Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Complete
    • Affects Version/s: 2.0.2
    • Fix Version/s: 2.1 RC1
    • Component/s: None
    • Labels:
      None

      Description

      From support issue - Reference #11620

      wss4j 1.6.1 has made much improves to the WS-Security implememtation and key to us (sure others) is the work to ensure cross-implementation compliance with BSP 1.1 http://coheigea.blogspot.com/2011/03/wss4j-16-basic-security-profile-11.html.

      This upgrade opens up the possibility for Spring-WS to support SAML authentication (I'll open a separate issue for that).

        Activity

        mdiskin Mark Diskin created issue -
        arjen.poutsma Arjen Poutsma made changes -
        Field Original Value New Value
        Assignee Arjen Poutsma [ arjen.poutsma ]
        Fix Version/s 2.0.3 [ 12197 ]
        arjen.poutsma Arjen Poutsma made changes -
        Status Open [ 1 ] In Progress [ 3 ]
        Hide
        arjen.poutsma Arjen Poutsma added a comment -

        Unfortunately, WSS4J 1.6 introduced some breaking, non-backwards compatible changes, making it non-trivial to upgrade.

        Postponed to 2.1.

        Show
        arjen.poutsma Arjen Poutsma added a comment - Unfortunately, WSS4J 1.6 introduced some breaking, non-backwards compatible changes, making it non-trivial to upgrade. Postponed to 2.1.
        arjen.poutsma Arjen Poutsma made changes -
        Fix Version/s 2.1 M1 [ 11748 ]
        Fix Version/s 2.0.3 [ 12197 ]
        arjen.poutsma Arjen Poutsma logged work - 17/Oct/11 2:11 AM
        • Time Spent:
          14m
           
          <No comment>
        arjen.poutsma Arjen Poutsma made changes -
        Worklog Id 28434 [ 28434 ]
        Time Spent 14m [ 840 ]
        Hide
        patrickr Patrick added a comment -

        Yes, please upgrade. We depend on 3rd party software which now ships with WSS4J 1.6. That's a huge issue, because we're using (and want to keep using) Spring WS...

        Show
        patrickr Patrick added a comment - Yes, please upgrade. We depend on 3rd party software which now ships with WSS4J 1.6. That's a huge issue, because we're using (and want to keep using) Spring WS...
        Hide
        subes Edwin Stang added a comment -

        Spring-WS 2.0.3.RELEASE with WSS4J 1.6.4 leads to the following exception for me:

        java.lang.IllegalStateException: Failed to load ApplicationContext
        	at org.springframework.test.context.TestContext.getApplicationContext(TestContext.java:157)
        	at org.springframework.test.context.support.DependencyInjectionTestExecutionListener.injectDependencies(DependencyInjectionTestExecutionListener.java:109)
        	at org.springframework.test.context.support.DependencyInjectionTestExecutionListener.prepareTestInstance(DependencyInjectionTestExecutionListener.java:75)
        	at org.springframework.test.context.TestContextManager.prepareTestInstance(TestContextManager.java:321)
        	at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.createTest(SpringJUnit4ClassRunner.java:211)
        	at org.springframework.test.context.junit4.SpringJUnit4ClassRunner$1.runReflectiveCall(SpringJUnit4ClassRunner.java:288)
        	at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:15)
        	at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.methodBlock(SpringJUnit4ClassRunner.java:290)
        	at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:231)
        	at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:47)
        	at org.junit.runners.ParentRunner$3.run(ParentRunner.java:231)
        	at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:60)
        	at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:229)
        	at org.junit.runners.ParentRunner.access$000(ParentRunner.java:50)
        	at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:222)
        	at org.springframework.test.context.junit4.statements.RunBeforeTestClassCallbacks.evaluate(RunBeforeTestClassCallbacks.java:61)
        	at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:30)
        	at org.springframework.test.context.junit4.statements.RunAfterTestClassCallbacks.evaluate(RunAfterTestClassCallbacks.java:71)
        	at org.junit.runners.ParentRunner.run(ParentRunner.java:300)
        	at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.run(SpringJUnit4ClassRunner.java:174)
        	at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:50)
        	at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
        	at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467)
        	at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683)
        	at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390)
        	at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197)
        Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'wssInterceptor' defined in class path resource [META-INF/ctx.integration.ws.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor]: Constructor threw exception; nested exception is java.lang.NoSuchMethodError: org.apache.ws.security.WSSecurityEngine.getInstance()Lorg/apache/ws/security/WSSecurityEngine;
        	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateBean(AbstractAutowireCapableBeanFactory.java:997)
        	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:943)
        	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:485)
        	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
        	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294)
        	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
        	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
        	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
        	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:585)
        	at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:913)
        	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:464)
        	at org.springframework.test.context.support.AbstractGenericContextLoader.loadContext(AbstractGenericContextLoader.java:148)
        	at de.invesdwin.gemeinsam.test.TestContextLoader.loadContext(TestContextLoader.java:78)
        	at org.springframework.test.context.TestContext.loadApplicationContext(TestContext.java:130)
        	at org.springframework.test.context.TestContext.getApplicationContext(TestContext.java:148)
        	... 25 more
        Caused by: org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor]: Constructor threw exception; nested exception is java.lang.NoSuchMethodError: org.apache.ws.security.WSSecurityEngine.getInstance()Lorg/apache/ws/security/WSSecurityEngine;
        	at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:162)
        	at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:76)
        	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateBean(AbstractAutowireCapableBeanFactory.java:990)
        	... 39 more
        Caused by: java.lang.NoSuchMethodError: org.apache.ws.security.WSSecurityEngine.getInstance()Lorg/apache/ws/security/WSSecurityEngine;
        	at org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor.<init>(Wss4jSecurityInterceptor.java:121)
        	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
        	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
        	at java.lang.reflect.Constructor.newInstance(Constructor.java:532)
        	at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:147)
        	... 41 more

