3 Replies Latest reply on May 1, 2012 9:20 AM by anil.saldhana

    Timeout error on CXF client RST issue call to STS

    mazzag

      Hi, I'm trying to convert my CXF to Metro STS tutorial[1] to one using the PicketLink STS instead.  I'm getting a timeout error on the response from the PicketLink STS for the web service client's (WSC's) token request call and am not sure what the problem is.  The JBoss server.log file does not give any error feedback.

       

      I downloaded and installed on JBoss App Server 6.0 PicketLink 2 following the standard instructions here[2] except I'm running on port 8180 because I already have an instance of Tomcat running at 8080.  (i.e., started JBoss using "bin/sh run.sh -c pl -Djboss.service.binding.set=ports-01").

       

      I'm able to read the WSDL from a browser at http://localhost:8180/picketlink-sts?wsdl and have confirmed that the basic auth authentication is working correctly (it will throw authorization errors if I omit or use a wrong username/password). 

       

      Wireshark is showing that the WSC is making a SOAP request call but no response comes back, just a timeout error from the console window.  SOAP request:

       

      POST /picketlink-sts HTTP/1.1

      Content-Type: application/soap+xml; action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"; charset=UTF-8

      Accept: */*

      Authorization: Basic YWRtaW46YWRtaW4=

      User-Agent: Apache CXF 2.4.1

      Cache-Control: no-cache

      Pragma: no-cache

      Host: localhost:8180

      Connection: keep-alive

      Content-Length: 1286

       

      <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"><soap:Body><wst:RequestSecurityToken xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512"><wst:SecondaryParameters><t:TokenType xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</t:TokenType><t:KeyType xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</t:KeyType><t:KeySize xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512">256</t:KeySize></wst:SecondaryParameters><wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType><wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsa:Address>http://localhost:8080/doubleit/services/doubleit</wsa:Address></wsa:EndpointReference></wsp:AppliesTo><wst:Entropy><wst:BinarySecret Type="http://docs.oasis-open.org/ws-sx/ws-trust/200512/Nonce">FJV9EHJqFOev9b3BcbEfEKFgcXqiGvODbFC9TNqoLWg=</wst:BinarySecret></wst:Entropy><wst:ComputedKeyAlgorithm>http://docs.oasis-open.org/ws-sx/ws-trust/200512/CK/PSHA1</wst:ComputedKeyAlgorithm></wst:RequestSecurityToken></soap:Body></soap:Envelope>

       

      The above request will work for an Metro STS call.

       

      Here's my cxf.xml configuration file -- I just modified what I used for the Metro STS to use the PicketLink STS WSDL instead and added configuration for basic auth connectivity:

       

      <beans xmlns="http://www.springframework.org/schema/beans"

         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

         xmlns:jaxws="http://cxf.apache.org/jaxws"

         xmlns:sec="http://cxf.apache.org/configuration/security"

         xmlns:http="http://cxf.apache.org/transports/http/configuration"

         xmlns:cxf="http://cxf.apache.org/core"

         xsi:schemaLocation="

              http://cxf.apache.org/configuration/security

              http://cxf.apache.org/schemas/configuration/security.xsd

              http://cxf.apache.org/transports/http/configuration

              http://cxf.apache.org/schemas/configuration/http-conf.xsd

              http://www.springframework.org/schema/beans

              http://www.springframework.org/schema/beans/spring-beans-2.0.xsd

              http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd

              http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">

       

         <http:conduit name="{urn:picketlink:identity-federation:sts}PicketLinkSTSPort.http-conduit">

             <http:authorization>

                 <sec:UserName>admin</sec:UserName>

                 <sec:Password>admin</sec:Password>

             </http:authorization>

         </http:conduit>

       

         <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItPort"

             createdFromAPI="true">

             <jaxws:properties>

                 <entry key="ws-security.sts.client">

                     <bean class="org.apache.cxf.ws.security.trust.STSClient">

                         <constructor-arg ref="cxf"/>

                         <property name="wsdlLocation" value="PicketLinkSTSService.wsdl"/>

                         <property name="serviceName" value="{urn:picketlink:identity-federation:sts}PicketLinkSTS"/>

                         <property name="endpointName" value="{urn:picketlink:identity-federation:sts}PicketLinkSTSPort"/>

