Forum Discussion

nad101's avatar
nad101
Occasional Visitor
10 years ago

java.lang.NoSuchMethodError: org.apache.xml.security.encryption.XMLCipher.setSecureValidation(Z)V

Hi,

 

I'm getting this lovely little error running a MockService that attempts to decrypt incoming data. The full cause stack trace is below. I'm using SoapUI 5.0.0. I'm pretty certain it's a soapui issue - I can recreate it with both the client and server in SoapUI - but I could do with a sanity check.

 

A quick overview of the setup:

  • I have 2 keystores, one with a private key and one with the corresponding public key.
  • Create a "server" project; import a wsdl and create a mock service.
  • Create an incoming WS-Security config  on the project using the private key.
  • Change the mock service properties to use this as the Incoming WSS
  • Create a second project using the same wsdl
  • Create an outbound WS-Security config on the project using the public key to encrypt all or part of the message
  • Create a request; set up authorization and set it to use this as the Outgoing WSS.

 

So, this is about the simplest WS-Security setup I can think of... Surely someone else must have seen this?

 

Thanks,

 

Nick

 

Caused by: java.lang.NoSuchMethodError: org.apache.xml.security.encryption.XMLCipher.setSecureValidation(Z)V
at org.apache.ws.security.processor.ReferenceListProcessor.decryptEncryptedData(ReferenceListProcessor.java:315)
at org.apache.ws.security.processor.EncryptedKeyProcessor.decryptDataRef(EncryptedKeyProcessor.java:451)
at org.apache.ws.security.processor.EncryptedKeyProcessor.decryptDataRefs(EncryptedKeyProcessor.java:380)
at org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:178)
at org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:65)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:303)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:248)
at com.eviware.soapui.impl.wsdl.support.wss.IncomingWss.processIncoming(IncomingWss.java:125)
at com.eviware.soapui.impl.wsdl.mock.WsdlMockRequest.initPostRequest(WsdlMockRequest.java:106)
at com.eviware.soapui.impl.wsdl.mock.WsdlMockRequest.<init>(WsdlMockRequest.java:76)
at com.eviware.soapui.impl.wsdl.mock.WsdlMockDispatcher.dispatchRequest(WsdlMockDispatcher.java:117)

 

What I think is happening - XMLCipher is part of apache santuario (AKA xmlsec) and ReferenceListProcessor is part of apache wss4j - looking at the pom files, SoapUI appears to be using wss4j 1.6.14 and xmlsec 1.4.5 but that version of wss4j  requires xmlsec 1.5.6.

 

  • bpgriner's avatar
    bpgriner
    New Member
    9 years ago

    The fix for me was to add an xml-security dependency to the soapui maven plugin like so:


    <!-- To run, enter this command from the module directory:  mvn soapui:test -->
    <build>
      <plugins>
        <plugin>
          <groupId>com.smartbear.soapui</groupId>
          <artifactId>soapui-maven-plugin</artifactId>
          <version>5.1.1</version>
          <dependencies>
            <dependency>
              <groupId>org.apache.santuario</groupId>
              <artifactId>xmlsec</artifactId>
              <version>1.5.2</version>
            </dependency>
          </dependencies>
          <configuration>
            <projectFile>src/test/soap-ui/your-soapui-xml-file.xml</projectFile>
          </configuration>
        </plugin>
      </plugins>
    </build>

    In my case, I didn't have an xml security dependency anywhere else in my project.

     

    In other cases, it seems like some may be experiencing this error due to having multiple xml security dependencies throughout their project (and they are conflicting). So, if the above fix doesn't work for you in that scenario, you may need to look into which depedencies in your project are including xml security and deciding which one you want to include and which one you want to exclude (using maven's exclusion or provided markings in the given pom).