glassfish
  1. glassfish
  2. GLASSFISH-9004

[BLOCKING]"No Security Header" messages continously in server logs.

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: V3
    • Fix Version/s: V3
    • Component/s: web_services
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: Sun

    • Issuezilla Id:
      9,004

      Description

      Build: V3 Build 55
      JDK1.6.0_14
      Galactica Application

      When running Galactica application, I am getting this error message on client
      and the following error message on server. I am using Faban as the client tool.
      The Client and Server are on different machines.

      Copied the following 2 jars from appserver's modules/endorsed directory to jdk's
      endorsed directory on both machines as follows.

      cp /export/home/glassfishv3/glassfish/modules/endorsed/*
      /export/home/jdk/jdk160_14/jre/lib/endorsed

      bigapp-niagara-3(aroot):lib/endorsed ->pwd
      /export/home/jdk/jdk160_14/jre/lib/endorsed

      bigapp-niagara-3(aroot):lib/endorsed ->ls -l
      total 496
      rw-rr- 1 root root 103849 Aug 3 14:49 jaxb-api-osgi.jar
      rw-rr- 1 root root 126432 Aug 3 14:49 webservices-api-osgi.jar

      The following logs are after setting both client and server to FINE logging. On
      server, set the following property to FINEST in logging.properties file
      javax.enterprise.system.webservices.level=FINEST

      Couldn't get any further logging in server except for the ones below.

