[OpenSAML] SAML assertion JAXB Error

298 views
Skip to first unread message

blues...@yahoo.com

unread,
Dec 18, 2008, 6:44:41 PM12/18/08
to mace-open...@internet2.edu
Hi,

I have been working on a research project that use SAML v2. Currently, I have created a simple SAML assertion using openSAML and try to bind the SAML assertion into a SOAP header. However, an error occured states that:

>> org.w3c.dom.Element is an interface, and JAXB can't handle interfaces.

I am using Glassfish v2 to build my web service and JAXB for XML binding. My SOAP and Marshal code is below:

//Create a SOAP Message
SOAPMessage message = smc.getMessage();
SOAPPart soapPart = message.getSOAPPart();
SOAPEnvelope soapEnvelope = soapPart.getEnvelope();
Name wsseHeaderName = soapEnvelope.createName("Security",
"wsse", WS_SECURITY_NS_URI);
if (soapEnvelope.getHeader() == null) {
soapEnvelope.addHeader();
}
SOAPHeaderElement securityElement = soapEnvelope.getHeader().addHeaderElement(wsseHeaderName);


// marshall Assertion into SOAP Header
MarshallerFactory marshallerFactory = Configuration.getMarshallerFactory();
Marshaller marshaller = marshallerFactory.getMarshaller(assertion);
Element assertionElement = marshaller.marshall(assertion);
securityElement.appendChild(soapPart.importNode(
assertionElement, true));

Does anybody has an idea on how to solve this problem? Any help will be highly appreciated.

Thanks,

Rick

Stepan Hrbacek

unread,
Dec 19, 2008, 8:33:51 AM12/19/08
to mace-open...@internet2.edu
Hi Rick,

I don't have a direct answer to your issue (BTW it's not clear from the code sniplet where the exception occurs and a stacktrace would be helpful).

However - in our project we use OpenSAML in web services scenarios (involving WS-Security, WS-Trust) and using Metro as a SOAP/WS-Security/WS-Trust stack and have not problems at all. I am not sure what your use case is, but from your code I think it's something similar.

Following METRO pages provide you with necessary information on how to use METRO:
- https://metro.dev.java.net/
- https://metro.dev.java.net/getting-started/
- https://metro.dev.java.net/guide/

--Stepan


2008/12/19 <blues...@yahoo.com>

blues...@yahoo.com

unread,
Dec 22, 2008, 7:26:46 PM12/22/08
to mace-open...@internet2.edu
Hi,

Thanks for the reply.
I have re-do my project after configuring Metro. However, There is a problem occurred which I guess it's related with the logging. I have added logback-core and logback-classic jars to my class path but it still doesn't work. Here is the error:

Adding SAML token to outbound message from client
StandardWrapperValve[CalculatorWS]: PWC1406: Servlet.service() for servlet CalculatorWS threw exception
javax.servlet.ServletException
at com.sun.enterprise.webservice.JAXWSServlet.doPost(JAXWSServlet.java:181)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:738)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:411)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:290)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:271)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:202)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:206)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:150)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:272)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:637)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:568)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:813)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:263)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:214)
at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)

------------------------------------- CAUSED PROBLEM------------------------
Caused by: java.lang.IllegalAccessError: tried to access field org.slf4j.impl.StaticLoggerBinder.SINGLETON from class org.slf4j.LoggerFactory
at org.slf4j.LoggerFactory.staticInitialize(LoggerFactory.java:83)
at org.slf4j.LoggerFactory.<clinit>(LoggerFactory.java:73)
at org.opensaml.DefaultBootstrap.<clinit>(DefaultBootstrap.java:36)
at org.me.calculator.SOAPConstruct.handleMessage(SOAPConstruct.java:73)
at org.me.calculator.SOAPConstruct.handleMessage(SOAPConstruct.java:60)
at com.sun.xml.ws.handler.HandlerProcessor.callHandleMessageReverse(HandlerProcessor.java:336)
at com.sun.xml.ws.handler.HandlerProcessor.callHandlersResponse(HandlerProcessor.java:207)
at com.sun.xml.ws.handler.ServerSOAPHandlerTube.callHandlersOnResponse(ServerSOAPHandlerTube.java:161)
at com.sun.xml.ws.handler.HandlerTube.processResponse(HandlerTube.java:160)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:608)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:557)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:542)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:439)
at com.sun.xml.ws.api.pipe.helper.AbstractTubeImpl.process(AbstractTubeImpl.java:112)
at com.sun.enterprise.webservice.MonitoringPipe.process(MonitoringPipe.java:147)
at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:115)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:598)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:557)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:542)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:439)
at com.sun.xml.ws.api.pipe.helper.AbstractTubeImpl.process(AbstractTubeImpl.java:112)
at com.sun.enterprise.webservice.CommonServerSecurityPipe.processRequest(CommonServerSecurityPipe.java:218)
at com.sun.enterprise.webservice.CommonServerSecurityPipe.process(CommonServerSecurityPipe.java:129)
at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:115)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:598)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:557)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:542)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:439)
at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:243)
at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:470)
at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:244)
at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:135)
at com.sun.enterprise.webservice.JAXWSServlet.doPost(JAXWSServlet.java:176)
... 28 more


Is there a need to use maven for building the logback?
Any help is really appreciated.

