>
>>> The client configuration file you provided worked as it is. Thank you.
>>> But I don't have client certificate in both WSP and STS truststore. I also
>>> don't have WSP certificate in client truststore either. Following two
>>> entries are referenced in client configuration file, but they seems get
>>> ignored. Otherwise if request from client to WSP and STS are signed using
>>> clientkey, but without client certificate in both WSP and STS
>>> truststore, how WSP and STS verify client signature?
>>>
>>>
>>> <entry key="ws-security.signature.username" value="myclientkey"/>
>>> <entry key="ws-security.encryption.username" value="myservicekey"
>>>
>>>
>>> Thanks.
>>>
>>> Gina
>>> On Mon, May 28, 2012 at 6:11 AM, Colm O hEigeartaigh <
>>> [hidden email]> wrote:
>>>
>>>> The certificate you are using on the client side to encrypt the message
>>>> to
>>>> the STS does not match with the private key of the STS:
>>>>
>>>> Client:
>>>>
>>>> >  keytool -list -keystore src/main/resources/clientstore.jks -alias
>>>> mystskey -v
>>>> Enter keystore password:
>>>> Alias name: mystskey
>>>> Creation date: 07-Oct-2011
>>>> Entry type: trustedCertEntry
>>>>
>>>> Owner: EMAILADDRESS=[hidden email], CN=Tom Token, O=Sample STS
>>>> Key --
>>>> NOT FOR PRODUCTION USE, L=Baltimore, ST=Maryland, C=US
>>>>
>>>> STS:
>>>>
>>>> >  keytool -list -keystore src/main/resources/stsstore.jks -alias
>>>> mystskey
>>>> -v
>>>> Enter keystore password:
>>>> Alias name: mystskey
>>>> Creation date: 10-Apr-2012
>>>> Entry type: PrivateKeyEntry
>>>> Certificate chain length: 1
>>>> Certificate[1]:
>>>> Owner: EMAILADDRESS=[hidden email], CN=stscn, OU=SCT, O=SDL,
>>>> L=wakefield,
>>>> ST=massachusetts, C=US
>>>>
>>>> Also, your client configuration should look something like this instead:
>>>>
>>>> <jaxws:client name="{
>>>> http://www.example.org/contract/DoubleIt}DoubleItPort"
>>>> createdFromAPI="true">
>>>>        <jaxws:properties>
>>>>            <entry key="ws-security.callback-handler"
>>>> value="client.ClientCallbackHandler"/>
>>>>            <entry key="ws-security.signature.username"
>>>> value="myclientkey"/>
>>>>            <entry key="ws-security.encryption.username"
>>>> value="myservicekey"/>
>>>>            <entry key="ws-security.signature.properties"
>>>> value="clientKeystore.properties"/>
>>>>            <entry key="ws-security.encryption.properties"
>>>> value="clientKeystore.properties"/>
>>>>            <entry key="ws-security.sts.client">
>>>>                <bean class="org.apache.cxf.ws.security.trust.STSClient">
>>>>                    <constructor-arg ref="cxf"/>
>>>>                    <property name="wsdlLocation"
>>>> value="DoubleItSTSService.wsdl"/>
>>>>                    <property name="serviceName" value="{
>>>> http://docs.oasis-open.org/ws-sx/ws-trust/200512/}DoubleItSTSService"/>
>>>>                    <property name="endpointName" value="{
>>>> http://docs.oasis-open.org/ws-sx/ws-trust/200512/}DoubleItSTSPort"/>
>>>>                    <property name="properties">
>>>>                        <map>
>>>>                            <entry key="ws-security.signature.username"
>>>> value="myclientkey"/>
>>>>                            <entry key="ws-security.callback-handler"
>>>> value="client.ClientCallbackHandler"/>
>>>>                            <entry key="ws-security.username"
>>>> value="alice"/>
>>>>                            <entry key="ws-security.signature.properties"
>>>> value="clientKeystore.properties"/>
>>>>                            <entry
>>>> key="ws-security.encryption.properties"
>>>> value="clientKeystore.properties"/>
>>>>                            <entry key="ws-security.encryption.username"
>>>> value="mystskey"/>
>>>>                        </map>
>>>>                    </property>
>>>>                </bean>
>>>>           </entry>
>>>>       </jaxws:properties>
>>>>   </jaxws:client>
>>>>
>>>> Colm.
>>>>
>>>
>>
>>
>> --
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>>
>>
>


--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
Reply | Threaded
Open this post in threaded view
|

Re: Proglem with loading Apache CXF STS with UT authentication

Glen Mazza (Talend)
In reply to this post by Gina Choi
I think you just need to use SSL between the WSC and STS (the latter
which should already have an "https://" endpoint right?) -- my SSL blog
tutorial has some guidance on that.  IIRC, transport layer encryption is
not enforceable by the web service framework itself (as opposed to
message-layer which is), but by the web.xml for the servlet running the STS.