        Show
        subes Edwin Stang added a comment - Spring-WS 2.0.3.RELEASE with WSS4J 1.6.4 leads to the following exception for me: java.lang.IllegalStateException: Failed to load ApplicationContext at org.springframework.test.context.TestContext.getApplicationContext(TestContext.java:157) at org.springframework.test.context.support.DependencyInjectionTestExecutionListener.injectDependencies(DependencyInjectionTestExecutionListener.java:109) at org.springframework.test.context.support.DependencyInjectionTestExecutionListener.prepareTestInstance(DependencyInjectionTestExecutionListener.java:75) at org.springframework.test.context.TestContextManager.prepareTestInstance(TestContextManager.java:321) at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.createTest(SpringJUnit4ClassRunner.java:211) at org.springframework.test.context.junit4.SpringJUnit4ClassRunner$1.runReflectiveCall(SpringJUnit4ClassRunner.java:288) at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:15) at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.methodBlock(SpringJUnit4ClassRunner.java:290) at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:231) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:47) at org.junit.runners.ParentRunner$3.run(ParentRunner.java:231) at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:60) at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:229) at org.junit.runners.ParentRunner.access$000(ParentRunner.java:50) at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:222) at org.springframework.test.context.junit4.statements.RunBeforeTestClassCallbacks.evaluate(RunBeforeTestClassCallbacks.java:61) at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:30) at org.springframework.test.context.junit4.statements.RunAfterTestClassCallbacks.evaluate(RunAfterTestClassCallbacks.java:71) at org.junit.runners.ParentRunner.run(ParentRunner.java:300) at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.run(SpringJUnit4ClassRunner.java:174) at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:50) at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197) Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'wssInterceptor' defined in class path resource [META-INF/ctx.integration.ws.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor]: Constructor threw exception; nested exception is java.lang.NoSuchMethodError: org.apache.ws.security.WSSecurityEngine.getInstance()Lorg/apache/ws/security/WSSecurityEngine; at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateBean(AbstractAutowireCapableBeanFactory.java:997) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:943) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:485) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456) at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294) at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193) at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:585) at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:913) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:464) at org.springframework.test.context.support.AbstractGenericContextLoader.loadContext(AbstractGenericContextLoader.java:148) at de.invesdwin.gemeinsam.test.TestContextLoader.loadContext(TestContextLoader.java:78) at org.springframework.test.context.TestContext.loadApplicationContext(TestContext.java:130) at org.springframework.test.context.TestContext.getApplicationContext(TestContext.java:148) ... 25 more Caused by: org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor]: Constructor threw exception; nested exception is java.lang.NoSuchMethodError: org.apache.ws.security.WSSecurityEngine.getInstance()Lorg/apache/ws/security/WSSecurityEngine; at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:162) at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:76) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateBean(AbstractAutowireCapableBeanFactory.java:990) ... 39 more Caused by: java.lang.NoSuchMethodError: org.apache.ws.security.WSSecurityEngine.getInstance()Lorg/apache/ws/security/WSSecurityEngine; at org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor.<init>(Wss4jSecurityInterceptor.java:121) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:532) at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:147) ... 41 more
        Hide
        ivankhoosty Ivan Khoosty added a comment -

        FYI,

        Jboss 7.1.0.Final ships with wss4j 1.5.8 and xmlsec 1.4.5

        Jboss 7.1.1.Final ships with wss4j 1.6.5 and xmlsec 1.5.1 (https://issues.jboss.org/browse/JBWS-3439)

        this means that any webapp using spring-ws cannot run on Jboss 7.1.1.Final, as xmlsec 1.5.1 gets loaded as part of java ee module dependency, so spring-ws bundled xmlsec 1.4.3 gets ignored... there is an api change from 1.4 to 1.5, which breaks the deployment.

