Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EHCache not working in native mode with docker builds #456

Closed
antonwiens opened this issue Jun 21, 2022 · 13 comments · Fixed by #503
Closed

EHCache not working in native mode with docker builds #456

antonwiens opened this issue Jun 21, 2022 · 13 comments · Fixed by #503
Milestone
1.5.0

Comments

@antonwiens
Copy link

As mentioned in the related issue, i am having problems getting ehcache to run with quarkus 2.10.0.CR1 and quarkus-cxf 1.1.0.

I do not exclude the ehcache dependency or anything related to it.
Do you have any idea why i get this error message?

Caused by: org.apache.wss4j.common.ext.WSSecurityException: org.ehcache.xml.exceptions.XmlConfigurationException: Error parsing XML configuration at resource:/cxf-ehcache.xml
Original Exception was org.apache.cxf.ws.security.tokenstore.TokenStoreException: org.ehcache.xml.exceptions.XmlConfigurationException: Error parsing XML configuration at resource:/cxf-ehcache.xml
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.getCallback(WSS4JInInterceptor.java:630)
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:271)
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:213)
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:93)
        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
        at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:829)
        at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1701)
        at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1570)
        at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1371)
        at org.apache.cxf.metrics.interceptors.CountingOutputStream.close(CountingOutputStream.java:47)
        at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
        at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:671)
        at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:63)
        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
        at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:528)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:439)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:354)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:312)
        at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
        at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:140)
        ... 43 more
Caused by: org.apache.cxf.ws.security.tokenstore.TokenStoreException: org.ehcache.xml.exceptions.XmlConfigurationException: Error parsing XML configuration at resource:/cxf-ehcache.xml
        at org.apache.cxf.ws.security.tokenstore.EHCacheTokenStore.<init>(EHCacheTokenStore.java:82)
        at org.apache.cxf.ws.security.tokenstore.EHCacheTokenStoreFactory.newTokenStore(EHCacheTokenStoreFactory.java:45)
        at org.apache.cxf.ws.security.tokenstore.TokenStoreUtils.getTokenStore(TokenStoreUtils.java:58)
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.getCallback(WSS4JInInterceptor.java:688)
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.getCallback(WSS4JInInterceptor.java:628)
        ... 62 more
Caused by: org.ehcache.xml.exceptions.XmlConfigurationException: Error parsing XML configuration at resource:/cxf-ehcache.xml
        at org.ehcache.xml.XmlConfiguration.<init>(XmlConfiguration.java:124)
        at org.apache.cxf.ws.security.tokenstore.EHCacheTokenStore.<init>(EHCacheTokenStore.java:69)
        ... 66 more
Caused by: java.nio.file.NoSuchFileException: /project/lib/org.ehcache.ehcache-3.9.6.jar
        at sun.nio.fs.UnixFileAttributeViews$Basic.readAttributes(UnixFileAttributeViews.java:55)
        at sun.nio.fs.UnixFileSystemProvider.readAttributes(UnixFileSystemProvider.java:149)
        at sun.nio.fs.LinuxFileSystemProvider.readAttributes(LinuxFileSystemProvider.java:99)
        at java.nio.file.Files.readAttributes(Files.java:1764)
        at java.util.zip.ZipFile$Source.get(ZipFile.java:1259)
        at java.util.zip.ZipFile$CleanableResource.<init>(ZipFile.java:733)
        at java.util.zip.ZipFile$CleanableResource.get(ZipFile.java:850)
        at java.util.zip.ZipFile.<init>(ZipFile.java:248)
        at java.util.zip.ZipFile.<init>(ZipFile.java:177)
        at java.util.jar.JarFile.<init>(JarFile.java:350)
        at sun.net.www.protocol.jar.URLJarFile.<init>(URLJarFile.java:103)
        at sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:72)
        at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:99)
        at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:125)
        at sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:155)
        at java.net.URL.openStream(URL.java:1165)
        at org.ehcache.xml.ConfigurationParser.<init>(ConfigurationParser.java:158)
        at org.ehcache.xml.XmlConfiguration.<init>(XmlConfiguration.java:114)
        ... 67 more

Originally posted by @antonwiens in #443 (comment)
@shumonsharif
Copy link
Contributor

Hey @antonwiens - the Quarkus CXF extension leverages ehcache 3.9.3, while your error shows ehcache 3.9.6. Something definitely appears off with your dependencies. I'm also able to compile and execute native mode with WS-Security just fine using Quarkus 2.10.0.CR1, so my bets are that this is something specific to your setup.

Which OS are you on, and can you share the output of mvn dependency:tree

@antonwiens
Copy link
Author

antonwiens commented Jun 21, 2022
edited
Loading

I am using gradle and can see the following problem:

org.apache.cxf:cxf-rt-ws-security:3.5.2 is pulled in by quarkus-cxf-rt-ws-security.
Which is pulling ehcache 3.9.6 over org.apache.wss4j:wss4j-ws-security-dom:2.4.1
and 3.9.3 over rg.apache.cxf:cxf-rt-security-saml:3.5.2.

Gradle is taking 3.9.6 there to replace 3.9.3.

