Skip to main content

Kerberos handling in 2.0

10 replies [Last post]
jvrobert
Offline
Joined: 2008-12-14
Points: 0

Hi,

Does Kerberos work yet in 2.0? I have a 1.5 client that works, but when I switch it to use 2.0 (which I know is not stable/entirely working yet) I get:

Jul 13, 2009 10:54:42 PM com.sun.xml.ws.security.opt.impl.keyinfo.KerberosTokenBuilder process
SEVERE: WSS1803: The reference type is not supported
Jul 13, 2009 10:54:42 PM com.sun.xml.ws.security.opt.impl.dsig.SignatureProcessor sign
SEVERE: WSS1701: Sign operation failed.
com.sun.xml.wss.XWSSecurityException: WSS1803: The reference type is not supported

Wondering if something changed I should be doing or if this is just an expected issue right now.

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
supkichen
Offline
Joined: 2010-03-30
Points: 0

Hi, I've just run into the same problem, trying to get a Kerberos demo up and running, with Metro 2.0 The stack trace, and the wsit-client policy are included at the end of this email.

I tried stepping through the code to work out why, but man, is that some complicated code!! The best I came up with is...

com.sun.xml.ws.security.opt.impl.keyinfo.KerberosTokenBuilder.process() is calling setIncludeTokenPolicy() which seems to be the only place where setReferenceType() is called on the binding. But the logic only looks at IncludeToken with a namespace from an older version. If I use the debugger to call binding.setReferenceType(MessageConstants.DIRECT_REFERENCE_TYPE) manually at the end of setIncludeTokenPolicy(), then everything works great.

Is this a bug, or more probably a configuration problem? Either way, I have no idea how to fix it.

many thanks,
Craig

* I used a policy generated by NetBeans 6.8, the relevant section being:









































