Is xws-security incompatible with Java 8?

Question

I implemented a SOAP web service server and client (based on http://spring.io/guides/gs/producing-web-service/). The communication is encrypted with a symmetric 24-bit DESede key.

When the client is compiled with JAVA target runtime 1.7 it can successfully exchange messages with the server. However after changing the runtime to 1.8 the following exception is thrown:

  .   ____          _            __ _ _ 
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/
:: Spring Boot ::        (v1.2.4.RELEASE)

2015-06-22 11:14:48.557  INFO 5556 --- [           main] demo.ConsumerApplication                 : Starting ConsumerApplication on CSDM-20140014 with PID 5556 (C:\Users\Schwalowskis\development\local\consumer\target\classes started by Schwalowskis in C:\Users\Schwalowskis\development\local\consumer)
2015-06-22 11:14:48.652  INFO 5556 --- [           main] s.c.a.AnnotationConfigApplicationContext : Refreshing org.springframework.context.annotation.AnnotationConfigApplicationContext@bdb505: startup date [Mon Jun 22 11:14:48 CEST 2015]; root of context hierarchy
2015-06-22 11:14:48.917  INFO 5556 --- [           main] trationDelegate$BeanPostProcessorChecker : Bean 'webServiceConfiguration' of type [class demo.WebServiceConfiguration$$EnhancerBySpringCGLIB$$30e25ba2] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2015-06-22 11:14:48.932  INFO 5556 --- [           main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.ws.config.annotation.DelegatingWsConfiguration' of type [class org.springframework.ws.config.annotation.DelegatingWsConfiguration$$EnhancerBySpringCGLIB$$7398a572] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2015-06-22 11:14:49.042  INFO 5556 --- [           main] .w.s.a.s.AnnotationActionEndpointMapping : Supporting [WS-Addressing August 2004, WS-Addressing 1.0]
2015-06-22 11:14:49.619  WARN 5556 --- [           main] o.s.w.s.s.support.KeyStoreFactoryBean    : Creating empty key store
2015-06-22 11:14:49.620  INFO 5556 --- [           main] o.s.w.s.s.support.KeyStoreFactoryBean    : Loading key store from file [C:\Program Files\Java\jdk1.8.0\jre\lib\security\cacerts]
2015-06-22 11:14:49.776  INFO 5556 --- [           main] o.s.w.s.s.xwss.XwsSecurityInterceptor    : Loading policy configuration from from 'class path resource [securityPolicy.xml]'
2015-06-22 11:14:50.337  INFO 5556 --- [           main] o.s.oxm.jaxb.Jaxb2Marshaller             : Creating JAXBContext with context path [countries.wsdl]
2015-06-22 11:14:50.540  INFO 5556 --- [           main] o.s.ws.soap.saaj.SaajSoapMessageFactory  : Creating SAAJ 1.3 MessageFactory with SOAP 1.1 Protocol
2015-06-22 11:14:50.649  INFO 5556 --- [           main] demo.ConsumerApplication                 : Started ConsumerApplication in 2.576 seconds (JVM running for 3.105)
Requesting country Poland
Exception in thread "main" 2015-06-22 11:14:52.429  INFO 5556 --- [       Thread-1] s.c.a.AnnotationConfigApplicationContext : Closing org.springframework.context.annotation.AnnotationConfigApplicationContext@bdb505: startup date [Mon Jun 22 11:14:48 CEST 2015]; root of context hierarchy
java.lang.NoSuchMethodError: com.sun.org.apache.xml.internal.security.encryption.XMLCipher.getInstance(Ljava/lang/String;Ljavax/crypto/Cipher;)Lcom/sun/org/apache/xml/internal/security/encryption/XMLCipher;
at com.sun.xml.wss.impl.apachecrypto.EncryptionProcessor.encrypt(EncryptionProcessor.java:1053)
at com.sun.xml.wss.impl.filter.EncryptionFilter.encrypt(EncryptionFilter.java:430)
at com.sun.xml.wss.impl.filter.EncryptionFilter.process(EncryptionFilter.java:389)
at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:81)
at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:252)
at com.sun.xml.wss.impl.SecurityAnnotator.processMessagePolicy(SecurityAnnotator.java:172)
at com.sun.xml.wss.impl.SecurityAnnotator.secureMessage(SecurityAnnotator.java:133)
at com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.secureOutboundMessage(XWSSProcessor2_0Impl.java:94)
at org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor.secureMessage(XwsSecurityInterceptor.java:138)
at org.springframework.ws.soap.security.AbstractWsSecurityInterceptor.handleRequest(AbstractWsSecurityInterceptor.java:210)
at org.springframework.ws.client.core.WebServiceTemplate.doSendAndReceive(WebServiceTemplate.java:597)
at org.springframework.ws.client.core.WebServiceTemplate.sendAndReceive(WebServiceTemplate.java:555)
at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:390)
at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:383)
at demo.client.CountriesClient.getCountry(CountriesClient.java:20)
at demo.ConsumerApplication.main(ConsumerApplication.java:24)