      Client Tool
      ************
      [java] FINE: Using optimized Accessor for protected java.lang.Boolean
      airline.OriginDestinationInformation.isOneWay
      [java] Aug 3, 2009 5:56:21 PM
      com.sun.xml.bind.v2.runtime.reflect.opt.Injector inject
      [java] FINE: Unable to inject airline/Address$JaxbAccessorF_addressLine
      [java] java.lang.reflect.InvocationTargetException
      [java] at sun.reflect.GeneratedMethodAccessor70.invoke(Unknown Source)
      [java] at
      sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      [java] at java.lang.reflect.Method.invoke(Method.java:597)
      [java] at
      com.sun.xml.bind.v2.runtime.reflect.opt.Injector.inject(Injector.java:181)
      [java] at
      com.sun.xml.bind.v2.runtime.reflect.opt.Injector.inject(Injector.java:85)
      [java] at
      com.sun.xml.bind.v2.runtime.reflect.opt.AccessorInjector.prepare(AccessorInjector.java:87)
      [java] at
      com.sun.xml.bind.v2.runtime.reflect.opt.OptimizedAccessorFactory.get(OptimizedAccessorFactory.java:165)
      [java] at
      com.sun.xml.bind.v2.runtime.reflect.Accessor$FieldReflection.optimize(Accessor.java:256)
      [java] at
      com.sun.xml.bind.v2.runtime.property.ArrayProperty.<init>(ArrayProperty.java:65)
      [java] at
      com.sun.xml.bind.v2.runtime.property.ArrayERProperty.<init>(ArrayERProperty.java:84)
      [java] at
      com.sun.xml.bind.v2.runtime.property.ArrayElementProperty.<init>(ArrayElementProperty.java:96)
      [java] at
      com.sun.xml.bind.v2.runtime.property.ArrayElementLeafProperty.<init>(ArrayElementLeafProperty.java:66)
      [java] at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
      Method)
      [java] at
      sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
      [java] at
      sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
      [java] at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
      [java] at
      com.sun.xml.bind.v2.runtime.property.PropertyFactory.create(PropertyFactory.java:124)
      [java] at
      com.sun.xml.bind.v2.runtime.ClassBeanInfoImpl.<init>(ClassBeanInfoImpl.java:175)
      [java] at
      com.sun.xml.bind.v2.runtime.JAXBContextImpl.getOrCreate(JAXBContextImpl.java:515)
      [java] at
      com.sun.xml.bind.v2.runtime.JAXBContextImpl.getOrCreate(JAXBContextImpl.java:534)
      [java] at
      com.sun.xml.bind.v2.runtime.property.SingleElementNodeProperty.<init>(SingleElementNodeProperty.java:101)
      [java] at
      sun.reflect.GeneratedConstructorAccessor131.newInstance(Unknown Source)
      [java] at
      sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
      [java] at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
      [java] at
      com.sun.xml.bind.v2.runtime.property.PropertyFactory.create(PropertyFactory.java:124)
      [java] at
      com.sun.xml.bind.v2.runtime.ClassBeanInfoImpl.<init>(ClassBeanInfoImpl.java:175)
      [java] at
      com.sun.xml.bind.v2.runtime.JAXBContextImpl.getOrCreate(JAXBContextImpl.java:515)
      [java] at
      com.sun.xml.bind.v2.runtime.JAXBContextImpl.getOrCreate(JAXBContextImpl.java:534)
      [java] at
      com.sun.xml.bind.v2.runtime.property.ArrayElementProperty.<init>(ArrayElementProperty.java:108)
      [java] at
      com.sun.xml.bind.v2.runtime.property.ArrayElementNodeProperty.<init>(ArrayElementNodeProperty.java:58)
      [java] at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
      Method)
      [java] at
      sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
      [java] at
      sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
      [java] at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
      [java] at
      com.sun.xml.bind.v2.runtime.property.PropertyFactory.create(PropertyFactory.java:124)
      [java] at
      com.sun.xml.bind.v2.runtime.ClassBeanInfoImpl.<init>(ClassBeanInfoImpl.java:175)
      [java] at
      com.sun.xml.bind.v2.runtime.JAXBContextImpl.getOrCreate(JAXBContextImpl.java:515)
      [java] at
      com.sun.xml.bind.v2.runtime.JAXBContextImpl.<init>(JAXBContextImpl.java:330)
      [java] at
      com.sun.xml.bind.v2.runtime.JAXBContextImpl$JAXBContextBuilder.build(JAXBContextImpl.java:1136)
      [java] at
      com.sun.xml.bind.v2.ContextFactory.createContext(ContextFactory.java:154)
      [java] at
      com.sun.xml.bind.api.JAXBRIContext.newInstance(JAXBRIContext.java:106)
      [java] at
      com.sun.xml.ws.developer.JAXBContextFactory$1.createJAXBContext(JAXBContextFactory.java:109)
      [java] at
      com.sun.xml.ws.model.AbstractSEIModelImpl$1.run(AbstractSEIModelImpl.java:161)
      [java] at
      com.sun.xml.ws.model.AbstractSEIModelImpl$1.run(AbstractSEIModelImpl.java:154)
      [java] at java.security.AccessController.doPrivileged(Native Method)
      [java] at
      com.sun.xml.ws.model.AbstractSEIModelImpl.createJAXBContext(AbstractSEIModelImpl.java:153)
      [java] at
      com.sun.xml.ws.model.AbstractSEIModelImpl.postProcess(AbstractSEIModelImpl.java:94)
      [java] at
      com.sun.xml.ws.model.RuntimeModeler.buildRuntimeModel(RuntimeModeler.java:258)
      [java] at
      com.sun.xml.ws.client.WSServiceDelegate.createSEIPortInfo(WSServiceDelegate.java:661)
      [java] at
      com.sun.xml.ws.client.WSServiceDelegate.addSEI(WSServiceDelegate.java:649)
      [java] at
      com.sun.xml.ws.client.WSServiceDelegate.getPort(WSServiceDelegate.java:341)
      [java] at
      com.sun.xml.ws.client.WSServiceDelegate.getPort(WSServiceDelegate.java:324)
      [java] at
      com.sun.xml.ws.client.WSServiceDelegate.getPort(WSServiceDelegate.java:306)
      [java] at javax.xml.ws.Service.getPort(Service.java:99)
      [java] at
      com.sun.galactica.airlineservice.clientbindings.AirlineService.getAirlineServiceSEIPort(AirlineService.java:73)
      [java] at com.sun.galactica.client.FabanClient.initialize(Unknown Source)
      [java] at com.sun.galactica.client.FabanClient.<init>(Unknown Source)
      [java] at sun.reflect.GeneratedConstructorAccessor3.newInstance(Unknown
      Source)
      [java] at
      sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
      [java] at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
      [java] at java.lang.Class.newInstance0(Class.java:355)
      [java] at java.lang.Class.newInstance(Class.java:308)
      [java] at com.sun.faban.driver.core.TimeThread.doRun(TimeThread.java:71)
      [java] at com.sun.faban.driver.core.AgentThread.run(AgentThread.java:146)
      [java] Caused by: java.lang.LinkageError: loader (instance of
      sun/misc/Launcher$AppClassLoader): attempted duplicate class definition for
      name: "airline/Address$JaxbAccessorF_addressLine"
      [java] at java.lang.ClassLoader.defineClass1(Native Method)
      [java] at java.lang.ClassLoader.defineClass(ClassLoader.java:621)
      [java] at java.lang.ClassLoader.defineClass(ClassLoader.java:466)
      [java] ... 64 more

      After the client throws the above error continously, in few seconds, server
      throws the following error.