* 31/03/2010 12:50:59 PM com.sun.xml.ws.security.opt.impl.keyinfo.KerberosTokenBuilder process
SEVERE: WSS1803: The reference type is not supported
31/03/2010 12:50:59 PM com.sun.xml.ws.security.opt.impl.dsig.SignatureProcessor sign
SEVERE: WSS1701: Sign operation failed.
com.sun.xml.wss.XWSSecurityException: WSS1803: The reference type is not supported
at com.sun.xml.ws.security.opt.impl.keyinfo.KerberosTokenBuilder.process(KerberosTokenBuilder.java:100)
at com.sun.xml.ws.security.opt.impl.keyinfo.SymmetricTokenBuilder.process(SymmetricTokenBuilder.java:290)
at com.sun.xml.ws.security.opt.impl.dsig.TokenProcessor.process(TokenProcessor.java:190)
at com.sun.xml.ws.security.opt.impl.dsig.SignatureProcessor.sign(SignatureProcessor.java:109)
at com.sun.xml.wss.impl.filter.SignatureFilter.sign(SignatureFilter.java:631)
at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:589)
at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:93)
at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:272)
at com.sun.xml.wss.impl.SecurityAnnotator.processMessagePolicy(SecurityAnnotator.java:189)
at com.sun.xml.wss.impl.SecurityAnnotator.secureMessage(SecurityAnnotator.java:150)
at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:397)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:311)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:240)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470)
at com.sun.xml.ws.client.Stub.process(Stub.java:319)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:157)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:140)
at $Proxy45.getHdeskIssue(Unknown Source)
at Main.main(Main.java:32)
31/03/2010 12:50:59 PM com.sun.xml.wss.jaxws.impl.SecurityTubeBase secureOutboundMessage
SEVERE: WSSTUBE0024: Error in Securing Outbound Message.
com.sun.xml.wss.XWSSecurityException: WSS1803: The reference type is not supported
at com.sun.xml.ws.security.opt.impl.keyinfo.KerberosTokenBuilder.process(KerberosTokenBuilder.java:100)
at com.sun.xml.ws.security.opt.impl.keyinfo.SymmetricTokenBuilder.process(SymmetricTokenBuilder.java:290)
at com.sun.xml.ws.security.opt.impl.dsig.TokenProcessor.process(TokenProcessor.java:190)
at com.sun.xml.ws.security.opt.impl.dsig.SignatureProcessor.sign(SignatureProcessor.java:109)
at com.sun.xml.wss.impl.filter.SignatureFilter.sign(SignatureFilter.java:631)
at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:589)
at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:93)
at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:272)
at com.sun.xml.wss.impl.SecurityAnnotator.processMessagePolicy(SecurityAnnotator.java:189)
at com.sun.xml.wss.impl.SecurityAnnotator.secureMessage(SecurityAnnotator.java:150)
at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:397)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:311)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:240)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470)
at com.sun.xml.ws.client.Stub.process(Stub.java:319)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:157)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:140)
at $Proxy45.getHdeskIssue(Unknown Source)
at Main.main(Main.java:32)
31/03/2010 12:50:59 PM com.sun.xml.wss.jaxws.impl.SecurityClientTube processClientRequestPacket
SEVERE: WSSTUBE0024: Error in Securing Outbound Message.
com.sun.xml.wss.impl.WssSoapFaultException: WSS1803: The reference type is not supported
at com.sun.xml.wss.impl.SecurableSoapMessage.newSOAPFaultException(SecurableSoapMessage.java:336)
at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:402)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:311)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:240)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470)
at com.sun.xml.ws.client.Stub.process(Stub.java:319)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:157)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:140)
at $Proxy45.getHdeskIssue(Unknown Source)
at Main.main(Main.java:32)
Caused by: com.sun.xml.wss.XWSSecurityException: WSS1803: The reference type is not supported
at com.sun.xml.ws.security.opt.impl.keyinfo.KerberosTokenBuilder.process(KerberosTokenBuilder.java:100)
at com.sun.xml.ws.security.opt.impl.keyinfo.SymmetricTokenBuilder.process(SymmetricTokenBuilder.java:290)
at com.sun.xml.ws.security.opt.impl.dsig.TokenProcessor.process(TokenProcessor.java:190)
at com.sun.xml.ws.security.opt.impl.dsig.SignatureProcessor.sign(SignatureProcessor.java:109)
at com.sun.xml.wss.impl.filter.SignatureFilter.sign(SignatureFilter.java:631)
at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:589)
at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:93)
at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:272)
at com.sun.xml.wss.impl.SecurityAnnotator.processMessagePolicy(SecurityAnnotator.java:189)
at com.sun.xml.wss.impl.SecurityAnnotator.secureMessage(SecurityAnnotator.java:150)
at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:397)
... 13 more
javax.xml.ws.WebServiceException: WSSTUBE0024: Error in Securing Outbound Message.
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:316)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:240)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470)
at com.sun.xml.ws.client.Stub.process(Stub.java:319)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:157)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:140)
at $Proxy45.getHdeskIssue(Unknown Source)
at Main.main(Main.java:32)
Caused by: javax.xml.ws.soap.SOAPFaultException: WSS1803: The reference type is not supported
at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.getSOAPFaultException(SecurityTubeBase.java:674)
... 13 more
Caused by: com.sun.xml.wss.impl.WssSoapFaultException: WSS1803: The reference type is not supported
at com.sun.xml.wss.impl.SecurableSoapMessage.newSOAPFaultException(SecurableSoapMessage.java:336)
at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:402)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:311)
... 12 more
Caused by: com.sun.xml.wss.XWSSecurityException: WSS1803: The reference type is not supported
at com.sun.xml.ws.security.opt.impl.keyinfo.KerberosTokenBuilder.process(KerberosTokenBuilder.java:100)
at com.sun.xml.ws.security.opt.impl.keyinfo.SymmetricTokenBuilder.process(SymmetricTokenBuilder.java:290)
at com.sun.xml.ws.security.opt.impl.dsig.TokenProcessor.process(TokenProcessor.java:190)
at com.sun.xml.ws.security.opt.impl.dsig.SignatureProcessor.sign(SignatureProcessor.java:109)
at com.sun.xml.wss.impl.filter.SignatureFilter.sign(SignatureFilter.java:631)
at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:589)
at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:93)
at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:272)
at com.sun.xml.wss.impl.SecurityAnnotator.processMessagePolicy(SecurityAnnotator.java:189)
at com.sun.xml.wss.impl.SecurityAnnotator.secureMessage(SecurityAnnotator.java:150)
at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:397)
... 13 more

Kumar Jayanti

metro@javadesktop.org wrote:
> Hi, I've just run into the same problem, trying to get a Kerberos demo up and running, with Metro 2.0 The stack trace, and the wsit-client policy are included at the end of this email.
>
> I tried stepping through the code to work out why, but man, is that some complicated code!! The best I came up with is...
>
> com.sun.xml.ws.security.opt.impl.keyinfo.KerberosTokenBuilder.process() is calling setIncludeTokenPolicy() which seems to be the only place where setReferenceType() is called on the binding. But the logic only looks at IncludeToken with a namespace from an older version. If I use the debugger to call binding.setReferenceType(MessageConstants.DIRECT_REFERENCE_TYPE) manually at the end of setIncludeTokenPolicy(), then everything works great.
>
> Is this a bug, or more probably a configuration problem? Either way, I have no idea how to fix it.
>
it appears to be a bug based on your investigation. It is likely that
our QE does not have kerb tests with the spec version of the namespace.

will try to fix this soon.

Thanks for your investigation..

>
> many thanks,
> Craig
>
>
> * I used a policy generated by NetBeans 6.8, the relevant section being:
>
>
>
>
>
>
>
>
>
>
>
>
>
>

>

>

>

>
>
>
>

>

>
>
>
>
>
>

>

>

>

>
>
>
>
>
>

>

>
>

>

>

>
>
> * 31/03/2010 12:50:59 PM com.sun.xml.ws.security.opt.impl.keyinfo.KerberosTokenBuilder process
> SEVERE: WSS1803: The reference type is not supported
> 31/03/2010 12:50:59 PM com.sun.xml.ws.security.opt.impl.dsig.SignatureProcessor sign
> SEVERE: WSS1701: Sign operation failed.
> com.sun.xml.wss.XWSSecurityException: WSS1803: The reference type is not supported
> at com.sun.xml.ws.security.opt.impl.keyinfo.KerberosTokenBuilder.process(KerberosTokenBuilder.java:100)
> at com.sun.xml.ws.security.opt.impl.keyinfo.SymmetricTokenBuilder.process(SymmetricTokenBuilder.java:290)
> at com.sun.xml.ws.security.opt.impl.dsig.TokenProcessor.process(TokenProcessor.java:190)
> at com.sun.xml.ws.security.opt.impl.dsig.SignatureProcessor.sign(SignatureProcessor.java:109)
> at com.sun.xml.wss.impl.filter.SignatureFilter.sign(SignatureFilter.java:631)
> at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:589)
> at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:93)
> at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:272)
> at com.sun.xml.wss.impl.SecurityAnnotator.processMessagePolicy(SecurityAnnotator.java:189)
> at com.sun.xml.wss.impl.SecurityAnnotator.secureMessage(SecurityAnnotator.java:150)
> at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:397)
> at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:311)
> at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:240)
> at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629)
> at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588)
> at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573)
> at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470)
> at com.sun.xml.ws.client.Stub.process(Stub.java:319)
> at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:157)
> at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109)
> at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
> at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:140)
> at $Proxy45.getHdeskIssue(Unknown Source)
> at Main.main(Main.java:32)
> 31/03/2010 12:50:59 PM com.sun.xml.wss.jaxws.impl.SecurityTubeBase secureOutboundMessage
> SEVERE: WSSTUBE0024: Error in Securing Outbound Message.
> com.sun.xml.wss.XWSSecurityException: WSS1803: The reference type is not supported
> at com.sun.xml.ws.security.opt.impl.keyinfo.KerberosTokenBuilder.process(KerberosTokenBuilder.java:100)
> at com.sun.xml.ws.security.opt.impl.keyinfo.SymmetricTokenBuilder.process(SymmetricTokenBuilder.java:290)
> at com.sun.xml.ws.security.opt.impl.dsig.TokenProcessor.process(TokenProcessor.java:190)
> at com.sun.xml.ws.security.opt.impl.dsig.SignatureProcessor.sign(SignatureProcessor.java:109)
> at com.sun.xml.wss.impl.filter.SignatureFilter.sign(SignatureFilter.java:631)
> at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:589)
> at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:93)
> at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:272)
> at com.sun.xml.wss.impl.SecurityAnnotator.processMessagePolicy(SecurityAnnotator.java:189)
> at com.sun.xml.wss.impl.SecurityAnnotator.secureMessage(SecurityAnnotator.java:150)
> at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:397)
> at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:311)
> at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:240)
> at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629)
> at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588)
> at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573)
> at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470)
> at com.sun.xml.ws.client.Stub.process(Stub.java:319)
> at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:157)
> at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109)
> at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