I will try forcing either version to fix this problem.

EDIT: The tree for quarkus-cxf-rt-ws-security:

|    |    +--- io.quarkiverse.cxf:quarkus-cxf-rt-ws-security:1.1.0
|    |    |    +--- io.quarkus:quarkus-arc:2.9.0.Final -> 2.10.0.CR1 (*)
|    |    |    +--- org.apache.cxf:cxf-rt-ws-security:3.5.2
|    |    |    |    +--- org.apache.cxf:cxf-rt-security-saml:3.5.2
|    |    |    |    |    +--- org.apache.cxf:cxf-rt-security:3.5.2
|    |    |    |    |    \--- org.apache.wss4j:wss4j-ws-security-dom:2.4.1
|    |    |    |    |         +--- org.apache.wss4j:wss4j-ws-security-common:2.4.1
|    |    |    |    |         |    +--- org.slf4j:slf4j-api:1.7.36
|    |    |    |    |         |    +--- org.apache.santuario:xmlsec:2.3.0
|    |    |    |    |         |    |    +--- org.slf4j:slf4j-api:1.7.32 -> 1.7.36
|    |    |    |    |         |    |    +--- commons-codec:commons-codec:1.15
|    |    |    |    |         |    |    \--- com.fasterxml.woodstox:woodstox-core:6.2.6 -> 6.2.7 (*)
|    |    |    |    |         |    +--- org.opensaml:opensaml-saml-impl:3.4.6
|    |    |    |    |         |    |    +--- org.opensaml:opensaml-profile-api:3.4.6
|    |    |    |    |         |    |    |    +--- org.opensaml:opensaml-core:3.4.6
|    |    |    |    |         |    |    |    |    +--- joda-time:joda-time:2.9 -> 2.10.10
|    |    |    |    |         |    |    |    |    +--- io.dropwizard.metrics:metrics-core:3.1.5
|    |    |    |    |         |    |    |    |    |    \--- org.slf4j:slf4j-api:1.7.7 -> 1.7.36
|    |    |    |    |         |    |    |    |    +--- net.shibboleth.utilities:java-support:7.5.2
|    |    |    |    |         |    |    |    |    |    +--- commons-codec:commons-codec:1.10 -> 1.15
|    |    |    |    |         |    |    |    |    |    +--- com.google.code.findbugs:jsr305:3.0.2
|    |    |    |    |         |    |    |    |    |    +--- com.google.guava:guava:20.0 -> 31.1-jre
|    |    |    |    |         |    |    |    |    |    |    +--- com.google.guava:failureaccess:1.0.1
|    |    |    |    |         |    |    |    |    |    |    +--- org.checkerframework:checker-qual:3.12.0 -> 3.22.0
|    |    |    |    |         |    |    |    |    |    |    +--- com.google.errorprone:error_prone_annotations:2.11.0 -> 2.13.1
|    |    |    |    |         |    |    |    |    |    |    \--- com.google.j2objc:j2objc-annotations:1.3
|    |    |    |    |         |    |    |    |    |    +--- joda-time:joda-time:2.9 -> 2.10.10
|    |    |    |    |         |    |    |    |    |    \--- org.slf4j:slf4j-api:1.7.30 -> 1.7.36
|    |    |    |    |         |    |    |    |    +--- commons-codec:commons-codec:1.10 -> 1.15
|    |    |    |    |         |    |    |    |    \--- org.slf4j:slf4j-api:1.7.30 -> 1.7.36
|    |    |    |    |         |    |    |    +--- org.opensaml:opensaml-messaging-api:3.4.6
|    |    |    |    |         |    |    |    |    +--- org.opensaml:opensaml-core:3.4.6 (*)
|    |    |    |    |         |    |    |    |    +--- joda-time:joda-time:2.9 -> 2.10.10
|    |    |    |    |         |    |    |    |    +--- org.apache.httpcomponents:httpclient:4.5.13
|    |    |    |    |         |    |    |    |    |    +--- org.apache.httpcomponents:httpcore:4.4.13 -> 4.4.15
|    |    |    |    |         |    |    |    |    |    \--- commons-codec:commons-codec:1.11 -> 1.15
|    |    |    |    |         |    |    |    |    +--- net.shibboleth.utilities:java-support:7.5.2 (*)
|    |    |    |    |         |    |    |    |    +--- commons-codec:commons-codec:1.10 -> 1.15
|    |    |    |    |         |    |    |    |    \--- org.slf4j:slf4j-api:1.7.30 -> 1.7.36
|    |    |    |    |         |    |    |    +--- net.shibboleth.utilities:java-support:7.5.2 (*)
|    |    |    |    |         |    |    |    +--- commons-codec:commons-codec:1.10 -> 1.15
|    |    |    |    |         |    |    |    \--- org.slf4j:slf4j-api:1.7.30 -> 1.7.36
|    |    |    |    |         |    |    +--- org.opensaml:opensaml-saml-api:3.4.6
|    |    |    |    |         |    |    |    +--- org.opensaml:opensaml-xmlsec-api:3.4.6
|    |    |    |    |         |    |    |    |    +--- org.opensaml:opensaml-security-api:3.4.6
|    |    |    |    |         |    |    |    |    |    +--- org.opensaml:opensaml-core:3.4.6 (*)
|    |    |    |    |         |    |    |    |    |    +--- org.apache.santuario:xmlsec:2.0.10 -> 2.3.0 (*)