Glen

On 06/01/2012 11:57 AM, Gina Choi wrote:

> Hi Colm,
>
> Thanks for your response. You are right. When I use Apache CXF STS, I used
> SymmetricBinding and WSP is using SymmetricBinding. Now, I keep WSP the
> same, but try to use ADFS2.0 as STS and the end point that I try to use is
> using TransportBinding. What certificate requirement do I need to satisfy
> in this case?
> org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler is
> throwing null pointer exception.
>
> at
> org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.doIssuedTokenSignature(TransportBindingHandler.java:429)
> Following is content of the STS policy.
>
>    <wsp:Policy wsu:Id="UserNameWSTrustBinding_IWSTrust13Async2_policy">
>      <wsp:ExactlyOne>
>        <wsp:All>
>          <sp:TransportBinding xmlns:sp="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
>            <wsp:Policy>
>              <sp:TransportToken>
>                <wsp:Policy>
>                  <sp:HttpsToken>
>                    <wsp:Policy />
>                  </sp:HttpsToken>
>                </wsp:Policy>
>              </sp:TransportToken>
>              <sp:AlgorithmSuite>
>                <wsp:Policy>
>                  <sp:Basic256 />
>                </wsp:Policy>
>              </sp:AlgorithmSuite>
>              <sp:Layout>
>                <wsp:Policy>
>                  <sp:Strict />
>                </wsp:Policy>
>              </sp:Layout>
>              <sp:IncludeTimestamp />
>            </wsp:Policy>
>          </sp:TransportBinding>
>          <sp:SignedEncryptedSupportingTokens xmlns:sp="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
>            <wsp:Policy>
>              <sp:UsernameToken sp:IncludeToken="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient
> ">
>                <wsp:Policy>
>                  <sp:WssUsernameToken10 />
>                </wsp:Policy>
>              </sp:UsernameToken>
>            </wsp:Policy>
>          </sp:SignedEncryptedSupportingTokens>
>          <sp:EndorsingSupportingTokens xmlns:sp="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
>            <wsp:Policy>
>              <sp:KeyValueToken sp:IncludeToken="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never
> "
>              wsp:Optional="true">
>                <wsp:Policy />
>              </sp:KeyValueToken>
>              <sp:SignedParts>
>                <sp:Header Name="To"
>                Namespace="http://www.w3.org/2005/08/addressing" />
>              </sp:SignedParts>
>            </wsp:Policy>
>          </sp:EndorsingSupportingTokens>
>          <sp:Wss11 xmlns:sp="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
>            <wsp:Policy>
>              <sp:MustSupportRefKeyIdentifier />
>              <sp:MustSupportRefIssuerSerial />
>              <sp:MustSupportRefThumbprint />
>              <sp:MustSupportRefEncryptedKey />
>            </wsp:Policy>
>          </sp:Wss11>
>          <sp:Trust13 xmlns:sp="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
>            <wsp:Policy>
>              <sp:MustSupportIssuedTokens />
>              <sp:RequireClientEntropy />
>              <sp:RequireServerEntropy />
>            </wsp:Policy>
>          </sp:Trust13>
>          <wsaw:UsingAddressing />
>        </wsp:All>
>      </wsp:ExactlyOne>
>    </wsp:Policy>
>
> Thanks.
>
> Gina
> On Fri, Jun 1, 2012 at 4:20 AM, Colm O hEigeartaigh<[hidden email]>wrote:
>
>> Hi Gina,
>>
>> If i recall correctly, the STS was using the SymmetricBinding. For this
>> case, the client only needs to know the certificate of the STS (specified
>> via ws-security.encryption.username" in the STSClient bean). It doesn't
>> need any signature username configuration, as this is not used in the
>> Symmetric binding.
>>
>> I don't know what security policy your WSP is using and so I can't comment
>> on the rest of it.
>>
>> Colm.
>>
>>
>> On Thu, May 31, 2012 at 6:09 PM, Gina Choi<[hidden email]>  wrote:
>>
>>> Hi Colm,