> at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:140)
> at $Proxy45.getHdeskIssue(Unknown Source)
> at Main.main(Main.java:32)
> 31/03/2010 12:50:59 PM com.sun.xml.wss.jaxws.impl.SecurityClientTube processClientRequestPacket
> SEVERE: WSSTUBE0024: Error in Securing Outbound Message.
> com.sun.xml.wss.impl.WssSoapFaultException: WSS1803: The reference type is not supported
> at com.sun.xml.wss.impl.SecurableSoapMessage.newSOAPFaultException(SecurableSoapMessage.java:336)
> at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:402)
> at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:311)
> at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:240)
> at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629)
> at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588)
> at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573)
> at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470)
> at com.sun.xml.ws.client.Stub.process(Stub.java:319)
> at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:157)
> at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109)
> at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
> at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:140)
> at $Proxy45.getHdeskIssue(Unknown Source)
> at Main.main(Main.java:32)
> Caused by: com.sun.xml.wss.XWSSecurityException: WSS1803: The reference type is not supported
> at com.sun.xml.ws.security.opt.impl.keyinfo.KerberosTokenBuilder.process(KerberosTokenBuilder.java:100)
> at com.sun.xml.ws.security.opt.impl.keyinfo.SymmetricTokenBuilder.process(SymmetricTokenBuilder.java:290)
> at com.sun.xml.ws.security.opt.impl.dsig.TokenProcessor.process(TokenProcessor.java:190)
> at com.sun.xml.ws.security.opt.impl.dsig.SignatureProcessor.sign(SignatureProcessor.java:109)
> at com.sun.xml.wss.impl.filter.SignatureFilter.sign(SignatureFilter.java:631)
> at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:589)
> at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:93)
> at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:272)
> at com.sun.xml.wss.impl.SecurityAnnotator.processMessagePolicy(SecurityAnnotator.java:189)
> at com.sun.xml.wss.impl.SecurityAnnotator.secureMessage(SecurityAnnotator.java:150)
> at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:397)
> ... 13 more
> javax.xml.ws.WebServiceException: WSSTUBE0024: Error in Securing Outbound Message.
> at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:316)
> at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:240)
> at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629)
> at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588)
> at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573)
> at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470)
> at com.sun.xml.ws.client.Stub.process(Stub.java:319)
> at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:157)
> at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109)
> at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
> at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:140)
> at $Proxy45.getHdeskIssue(Unknown Source)
> at Main.main(Main.java:32)
> Caused by: javax.xml.ws.soap.SOAPFaultException: WSS1803: The reference type is not supported
> at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.getSOAPFaultException(SecurityTubeBase.java:674)
> ... 13 more
> Caused by: com.sun.xml.wss.impl.WssSoapFaultException: WSS1803: The reference type is not supported
> at com.sun.xml.wss.impl.SecurableSoapMessage.newSOAPFaultException(SecurableSoapMessage.java:336)
> at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:402)
> at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:311)
> ... 12 more
> Caused by: com.sun.xml.wss.XWSSecurityException: WSS1803: The reference type is not supported
> at com.sun.xml.ws.security.opt.impl.keyinfo.KerberosTokenBuilder.process(KerberosTokenBuilder.java:100)
> at com.sun.xml.ws.security.opt.impl.keyinfo.SymmetricTokenBuilder.process(SymmetricTokenBuilder.java:290)
> at com.sun.xml.ws.security.opt.impl.dsig.TokenProcessor.process(TokenProcessor.java:190)
> at com.sun.xml.ws.security.opt.impl.dsig.SignatureProcessor.sign(SignatureProcessor.java:109)
> at com.sun.xml.wss.impl.filter.SignatureFilter.sign(SignatureFilter.java:631)
> at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:589)
> at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:93)
> at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:272)
> at com.sun.xml.wss.impl.SecurityAnnotator.processMessagePolicy(SecurityAnnotator.java:189)
> at com.sun.xml.wss.impl.SecurityAnnotator.secureMessage(SecurityAnnotator.java:150)
> at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:397)
> ... 13 more
> [Message sent by forum member 'supkichen']
>
> http://forums.java.net/jive/thread.jspa?messageID=394570
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@metro.dev.java.net
> For additional commands, e-mail: users-help@metro.dev.java.net
>
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@metro.dev.java.net
For additional commands, e-mail: users-help@metro.dev.java.net

