1054745 – CCE in WSS processing

Bug 1054745 - CCE in WSS processing

Summary: CCE in WSS processing

Keywords:
Status:	CLOSED DUPLICATE of bug 979334
Alias:	None
Product:	JBoss Fuse Service Works 6
Classification:	JBoss
Component:	SwitchYard
Sub Component:
Version:	6.0.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	Keith Babo
QA Contact:	Jiri Sedlacek
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-01-17 11:28 UTC by Jiri Pechanec
Modified:	2015-08-02 23:46 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:	Linux + OpenJDK java version "1.7.0_25"
Last Closed:	2014-01-17 12:43:39 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Description Jiri Pechanec 2014-01-17 11:28:20 UTC

Try policy-security-wss-signencrypt

Run mvn -Dexec.args="signencrypt" -Djavax.net.ssl.trustStore=connector.jks exec:java

A CCE is thrown
11:14:34,575 WARNING [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor] (http-/127.0.0.1:8080-1) : org.apache.ws.security.WSSecurityException: General security error (Unable to load class org.apache.ws.security.processor.SignatureProcessor)
	at org.apache.ws.security.WSSConfig.getProcessor(WSSConfig.java:808) [wss4j-1.6.10-redhat-1.jar:1.6.10-redhat-1]
	at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:394) [wss4j-1.6.10-redhat-1.jar:1.6.10-redhat-1]
	at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:277) [cxf-rt-ws-security-2.6.8.redhat-7.jar:2.6.8.redhat-7]
	at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:120) [cxf-rt-ws-security-2.6.8.redhat-7.jar:2.6.8.redhat-7]
	at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:105) [cxf-rt-ws-security-2.6.8.redhat-7.jar:2.6.8.redhat-7]
	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) [cxf-api-2.6.8.redhat-7.jar:2.6.8.redhat-7]
	at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) [cxf-api-2.6.8.redhat-7.jar:2.6.8.redhat-7]
	at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:237) [cxf-rt-transports-http-2.6.8.redhat-7.jar:2.6.8.redhat-7]
	at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:97) [jbossws-cxf-server-4.1.4.Final-redhat-7.jar:4.1.4.Final-redhat-7]
	at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:156) [jbossws-cxf-server-4.1.4.Final-redhat-7.jar:4.1.4.Final-redhat-7]
	at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87) [jbossws-cxf-server-4.1.4.Final-redhat-7.jar:4.1.4.Final-redhat-7]
	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:225) [cxf-rt-transports-http-2.6.8.redhat-7.jar:2.6.8.redhat-7]
	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:145) [cxf-rt-transports-http-2.6.8.redhat-7.jar:2.6.8.redhat-7]
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1]
	at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:135) [jbossws-cxf-server-4.1.4.Final-redhat-7.jar:4.1.4.Final-redhat-7]
	at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) [jbossws-spi-2.1.3.Final-redhat-1.jar:2.1.3.Final-redhat-1]
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1]
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.6.0_27]
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.6.0_27]
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.6.0_27]
	at java.lang.reflect.Method.invoke(Method.java:622) [rt.jar:1.6.0_27]
	at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:263)
	at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:261)
	at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.6.0_27]
	at javax.security.auth.Subject.doAsPrivileged(Subject.java:537) [rt.jar:1.6.0_27]
	at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:295)
	at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:155)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:288)
	at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:59)
	at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:197)
	at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.6.0_27]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:336)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:920)
	at java.lang.Thread.run(Thread.java:701) [rt.jar:1.6.0_27]
Caused by: java.lang.ClassCastException: org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory cannot be cast to javax.xml.crypto.dsig.XMLSignatureFactory
	at javax.xml.crypto.dsig.XMLSignatureFactory.getInstance(XMLSignatureFactory.java:290) [rt.jar:1.6.0_27]
	at org.apache.ws.security.processor.SignatureProcessor.<init>(SignatureProcessor.java:98) [wss4j-1.6.10-redhat-1.jar:1.6.10-redhat-1]
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) [rt.jar:1.6.0_27]
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57) [rt.jar:1.6.0_27]
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) [rt.jar:1.6.0_27]
	at java.lang.reflect.Constructor.newInstance(Constructor.java:534) [rt.jar:1.6.0_27]
	at java.lang.Class.newInstance(Class.java:374) [rt.jar:1.6.0_27]
	at org.apache.ws.security.WSSConfig.getProcessor(WSSConfig.java:803) [wss4j-1.6.10-redhat-1.jar:1.6.10-redhat-1]
	... 41 more