>>>
>>> The client configuration file you provided worked as it is. Thank you.
>>> But I don't have client certificate in both WSP and STS truststore. I also
>>> don't have WSP certificate in client truststore either. Following two
>>> entries are referenced in client configuration file, but they seems get
>>> ignored. Otherwise if request from client to WSP and STS are signed using
>>> clientkey, but without client certificate in both WSP and STS
>>> truststore, how WSP and STS verify client signature?
>>>
>>>
>>> <entry key="ws-security.signature.username" value="myclientkey"/>
>>> <entry key="ws-security.encryption.username" value="myservicekey"
>>>
>>>
>>> Thanks.
>>>
>>> Gina
>>> On Mon, May 28, 2012 at 6:11 AM, Colm O hEigeartaigh<[hidden email]
>>>> wrote:
>>>> The certificate you are using on the client side to encrypt the message
>>>> to
>>>> the STS does not match with the private key of the STS:
>>>>
>>>> Client:
>>>>
>>>>>   keytool -list -keystore src/main/resources/clientstore.jks -alias
>>>> mystskey -v
>>>> Enter keystore password:
>>>> Alias name: mystskey
>>>> Creation date: 07-Oct-2011
>>>> Entry type: trustedCertEntry
>>>>
>>>> Owner: EMAILADDRESS=[hidden email], CN=Tom Token, O=Sample STS Key
>>>> --
>>>> NOT FOR PRODUCTION USE, L=Baltimore, ST=Maryland, C=US
>>>>
>>>> STS:
>>>>
>>>>>   keytool -list -keystore src/main/resources/stsstore.jks -alias
>>>> mystskey
>>>> -v
>>>> Enter keystore password:
>>>> Alias name: mystskey
>>>> Creation date: 10-Apr-2012
>>>> Entry type: PrivateKeyEntry
>>>> Certificate chain length: 1
>>>> Certificate[1]:
>>>> Owner: EMAILADDRESS=[hidden email], CN=stscn, OU=SCT, O=SDL, L=wakefield,
>>>> ST=massachusetts, C=US
>>>>
>>>> Also, your client configuration should look something like this instead:
>>>>
>>>> <jaxws:client name="{
>>>> http://www.example.org/contract/DoubleIt}DoubleItPort"
>>>> createdFromAPI="true">
>>>>         <jaxws:properties>
>>>>             <entry key="ws-security.callback-handler"
>>>> value="client.ClientCallbackHandler"/>
>>>>             <entry key="ws-security.signature.username"
>>>> value="myclientkey"/>
>>>>             <entry key="ws-security.encryption.username"
>>>> value="myservicekey"/>
>>>>             <entry key="ws-security.signature.properties"
>>>> value="clientKeystore.properties"/>
>>>>             <entry key="ws-security.encryption.properties"
>>>> value="clientKeystore.properties"/>
>>>>             <entry key="ws-security.sts.client">
>>>>                 <bean class="org.apache.cxf.ws.security.trust.STSClient">
>>>>                     <constructor-arg ref="cxf"/>
>>>>                     <property name="wsdlLocation"
>>>> value="DoubleItSTSService.wsdl"/>
>>>>                     <property name="serviceName" value="{
>>>> http://docs.oasis-open.org/ws-sx/ws-trust/200512/}DoubleItSTSService"/>
>>>>                     <property name="endpointName" value="{
>>>> http://docs.oasis-open.org/ws-sx/ws-trust/200512/}DoubleItSTSPort"/>
>>>>                     <property name="properties">
>>>>                         <map>
>>>>                             <entry key="ws-security.signature.username"
>>>> value="myclientkey"/>
>>>>                             <entry key="ws-security.callback-handler"
>>>> value="client.ClientCallbackHandler"/>
>>>>                             <entry key="ws-security.username"
>>>> value="alice"/>
>>>>                             <entry key="ws-security.signature.properties"
>>>> value="clientKeystore.properties"/>
>>>>                             <entry key="ws-security.encryption.properties"
>>>> value="clientKeystore.properties"/>
>>>>                             <entry key="ws-security.encryption.username"
>>>> value="mystskey"/>
>>>>                         </map>
>>>>                     </property>
>>>>                 </bean>
>>>>            </entry>
>>>>        </jaxws:properties>
>>>>    </jaxws:client>
>>>>
>>>> Colm.
>>>>
>>
>> --
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>>
>>