|    |    |    |    |         |    |    |    |    |    +--- org.bouncycastle:bcprov-jdk15on:1.59 -> 1.70
|    |    |    |    |         |    |    |    |    |    +--- net.shibboleth.utilities:java-support:7.5.2 (*)
|    |    |    |    |         |    |    |    |    |    +--- commons-codec:commons-codec:1.10 -> 1.15
|    |    |    |    |         |    |    |    |    |    \--- org.slf4j:slf4j-api:1.7.30 -> 1.7.36
|    |    |    |    |         |    |    |    |    +--- net.shibboleth.utilities:java-support:7.5.2 (*)
|    |    |    |    |         |    |    |    |    +--- commons-codec:commons-codec:1.10 -> 1.15
|    |    |    |    |         |    |    |    |    \--- org.slf4j:slf4j-api:1.7.30 -> 1.7.36
|    |    |    |    |         |    |    |    +--- org.opensaml:opensaml-soap-api:3.4.6
|    |    |    |    |         |    |    |    |    +--- org.opensaml:opensaml-xmlsec-api:3.4.6 (*)
|    |    |    |    |         |    |    |    |    +--- org.opensaml:opensaml-messaging-api:3.4.6 (*)
|    |    |    |    |         |    |    |    |    +--- org.apache.httpcomponents:httpclient:4.5.13 (*)
|    |    |    |    |         |    |    |    |    +--- net.shibboleth.utilities:java-support:7.5.2 (*)
|    |    |    |    |         |    |    |    |    +--- commons-codec:commons-codec:1.10 -> 1.15
|    |    |    |    |         |    |    |    |    \--- org.slf4j:slf4j-api:1.7.30 -> 1.7.36
|    |    |    |    |         |    |    |    +--- org.opensaml:opensaml-messaging-api:3.4.6 (*)
|    |    |    |    |         |    |    |    +--- org.opensaml:opensaml-profile-api:3.4.6 (*)
|    |    |    |    |         |    |    |    +--- org.opensaml:opensaml-storage-api:3.4.6
|    |    |    |    |         |    |    |    |    +--- joda-time:joda-time:2.9 -> 2.10.10
|    |    |    |    |         |    |    |    |    +--- net.shibboleth.utilities:java-support:7.5.2 (*)
|    |    |    |    |         |    |    |    |    +--- commons-codec:commons-codec:1.10 -> 1.15
|    |    |    |    |         |    |    |    |    \--- org.slf4j:slf4j-api:1.7.30 -> 1.7.36
|    |    |    |    |         |    |    |    +--- net.shibboleth.utilities:java-support:7.5.2 (*)
|    |    |    |    |         |    |    |    +--- commons-codec:commons-codec:1.10 -> 1.15
|    |    |    |    |         |    |    |    \--- org.slf4j:slf4j-api:1.7.30 -> 1.7.36
|    |    |    |    |         |    |    +--- org.opensaml:opensaml-storage-api:3.4.6 (*)
|    |    |    |    |         |    |    +--- org.opensaml:opensaml-security-impl:3.4.6
|    |    |    |    |         |    |    |    +--- org.opensaml:opensaml-security-api:3.4.6 (*)
|    |    |    |    |         |    |    |    +--- net.shibboleth.utilities:java-support:7.5.2 (*)
|    |    |    |    |         |    |    |    +--- commons-codec:commons-codec:1.10 -> 1.15
|    |    |    |    |         |    |    |    \--- org.slf4j:slf4j-api:1.7.30 -> 1.7.36
|    |    |    |    |         |    |    +--- org.opensaml:opensaml-xmlsec-impl:3.4.6
|    |    |    |    |         |    |    |    +--- org.opensaml:opensaml-core:3.4.6 (*)
|    |    |    |    |         |    |    |    +--- org.opensaml:opensaml-security-api:3.4.6 (*)
|    |    |    |    |         |    |    |    +--- org.opensaml:opensaml-xmlsec-api:3.4.6 (*)
|    |    |    |    |         |    |    |    +--- org.apache.santuario:xmlsec:2.0.10 -> 2.3.0 (*)
|    |    |    |    |         |    |    |    +--- org.opensaml:opensaml-security-impl:3.4.6 (*)
|    |    |    |    |         |    |    |    +--- net.shibboleth.utilities:java-support:7.5.2 (*)
|    |    |    |    |         |    |    |    +--- commons-codec:commons-codec:1.10 -> 1.15
|    |    |    |    |         |    |    |    \--- org.slf4j:slf4j-api:1.7.30 -> 1.7.36
|    |    |    |    |         |    |    +--- org.opensaml:opensaml-soap-impl:3.4.6
|    |    |    |    |         |    |    |    +--- org.opensaml:opensaml-soap-api:3.4.6 (*)
|    |    |    |    |         |    |    |    +--- org.opensaml:opensaml-profile-api:3.4.6 (*)
|    |    |    |    |         |    |    |    +--- net.shibboleth.utilities:java-support:7.5.2 (*)
|    |    |    |    |         |    |    |    +--- commons-codec:commons-codec:1.10 -> 1.15
|    |    |    |    |         |    |    |    \--- org.slf4j:slf4j-api:1.7.30 -> 1.7.36
|    |    |    |    |         |    |    +--- org.apache.velocity:velocity:1.7
|    |    |    |    |         |    |    |    +--- commons-collections:commons-collections:3.2.1