(Maven dependencies) POM:

    <!-- XWSS::start -->
    <dependency>
        <groupId>org.springframework.ws</groupId>
        <artifactId>spring-ws-security</artifactId>
    </dependency>
    <dependency>
        <groupId>com.sun.xml.wss</groupId>
        <artifactId>xws-security</artifactId>
        <version>3.0</version>
        <exclusions>
            <exclusion>
                <artifactId>xmldsig</artifactId>
                <groupId>javax.xml.crypto</groupId>
            </exclusion>
            <exclusion>
                <artifactId>activation</artifactId>
                <groupId>javax.activation</groupId>
            </exclusion>
        </exclusions>
    </dependency>
    <dependency>
        <groupId>com.sun.xml.messaging.saaj</groupId>
        <artifactId>saaj-impl</artifactId>
        <version>1.3.25</version>
    </dependency>
    <!-- XWSS::end -->

EncryptionProcessor.java (xws-security-3.0.jar http://mvnrepository.com/artifact/com.sun.xml.wss/xws-security/3.0):

// line=1050
String dataAlgorithm =  JCEMapper.translateURItoJCEID(dataEncAlgo); // 1051
_dataCipher = Cipher.getInstance(dataAlgorithm); // 1052
_dataEncryptor = XMLCipher.getInstance(dataEncAlgo,_dataCipher); //1053
_dataCipher.init(XMLCipher.ENCRYPT_MODE, _symmetricKey); //1054
_dataEncryptor.init(XMLCipher.ENCRYPT_MODE, _symmetricKey); // 1055
// 1056

The XMLCipher class is loaded from:

%java_home%\jre\lib\rt.jar!com.sun.org.apache.xml.internal.security.encryption.XMLCipher

Is this a bug in Java 8 or do I have to update the dependencies?

Answer 1

I can indeed confirm that xws-security-3.0.jar is incompatible with Java 8.

So I ended up having to fix the class in the dependency. See: How do you replace the class of a Maven dependency?

Answer 2

Try replacing security configuration with the one mentioned below:

<dependency>
    <groupId>org.springframework.ws</groupId>
    <artifactId>spring-ws-security</artifactId>
    <exclusions>
        <exclusion>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-core</artifactId>
        </exclusion>
    </exclusions>
</dependency>
<dependency>
    <groupId>com.sun.xml.wss</groupId>
    <artifactId>xws-security</artifactId>
    <version>3.0</version>
    <exclusions>
        <exclusion>
            <groupId>javax.xml.crypto</groupId>
            <artifactId>xmldsig</artifactId>
        </exclusion>
    </exclusions>
</dependency>
<dependency>
    <groupId>javax.activation</groupId>
    <artifactId>activation</artifactId>
    <version>1.1.1</version>
</dependency>

Answer 3

Did you tried removing the exclusion

<exclusion>
 <artifactId>activation</artifactId>
 <groupId>javax.activation</groupId>
</exclusion>

from the com.sun.xml.wss dependency?

Kind regards