11

trying to use the cxf+wss4j using maven. Created both the service and client without any compilation issues. The service runs fine in tomcat.
Issue: When I run the client code, I get "java.lang.NoSuchMethodError: org.apache.xml.security.utils.I18n.init(Ljava/util/ResourceBundle;)V". This class is in xmlsec jar which comes along with cxf distribution.

pom.xml for service project:

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <groupId>userNameTokenService</groupId>
    <artifactId>userNameTokenService</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <packaging>war</packaging>
    <dependencies>
        <dependency>
            <groupId>org.apache.cxf</groupId>
            <artifactId>cxf-rt-frontend-jaxws</artifactId>
            <version>3.0.0</version>
        </dependency>
        <dependency>
            <groupId>org.apache.cxf</groupId>
            <artifactId>cxf-rt-transports-http</artifactId>
            <version>3.0.0</version>
        </dependency>
        <dependency>
            <groupId>org.apache.cxf</groupId>
            <artifactId>cxf-rt-ws-security</artifactId>
            <version>3.0.0</version>
        </dependency>
        <dependency>
            <groupId>org.apache.ws.security</groupId>
            <artifactId>wss4j</artifactId>
            <version>1.6.15</version>
        </dependency>

        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-web</artifactId>
            <version>3.2.6.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-context</artifactId>
            <version>3.2.6.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-core</artifactId>
            <version>3.2.6.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-beans</artifactId>
            <version>3.2.6.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-expression</artifactId>
            <version>3.2.6.RELEASE</version>
        </dependency>
    </dependencies>
    <build>
        <pluginManagement>
            <plugins>
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-war-plugin</artifactId>
                    <configuration>
                        <webXml>WebContent\WEB-INF\web.xml</webXml>
                    </configuration>
                </plugin>
            </plugins>
        </pluginManagement>
    </build>
</project>


pom.xml for client project

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <groupId>userNameTokenClient</groupId>
  <artifactId>userNameTokenClient</artifactId>
  <version>0.0.1-SNAPSHOT</version>
  <dependencies>
      <dependency>
            <groupId>org.apache.cxf</groupId>
            <artifactId>cxf-rt-frontend-jaxws</artifactId>
            <version>3.0.0</version>
        </dependency>
        <dependency>
            <groupId>org.apache.cxf</groupId>
            <artifactId>cxf-rt-transports-http</artifactId>
            <version>3.0.0</version>
        </dependency>
        <dependency>
            <groupId>org.apache.cxf</groupId>
            <artifactId>cxf-rt-ws-security</artifactId>
            <version>3.0.0</version>
        </dependency>
        <dependency>
            <groupId>org.apache.ws.security</groupId>
            <artifactId>wss4j</artifactId>
            <version>1.6.15</version>
        </dependency>
      <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-context</artifactId>
            <version>3.2.6.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-core</artifactId>
            <version>3.2.6.RELEASE</version>
        </dependency>
  </dependencies>
  <build>
    <sourceDirectory>src</sourceDirectory>
    <resources>
      <resource>
        <directory>src</directory>
        <excludes>
          <exclude>**/*.java</exclude>
        </excludes>
      </resource>
    </resources>
    <plugins>
      <plugin>
        <artifactId>maven-compiler-plugin</artifactId>
        <version>3.0</version>
        <configuration>
          <source>1.6</source>
          <target>1.6</target>
        </configuration>
      </plugin>
    </plugins>
  </build>
</project>

Edit: Using wss4j to try out user name token, client code:

public static void main(String[] args) {
        ApplicationContext context = new ClassPathXmlApplicationContext("spring-context.xml");
        HelloWorld helloworld= (HelloWorld) context.getBean("helloClient");
        HelloRequest hreq = new HelloRequest();
        hreq.setRequestMsg("This is client");
        HelloResponse hres = helloworld.sayHello(hreq);
        System.out.println(hres.getResponseMsg());
    }

client wss4j config:

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="
 http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
 http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">

    <bean id="logInBound" class="org.apache.cxf.interceptor.LoggingInInterceptor" />
    <bean id="logOutBound" class="org.apache.cxf.interceptor.LoggingOutInterceptor" />
    <jaxws:client id="helloClient" serviceClass="com.ddmwsst.helloworld.HelloWorld"
        address="http://localhost:8080/userNameTokenService/services/HelloWorld">
        <jaxws:inInterceptors>
            <ref bean="logInBound" />
        </jaxws:inInterceptors>
        <jaxws:outInterceptors>
            <ref bean="logOutBound" />
            <ref bean="outbound-security" />
        </jaxws:outInterceptors>
    </jaxws:client>

    <!-- WSS4JOutInterceptor for incorporating a UsernameToken in a SOAP -->
    <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"
        id="outbound-security">
        <constructor-arg>
            <map>
                <entry key="action" value="UsernameToken" />
                <entry key="user" value="dummy" />
                <!--entry key="passwordType" value="PasswordText"/ -->
                <entry key="passwordCallbackClass" value="client.ClientPasswordCallback" />
            </map>
        </constructor-arg>
    </bean>
</beans>

service wss4j config:

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws"
    xsi:schemaLocation="
 http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
 http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">

    <import resource="classpath:META-INF/cxf/cxf.xml" />
    <import resource="classpath:META-INF/cxf/cxf-servlet.xml" />

    <bean id="logInBound" class="org.apache.cxf.interceptor.LoggingInInterceptor" />
    <bean id="logOutBound" class="org.apache.cxf.interceptor.LoggingOutInterceptor" />
    <!-- WSS4JInInterceptor for processing a UsernameToken from the SOAP -->
    <bean id="inbound-security" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
        <constructor-arg>
            <map>
                <entry key="action" value="UsernameToken" />
                <!--entry key="passwordType" value="PasswordText"/ -->
                <entry key="passwordCallbackClass" value="server.ServerPasswordCallback" />
            </map>
        </constructor-arg>
    </bean>

    <jaxws:endpoint id="helloWorld" implementor="server.HelloWorldImpl"
        address="/HelloWorld">
        <jaxws:inInterceptors>
            <ref bean="logInBound" />
            <ref bean="inbound-security" />
        </jaxws:inInterceptors>
        <jaxws:outInterceptors>
            <ref bean="logOutBound" />
        </jaxws:outInterceptors>
    </jaxws:endpoint>
</beans>
Balaji Krishnan
  • 1,007
  • 3
  • 12
  • 29

6 Answers6

12

CXF 3.0.0 does not work with WSS4J 1.6.15. You need to use WSS4J 2.0.0 instead.

Colm.

Colm O hEigeartaigh
  • 1,882
  • 1
  • 12
  • 7
  • tried without maven - moved back to cxf 2.7.7. From client removed xmlsec.jar and in server used xmlsec.jar 1.3.0. & wss4j 1.6.15 in both client and service, now its working fine. – Balaji Krishnan Jul 03 '14 at 02:51
  • 3
    WSS4J 2.x seems to not be a jar artifact in maven. There is a zip file, but using normal gradle/pom type includes seems to not work currently short of getting the source and building the code locally. Is WSS4J 2.x jars hosted somewhere else in the world? – Christian Apr 24 '15 at 14:20
  • I'm also interested in W44S4J 2.x jars ... Anyone ? – Hyukchan Kwon Apr 21 '16 at 16:14
6

I too had the same issue. It resolved by using the dependency "wss4j-ws-security-common-2.0.3.jar"

For more detail on wss4j 2.0.0 migration, pl refer "http://ws.apache.org/wss4j/migration/wss4j20.html"

Gnana Guru
  • 715
  • 5
  • 11
  • How would one go about adding this dependency in an IntelliJ project? – Brian T Hannan Aug 06 '15 at 19:32
  • Thank you. We have solved it using 'org.apache.wss4j.common.ext.WSPasswordCallback pc = (org.apache.wss4j.common.ext.WSPasswordCallback) callbacks[0]; pc.setPassword(password);' We had to use wss4j-1.6.19.jar due to some dependency. The above class is from wss4j-ws-security-common-2.1.5.jar – Vins Mar 27 '17 at 14:46
1

Had the exact same problem. In my case, upgrading to wss4j 2.x.x didn't help. I had 2 overlapping dependencies and once I removed the redundant wss4j one and only relied on spring-ws-security, everything ran fine. The key thing is to use spring-ws-security 3.x.x and not 2.x.x. Issue was described here: https://jira.spring.io/browse/SWS-970

<dependency>
    <groupId>org.springframework.ws</groupId>
    <artifactId>spring-ws-security</artifactId>
    <version>3.0.1.RELEASE</version>
</dependency>

<dependency>
    <groupId>org.apache.ws.security</groupId>
    <artifactId>wss4j</artifactId>
<version>1.6.15</version>
Alex Georgescu
  • 11
  • 2
1

I had a similar issue. It was due to multiple versions of xmlsec being brought in by maven. It was resolved by bringing in the latest version at the top level. At time of writing:

<dependency>
    <groupId>org.apache.santuario</groupId>
    <artifactId>xmlsec</artifactId>
    <version>2.2.0</version>
</dependency>
Robert Bain
  • 9,113
  • 8
  • 44
  • 63
0

You can find the wss4j in another groupid in maven:

https://mvnrepository.com/artifact/org.apache.wss4j/wss4j/2.1.7

Nacho
  • 2,057
  • 2
  • 23
  • 32
0

When you add the wss4j dependency make sure you add it as pom type, otherwise you will have an error. This sould be the dependency in your pom

    <dependency>
        <groupId>org.apache.wss4j</groupId>
        <artifactId>wss4j</artifactId>
        <version>2.1.7</version>
        <type>pom</type>
    </dependency>

Also make sure to specify the maven central repository so it can find it for sure:

   <repositories>
        <repository>
            <id>central</id>
            <url>http://central.maven.org/maven2/</url>
            <releases>
                <enabled>true</enabled>
            </releases>
        </repository>
    </repositories>

Thats it.

EliuX
  • 11,389
  • 6
  • 45
  • 40