|
|
I'm trying to setup plain text username authentication on weblogic 8.1 SP3.
Here's my securityPolicy.xmlCode:
lt;xwss:SecurityConfiguration dumpMessages=quot;falsequot; xmlns:xwss=quot;xml/ns/xwss/configquot;gt; lt;xwss:RequireUsernameToken passwordDigestRequired=quot;falsequot; nonceRequired=quot;falsequot;/gt;
lt;/xwss:SecurityConfigurationgt;
Here's my Interceptor and HandlerCode: lt;bean id=quot;wsSecurityInterceptorquot; class=quot;org..ws.soap.security.xwss.XwsSecurityInterceptorquot;gt; lt;property name=quot;secureResponsequot; value=quot;falsequot;/gt; lt;property name=quot;policyConfigurationquot; value=quot;/WEB-INF/securityPolicy.xmlquot;/gt; lt;property name=quot;callbackHandlersquot;gt; lt;ref bean=quot;passwordValidationHandlerquot;/gt; lt;/propertygt; lt;/beangt;
lt;bean id=quot;passwordValidationHandlerquot; class=quot;org..ws.soap.security.xwss.callback.SimplePasswordValidationCallbackHandlerquot;gt; lt;property name=quot;usersquot;gt; lt;propsgt;lt;prop key=quot;testquot;gt;testlt;/propgt; lt;/propsgt; lt;/propertygt;
lt;/beangt;
Here's the error that I'm receiving.Code:
Error 500--Internal Server Error
org..beans.factory.BeanCreationException: Error creating bean with name 'wsSecurityInterceptor' defined in ServletContext resource [/WEB-INF/wcrf-ws-servlet.xml]: Invocation of init method failed; nested exception is java.lang.NoClassDefFoundError: com/sun/org/apache/xerces/internal/jaxp/DocumentBuilderFactoryImpl
Caused by: java.lang.NoClassDefFoundError: com/sun/org/apache/xerces/internal/jaxp/DocumentBuilderFactoryImpl
at com.sun.xml.wss.impl.config.SecurityConfigurationXmlReader.parseXmlStream(Ljava.io.InputStream;Ljava.io.PrintStream;)Lorg.w3c.dom.Document;(SecurityConfigurationXmlReader.java:230)
at com.sun.xml.wss.impl.config.SecurityConfigurationXmlReader.parseXmlStream(Ljava.io.InputStream;)Lorg.w3c.dom.Document;(SecurityConfigurationXmlReader.java:223)
at com.sun.xml.wss.impl.config.SecurityConfigurationXmlReader.createDeclarativeConfiguration(Ljava.io.InputStream;)Lcom.sun.xml.wss.impl.config.DeclarativeSecurityConfiguration;(SecurityConfigurationXmlReader.java:281)
at com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.(Ljava.io.InputStream;Ljavax.security.auth.callback.CallbackHandler;)V(XWSSProcessor2_0Impl.java:54)
at com.sun.xml.wss.impl.misc.XWSSProcessorFactory2_0Impl.createProcessorForSecurityConfiguration(Ljava.io.InputStream;Ljavax.security.auth.callback.CallbackHandler;)Lcom.sun.xml.wss.XWSSProcessor;(XWSSProcessorFactory2_0Impl.java:35)
at org..ws.soap.security.xwss.XwsSecurityInterceptor.afterPropertiesSet()V(XwsSecurityInterceptor.java:106)
at org..beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(Ljava.lang.String;Ljava.lang.Object;Lorg..beans.factory.support.RootBeanDefinition;)V(AbstractAutowireCapableBeanFactory.java:1202)
at org..beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(Ljava.lang.String;Ljava.lang.Object;Lorg..beans.factory.support.RootBeanDefinition;)Ljava.lang.Object;(AbstractAutowireCapableBeanFactory.java:1172)
at org..beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(Ljava.lang.String;Lorg..beans.factory.support.RootBeanDefinition;[Ljava.lang.Object;)Ljava.lang.Object;(AbstractAutowireCapableBeanFactory.java:428)
at org..beans.factory.support.AbstractBeanFactory$1.getObject()Ljava.lang.Object;(AbstractBeanFactory.java:251)
at org..beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(Ljava.lang.String;Lorg..beans.factory.ObjectFactory;)Ljava.lang.Object;(DefaultSingletonBeanRegistry.java:156)
at org..beans.factory.support.AbstractBeanFactory.getBean(Ljava.lang.String;Ljava.lang.Class;[Ljava.lang.Object;)Ljava.lang.Object;(AbstractBeanFactory.java:248)
at org..beans.factory.support.AbstractBeanFactory.getBean(Ljava.lang.String;)Ljava.lang.Object;(AbstractBeanFactory.java:160)