                         <property name="properties">

                             <map>

                                 <entry key="ws-security.username" value="alice"/>

                                 <entry key="ws-security.callback-handler" value="client.UTCallbackHandler"/>

                                 <entry key="ws-security.encryption.properties" value="clientKeystore.properties"/>

                                 <entry key="ws-security.encryption.username" value="mystskey"/>

                                 <entry key="ws-security.is-bsp-compliant" value="false"/>

                             </map>

                         </property>

                     </bean>           

                 </entry>

             </jaxws:properties>

         </jaxws:client>

       

      </beans>

       

      Here's the error stack when I attempt the WSC call to the STS:

       

      gmazza@gmazza-work:~/dataExt3/ststutorial/DoubleIt-CXF/client$ mvn exec:exec

      [INFO] Scanning for projects...

      [INFO] ------------------------------------------------------------------------

      [INFO] Building Web Service Client

      [INFO]    task-segment: [exec:exec]

      [INFO] ------------------------------------------------------------------------

      [INFO] [exec:exec {execution: default-cli}]

      Aug 1, 2011 3:28:13 PM org.springframework.context.support.AbstractApplicationContext prepareRefresh

      INFO: Refreshing org.apache.cxf.bus.spring.BusApplicationContext@49ff0dde: startup date [Mon Aug 01 15:28:13 EDT 2011]; root of context hierarchy

      Aug 1, 2011 3:28:13 PM org.apache.cxf.bus.spring.BusApplicationContext getConfigResources

      INFO: Loaded configuration file cxf.xml.

      Aug 1, 2011 3:28:13 PM org.springframework.beans.factory.xml.XmlBeanDefinitionReader loadBeanDefinitions

      INFO: Loading XML bean definitions from class path resource [META-INF/cxf/cxf.xml]

      Aug 1, 2011 3:28:13 PM org.springframework.beans.factory.xml.XmlBeanDefinitionReader loadBeanDefinitions

      INFO: Loading XML bean definitions from class path resource [cxf.xml]

      Aug 1, 2011 3:28:14 PM org.springframework.beans.factory.support.DefaultListableBeanFactory preInstantiateSingletons

      INFO: Pre-instantiating singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@5fc6e818: defining beans [cxf,org.apache.cxf.bus.spring.BusWiringBeanFactoryPostProcessor,org.apache.cxf.bus.spring.Jsr250BeanPostProcessor,org.apache.cxf.bus.spring.BusExtensionPostProcessor,{urn:picketlink:identity-federation:sts}PicketLinkSTSPort.http-conduit,{http://www.example.org/contract/DoubleIt}DoubleItPort.jaxws-client.proxyFactory,{http://www.example.org/contract/DoubleIt}DoubleItPort.jaxws-client]; root of factory hierarchy

      Aug 1, 2011 3:28:14 PM org.apache.cxf.service.factory.ReflectionServiceFactoryBean buildServiceFromWSDL

      INFO: Creating Service {http://www.example.org/contract/DoubleIt}DoubleItService from WSDL: file:/media/NewDriveExt3_/ststutorial/DoubleIt-CXF/service/src/main/resources/DoubleIt.wsdl

      Aug 1, 2011 3:29:15 PM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging

      WARNING: Interceptor for {urn:picketlink:identity-federation:sts}PicketLinkSTS#{urn:picketlink:identity-federation:sts}IssueToken has thrown exception, unwinding now

      org.apache.cxf.interceptor.Fault: Could not send Message.

          at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:64)

          at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)

          at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:510)

          at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:440)

          at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:343)

          at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:295)

          at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:537)

          at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:447)

          at org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.handleMessage(IssuedTokenInterceptorProvider.java:152)

          at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)

          at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:510)

          at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:440)

          at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:343)

          at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:295)

          at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)

          at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)

          at $Proxy30.doubleIt(Unknown Source)

          at client.WSClient.doubleIt(WSClient.java:18)

          at client.WSClient.main(WSClient.java:11)

      Caused by: java.net.SocketTimeoutException: SocketTimeoutException invoking http://localhost:8180/picketlink-sts: Read timed out

          at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

          at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)

       

       

      Any idea what I'm doing wrong? 

       

      Thanks!

      Glen

       

      [1] http://www.jroller.com/gmazza/entry/cxf_stsclient_metro_sts

      [2] http://community.jboss.org/thread/162111