Using org.apache.wss4j artifacts to support ws-security part of a SOAP service calling inside a Play Framework (Java version) application resulted in this mess:
java.util.concurrent.CompletionException: java.lang.RuntimeException: java.lang.VerifyError: Bad type on operand stack
Exception Details:
Location:
org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.validateSignedEncryptedPolicies(Ljava/util/List;Ljava/util/List;Ljava/util/List;Lorg/apache/cxf/message/Message;)Z @28: invokespecial
Reason:
Type 'org/apache/wss4j/policy/model/EncryptedParts' (current frame, stack[1]) is not assignable to 'org/apache/wss4j/policy/model/SignedParts'
Current Frame:
bci: @28
flags: { }
locals: { 'org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator', 'java/util/List', 'java/util/List', 'java/util/List', 'org/apache/cxf/message/Message' }
stack: { 'org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator', 'org/apache/wss4j/policy/model/EncryptedParts', integer, 'java/util/List', 'java/util/List', 'org/apache/cxf/message/Message' }
Bytecode:
0x0000000: 2a2a b400 2d03 2c2b 1904 b700 2e9a 0005
0x0000010: 03ac 2a2a b400 2f04 2d2b 1904 b700 2e9a
0x0000020: 0005 03ac 2a2a b400 3003 2c2b 1904 b700
0x0000030: 319a 0005 03ac 2a2a b400 3203 2d2b 1904
0x0000040: b700 31ac
Stackmap Table:
same_frame(@18)
same_frame(@36)
same_frame(@54)
... suppressed 8 lines
Caused by: java.lang.RuntimeException: java.lang.VerifyError: Bad type on operand stack
Exception Details:
Location:
org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.validateSignedEncryptedPolicies(Ljava/util/List;Ljava/util/List;Ljava/util/List;Lorg/apache/cxf/message/Message;)Z @28: invokespecial
Reason:
Type 'org/apache/wss4j/policy/model/EncryptedParts' (current frame, stack[1]) is not assignable to 'org/apache/wss4j/policy/model/SignedParts'
Current Frame:
bci: @28
flags: { }
locals: { 'org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator', 'java/util/List', 'java/util/List', 'java/util/List', 'org/apache/cxf/message/Message' }
stack: { 'org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator', 'org/apache/wss4j/policy/model/EncryptedParts', integer, 'java/util/List', 'java/util/List', 'org/apache/cxf/message/Message' }
Bytecode:
0x0000000: 2a2a b400 2d03 2c2b 1904 b700 2e9a 0005
0x0000010: 03ac 2a2a b400 2f04 2d2b 1904 b700 2e9a
0x0000020: 0005 03ac 2a2a b400 3003 2c2b 1904 b700
0x0000030: 319a 0005 03ac 2a2a b400 3203 2d2b 1904
0x0000040: b700 31ac
Stackmap Table:
same_frame(@18)
same_frame(@36)
same_frame(@54)
at ir.iais.playCommons.utils.F$Promise$1.get(F.java:232) ~[play-commons_2.11-2017.0.2.12-SNAPSHOT.jar:2017.0.2.12-SNAPSHOT]
...
... 5 more
Caused by: java.lang.VerifyError: Bad type on operand stack
Exception Details:
Location:
org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.validateSignedEncryptedPolicies(Ljava/util/List;Ljava/util/List;Ljava/util/List;Lorg/apache/cxf/message/Message;)Z @28: invokespecial
Reason:
Type 'org/apache/wss4j/policy/model/EncryptedParts' (current frame, stack[1]) is not assignable to 'org/apache/wss4j/policy/model/SignedParts'
Current Frame:
bci: @28
flags: { }
locals: { 'org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator', 'java/util/List', 'java/util/List', 'java/util/List', 'org/apache/cxf/message/Message' }
stack: { 'org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator', 'org/apache/wss4j/policy/model/EncryptedParts', integer, 'java/util/List', 'java/util/List', 'org/apache/cxf/message/Message' }
Bytecode:
0x0000000: 2a2a b400 2d03 2c2b 1904 b700 2e9a 0005
0x0000010: 03ac 2a2a b400 2f04 2d2b 1904 b700 2e9a
0x0000020: 0005 03ac 2a2a b400 3003 2c2b 1904 b700
0x0000030: 319a 0005 03ac 2a2a b400 3203 2d2b 1904
0x0000040: b700 31ac
Stackmap Table:
same_frame(@18)
same_frame(@36)
same_frame(@54)
at org.apache.cxf.ws.security.wss4j.policyvalidators.ValidatorUtils.configureSupportingTokenValidators(ValidatorUtils.java:97) ~[cxf-rt-ws-security-3.1.7.jar:3.1.7]