Kumar Jayanti

Kumar Jayanti wrote:
> metro@javadesktop.org wrote:
>> Hi, I've just run into the same problem, trying to get a Kerberos
>> demo up and running, with Metro 2.0 The stack trace, and the
>> wsit-client policy are included at the end of this email.
>>
>> I tried stepping through the code to work out why, but man, is that
>> some complicated code!! The best I came up with is...
>>
>> com.sun.xml.ws.security.opt.impl.keyinfo.KerberosTokenBuilder.process()
>> is calling setIncludeTokenPolicy() which seems to be the only place
>> where setReferenceType() is called on the binding. But the logic only
>> looks at IncludeToken with a namespace from an older version. If I
>> use the debugger to call
>> binding.setReferenceType(MessageConstants.DIRECT_REFERENCE_TYPE)
>> manually at the end of setIncludeTokenPolicy(), then everything works
>> great.
>>
>> Is this a bug, or more probably a configuration problem? Either way,
>> I have no idea how to fix it.
>>
> it appears to be a bug based on your investigation. It is likely that
> our QE does not have kerb tests with the spec version of the namespace.
>
> will try to fix this soon.
>
> Thanks for your investigation..
>
I just fixed it in the main trunk build so you will find the fix
tomorrow. We will also backport this to metro2.0.1.

Thanks again.
>
>>
>> many thanks,
>> Craig
>>
>>
>> * I used a policy generated by NetBeans 6.8, the relevant section being:
>>
>>
>>
>>
>>
>> >> location="C:\LocalDev\sges-v3\glassfish\domains\domain1\config\keystore.jks"
>> type="JKS" storepass="changeit" alias="xws-security-server"/>
>>
>>
>>
>>
>> >> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Once">
>>
>>
>>
>>
>>