Following call mvn -Dexec.args="confidentiality signencrypt" -Djavax.net.ssl.trustStore=connector.jks exec:java
throws CCE too
12:19:57,704 WARNING [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor] (http-/127.0.0.1:8443-1) : org.apache.ws.security.WSSecurityException: General security error (Unable to load class org.apache.ws.security.processor.SignatureProcessor)
	at org.apache.ws.security.WSSConfig.getProcessor(WSSConfig.java:808) [wss4j-1.6.10-redhat-1.jar:1.6.10-redhat-1]
	at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:394) [wss4j-1.6.10-redhat-1.jar:1.6.10-redhat-1]
	at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:277) [cxf-rt-ws-security-2.6.8.redhat-7.jar:2.6.8.redhat-7]
	at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:120) [cxf-rt-ws-security-2.6.8.redhat-7.jar:2.6.8.redhat-7]
	at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:105) [cxf-rt-ws-security-2.6.8.redhat-7.jar:2.6.8.redhat-7]
	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) [cxf-api-2.6.8.redhat-7.jar:2.6.8.redhat-7]
	at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) [cxf-api-2.6.8.redhat-7.jar:2.6.8.redhat-7]
	at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:237) [cxf-rt-transports-http-2.6.8.redhat-7.jar:2.6.8.redhat-7]
	at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:97) [jbossws-cxf-server-4.1.4.Final-redhat-7.jar:4.1.4.Final-redhat-7]
	at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:156) [jbossws-cxf-server-4.1.4.Final-redhat-7.jar:4.1.4.Final-redhat-7]
	at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87) [jbossws-cxf-server-4.1.4.Final-redhat-7.jar:4.1.4.Final-redhat-7]
	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:225) [cxf-rt-transports-http-2.6.8.redhat-7.jar:2.6.8.redhat-7]
	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:145) [cxf-rt-transports-http-2.6.8.redhat-7.jar:2.6.8.redhat-7]
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1]
	at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:135) [jbossws-cxf-server-4.1.4.Final-redhat-7.jar:4.1.4.Final-redhat-7]
	at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) [jbossws-spi-2.1.3.Final-redhat-1.jar:2.1.3.Final-redhat-1]
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1]
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.6.0_27]
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.6.0_27]
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.6.0_27]
	at java.lang.reflect.Method.invoke(Method.java:622) [rt.jar:1.6.0_27]
	at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:263)
	at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:261)
	at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.6.0_27]
	at javax.security.auth.Subject.doAsPrivileged(Subject.java:537) [rt.jar:1.6.0_27]
	at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:295)
	at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:155)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:288)
	at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:59)
	at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:197)
	at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.6.0_27]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:336)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:920)
	at java.lang.Thread.run(Thread.java:701) [rt.jar:1.6.0_27]

Comment 1 Keith Babo 2014-01-17 12:32:56 UTC

This appears to be identical to the issue reported here:
https://bugzilla.redhat.com/show_bug.cgi?id=979334

Comment 2 Jiri Pechanec 2014-01-17 12:43:39 UTC

Closing as duplicate - albeit I am not happy with this being not fixed

*** This bug has been marked as a duplicate of bug 979334 ***

Note You need to log in before you can comment on or make changes to this bug.