Search code examples
springcxfws-security

WS-Security not working with CXF


I' am trying to develop a WS-security enabled web service with Apache CXF. Tutorial that I am following is here. Unfortunately I am continuously getting the following error much to chagrin. I' am using Spring framework 3.0.5 and CXF 2.3.3 and also WSS4J 1.6.1. This may be a silly question but I am almost fed up with finding a solution. Please please help ....

org.springframework.web.util.NestedServletException: Handler processing failed; nested exception is java.lang.NoSuchMethodError: org.apache.ws.security.util.WSSecurityUtil.decodeAction(Ljava/lang/String;Ljava/util/Vector;Lorg/apache/ws/security/WSSConfig;)I
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:839)
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549)
javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

root cause

java.lang.NoSuchMethodError: org.apache.ws.security.util.WSSecurityUtil.decodeAction(Ljava/lang/String;Ljava/util/Vector;Lorg/apache/ws/security/WSSConfig;)I
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:192)
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:134)
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:255)
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
$Proxy800.getEmployee(Unknown Source)
org.samith.web.controller.FrontController.frontRequestHandler(FrontController.java:35)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:176)
org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:426)
org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.java:414)
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:790)
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549)
javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

This is how my client code looks like.

ClassPathXmlApplicationContext context = new ClassPathXmlApplicationContext(
            new String[]{"SpringCXFClient-servlet.xml"});

    AuthService client = (AuthService) context.getBean("client");
    Employee employee = client.getEmployee("0223938");

    model.addAttribute("lastname", employee.getLastName());
    model.addAttribute(
            "firstname", employee.getFirstName());

and my clientCXF.xml file,

<bean id="proxyFactory" class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean">
    <property name="serviceClass" value="org.samith.AuthService"/>
    <property name="address" value="http://localhost:8080/SpringCXFServer/WSServices/corporateAuthService"/>
    <property name="inInterceptors">
        <list>
            <ref bean="logIn" />
        </list>
    </property>
    <property name="outInterceptors">
        <list>
            <ref bean="logOut" />
            <ref bean="saajOut" />
            <ref bean="wss4jOut" />
        </list>
    </property>
</bean>

<bean id="client" class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean" factory-bean="proxyFactory" factory-method="create" />


<bean
    class="org.springframework.web.servlet.view.InternalResourceViewResolver"
    p:prefix="/WEB-INF/views/" p:suffix=".jsp" p:order="2" />


<bean id="logIn" class="org.apache.cxf.interceptor.LoggingInInterceptor" />
<bean id="logOut" class="org.apache.cxf.interceptor.LoggingOutInterceptor" />
<bean id="saajOut" class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
<bean id="wss4jOut" class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
    <constructor-arg>
        <map>
            <entry key="action" value="UsernameToken" />
            <entry key="user" value="ws-client" />
            <entry key="passwordType" value="PasswordText" />
            <entry key="passwordCallbackClass" value="org.samith.ClientPasswordCallback" />
        </map>
    </constructor-arg>
</bean>

and ClientPasswordCallback.java file

public class ClientPasswordCallback implements CallbackHandler {


public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {

    WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];

    // set the password for our message.
    pc.setPassword("myname");
}

}

and finally client pom.file CXF dependencies

<dependency>
        <groupId>org.apache.cxf</groupId>
        <artifactId>cxf</artifactId>
        <version>${cxf.version}</version>
    </dependency>

    <dependency>
        <groupId>org.apache.cxf</groupId>
        <artifactId>cxf-rt-frontend-jaxws</artifactId>
        <version>${cxf.version}</version>
    </dependency>
    <dependency>
        <groupId>org.apache.cxf</groupId>
        <artifactId>cxf-rt-transports-http</artifactId>
        <version>${cxf.version}</version>
    </dependency>
    <dependency>
        <groupId>org.apache.cxf</groupId>
        <artifactId>cxf-rt-transports-http-jetty</artifactId>
        <version>${cxf.version}</version>
    </dependency>

    <dependency>
        <groupId>org.apache.cxf</groupId>
        <artifactId>cxf-rt-ws-security</artifactId>
        <version>${cxf.version}</version>
    </dependency>

    <dependency>
        <groupId>xml-security</groupId>
        <artifactId>xmlsec</artifactId>
        <version>1.3.0</version>
    </dependency>

    <dependency>
        <groupId>org.apache.ws.security</groupId>
        <artifactId>wss4j</artifactId>
        <version>1.6.1</version>
    </dependency>

Solution

  • CXF 2.3.3 needs WSS4J 1.5.x. CXF 2.4.x uses WSS4J 1.6.x.