>>
>>

>>

>>
>>
>>
>>

>>

>>
>>
>>
>>
>>
>>

>>

>>

>>

>>
>>
>>
>>
>>
>>

>>

>> >> loginModule="KerberosServer"/>
>>

>>

>>

>>
>>
>> * 31/03/2010 12:50:59 PM
>> com.sun.xml.ws.security.opt.impl.keyinfo.KerberosTokenBuilder process
>> SEVERE: WSS1803: The reference type is not supported
>> 31/03/2010 12:50:59 PM
>> com.sun.xml.ws.security.opt.impl.dsig.SignatureProcessor sign
>> SEVERE: WSS1701: Sign operation failed.
>> com.sun.xml.wss.XWSSecurityException: WSS1803: The reference type is
>> not supported
>> at
>> com.sun.xml.ws.security.opt.impl.keyinfo.KerberosTokenBuilder.process(KerberosTokenBuilder.java:100)
>>
>> at
>> com.sun.xml.ws.security.opt.impl.keyinfo.SymmetricTokenBuilder.process(SymmetricTokenBuilder.java:290)
>>
>> at
>> com.sun.xml.ws.security.opt.impl.dsig.TokenProcessor.process(TokenProcessor.java:190)
>>
>> at
>> com.sun.xml.ws.security.opt.impl.dsig.SignatureProcessor.sign(SignatureProcessor.java:109)
>>
>> at
>> com.sun.xml.wss.impl.filter.SignatureFilter.sign(SignatureFilter.java:631)
>>
>> at
>> com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:589)
>>
>> at
>> com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:93)
>> at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:272)
>> at
>> com.sun.xml.wss.impl.SecurityAnnotator.processMessagePolicy(SecurityAnnotator.java:189)
>>
>> at
>> com.sun.xml.wss.impl.SecurityAnnotator.secureMessage(SecurityAnnotator.java:150)
>>
>> at
>> com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:397)
>>
>> at
>> com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:311)
>>
>> at
>> com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:240)
>>
>> at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629)
>> at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588)
>> at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573)
>> at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470)
>> at com.sun.xml.ws.client.Stub.process(Stub.java:319)
>> at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:157)
>> at
>> com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109)
>>
>> at
>> com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
>>
>> at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:140)
>> at $Proxy45.getHdeskIssue(Unknown Source)
>> at Main.main(Main.java:32)
>> 31/03/2010 12:50:59 PM com.sun.xml.wss.jaxws.impl.SecurityTubeBase
>> secureOutboundMessage
>> SEVERE: WSSTUBE0024: Error in Securing Outbound Message.
>> com.sun.xml.wss.XWSSecurityException: WSS1803: The reference type is
>> not supported
>> at
>> com.sun.xml.ws.security.opt.impl.keyinfo.KerberosTokenBuilder.process(KerberosTokenBuilder.java:100)
>>
>> at
>> com.sun.xml.ws.security.opt.impl.keyinfo.SymmetricTokenBuilder.process(SymmetricTokenBuilder.java:290)
>>
>> at
>> com.sun.xml.ws.security.opt.impl.dsig.TokenProcessor.process(TokenProcessor.java:190)
>>
>> at
>> com.sun.xml.ws.security.opt.impl.dsig.SignatureProcessor.sign(SignatureProcessor.java:109)
>>
>> at
>> com.sun.xml.wss.impl.filter.SignatureFilter.sign(SignatureFilter.java:631)
>>
>> at
>> com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:589)
>>
>> at
>> com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:93)
>> at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:272)
>> at
>> com.sun.xml.wss.impl.SecurityAnnotator.processMessagePolicy(SecurityAnnotator.java:189)
>>
>> at
>> com.sun.xml.wss.impl.SecurityAnnotator.secureMessage(SecurityAnnotator.java:150)
>>
>> at
>> com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:397)
>>
>> at
>> com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:311)
>>
>> at
>> com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:240)
>>
>> at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629)
>> at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588)
>> at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573)
>> at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470)
>> at com.sun.xml.ws.client.Stub.process(Stub.java:319)
>> at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:157)
>> at
>> com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109)
>>
>> at
>> com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
>>
>> at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:140)
>> at $Proxy45.getHdeskIssue(Unknown Source)
>> at Main.main(Main.java:32)
>> 31/03/2010 12:50:59 PM com.sun.xml.wss.jaxws.impl.SecurityClientTube
>> processClientRequestPacket
>> SEVERE: WSSTUBE0024: Error in Securing Outbound Message.
>> com.sun.xml.wss.impl.WssSoapFaultException: WSS1803: The reference
>> type is not supported
>> at
>> com.sun.xml.wss.impl.SecurableSoapMessage.newSOAPFaultException(SecurableSoapMessage.java:336)
>>
>> at
>> com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:402)
>>
>> at
>> com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:311)
>>
>> at
>> com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:240)
>>
>> at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629)
>> at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588)
>> at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573)
>> at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470)
>> at com.sun.xml.ws.client.Stub.process(Stub.java:319)
>> at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:157)
>> at
>> com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109)
>>
>> at
>> com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
>>
>> at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:140)
>> at $Proxy45.getHdeskIssue(Unknown Source)
>> at Main.main(Main.java:32)
>> Caused by: com.sun.xml.wss.XWSSecurityException: WSS1803: The
>> reference type is not supported
>> at
>> com.sun.xml.ws.security.opt.impl.keyinfo.KerberosTokenBuilder.process(KerberosTokenBuilder.java:100)
>>
>> at
>> com.sun.xml.ws.security.opt.impl.keyinfo.SymmetricTokenBuilder.process(SymmetricTokenBuilder.java:290)
>>
>> at
>> com.sun.xml.ws.security.opt.impl.dsig.TokenProcessor.process(TokenProcessor.java:190)
>>
>> at
>> com.sun.xml.ws.security.opt.impl.dsig.SignatureProcessor.sign(SignatureProcessor.java:109)
>>
>> at
>> com.sun.xml.wss.impl.filter.SignatureFilter.sign(SignatureFilter.java:631)
>>
>> at
>> com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:589)
>>
>> at
>> com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:93)
>> at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:272)
>> at
>> com.sun.xml.wss.impl.SecurityAnnotator.processMessagePolicy(SecurityAnnotator.java:189)
>>
>> at
>> com.sun.xml.wss.impl.SecurityAnnotator.secureMessage(SecurityAnnotator.java:150)
>>
>> at
>> com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:397)
>>
>> ... 13 more
>> javax.xml.ws.WebServiceException: WSSTUBE0024: Error in Securing
>> Outbound Message.
>> at
>> com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:316)
>>
>> at
>> com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:240)
>>
>> at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629)
>> at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588)
>> at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573)
>> at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470)
>> at com.sun.xml.ws.client.Stub.process(Stub.java:319)
>> at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:157)
>> at
>> com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109)
>>
>> at
>> com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
>>
>> at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:140)
>> at $Proxy45.getHdeskIssue(Unknown Source)
>> at Main.main(Main.java:32)
>> Caused by: javax.xml.ws.soap.SOAPFaultException: WSS1803: The
>> reference type is not supported
>> at
>> com.sun.xml.wss.jaxws.impl.SecurityTubeBase.getSOAPFaultException(SecurityTubeBase.java:674)
>>
>> ... 13 more
>> Caused by: com.sun.xml.wss.impl.WssSoapFaultException: WSS1803: The
>> reference type is not supported
>> at
>> com.sun.xml.wss.impl.SecurableSoapMessage.newSOAPFaultException(SecurableSoapMessage.java:336)
>>
>> at
>> com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:402)
>>
>> at
>> com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:311)
>>
>> ... 12 more
>> Caused by: com.sun.xml.wss.XWSSecurityException: WSS1803: The
>> reference type is not supported
>> at
>> com.sun.xml.ws.security.opt.impl.keyinfo.KerberosTokenBuilder.process(KerberosTokenBuilder.java:100)
>>
>> at
>> com.sun.xml.ws.security.opt.impl.keyinfo.SymmetricTokenBuilder.process(SymmetricTokenBuilder.java:290)
>>
>> at
>> com.sun.xml.ws.security.opt.impl.dsig.TokenProcessor.process(TokenProcessor.java:190)
>>
>> at
>> com.sun.xml.ws.security.opt.impl.dsig.SignatureProcessor.sign(SignatureProcessor.java:109)
>>
>> at
>> com.sun.xml.wss.impl.filter.SignatureFilter.sign(SignatureFilter.java:631)
>>
>> at
>> com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:589)
>>
>> at
>> com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:93)
>> at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:272)
>> at
>> com.sun.xml.wss.impl.SecurityAnnotator.processMessagePolicy(SecurityAnnotator.java:189)
>>
>> at
>> com.sun.xml.wss.impl.SecurityAnnotator.secureMessage(SecurityAnnotator.java:150)
>>
>> at
>> com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:397)
>>
>> ... 13 more
>> [Message sent by forum member 'supkichen']
>>
>> http://forums.java.net/jive/thread.jspa?messageID=394570
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@metro.dev.java.net
>> For additional commands, e-mail: users-help@metro.dev.java.net
>>
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@metro.dev.java.net
> For additional commands, e-mail: users-help@metro.dev.java.net
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@metro.dev.java.net
For additional commands, e-mail: users-help@metro.dev.java.net

