Requires a patched wss4j to work with OMII client 3.3.x (against OMII server 3.3.x). Should work OK against 3.2.0 without patching. (3.3.x upgrades wss4j, but the upgraded version no longer works loaded from a specific classloader)
Reported to OMII as: OMII-UK: OMII server 3.3.1.TC2 bundled wss4j breaks Taverna 1.5.1.2-omii ISSUE=1055 PROJ=4 (I don't know how to link to this case)
When replying, type your text above this line.
Notification of Query Registration
Status: Request
Description:
Entered on 12/02/2007 at 17:10:07 by ssoiland@cs.man.ac.uk:
Taverna 1.5.1.2 for OMII from http://www.omii.ac.uk/acl/repository/download_terms.jsp?releaseid=297 or http://rpc268.cs.man.ac.uk/taverna-preview/
is updated to handle OMII 3.3.1 with the new security headers from wss4j.
However, we rely on a specifying a classloader to dynamically being able to include wss4j and friends. We do something like this (from WSDLInvocationTask.java):
String omiiClientHome = System.getProperty("omii.client.home");
if (omiiClientHome != null) {
File omiiLibDir = new File(omiiClientHome, "lib");
File omiiConfDir = new File(omiiClientHome, "conf");
String omiiClasspath = ClasspathUtils.expandDirs(omiiLibDir
.getCanonicalPath())
+ File.pathSeparator + omiiConfDir.getCanonicalPath();
logger.debug("Set omii classpath " + omiiClasspath);
ClassLoader omiiClassLoader = ClassUtils.createClassLoader(
omiiClasspath, ClassUtils.class.getClassLoader());
ClassUtils.setDefaultClassLoader(omiiClassLoader);
securityConfiguration = new FileProvider(omiiConfDir
.getAbsolutePath(), "client-config.wsdd");
securityConfiguration.configureEngine(new AxisClient());
This works with OMII client 3.2.0, although we needed to patch the actual invocation to also work with 3.3.1, as Taverna 1.4.1 (bundled in 3.3.1.TCx) checks for the full error message, which has changed for the new wss4j in 3.3.1. (Hence: 1.4.1 don't work with secure OMII services in 3.3.1. Separate bug.)
So really there's two issues here, the bundled Taverna don't work with say the secured WSPlot service, and is outdated. The other one is that wss4j have changed their code meanwhile to a buggy behaviour which ignores the proper class loaders.
I have a patch, I can't attach it (no support for that in ), but will paste it here:
diff -ru omii-client-3.3.1_TC1/source/ws-wss4j/src/org/apache/ws/security/util/Loader.java omii-client-3.3.1_TC1_patched/source/ws-wss4j/src/org/apache/ws/security/util/Loader.java
— omii-client-3.3.1_TC1/source/ws-wss4j/src/org/apache/ws/security/util/Loader.java 2006-05-02 23:32:14.000000000 +0100
+++ omii-client-3.3.1_TC1_patched/source/ws-wss4j/src/org/apache/ws/security/util/Loader.java 2007-02-07 15:18:33.000000000 +0000
@@ -54,11 +54,23 @@
ClassLoader classLoader = null;
URL url = null;
try {
- // We could not find resource. Ler us now try with the
- // classloader that loaded this class.
+ // Try with context class loader first
classLoader = getTCL();
if (classLoader != null) {
- log.debug("Trying to find [" + resource + "] using " + classLoader + " class loader.");
+ log.debug("Trying to find [" + resource + "] using context class loader " + classLoader);
+ url = classLoader.getResource(resource);
+ if (url != null) Unknown macro: {+ return url;+ }
+ }
+ } catch (Throwable t) Unknown macro: {+ log.warn("Caught Exception while in Loader.getResource. This may be innocuous.", t);+ }
+ try {
+ // Find in our own class loader instead
+ classLoader = Loader.class.getClassLoader();
+ if (classLoader != null) {
+ log.debug("Trying to find [" + resource + "] using Loader class loader " + classLoader);
url = classLoader.getResource(resource);
if (url != null) {
return url;
@@ -90,7 +102,7 @@
URL url = null;
try {
if (loader != null) {
- log.debug("Trying to find [" + resource + "] using " + loader + " class loader.");
+ log.debug("Trying to find [" + resource + "] using custom class loader " + loader);
url = loader.getResource(resource);
if (url != null) {
return url;
Note that I made the patch with TC1 but it also works for TC2.
The patch makes wss4j look for crypto.properties also in its own class loader (which means the one we created in the top-quoted code lines), the current thread context loader is not enough, because it in this case will be the Freefluo enactor which has not heard about even wss4j. This is the old behaviour. Note that the patch leaves the new check for thread context class loader FIRST, so that this patch should not break code that needs the new behaviour.
I will probably try to submit this to the wss4j people, but it will take a bit more time as I would have to create a standalone test case that don't require the massive Taverna + OMII beast.
This thange to org.apache.ws.security.util.Loader seems to have been done in revision 291198 in wss4j's Subversion tree, by ruchithf. I can't see any testcases checked in or Jira bug justifying the change.
The patched ( http://soiland.no/ws-wss4j-classloader.patch ) is applied and compiled to the JAR-file http://rpc268.cs.man.ac.uk/taverna-preview/wss4j-1.5.0-itinnov-2.jar
Adding this makes it possible to run workflow http://www.mygrid.org.uk/jira/secure/attachment/10031/plotlocal.xml using Taverna 1.5.1.2 from http://rpc268.cs.man.ac.uk/taverna-preview/taverna-1.5.1.2-bin.zip against http://rpc268.cs.man.ac.uk:18080/PlotWS/services/Graph?wsdl which is part of the clean OMII 3.3.1 TC2 install on my workstation rpc268.
OMII http://www.omii.ac.uk
Justin has asked me to email Bryan.
Task
Resolved
Minor
Made a release for OMII and put it at:
http://www.omii.ac.uk/acl/repository/download_terms.jsp?releaseid=297
Tagged as Taverna-1-5-1-2 in CVS.
Updated both the Taverna-1-5-1 branch and HEAD.