        Show
        ivankhoosty Ivan Khoosty added a comment - FYI, Jboss 7.1.0.Final ships with wss4j 1.5.8 and xmlsec 1.4.5 Jboss 7.1.1.Final ships with wss4j 1.6.5 and xmlsec 1.5.1 ( https://issues.jboss.org/browse/JBWS-3439 ) this means that any webapp using spring-ws cannot run on Jboss 7.1.1.Final, as xmlsec 1.5.1 gets loaded as part of java ee module dependency, so spring-ws bundled xmlsec 1.4.3 gets ignored... there is an api change from 1.4 to 1.5, which breaks the deployment.
        arjen.poutsma Arjen Poutsma made changes -
        Fix Version/s 2.0.5 [ 12848 ]
        Fix Version/s 2.1 M1 [ 11748 ]
        arjen.poutsma Arjen Poutsma made changes -
        Status In Progress [ 3 ] Open [ 1 ]
        Hide
        mdiskin Mark Diskin added a comment -

        Hi Arjen,

        I have created another approach for the wssj authenication integration using spring/spring security servlet filters. This allows for the requests to be stateless (I create the UserDetails after the SAML2 validation from the attributes provided) and able to then use the Roles (GrantedAuthority) in the spring security filter rules, etc... which was not something I could do with the springws interceptor approach. Did you want me to budndle this up under this or another case if you want to consider it?

        Show
        mdiskin Mark Diskin added a comment - Hi Arjen, I have created another approach for the wssj authenication integration using spring/spring security servlet filters. This allows for the requests to be stateless (I create the UserDetails after the SAML2 validation from the attributes provided) and able to then use the Roles (GrantedAuthority) in the spring security filter rules, etc... which was not something I could do with the springws interceptor approach. Did you want me to budndle this up under this or another case if you want to consider it?
        Hide
        arjen.poutsma Arjen Poutsma added a comment -

        @Mark

        Sure, feel free to attach it to another issue. Even if I won't make it part of the main distribution, it might be helpful to other people.

        Thanks!

        Show
        arjen.poutsma Arjen Poutsma added a comment - @Mark Sure, feel free to attach it to another issue. Even if I won't make it part of the main distribution, it might be helpful to other people. Thanks!
        Hide
        jaminh jaminh added a comment -

        I have started working on getting Spring WS to build with WSS4J 1.6.5. I have gotten to a point where everything will at least build but I haven't tried testing beyond getting timestamp validation to work. It seems like in WSS4J 1.6 they are trying to split up the securement and validation so I tried to adjust some of the callback handlers accordingly. Also something to keep in mind is the Crypto interface was changed significantly in WSS4J 1.6 so any custom Crypto implementations are probably going to break when upgrading, but I believe it still comes with the basic Merlin implementation. I will attach a patch in case other people want to try to build on that. In the meantime I will keep working on it as much as I can.

        Show
        jaminh jaminh added a comment - I have started working on getting Spring WS to build with WSS4J 1.6.5. I have gotten to a point where everything will at least build but I haven't tried testing beyond getting timestamp validation to work. It seems like in WSS4J 1.6 they are trying to split up the securement and validation so I tried to adjust some of the callback handlers accordingly. Also something to keep in mind is the Crypto interface was changed significantly in WSS4J 1.6 so any custom Crypto implementations are probably going to break when upgrading, but I believe it still comes with the basic Merlin implementation. I will attach a patch in case other people want to try to build on that. In the meantime I will keep working on it as much as I can.
        jaminh jaminh made changes -
        Attachment spring-ws.patch [ 19628 ]
        arjen.poutsma Arjen Poutsma made changes -
        Status Open [ 1 ] In Progress [ 3 ]
        Hide
        arjen.poutsma Arjen Poutsma added a comment -

        @jaminh: Thanks for the patch, it will certainly help.

        Things are a bit tricky, however, because I don't want to force people to upgrade their wss4j version in a bug-fix release of Spring-WS (2.0.5). Forcing an upgrade would be fine for a 2.1 version of SWS, but 2.1 is still far off.

        So we'll have to resort to some reflection trickery in order to make our wss4j support work for both 1.5.x and 1.6.x. We have this kind of tricks in other places as well, for instance the Quartz support in SPR. It's not easy, but hopefully it will work.