|    |    |    |    |         |    |    |    \--- commons-lang:commons-lang:2.4
|    |    |    |    |         |    |    +--- org.apache.httpcomponents:httpclient:4.5.13 (*)
|    |    |    |    |         |    |    +--- net.shibboleth.utilities:java-support:7.5.2 (*)
|    |    |    |    |         |    |    +--- commons-codec:commons-codec:1.10 -> 1.15
|    |    |    |    |         |    |    \--- org.slf4j:slf4j-api:1.7.30 -> 1.7.36
|    |    |    |    |         |    +--- org.cryptacular:cryptacular:1.2.4
|    |    |    |    |         |    |    \--- org.bouncycastle:bcprov-jdk15on:1.64 -> 1.70
|    |    |    |    |         |    +--- joda-time:joda-time:2.10.10
|    |    |    |    |         |    +--- com.google.guava:guava:30.1-jre -> 31.1-jre (*)
|    |    |    |    |         |    +--- org.opensaml:opensaml-xacml-impl:3.4.6
|    |    |    |    |         |    |    +--- org.opensaml:opensaml-xacml-api:3.4.6
|    |    |    |    |         |    |    |    +--- org.opensaml:opensaml-core:3.4.6 (*)
|    |    |    |    |         |    |    |    +--- net.shibboleth.utilities:java-support:7.5.2 (*)
|    |    |    |    |         |    |    |    +--- commons-codec:commons-codec:1.10 -> 1.15
|    |    |    |    |         |    |    |    \--- org.slf4j:slf4j-api:1.7.30 -> 1.7.36
|    |    |    |    |         |    |    +--- net.shibboleth.utilities:java-support:7.5.2 (*)
|    |    |    |    |         |    |    +--- commons-codec:commons-codec:1.10 -> 1.15
|    |    |    |    |         |    |    \--- org.slf4j:slf4j-api:1.7.30 -> 1.7.36
|    |    |    |    |         |    +--- org.opensaml:opensaml-xacml-saml-impl:3.4.6
|    |    |    |    |         |    |    +--- org.opensaml:opensaml-xacml-saml-api:3.4.6
|    |    |    |    |         |    |    |    +--- org.opensaml:opensaml-xacml-api:3.4.6 (*)
|    |    |    |    |         |    |    |    +--- org.opensaml:opensaml-saml-api:3.4.6 (*)
|    |    |    |    |         |    |    |    +--- net.shibboleth.utilities:java-support:7.5.2 (*)
|    |    |    |    |         |    |    |    +--- commons-codec:commons-codec:1.10 -> 1.15
|    |    |    |    |         |    |    |    \--- org.slf4j:slf4j-api:1.7.30 -> 1.7.36
|    |    |    |    |         |    |    +--- org.opensaml:opensaml-saml-impl:3.4.6 (*)
|    |    |    |    |         |    |    +--- net.shibboleth.utilities:java-support:7.5.2 (*)
|    |    |    |    |         |    |    +--- commons-codec:commons-codec:1.10 -> 1.15
|    |    |    |    |         |    |    \--- org.slf4j:slf4j-api:1.7.30 -> 1.7.36
|    |    |    |    |         |    +--- org.jasypt:jasypt:1.9.3
|    |    |    |    |         |    \--- org.apache.geronimo.javamail:geronimo-javamail_1.4_mail:1.8.4
|    |    |    |    |         \--- org.ehcache:ehcache:3.9.6
|    |    |    |    |              \--- org.slf4j:slf4j-api:1.7.25 -> 1.7.36
|    |    |    |    +--- org.ehcache:ehcache:3.9.3 -> 3.9.6 (*)
|    |    |    |    +--- org.apache.wss4j:wss4j-ws-security-dom:2.4.1 (*)
|    |    |    |    +--- org.apache.wss4j:wss4j-policy:2.4.1
|    |    |    |    |    \--- org.apache.neethi:neethi:3.1.1 -> 3.2.0
|    |    |    |    +--- org.apache.wss4j:wss4j-ws-security-stax:2.4.1
|    |    |    |    |    +--- org.apache.wss4j:wss4j-bindings:2.4.1
|    |    |    |    |    |    \--- org.apache.santuario:xmlsec:2.3.0 (*)
|    |    |    |    |    +--- org.apache.wss4j:wss4j-ws-security-common:2.4.1 (*)
|    |    |    |    |    \--- org.ehcache:ehcache:3.9.6 (*)
|    |    |    |    \--- org.apache.wss4j:wss4j-ws-security-policy-stax:2.4.1
|    |    |    |         +--- org.apache.wss4j:wss4j-ws-security-stax:2.4.1 (*)
|    |    |    |         \--- org.apache.wss4j:wss4j-policy:2.4.1 (*)
|    |    |    +--- com.sun.xml.messaging.saaj:saaj-impl:1.5.3
|    |    |    |    +--- jakarta.xml.soap:jakarta.xml.soap-api:1.4.2
|    |    |    |    |    \--- jakarta.activation:jakarta.activation-api:1.2.2 -> 1.2.1
|    |    |    |    +--- org.jvnet.staxex:stax-ex:1.8.3
|    |    |    |    \--- com.sun.activation:jakarta.activation:1.2.2 -> 1.2.1
|    |    |    +--- org.apache.cxf:cxf-rt-ws-mex:3.5.2
|    |    |    |    +--- org.apache.cxf:cxf-rt-ws-addr:3.5.2 (*)
|    |    |    |    \--- org.apache.cxf:cxf-rt-ws-policy:3.5.2 (*)
|    |    |    \--- org.jvnet.mimepull:mimepull:1.9.14
|    |    \--- com.sun.xml.messaging.saaj:saaj-impl:1.5.3 (*)