Thanks,

Rick.

Stepan Hrbacek

unread,
Dec 23, 2008, 3:58:03 PM12/23/08
to mace-open...@internet2.edu
I am not an expert for logging but I guess that the issue is SLF4J configuration.
Instead of using logback (I have no experiences with) you can bridge SLF4J with log4j (we use it) or Java logging API (WSIT uses it) as described in https://spaces.internet2.edu/display/OpenSAML/OSTwoUsrManJavaBB.

--Stepan

2008/12/23 <blues...@yahoo.com>
Hi,

Thanks for the reply.
I have re-do my project after configuring Metro. However, There is a problem occurred which I guess it's related with the logging. I have added logback-core and logback-classic jars to my class path but it still doesn't work. Here is the error:
...
------------------------------------- CAUSED PROBLEM------------------------
Caused by: java.lang.IllegalAccessError: tried to access field org.slf4j.impl.StaticLoggerBinder.SINGLETON from class org.slf4j.LoggerFactory
       at org.slf4j.LoggerFactory.staticInitialize(LoggerFactory.java:83)
       at org.slf4j.LoggerFactory.<clinit>(LoggerFactory.java:73)
       at org.opensaml.DefaultBootstrap.<clinit>(DefaultBootstrap.java:36)
       at org.me.calculator.SOAPConstruct.handleMessage(SOAPConstruct.java:73)
       at org.me.calculator.SOAPConstruct.handleMessage(SOAPConstruct.java:60)
       at com.sun.xml.ws.handler.HandlerProcessor.callHandleMessageReverse(HandlerProcessor.java:336)
       at com.sun.xml.ws.handler.HandlerProcessor.callHandlersResponse(HandlerProcessor.java:207)

Paul Hethmon

unread,
Dec 23, 2008, 5:23:40 PM12/23/08
to OpenSAML List
I had this come up deploying Shibboleth yesterday and it was caused by an old version of slf4j on the class path.

Paul



-----
Paul Hethmon
Chief Software Architect
Clareity Security, LLC
865.824.1350 - office
865.250.3517 - mobile
www.clareitysecurity.com
-----

Give a man a fire and he's warm for the day. But set fire to him and he's warm for the rest of his life.

 -- Terry Pratchett, Discworld

blues...@yahoo.com

unread,
Dec 24, 2008, 12:23:24 AM12/24/08
to mace-open...@internet2.edu
Hi Stepan & Paul,

Thanks for the reply. I have tried to download the newest slj4 jar files and included those files to my library class path. However, It still doesn't work with the same error.

Honestly, I am still very new in deploying logging and using OpenSAML. I am using Glassfish, netbeans and jdk1.6 for developing a saml token. Now I am going to try bridging slj4 with log4J. Is that just adding the log4j jars file to the library inside my netbeans application and removing log4j-over-slf4j from library? Do I need to develop any code for the deployment?

Thanks,

Rick

Chad La Joie

unread,
Dec 24, 2008, 1:19:11 AM12/24/08
to mace-open...@internet2.edu
No, you do not need to do any code. What you said should be all you need
to do.

--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
chad....@switch.ch, http://www.switch.ch

blues...@yahoo.com

unread,
Dec 25, 2008, 7:14:38 AM12/25/08
to mace-open...@internet2.edu
Hi,

Thanks for the help so far. The issue has been solved. In case that anyone have the same problem, the newest version sl4j need to be downloaded and added to your classpath. then, logging system jar files need to be added to your class path as well (either logback, JCL or log4j).

Anyway, Do any one know how to deploy saml to the Glassfish? It seems that the endorsed library doesn't work with Glassfish. I have copied and pasted the endorsed jars to <glassfish-home>\lib\endorsed. but It doesn't work.

Thanks,

Rick

Chad La Joie

unread,
Dec 25, 2008, 9:21:30 AM12/25/08
to mace-open...@internet2.edu
That's a question for the Glassfish people.

--

Reply all
Reply to author
Forward
0 new messages