        Show
        arjen.poutsma Arjen Poutsma added a comment - @jaminh: Thanks for the patch, it will certainly help. Things are a bit tricky, however, because I don't want to force people to upgrade their wss4j version in a bug-fix release of Spring-WS (2.0.5). Forcing an upgrade would be fine for a 2.1 version of SWS, but 2.1 is still far off. So we'll have to resort to some reflection trickery in order to make our wss4j support work for both 1.5.x and 1.6.x. We have this kind of tricks in other places as well, for instance the Quartz support in SPR. It's not easy, but hopefully it will work.
        Hide
        mdiskin Mark Diskin added a comment -

        Any thoughts on doing parallel releases (2.0.5,2.1) with the wss4j in the 2.1 (or 2.1rc) and moving some of the other work into a 2.2?

        Show
        mdiskin Mark Diskin added a comment - Any thoughts on doing parallel releases (2.0.5,2.1) with the wss4j in the 2.1 (or 2.1rc) and moving some of the other work into a 2.2?
        Hide
        arjen.poutsma Arjen Poutsma added a comment -

        @mark: yeah, that's an option as well, but I am only willing to take that route as a last resort, after trying the reflection-based approach. It's quite uncommon for a Spring project to release a minor version with only library upgrades, and without any new features in it.

        Show
        arjen.poutsma Arjen Poutsma added a comment - @mark: yeah, that's an option as well, but I am only willing to take that route as a last resort, after trying the reflection-based approach. It's quite uncommon for a Spring project to release a minor version with only library upgrades, and without any new features in it.
        arjen.poutsma Arjen Poutsma made changes -
        Fix Version/s 2.1 RC1 [ 11748 ]
        Fix Version/s 2.0.5 [ 12848 ]
        arjen.poutsma Arjen Poutsma made changes -
        Status In Progress [ 3 ] Open [ 1 ]
        Hide
        arjen.poutsma Arjen Poutsma added a comment -

        After some investigation, I've decided that the reflection-based approach is just too much hassle. Instead, I am going to follow Mark's suggestion, and release 2.0.5 without it (hopefully today). Shortly after that (next week, perhaps), I will push out 2.1 RC1, which will contain a fix for this issue and a couple of other library upgrades. Since 2.1 will contain library upgrades, I expect a short release cycle, and hopefully we'll see a 2.1 GA shortly after the RC. All other 2.1 M1 issues have been moved to 2.2 M1.

        Show
        arjen.poutsma Arjen Poutsma added a comment - After some investigation, I've decided that the reflection-based approach is just too much hassle. Instead, I am going to follow Mark's suggestion, and release 2.0.5 without it (hopefully today). Shortly after that (next week, perhaps), I will push out 2.1 RC1, which will contain a fix for this issue and a couple of other library upgrades. Since 2.1 will contain library upgrades, I expect a short release cycle, and hopefully we'll see a 2.1 GA shortly after the RC. All other 2.1 M1 issues have been moved to 2.2 M1.
        Hide
        mdiskin Mark Diskin added a comment -

        In the meantime I've dropped the spring-ws-security dependancy, that way I'm able to bring in the latest wss4j 1.6 and handle the SAML2 SenderVoucher in my Security filter and still use the springws 2.0.x jars.

        Show
        mdiskin Mark Diskin added a comment - In the meantime I've dropped the spring-ws-security dependancy, that way I'm able to bring in the latest wss4j 1.6 and handle the SAML2 SenderVoucher in my Security filter and still use the springws 2.0.x jars.
        arjen.poutsma Arjen Poutsma logged work - 08/May/12 12:47 AM
        • Time Spent:
          1d 1h 22m
           
          <No comment>
        arjen.poutsma Arjen Poutsma made changes -
        Time Spent 14m [ 840 ] 1.2d [ 34560 ]
        Worklog Id 28639 [ 28639 ]
        arjen.poutsma Arjen Poutsma made changes -
        Status Open [ 1 ] In Progress [ 3 ]
        Hide
        arjen.poutsma Arjen Poutsma added a comment -

        I've upgraded SVN to use WSS4J 1.6, with the help of the patch provided jaminh (Thanks!). It compiles, and all tests run fine. That said, because the way WSS4J has changed internally, there are some breaking changes:

        • SpringDigestPasswordValidationCallbackHandler and SpringPlainTestPasswordValidationCallbackHandler have been merged into SpringSecurityPasswordValidationCallbackHandler, which works the same way as the SpringDigestPasswordValidationCallbackHandler (i.e. supply it with a UserDetailsService).
        • The Wss4jSecurityInterceptor no longer has the securementCallbackHandler property, as it's no longer used by WS4J.