@antonwiens
Copy link
Author

antonwiens commented Jun 21, 2022
edited
Loading

This is the result of trying to force ehcache 3.9.3. Isnt it kinda strange to search for an jar in a native executable?

Caused by: org.apache.wss4j.common.ext.WSSecurityException: org.ehcache.xml.exceptions.XmlConfigurationException: Error parsing XML configuration at resource:/cxf-ehcache.xml
Original Exception was org.apache.cxf.ws.security.tokenstore.TokenStoreException: org.ehcache.xml.exceptions.XmlConfigurationException: Error parsing XML configuration at resource:/cxf-ehcache.xml
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.getCallback(WSS4JInInterceptor.java:630)
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:271)
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:213)
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:93)
        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
        at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:829)
        at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1701)
        at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1570)
        at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1371)
        at org.apache.cxf.metrics.interceptors.CountingOutputStream.close(CountingOutputStream.java:47)
        at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
        at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:671)
        at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:63)
        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
        at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:528)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:439)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:354)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:312)
        at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
        at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:140)
        ... 43 more
Caused by: org.apache.cxf.ws.security.tokenstore.TokenStoreException: org.ehcache.xml.exceptions.XmlConfigurationException: Error parsing XML configuration at resource:/cxf-ehcache.xml
        at org.apache.cxf.ws.security.tokenstore.EHCacheTokenStore.<init>(EHCacheTokenStore.java:82)
        at org.apache.cxf.ws.security.tokenstore.EHCacheTokenStoreFactory.newTokenStore(EHCacheTokenStoreFactory.java:45)
        at org.apache.cxf.ws.security.tokenstore.TokenStoreUtils.getTokenStore(TokenStoreUtils.java:58)
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.getCallback(WSS4JInInterceptor.java:688)
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.getCallback(WSS4JInInterceptor.java:628)
        ... 62 more
Caused by: org.ehcache.xml.exceptions.XmlConfigurationException: Error parsing XML configuration at resource:/cxf-ehcache.xml
        at org.ehcache.xml.XmlConfiguration.<init>(XmlConfiguration.java:124)
        at org.apache.cxf.ws.security.tokenstore.EHCacheTokenStore.<init>(EHCacheTokenStore.java:69)
        ... 66 more
Caused by: java.nio.file.NoSuchFileException: /project/lib/org.ehcache.ehcache-3.9.3.jar
        at sun.nio.fs.UnixFileAttributeViews$Basic.readAttributes(UnixFileAttributeViews.java:55)
        at sun.nio.fs.UnixFileSystemProvider.readAttributes(UnixFileSystemProvider.java:149)
        at sun.nio.fs.LinuxFileSystemProvider.readAttributes(LinuxFileSystemProvider.java:99)
        at java.nio.file.Files.readAttributes(Files.java:1764)
        at java.util.zip.ZipFile$Source.get(ZipFile.java:1259)
        at java.util.zip.ZipFile$CleanableResource.<init>(ZipFile.java:733)
        at java.util.zip.ZipFile$CleanableResource.get(ZipFile.java:850)
        at java.util.zip.ZipFile.<init>(ZipFile.java:248)
        at java.util.zip.ZipFile.<init>(ZipFile.java:177)
        at java.util.jar.JarFile.<init>(JarFile.java:350)
        at sun.net.www.protocol.jar.URLJarFile.<init>(URLJarFile.java:103)
        at sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:72)
        at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:99)
        at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:125)
        at sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:155)
        at java.net.URL.openStream(URL.java:1165)
        at org.ehcache.xml.ConfigurationParser.<init>(ConfigurationParser.java:149)
        at org.ehcache.xml.XmlConfiguration.<init>(XmlConfiguration.java:114)
        ... 67 more

@shumonsharif
Copy link
Contributor

Strange indeed ... I would love to help you, but this does not appear in any way to be an issue with the extension. Please feel free to put together a simple reproducer project if you'd like for me to try to take a look?