at org..beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons()V(DefaultListableBeanFactory.java:287)
at org..context.support.AbstractApplicationContext.refresh()V(AbstractApplicationContext.java:352)
at org..web.servlet.FrameworkServlet.createWebApplicationContext(Lorg..web.context.WebApplicationContext;)Lorg..web.context.WebApplicationContext;(FrameworkServlet.java:330)
at org..web.servlet.FrameworkServlet.initWebApplicationContext()Lorg..web.context.WebApplicationContext;(FrameworkServlet.java:266)
at org..web.servlet.FrameworkServlet.initServletBean()V(FrameworkServlet.java:236)
at org..web.servlet.fromServletBean.init()V(fromServletBean.java:126)
at javax.servlet.GenericServlet.init(Ljavax.servlet.ServletConfig;)V(GenericServlet.java:258)
at weblogic.servlet.internal.ServletStubImpl$ServletInitAction.run()Ljava.lang.Object;(ServletStubImpl.java:1018)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Lweblogic.security.subject.AbstractSubject;Ljava.security.PrivilegedAction;)Ljava.lang.Object;(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Lweblogic.security.acl.internal.AuthenticatedSubject;Lweblogic.security.acl.internal.AuthenticatedSubject;Ljava.security.PrivilegedAction;)Ljava.lang.Object;(SecurityManager.java:118)
at weblogic.servlet.internal.ServletStubImpl.createServlet()Ljavax.servlet.Servlet;(ServletStubImpl.java:894)
at weblogic.servlet.internal.ServletStubImpl.createInstances()V(ServletStubImpl.java:873)
at weblogic.servlet.internal.ServletStubImpl.prepareServlet(Lweblogic.servlet.internal.RequestCallback;)V(ServletStubImpl.java:812)
at weblogic.servlet.internal.ServletStubImpl.getServlet(Lweblogic.servlet.internal.RequestCallback;)Ljavax.servlet.Servlet;(ServletStubImpl.java:535)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(Ljavax.servlet.ServletRequest;Ljavax.servlet.ServletResponse;Lweblogic.servlet.internal.FilterChainImpl;)V(ServletStubImpl.java:373)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(Ljavax.servlet.ServletRequest;Ljavax.servlet.ServletResponse;)V(ServletStubImpl.java:315)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run()Ljava.lang.Object;(WebAppServletContext.java:6452)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Lweblogic.security.subject.AbstractSubject;Ljava.security.PrivilegedAction;)Ljava.lang.Object;(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Lweblogic.security.acl.internal.AuthenticatedSubject;Lweblogic.security.acl.internal.AuthenticatedSubject;Ljava.security.PrivilegedAction;)Ljava.lang.Object;(SecurityManager.java:118)
I have my weblogic.xml file set the to following, but it appears that it still won't use my newer xerces jar. I found this link bea/thread.jsp...geID=600039549 but you have to map based on a particular document type and not the application. We have a shared environment and I'm not sure if I'm going to be allowed to do this. Has anyone gotten security to work on WL8.1?Code:
lt;?xml version=quot;1.0quot; encoding=quot;ISO-8859-1quot;?gt;
lt;!DOCTYPE weblogic-web-app PUBLIC quot;-//BEA Systems, Inc.//DTD Web Application 8.1//ENquot; quot;servers/wls810/dtd/weblogic810-web-jar.dtdquot;gt;
lt;weblogic-web-appgt; lt;container-descriptorgt; lt;prefer-web-inf-classesgt;truelt;/prefer-web-inf-classesgt; lt;/container-descriptorgt;
lt;/weblogic-web-appgt;.apache package comes from. So if you can make Weblogic 8 run on Java 5, you should be fine.
Thanks for the explanation. I'm forced to use a shared environment, so I don't think I'll be able to use java 5. You might want to update section 1.2 (Runtime environment) in the documentation. It implies that everything can run in a Java 1.3 environment. Adding the dependency for Java 5 under the Security package will help. Are there any other packages/features that require java 5?
Thanks for the tip, I've updated the reference docs accordingly. |
|
Post at 2011-4-15 15:09
| This Author's Posts Only