        Furthermore, the Wss4jSecurityInterceptor has some additional properties: enableRevocation and bspCompliant. Check the javadocs to see what these do.

        I've just triggered a snapshot build, and it would be great if you guys could check it out if everything still works for you. This page shows you how to get snapshots.

        If everything looks good, I will release 2.1.0-RC1 this Friday (11th May) followed by the GA release the following week.

        Show
        arjen.poutsma Arjen Poutsma added a comment - I've upgraded SVN to use WSS4J 1.6, with the help of the patch provided jaminh (Thanks!). It compiles, and all tests run fine. That said, because the way WSS4J has changed internally, there are some breaking changes: SpringDigestPasswordValidationCallbackHandler and SpringPlainTestPasswordValidationCallbackHandler have been merged into SpringSecurityPasswordValidationCallbackHandler , which works the same way as the SpringDigestPasswordValidationCallbackHandler (i.e. supply it with a UserDetailsService ). The Wss4jSecurityInterceptor no longer has the securementCallbackHandler property, as it's no longer used by WS4J. Furthermore, the Wss4jSecurityInterceptor has some additional properties: enableRevocation and bspCompliant. Check the javadocs to see what these do. I've just triggered a snapshot build, and it would be great if you guys could check it out if everything still works for you. This page shows you how to get snapshots. If everything looks good, I will release 2.1.0-RC1 this Friday (11th May) followed by the GA release the following week.
        arjen.poutsma Arjen Poutsma logged work - 09/May/12 3:57 AM
        • Time Spent:
          2d 0.5h
           
          <No comment>
        arjen.poutsma Arjen Poutsma made changes -
        Time Spent 1.2d [ 34560 ] 3d 2.1h [ 93960 ]
        Worklog Id 28645 [ 28645 ]
        arjen.poutsma Arjen Poutsma made changes -
        Status In Progress [ 3 ] Resolved [ 5 ]
        Resolution Complete [ 8 ]
        Hide
        arjen.poutsma Arjen Poutsma added a comment -

        I've just pushed out version 2.1.0.RC1. Please give it a go and tell me if you find anything.

        Show
        arjen.poutsma Arjen Poutsma added a comment - I've just pushed out version 2.1.0.RC1. Please give it a go and tell me if you find anything.
        Hide
        pkotlov Pavel Kotlov added a comment -

        Combination of spring-ws-2.1.0 and wss4j-1.6.6 still results in this error:

        Could not instantiate bean class [org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor]: Constructor threw exception; 
        nested exception is java.lang.NoSuchMethodError: org.apache.ws.security.WSSecurityEngine.getInstance()Lorg/apache/ws/security/WSSecurityEngine;

        Using wss4j-1.5.12 solves the problem for me. Well perhaps not for everyone...

        Show
        pkotlov Pavel Kotlov added a comment - Combination of spring-ws-2.1.0 and wss4j-1.6.6 still results in this error: Could not instantiate bean class [org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor]: Constructor threw exception; nested exception is java.lang.NoSuchMethodError: org.apache.ws.security.WSSecurityEngine.getInstance()Lorg/apache/ws/security/WSSecurityEngine; Using wss4j-1.5.12 solves the problem for me. Well perhaps not for everyone...
        Hide
        vansh2k6 Vanshaj added a comment -

        I am using Spring-ws 2.1.4 along with wss4j 1.6.4 and getting the same problem while using wss4j 1.5.x, its working fine.

        Looks like the issue still exists with wss4j 1.6.x.

        Show
        vansh2k6 Vanshaj added a comment - I am using Spring-ws 2.1.4 along with wss4j 1.6.4 and getting the same problem while using wss4j 1.5.x, its working fine. Looks like the issue still exists with wss4j 1.6.x.
        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        In Progress In Progress Open Open
        199d 5h 13m 2 Arjen Poutsma 04/May/12 5:16 AM
        Open Open In Progress In Progress
        121d 10h 33m 3 Arjen Poutsma 09/May/12 1:56 AM
        In Progress In Progress Resolved Resolved
        2h 1m 1 Arjen Poutsma 09/May/12 3:57 AM

          People

          • Assignee:
            arjen.poutsma Arjen Poutsma
            Reporter:
            mdiskin Mark Diskin
          • Votes:
            4 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Time Tracking

              Estimated:
              Original Estimate - Not Specified
              Not Specified
              Remaining:
              Remaining Estimate - Not Specified
              Not Specified
              Logged:
              Time Spent - 3d 2.1h
              3d 2.1h