@antonwiens
Copy link
Author

The problem seems to be related to org.ehcache.xml.XmlConfiguration#CORE_SCHEMA_URL.
It gets initialized like this:

    public static final URL CORE_SCHEMA_URL = XmlConfiguration.class.getResource("/ehcache-core.xsd");

And it seems like it is loaded in org/ehcache/xml/ConfigurationParser.java:158.

But i can`t find where my problem is coming from...

When i have time, i will try to create a reproducer.

@shumonsharif
Copy link
Contributor

The attached gradle-ws-security.zip gradle project executes without any issues for me. I'm still thinking there's something off in your setup, and likely the issue has nothing to do with the actual loading of the xsd in XmlConfiguration.

Can you try run this project; once you run the native executable, try something like:

curl -X POST "http://localhost:8080/soap/greeting-service" \
 -H 'Content-Type: text/xml' \
 -H 'SOAPAction:' \
 -d '<soapenv:Envelope xmlns:acme="http://acme.org/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:UsernameToken><wsse:Username>joe</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">wss4j</wsse:Password></wsse:UsernameToken></wsse:Security></soapenv:Header>
   <soapenv:Body>
      <acme:hello>
         <arg0>Shumon</arg0>
      </acme:hello>
   </soapenv:Body>
</soapenv:Envelope>'

@antonwiens
Copy link
Author

antonwiens commented Jun 22, 2022
edited
Loading

Edit: Thanks for providing the test project.

Ok. i build your project with

./gradlew quarkusBuild -Dquarkus.package.type=native -Dquarkus.native.container-build=true -Dquarkus.native.container-runtime=docker

then i build docker image with

docker build -f src/main/docker/Dockerfile.native -t quarkus-quickstart/getting-started .

I then run it with

docker run -p "8080:8080" docker.io/quarkus-quickstart/getting-started

After using your command i get the same error on server side:

__  ____  __  _____   ___  __ ____  ______
 --/ __ \/ / / / _ | / _ \/ //_/ / / / __/
 -/ /_/ / /_/ / __ |/ , _/ ,< / /_/ /\ \
--\___\_\____/_/ |_/_/|_/_/|_|\____/___/
2022-06-22 12:58:39,810 INFO  [org.apa.cxf.wsd.ExtensionClassGenerator] (main) extensibility class substitute: org.apache.cxf.ws.addressing.wsdl.UsingAddressing
2022-06-22 12:58:39,811 INFO  [org.apa.cxf.wsd.ExtensionClassGenerator] (main) extensibility class substitute: org.apache.cxf.bindings.xformat.XMLBindingMessageFormat
2022-06-22 12:58:39,811 INFO  [org.apa.cxf.wsd.ExtensionClassGenerator] (main) extensibility class substitute: org.apache.cxf.bindings.xformat.XMLBindingMessageFormat
2022-06-22 12:58:39,811 INFO  [org.apa.cxf.wsd.ExtensionClassGenerator] (main) extensibility class substitute: org.apache.cxf.bindings.xformat.XMLFormatBinding
2022-06-22 12:58:39,811 INFO  [org.apa.cxf.wsd.ExtensionClassGenerator] (main) extensibility class substitute: org.apache.cxf.transports.http.configuration.HTTPClientPolicy
2022-06-22 12:58:39,811 INFO  [org.apa.cxf.wsd.ExtensionClassGenerator] (main) extensibility class substitute: org.apache.cxf.transports.http.configuration.HTTPServerPolicy
2022-06-22 12:58:39,812 INFO  [org.apa.cxf.wsd.ExtensionClassGenerator] (main) extensibility class substitute: org.apache.cxf.wsdl.http.AddressType
2022-06-22 12:58:39,812 INFO  [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /greeting-service
2022-06-22 12:58:39,812 INFO  [io.qua.cxf.tra.CxfHandler] (main) Web Service org.acme.GreetingServiceImpl on /soap available.
2022-06-22 12:58:39,816 INFO  [io.quarkus] (main) gradle-ws-security 1.0.0-SNAPSHOT native (powered by Quarkus 2.10.0.CR1) started in 0.023s. Listening on: http://0.0.0.0:8080
2022-06-22 12:58:39,816 INFO  [io.quarkus] (main) Profile prod activated.
2022-06-22 12:58:39,816 INFO  [io.quarkus] (main) Installed features: [cdi, cxf, smallrye-context-propagation, vertx]
2022-06-22 12:58:44,813 WARN  [org.apa.cxf.pha.PhaseInterceptorChain] (executor-thread-0) Interceptor for {http://acme.org/}GreetingServiceImpl has thrown exception, unwinding now: org.apache.cxf.binding.soap.SoapFault: A security error was encountered when verifying the message
	at org.apache.cxf.ws.security.wss4j.WSS4JUtils.createSoapFault(WSS4JUtils.java:238)
	at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:382)
	at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:213)
	at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:93)
	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
	at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
	at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:265)
	at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
	at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
	at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
	at io.quarkiverse.cxf.transport.CxfHandler.process(CxfHandler.java:277)
	at io.quarkiverse.cxf.transport.CxfHandler.handle(CxfHandler.java:214)
	at io.quarkiverse.cxf.transport.CxfHandler.handle(CxfHandler.java:46)
	at io.vertx.ext.web.impl.BlockingHandlerDecorator.lambda$handle$0(BlockingHandlerDecorator.java:48)
	at io.vertx.core.impl.ContextImpl.lambda$null$0(ContextImpl.java:159)
	at io.vertx.core.impl.AbstractContext.dispatch(AbstractContext.java:100)
	at io.vertx.core.impl.ContextImpl.lambda$executeBlocking$1(ContextImpl.java:157)
	at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:554)
	at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2449)
	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1478)
	at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
	at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
	at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
	at java.lang.Thread.run(Thread.java:829)
	at com.oracle.svm.core.thread.PlatformThreads.threadStartRoutine(PlatformThreads.java:704)
	at com.oracle.svm.core.posix.thread.PosixPlatformThreads.pthreadStartRoutine(PosixPlatformThreads.java:202)
Caused by: org.apache.wss4j.common.ext.WSSecurityException: org.ehcache.xml.exceptions.XmlConfigurationException: Error parsing XML configuration at resource:/cxf-ehcache.xml
Original Exception was org.apache.cxf.ws.security.tokenstore.TokenStoreException: org.ehcache.xml.exceptions.XmlConfigurationException: Error parsing XML configuration at resource:/cxf-ehcache.xml
	at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.getCallback(WSS4JInInterceptor.java:630)
	at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:271)
	... 24 more
Caused by: org.apache.cxf.ws.security.tokenstore.TokenStoreException: org.ehcache.xml.exceptions.XmlConfigurationException: Error parsing XML configuration at resource:/cxf-ehcache.xml
	at org.apache.cxf.ws.security.tokenstore.EHCacheTokenStore.<init>(EHCacheTokenStore.java:82)
	at org.apache.cxf.ws.security.tokenstore.EHCacheTokenStoreFactory.newTokenStore(EHCacheTokenStoreFactory.java:45)
	at org.apache.cxf.ws.security.tokenstore.TokenStoreUtils.getTokenStore(TokenStoreUtils.java:58)
	at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.getCallback(WSS4JInInterceptor.java:688)
	at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.getCallback(WSS4JInInterceptor.java:628)
	... 25 more
Caused by: org.ehcache.xml.exceptions.XmlConfigurationException: Error parsing XML configuration at resource:/cxf-ehcache.xml
	at org.ehcache.xml.XmlConfiguration.<init>(XmlConfiguration.java:124)
	at org.apache.cxf.ws.security.tokenstore.EHCacheTokenStore.<init>(EHCacheTokenStore.java:69)
	... 29 more
Caused by: java.nio.file.NoSuchFileException: /project/lib/org.ehcache.ehcache-3.9.6.jar
	at sun.nio.fs.UnixFileAttributeViews$Basic.readAttributes(UnixFileAttributeViews.java:55)
	at sun.nio.fs.UnixFileSystemProvider.readAttributes(UnixFileSystemProvider.java:149)
	at sun.nio.fs.LinuxFileSystemProvider.readAttributes(LinuxFileSystemProvider.java:99)
	at java.nio.file.Files.readAttributes(Files.java:1764)
	at java.util.zip.ZipFile$Source.get(ZipFile.java:1259)
	at java.util.zip.ZipFile$CleanableResource.<init>(ZipFile.java:733)
	at java.util.zip.ZipFile$CleanableResource.get(ZipFile.java:850)
	at java.util.zip.ZipFile.<init>(ZipFile.java:248)
	at java.util.zip.ZipFile.<init>(ZipFile.java:177)
	at java.util.jar.JarFile.<init>(JarFile.java:350)
	at sun.net.www.protocol.jar.URLJarFile.<init>(URLJarFile.java:103)
	at sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:72)
	at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:99)
	at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:125)
	at sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:155)
	at java.net.URL.openStream(URL.java:1165)
	at org.ehcache.xml.ConfigurationParser.<init>(ConfigurationParser.java:158)
	at org.ehcache.xml.XmlConfiguration.<init>(XmlConfiguration.java:114)
	... 30 more

And the request + response from the server:

curl -X POST "http://localhost:8080/soap/greeting-service" \
 -H 'Content-Type: text/xml' \
 -H 'SOAPAction:' \
 -d '<soapenv:Envelope xmlns:acme="http://acme.org/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:UsernameToken><wsse:Username>joe</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">wss4j</wsse:Password></wsse:UsernameToken></wsse:Security></soapenv:Header>
   <soapenv:Body>
      <acme:hello>
         <arg0>Shumon</arg0>
      </acme:hello>
   </soapenv:Body>
</soapenv:Envelope>'
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><soap:Fault><faultcode xmlns:ns1="http://ws.apache.org/wss4j">ns1:SecurityError</faultcode><faultstring>A security error was encountered when verifying the message</faultstring></soap:Fault></soap:Body></soap:Envelope>%

So to me it does not look like it is related to my project.

@shumonsharif
Copy link
Contributor

You're right, I stand corrected - the issue appears to be specific to the docker images. Things are fine when running the native binary without docker. Will dig in and keep you posted.

@shumonsharif
Copy link
Contributor

Hey @antonwiens So I dug in a little, and it may take a while for me to identify and address the root cause of this issue. I'm posting a temporary workaround below until I can figure out what's happening.

import io.quarkus.arc.Unremovable;
import io.quarkus.runtime.StartupEvent;
import org.apache.cxf.Bus;
import org.apache.cxf.BusFactory;
import org.apache.cxf.ws.security.tokenstore.MemoryTokenStore;
import org.apache.cxf.ws.security.tokenstore.TokenStore;

import javax.enterprise.event.Observes;

@Unremovable
public class TokenStoreConfigurer {

    void onStart(@Observes StartupEvent ev) {
        final Bus bus = BusFactory.getThreadDefaultBus();
        bus.setProperty(TokenStore.class.getName(), new MemoryTokenStore());
    }

}

@antonwiens
Copy link
Author

Hey @antonwiens So I dug in a little, and it may take a while for me to identify and address the root cause of this issue. I'm posting a temporary workaround below until I can figure out what's happening.

import io.quarkus.arc.Unremovable;
import io.quarkus.runtime.StartupEvent;
import org.apache.cxf.Bus;
import org.apache.cxf.BusFactory;
import org.apache.cxf.ws.security.tokenstore.MemoryTokenStore;
import org.apache.cxf.ws.security.tokenstore.TokenStore;

import javax.enterprise.event.Observes;

@Unremovable
public class TokenStoreConfigurer {

    void onStart(@Observes StartupEvent ev) {
        final Bus bus = BusFactory.getThreadDefaultBus();
        bus.setProperty(TokenStore.class.getName(), new MemoryTokenStore());
    }

}

Thanks for looking into it and the workaround. If i understand correctly the workaround disables EHCache for the TokenStore for the time being?

@shumonsharif
Copy link
Contributor

Thanks for looking into it and the workaround. If i understand correctly the workaround disables EHCache for the TokenStore for the time being?

That's correct. Keep in mind there's a difference in the token TTL, which may have some ramifications if you have a high throughput application. You can tune the TTL by setting the value directly on the MemoryTokenStore instance.

From the EHCacheTokenStore docs: An in-memory EHCache implementation of the TokenStore interface. The default TTL is 60 minutes and the max TTL is 12 hours.

From the MemoryTokenStore docs: A simple HashMap-based TokenStore. The default TTL is 5 minutes and the max TTL is 1 hour.

Just wanted to note: this page lists a whole bunch of properties you can use to configure WS-Security:
https://cxf.apache.org/docs/ws-securitypolicy.html
I believe you had asked about disabling ehcache in the related issue. You should be able to use the properties defined on this page to do so.

@shumonsharif shumonsharif changed the title EHCache not working in native mode with quarkus 2.10.0.CR1 EHCache not working in native mode with docker builds Jun 23, 2022
@antonwiens
Copy link
Author

Thanks for looking into it and the workaround. If i understand correctly the workaround disables EHCache for the TokenStore for the time being?

That's correct. Keep in mind there's a difference in the token TTL, which may have some ramifications if you have a high throughput application. You can tune the TTL by setting the value directly on the MemoryTokenStore instance.

From the EHCacheTokenStore docs: An in-memory EHCache implementation of the TokenStore interface. The default TTL is 60 minutes and the max TTL is 12 hours.

From the MemoryTokenStore docs: A simple HashMap-based TokenStore. The default TTL is 5 minutes and the max TTL is 1 hour.

Just wanted to note: this page lists a whole bunch of properties you can use to configure WS-Security: https://cxf.apache.org/docs/ws-securitypolicy.html I believe you had asked about disabling ehcache in the related issue. You should be able to use the properties defined on this page to do so.

Thanks for all the hints.

ppalaga added a commit to ppalaga/quarkus-cxf that referenced this issue Aug 22, 2022
@ppalaga
EHCache not working in native mode with docker builds quarkiverse#456
cac66c1
@ppalaga ppalaga mentioned this issue Aug 22, 2022
Merged
@ppalaga
Copy link
Contributor

ppalaga commented Aug 22, 2022
edited
Loading

This is reproducible with the WS Security test in #503 and fixed by upgrading to Ehcache 3.10.0 and moving the init of some classes to runtime - see the fix in the same PR.

ppalaga added a commit to ppalaga/quarkus-cxf that referenced this issue Aug 22, 2022
@ppalaga
EHCache not working in native mode with docker builds quarkiverse#456
5c0a51e
ppalaga added a commit that referenced this issue Aug 22, 2022
@ppalaga
EHCache not working in native mode with docker builds #456
2e5f1aa
@ppalaga ppalaga added this to the 1.5.0 milestone Sep 7, 2022
@froilson froilson mentioned this issue Feb 1, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.5.0
Development

Successfully merging a pull request may close this issue.

Test WS Security server, fix related issues ppalaga/quarkus-cxf
3 participants
@ppalaga @shumonsharif @antonwiens