--
Glen Mazza
Talend Community Coders
coders.talend.com
blog: www.jroller.com/gmazza

Reply | Threaded
Open this post in threaded view
|

Re: Proglem with loading Apache CXF STS with UT authentication

Gina Choi
In reply to this post by coheigea
<<<
The following policy (KeyValueToken) is not supported, but you could remove
it as it is optional and see if that works:
>>>
Per Oliver advise, after I added an empty <wsp:Policy />element as a child
of <sp:KeyValueToken>, I don't receive anymore compaining.

<<<
The client needs to configure the HTTP conduit with the keystore that
contains the certificate of the STS, e.g.:
 <http:conduit name="<a href="https://localhost:.*">https://localhost:.*">
      <http:tlsClientParameters disableCNCheck="true">
        <sec:trustManagers>
          <sec:keyStore type="jks" password="cspass"
resource="clientstore.jks"/>
        </sec:trustManagers>
      </http:tlsClientParameters>
   </http:conduit>
>>>
Afer added following to my client configuration, now I am getting new
exception. By the way, with ADFS, I have to use https.

 <http:conduit name="https://strts01.ams.dev.*">
  <http:tlsClientParameters disableCNCheck="true">
   <sec:trustManagers>
    <sec:keyStore type="jks" password="cspass" resource="clientstore.jks"/>
   </sec:trustManagers>
  </http:tlsClientParameters>
   </http:conduit>


Jun 1, 2012 12:47:33 PM org.apache.cxf.bus.spring.SpringBusFactory
createApplicationContext
WARNING: Initial attempt to create application context was unsuccessful.
org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line
57 in XML document from class path resource [cxf.xml] is invalid; nested
exception is org.xml.sax.SAXParseException: The prefix "http" for element
"http:conduit" is not bo
.
        at
org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:396)
        at
org.apache.cxf.bus.spring.ControlledValidationXmlBeanDefinitionReader.doLoadBeanDefinitions(ControlledValidationXmlBeanDefinitionReader.java:115)
        at
org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:334)
        at
org.apache.cxf.bus.spring.ControlledValidationXmlBeanDefinitionReader.internalLoadBeanDefinitions(ControlledValidationXmlBeanDefinitionReader.java:154)
        at
org.apache.cxf.bus.spring.ControlledValidationXmlBeanDefinitionReader.access$000(ControlledValidationXmlBeanDefinitionReader.java:66)
        at
org.apache.cxf.bus.spring.ControlledValidationXmlBeanDefinitionReader$1.run(ControlledValidationXmlBeanDefinitionReader.java:141)
        at
org.apache.cxf.bus.spring.ControlledValidationXmlBeanDefinitionReader$1.run(ControlledValidationXmlBeanDefinitionReader.java:140)
        at java.security.AccessController.doPrivileged(Native Method)
        at
org.apache.cxf.bus.spring.ControlledValidationXmlBeanDefinitionReader.loadBeanDefinitions(ControlledValidationXmlBeanDefinitionReader.java:139)
        at
org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:302)
        at
org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:143)
        at
org.springframework.context.support.AbstractXmlApplicationContext.loadBeanDefinitions(AbstractXmlApplicationContext.java:122)
        at
org.apache.cxf.bus.spring.BusApplicationContext.loadBeanDefinitions(BusApplicationContext.java:309)
        at
org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:130)
        at
org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:467)
        at
org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:397)
        at
org.apache.cxf.bus.spring.BusApplicationContext$1.run(BusApplicationContext.java:101)
        at
org.apache.cxf.bus.spring.BusApplicationContext$1.run(BusApplicationContext.java:100)
        at java.security.AccessController.doPrivileged(Native Method)
        at
org.apache.cxf.bus.spring.BusApplicationContext.<init>(BusApplicationContext.java:99)
        at
org.apache.cxf.bus.spring.SpringBusFactory.createApplicationContext(SpringBusFactory.java:130)
        at
org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:121)
        at
org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:95)
        at
org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:69)
        at
org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:58)
        at org.apache.cxf.BusFactory.getDefaultBus(BusFactory.java:99)
        at org.apache.cxf.BusFactory.createThreadBus(BusFactory.java:165)
        at
org.apache.cxf.BusFactory.getThreadDefaultBus(BusFactory.java:155)
        at
org.apache.cxf.BusFactory.getThreadDefaultBus(BusFactory.java:140)
        at
org.apache.cxf.jaxws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:96)
        at javax.xml.ws.Service.<init>(Service.java:92)
        at
org.example.contract.doubleit.DoubleItService.<init>(DoubleItService.java:47)
        at client.WSClient.main(WSClient.java:8)