      Server
      *******
      [#|2009-08-03T17:55:52.204-0700|INFO|glassfish|null|_ThreadID=15;_ThreadName=Thread-1;|felix.fileinstall.bundles.new.start
      true|#]

      [#|2009-08-03T17:57:07.082-0700|SEVERE|glassfish|javax.enterprise.resource.xml.webservices.security|_ThreadID=17;_ThreadName=Thread-1;|WSS0253:
      Message does not conform to configured policy: No Security Header found in
      message|#]

      [#|2009-08-03T17:57:07.082-0700|SEVERE|glassfish|javax.enterprise.resource.xml.webservices.security|_ThreadID=16;_ThreadName=Thread-1;|WSS0253:
      Message does not conform to configured policy: No Security Header found in
      message|#]

      [#|2009-08-03T17:57:07.587-0700|SEVERE|glassfish|javax.enterprise.resource.xml.webservices.security|_ThreadID=18;_ThreadName=Thread-1;|WSS0253:
      Message does not conform to configured policy: No Security Header found in
      message|#]

      [#|2009-08-03T17:57:07.816-0700|SEVERE|glassfish|javax.enterprise.resource.xml.webservices.security|_ThreadID=19;_ThreadName=Thread-1;|WSS0253:
      Message does not conform to configured policy: No Security Header found in
      message|#]

      1. CardService_security_config.xml
        0.7 kB
        meenap
      2. CardService_security_config.xml
        0.7 kB
        meenap
      3. CardService_security_config.xml.orig
        0.7 kB
        meenap
      4. CardServiceClient_security_config.xml
        0.6 kB
        meenap
      5. jaxws-SecureCardService.war
        39 kB
        meenap
      6. server.log
        187 kB
        meenap
      7. wss-client-config-2.0.xml
        3 kB
        meenap
      8. wss-client-config-2.0.xml.orig
        3 kB
        meenap
      9. wss-server-config-2.0.xml
        3 kB
        meenap
      10. wss-server-config-2.0.xml.orig
        3 kB
        meenap

        Activity

        Hide
        meenap added a comment -

        Created an attachment (id=3598)
        CardService_security_config.xml

        Show
        meenap added a comment - Created an attachment (id=3598) CardService_security_config.xml
        Hide
        kumarjayanti added a comment -

        Can you put a deliberate syntax error in CardServiceClient_security_config.xml
        and send me the output of running the client. That will confirm if the client
        security configuration was being read.

        Show
        kumarjayanti added a comment - Can you put a deliberate syntax error in CardServiceClient_security_config.xml and send me the output of running the client. That will confirm if the client security configuration was being read.
        Hide
        kumarjayanti added a comment -

        This particular application is using old XWSS 2.0 style security and with Metro
        2.0 which is integrated into V3 we are deprecating/disabling this feature.
        However to enable this feature you can set the following System property at the
        very begining of your client code :

        System.setProperty("USE_XWSS_SECURITY", "true");

        Note : this property should be set before you do any port creation.

        The reason for doing this is because there are very few real users of this
        technology but it causes a client side Pipe/Tube to be inserted into the JAXWS
        tubline by default which may cause some performance loss for plain JAXWS apps
        that do not use any security.

        Show
        kumarjayanti added a comment - This particular application is using old XWSS 2.0 style security and with Metro 2.0 which is integrated into V3 we are deprecating/disabling this feature. However to enable this feature you can set the following System property at the very begining of your client code : System.setProperty("USE_XWSS_SECURITY", "true"); Note : this property should be set before you do any port creation. The reason for doing this is because there are very few real users of this technology but it causes a client side Pipe/Tube to be inserted into the JAXWS tubline by default which may cause some performance loss for plain JAXWS apps that do not use any security.
        Hide
        meenap added a comment -

        I set the following property in client code and ensured that the value is picked
        up using println statement but I am still seeing the issue.

        System.setProperty("USE_XWSS_SECURITY", "true");

        Show
        meenap added a comment - I set the following property in client code and ensured that the value is picked up using println statement but I am still seeing the issue. System.setProperty("USE_XWSS_SECURITY", "true");
        Hide
        kumarjayanti added a comment -

        Fixed in Metro build : http://hudson.sfbay/job/wsit-javanet/4681/

        Since this is not an issue in V3 code but Metro2.0 code so in future please file
        an issue on Metro. Please do not reopen this issue.

        Also you need to know all your client code. Because it is difficult for me to
        dig out where all the WebService Clients reside.

        The next time if you can give a small reproducable testcase that will be helpful
        or we will need to do a phone session together to debug.

        I have removed the need to set the USE_XWSS_SECURITY system property in Metro.

        Show
        kumarjayanti added a comment - Fixed in Metro build : http://hudson.sfbay/job/wsit-javanet/4681/ Since this is not an issue in V3 code but Metro2.0 code so in future please file an issue on Metro. Please do not reopen this issue. Also you need to know all your client code. Because it is difficult for me to dig out where all the WebService Clients reside. The next time if you can give a small reproducable testcase that will be helpful or we will need to do a phone session together to debug. I have removed the need to set the USE_XWSS_SECURITY system property in Metro.

          People

          • Assignee:
            kumarjayanti
            Reporter:
            meenap
          • Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: