Fixes are available
APAR status
Closed as program error.
Error description
Custom tokens don't currently work with JAX-WS WS-Security. When trying to generate or consume a custom Security token from JAX-WS there are several SoapSecurityException errors that occur. For example: Exception = com.ibm.wsspi.wssecurity.core.SoapSecurityException Source = com.ibm.ws.wssecurity.handler.WSSecurityConsumerHandler.invoke probeid = %C Stack Dump = com.ibm.wsspi.wssecurity.core.SoapSecurityException: CWWSS5371E: The token consumer/generator configuration has a null class instance. The current token consumer/generator configuration string representation is com.ibm.ws.wssecurity.confimpl.PrivateConsumerConfig$TokenConsum erConfIm pl(className=[es.itecban.security.ItecbanConsumer], type=[{http://www.cm.es}TokenCas], jaasConfig=[application.itecban.ItecbanToken], jaasConfigProperties=[{}], callbackHandler=[com.ibm.ws.wssecurity.confimpl.PrivateCommonCon fig$Call backHandlerConfImpl(className=[es.itecban.security.ItecbanHandle r], keyStore=[null], keyInformation=[null], trustAnyCertificate=[false], provider=[null], pkixBuilderParams=[null], userId=[null], userPassword=[XXXXXXXX], properties=[{}])], usedForVerification=[false], usedForDecryption=[false], properties=[{com.ibm.wsspi.wssecurity.core.NonceClockSkew=0, com.ibm.wsspi.wssecurity.core.NonceMaxAge=300000}]). at com.ibm.wsspi.wssecurity.core.SoapSecurityException.format(SoapS ecurityE xception.java:77) at com.ibm.ws.wssecurity.confimpl.PrivateConsumerConfig$TokenConsum erConfIm pl.validate(PrivateConsumerConfig.java:1384) at com.ibm.ws.wssecurity.confimpl.PrivateConsumerConfig.validate(Pr ivateCon sumerConfig.java:876) at com.ibm.ws.wssecurity.handler.PolicyInboundConfig.init(PolicyInb oundConf ig.java:2556) at com.ibm.ws.wssecurity.handler.PolicyInboundConfig.<init>(PolicyI nboundCo nfig.java:223) at com.ibm.ws.wssecurity.handler.WSSecurityBindingLoaderImpl.loadCu stom(WSS ecurityBindingLoaderImpl.java:369)
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: WebSphere Application Server Feature * * Pack for Web Services users of * * WS-Security enabled JAX-WS applications * * that want to use custom tokens * **************************************************************** * PROBLEM DESCRIPTION: If WS-Security for a JAX-WS * * application is configured to use a * * custom token, the token won't be * * emitted * **************************************************************** * RECOMMENDATION: Apply a fix pack that contains this APAR * **************************************************************** If WS-Security for a JAX-WS application is configured to use a custom token for any operation, the token won't be emitted or consumed. If a custom token generator or consumer is invoked, a java.lang.NoClassDefFoundError error similar to the following will occur: Exception: javax.xml.ws.WebServiceException: java.security.PrivilegedActionException: com.ibm.wsspi.wssecurity.core.SoapSecurityException: security.wssecurity.WSSContextImpl.s02: com.ibm.websphere.security.WSSecurityException: Exception org.apache.axis2.AxisFault: CWWSS6521E: The Login failed because of an exception: javax.security.auth.login.LoginException: java.lang.NoClassDefFoundError: com.ibm.wsspi.wssecurity.wssapi.OMStructure at java.lang.ClassLoader.defineClassImpl(Native Method) at ...
Problem conclusion
The WS-Security code for JAX-WS applications was updated to allow custom tokens to be emitted or consumed as configured. Custom token generators and consumers that were built for use with WS-Security for JAX-RPC applications cannot be used with WS-Security for JAX-WS applications. This problem is fixed in WebSphere Application Server v7 by PK92003. The fix for this APAR is currently targeted for inclusion in fixpack 6.1.0.29. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PK80478
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
610
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2009-02-11
Closed date
2009-06-30
Last modified date
2009-09-30
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBSERVIC FEATU
Fixed component ID
5724J0850
Applicable component levels
R610 PSY
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
25 October 2021