supkichen
Offline
Joined: 2010-03-30
Points: 0

> Kumar Jayanti wrote:
> I just fixed it in the main trunk build so you will
> find the fix
> tomorrow. We will also backport this to metro2.0.1.
>
> Thanks again.

fantastic! thank you.

jvrobert
Offline
Joined: 2008-12-14
Points: 0

Thank you Craig for providing the debug info and Kumar for fixing the issue.

suresh

which reference type you are passing?
as far as i know the reference type should be either Direct or
KeyIdentifier type
Thanks
Suresh
metro@javadesktop.org wrote:
> Hi,
>
> Does Kerberos work yet in 2.0? I have a 1.5 client that works, but when I switch it to use 2.0 (which I know is not stable/entirely working yet) I get:
>
> Jul 13, 2009 10:54:42 PM com.sun.xml.ws.security.opt.impl.keyinfo.KerberosTokenBuilder process
> SEVERE: WSS1803: The reference type is not supported
> Jul 13, 2009 10:54:42 PM com.sun.xml.ws.security.opt.impl.dsig.SignatureProcessor sign
> SEVERE: WSS1701: Sign operation failed.
> com.sun.xml.wss.XWSSecurityException: WSS1803: The reference type is not supported
>
> Wondering if something changed I should be doing or if this is just an expected issue right now.
> [Message sent by forum member 'jvrobert' (jvrobert)]
>
> http://forums.java.net/jive/thread.jspa?messageID=355520
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@metro.dev.java.net
> For additional commands, e-mail: users-help@metro.dev.java.net
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@metro.dev.java.net
For additional commands, e-mail: users-help@metro.dev.java.net

kumarjayanti
Offline
Joined: 2003-12-10
Points: 0

There should be no change to kerberos in 2.0 from what it was in 1.5. If you are seeing a regression please file an issue and show us your policies.

Thanks.

jvrobert
Offline
Joined: 2008-12-14
Points: 0

I still have this problem with the release version of 2.0. It works fine in 1.5, but not in 2.0. I'm just importing a straight up WCF service with this policy:







The only change I make to the generated WSDL/policy files on the Java side is to set the KerberosConfig. And as I said, this worked perfectly in 1.5 and I'm at a bit of a loss to even begin figuring out what changed in 2.0 that's breaking it. How would I even debug this?

kumarjayanti
Offline
Joined: 2003-12-10
Points: 0

Here again, we have our Kerberos tests working with Metro 2.0. So not sure how to get to the root of your problem.

kumarjayanti
Offline
Joined: 2003-12-10
Points: 0

Let me check with our QE if they can create an interop test replicating your scenario.