On Fri, Jun 1, 2012 at 12:13 PM, Colm O hEigeartaigh <[hidden email]>wrote:

>
> The client needs to configure the HTTP conduit with the keystore that
> contains the certificate of the STS, e.g.:
>
>  <http:conduit name="<a href="https://localhost:.*">https://localhost:.*">
>       <http:tlsClientParameters disableCNCheck="true">
>         <sec:trustManagers>
>           <sec:keyStore type="jks" password="cspass"
> resource="clientstore.jks"/>
>         </sec:trustManagers>
>       </http:tlsClientParameters>
>    </http:conduit>
>
> What NPE are you getting? The following policy (KeyValueToken) is not
> supported, but you could remove it as it is optional and see if that works:
>
>
> <sp:EndorsingSupportingTokens xmlns:sp="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> <wsp:Policy>
>             <sp:KeyValueToken sp:IncludeToken="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never
> "
>             wsp:Optional="true">
>               <wsp:Policy />
>             </sp:KeyValueToken>
>             <sp:SignedParts>
>               <sp:Header Name="To"
>               Namespace="http://www.w3.org/2005/08/addressing" />
>             </sp:SignedParts>
>           </wsp:Policy>
>         </sp:
> EndorsingSupportingTokens>
>
> Colm.
>
Reply | Threaded
Open this post in threaded view
|

Re: Proglem with loading Apache CXF STS with UT authentication

Gina Choi
Hi Colm,

<<<
The client needs to configure the HTTP conduit with the keystore that
contains the certificate of the STS, e.g.:
>>>
Forgot to ask you. ADFS exposes three different certificates - Service
communications, Token-decrypting and Token-singing, but most of the time I
had to deal with decrypting and signing cert. Which of the STS certificate
do I need to have in client keystore?

On Fri, Jun 1, 2012 at 12:52 PM, Gina Choi <[hidden email]> wrote:

> <<<
> The following policy (KeyValueToken) is not supported, but you could
> remove it as it is optional and see if that works:
> >>>
> Per Oliver advise, after I added an empty <wsp:Policy />element as a child
> of <sp:KeyValueToken>, I don't receive anymore compaining.
>
> <<<
> The client needs to configure the HTTP conduit with the keystore that
> contains the certificate of the STS, e.g.:
>  <http:conduit name="<a href="https://localhost:.*">https://localhost:.*">
>       <http:tlsClientParameters disableCNCheck="true">
>         <sec:trustManagers>
>           <sec:keyStore type="jks" password="cspass"
> resource="clientstore.jks"/>
>         </sec:trustManagers>
>       </http:tlsClientParameters>
>    </http:conduit>
> >>>
> Afer added following to my client configuration, now I am getting new
> exception. By the way, with ADFS, I have to use https.
>
>  <http:conduit name="https://strts01.ams.dev.*">
>
>   <http:tlsClientParameters disableCNCheck="true">
>    <sec:trustManagers>
>     <sec:keyStore type="jks" password="cspass" resource="clientstore.jks"/>
>    </sec:trustManagers>
>   </http:tlsClientParameters>
>    </http:conduit>
>
>
> Jun 1, 2012 12:47:33 PM org.apache.cxf.bus.spring.SpringBusFactory
> createApplicationContext
> WARNING: Initial attempt to create application context was unsuccessful.
> org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException:
> Line 57 in XML document from class path resource [cxf.xml] is invalid;
> nested exception is org.xml.sax.SAXParseException: The prefix "http" for
> element "http:conduit" is not bo
> .
>         at
> org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:396)
>         at
> org.apache.cxf.bus.spring.ControlledValidationXmlBeanDefinitionReader.doLoadBeanDefinitions(ControlledValidationXmlBeanDefinitionReader.java:115)
>         at
> org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:334)
>         at
> org.apache.cxf.bus.spring.ControlledValidationXmlBeanDefinitionReader.internalLoadBeanDefinitions(ControlledValidationXmlBeanDefinitionReader.java:154)
>         at
> org.apache.cxf.bus.spring.ControlledValidationXmlBeanDefinitionReader.access$000(ControlledValidationXmlBeanDefinitionReader.java:66)
>         at
> org.apache.cxf.bus.spring.ControlledValidationXmlBeanDefinitionReader$1.run(ControlledValidationXmlBeanDefinitionReader.java:141)
>         at
> org.apache.cxf.bus.spring.ControlledValidationXmlBeanDefinitionReader$1.run(ControlledValidationXmlBeanDefinitionReader.java:140)
>         at java.security.AccessController.doPrivileged(Native Method)
>         at
> org.apache.cxf.bus.spring.ControlledValidationXmlBeanDefinitionReader.loadBeanDefinitions(ControlledValidationXmlBeanDefinitionReader.java:139)
>         at
> org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:302)
>         at
> org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:143)
>         at
> org.springframework.context.support.AbstractXmlApplicationContext.loadBeanDefinitions(AbstractXmlApplicationContext.java:122)
>         at
> org.apache.cxf.bus.spring.BusApplicationContext.loadBeanDefinitions(BusApplicationContext.java:309)
>         at
> org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:130)
>         at
> org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:467)
>         at
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:397)
>         at
> org.apache.cxf.bus.spring.BusApplicationContext$1.run(BusApplicationContext.java:101)
>         at
> org.apache.cxf.bus.spring.BusApplicationContext$1.run(BusApplicationContext.java:100)
>         at java.security.AccessController.doPrivileged(Native Method)
>         at
> org.apache.cxf.bus.spring.BusApplicationContext.<init>(BusApplicationContext.java:99)
>         at
> org.apache.cxf.bus.spring.SpringBusFactory.createApplicationContext(SpringBusFactory.java:130)
>         at
> org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:121)
>         at
> org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:95)
>         at
> org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:69)
>         at
> org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:58)
>         at org.apache.cxf.BusFactory.getDefaultBus(BusFactory.java:99)
>         at org.apache.cxf.BusFactory.createThreadBus(BusFactory.java:165)
>         at
> org.apache.cxf.BusFactory.getThreadDefaultBus(BusFactory.java:155)
>         at
> org.apache.cxf.BusFactory.getThreadDefaultBus(BusFactory.java:140)
>         at
> org.apache.cxf.jaxws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:96)
>         at javax.xml.ws.Service.<init>(Service.java:92)
>         at
> org.example.contract.doubleit.DoubleItService.<init>(DoubleItService.java:47)
>         at client.WSClient.main(WSClient.java:8)
>
>
> On Fri, Jun 1, 2012 at 12:13 PM, Colm O hEigeartaigh <[hidden email]>wrote:
>
>>
>> The client needs to configure the HTTP conduit with the keystore that
>> contains the certificate of the STS, e.g.:
>>
>>  <http:conduit name="<a href="https://localhost:.*">https://localhost:.*">
>>       <http:tlsClientParameters disableCNCheck="true">
>>         <sec:trustManagers>
>>           <sec:keyStore type="jks" password="cspass"
>> resource="clientstore.jks"/>
>>         </sec:trustManagers>
>>       </http:tlsClientParameters>
>>    </http:conduit>
>>
>> What NPE are you getting? The following policy (KeyValueToken) is not
>> supported, but you could remove it as it is optional and see if that works:
>>
>>
>> <sp:EndorsingSupportingTokens xmlns:sp="
>> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
>> <wsp:Policy>
>>             <sp:KeyValueToken sp:IncludeToken="
>> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never
>> "
>>             wsp:Optional="true">
>>               <wsp:Policy />
>>             </sp:KeyValueToken>
>>             <sp:SignedParts>
>>               <sp:Header Name="To"
>>               Namespace="http://www.w3.org/2005/08/addressing" />
>>             </sp:SignedParts>
>>           </wsp:Policy>
>>         </sp:
>> EndorsingSupportingTokens>
>>
>> Colm.
>>
>
12