T
T.
Hey,
I have a problem with the security of a WebService I designed:
I run an application server (Sun Java System Application Server Platform
Edition 8.1_01) that runs a few Web Services who have access to
Enterprise Java Beans. On the same machine Sun's Java WebService
Development Pack 1.6 is installed (because the wscompile tool included
with the AppServer didn't support the -security option).
A standalone javaclient (for testing purposes also running on the same
machine) accesses this webservices using static stubs, created by
wscompile. All this works great, till I turn on the -security option of
wscompile. Everything still compiles, yet at the first message my client
tries to send at the server a SecurityException is generated:
java.lang.SecurityException: sealing violation: can't seal the package
com.sun.xml.wss: allready loaded.
This package is inluded in xws-security.jar and indeed this jar file
does exist twice on my system (once with the appserver and once with the
JWSDP), but the classpath always points to the first one (I think). I'm
rather sure that the two jar files are the same version.
I allready tried deleting one of the jars and I tried turning the
'sealed' statement false for both... without result.
Has anyone an idea how to solve this? This application should be secure
by the end of this week and I've ran out of ideas.
Thanks in advance,
Thomas
I have a problem with the security of a WebService I designed:
I run an application server (Sun Java System Application Server Platform
Edition 8.1_01) that runs a few Web Services who have access to
Enterprise Java Beans. On the same machine Sun's Java WebService
Development Pack 1.6 is installed (because the wscompile tool included
with the AppServer didn't support the -security option).
A standalone javaclient (for testing purposes also running on the same
machine) accesses this webservices using static stubs, created by
wscompile. All this works great, till I turn on the -security option of
wscompile. Everything still compiles, yet at the first message my client
tries to send at the server a SecurityException is generated:
java.lang.SecurityException: sealing violation: can't seal the package
com.sun.xml.wss: allready loaded.
This package is inluded in xws-security.jar and indeed this jar file
does exist twice on my system (once with the appserver and once with the
JWSDP), but the classpath always points to the first one (I think). I'm
rather sure that the two jar files are the same version.
I allready tried deleting one of the jars and I tried turning the
'sealed' statement false for both... without result.
Has anyone an idea how to solve this? This application should be secure
by the end of this week and I've ran out of ideas.
Thanks in advance,
Thomas