at org.apache.cxf.ws.security.wss4j.policyvalidators.ValidatorUtils.(ValidatorUtils.java:46) ~[cxf-rt-ws-security-3.1.7.jar:3.1.7]
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.doResults(PolicyBasedWSS4JInInterceptor.java:576) ~[cxf-rt-ws-security-3.1.7.jar:3.1.7]
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:277) ~[cxf-rt-ws-security-3.1.7.jar:3.1.7]
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:171) ~[cxf-rt-ws-security-3.1.7.jar:3.1.7]
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:80) ~[cxf-rt-ws-security-3.1.7.jar:3.1.7]
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:66) ~[cxf-rt-ws-security-3.1.7.jar:3.1.7]
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) ~[cxf-core-3.1.7.jar:3.1.7]
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:798) ~[cxf-core-3.1.7.jar:3.1.7]
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1670) ~[cxf-rt-transports-http-3.1.7.jar:3.1.7]
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1551) ~[cxf-rt-transports-http-3.1.7.jar:3.1.7]
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1348) ~[cxf-rt-transports-http-3.1.7.jar:3.1.7]
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56) ~[cxf-core-3.1.7.jar:3.1.7]
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:651) ~[cxf-rt-transports-http-3.1.7.jar:3.1.7]
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62) ~[cxf-core-3.1.7.jar:3.1.7]
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) ~[cxf-core-3.1.7.jar:3.1.7]
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514) ~[cxf-core-3.1.7.jar:3.1.7]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423) ~[cxf-core-3.1.7.jar:3.1.7]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324) ~[cxf-core-3.1.7.jar:3.1.7]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277) ~[cxf-core-3.1.7.jar:3.1.7]
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) ~[cxf-rt-frontend-simple-3.1.7.jar:3.1.7]
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139) ~[cxf-rt-frontend-jaxws-3.1.7.jar:3.1.7]
at com.sun.proxy.$Proxy124.sendMessageToConsignee(Unknown Source) ~[?:?]
at ir.iais.rasam.services.AnnouncementAboutDeclarationService$1.get(AnnouncementAboutDeclarationService.java:61) ~[classes/:?]
at ir.iais.rasam.services.AnnouncementAboutDeclarationService$1.get(AnnouncementAboutDeclarationService.java:48) ~[classes/:?]
at ir.iais.playCommons.utils.F$Promise$1.get(F.java:230) ~[play-commons_2.11-2017.0.2.12-SNAPSHOT.jar:2017.0.2.12-SNAPSHOT]
...
... 5 more
The used modules of org.apache.wss4j artifacts are these:
"org.apache.wss4j" % "wss4j-bindings" % wss4jversion,
"org.apache.wss4j" % "wss4j-policy" % wss4jversion,
"org.apache.wss4j" % "wss4j-ws-security-dom" % wss4jversion,
"org.apache.wss4j" % "wss4j-ws-security-stax" % wss4jversion,
"org.apache.wss4j" % "wss4j-integration" % wss4jversion,
"org.apache.wss4j" % "wss4j-ws-security-policy-stax" % wss4jversion,
"org.apache.wss4j" % "wss4j-ws-security-common" % wss4jversion,
Where wss4jVersion is:
val wss4jVersion = "2.1.10"
By searching this part: Type ... (current frame, stack[1]) is not assignable to ... I landed on this page that said the problem is from JVM. However this Q/A is for 2013 and by now this bug must be resolved.
Besides if I replace all of above dependencies from org.apache.wss4j artifacts by this one: "org.apache.ws.security" % "wss4j" % "1.6.18" (well it means downgrading the package), the problem will be solved and service calling will work successfully.
Now my question is: Where the bug has lied? in JVM or WSS4J or Play Framework?
Play Framework version: 2.5.8
java version "1.8.0_121"
Java(TM) SE Runtime Environment (build 1.8.0_121-b13)
The problem is caused by the version incompatibility between Apache CXF Runtime and WSS4J.
cxf-rt-ws-security 3.1.7 depends on wss4j-policy 2.1.7, but you use wss4j-policy 2.1.10.
The bytecode verifier fails since EncryptedParts class from wss4j-policy cannot be longer assigned to SignedParts (though in earlier versions these classes were in the same hierarchy).
There are two ways to solve the problem: