Since Domino 6 I have only seen people use Apache Axis (up to 1.4) as a web service framework and quite frankly it’s a bit long in the tooth; we want to use a newer framework and if we are sticking with the popular frameworks (i.e. native support in Eclipse), that leaves us with Axis 2 and CXF (yes yes! I know that X or Y is the latest and greatest but given the sedentary nature of large corporations I’ll settle for a functionally rich, well-rounded standard that works and in 2 years time can still be supported).

Anyhow, all my clients seem to have plumped for CXF, so this blog is to show you how to get a CXF client working on Domino 8+ (CXF needs Java 5 or greater).

I am assuming that you have already generated your class files (either via Eclipse wizards or via wsdl2J). If you have not, this is a good Link:

Normally when you are writing / testing a Java agent you just bung the supporting jar files in the agent itself, and give it a run. Unfortunately even if you get all the right jar files, you will get this error:

java.lang.NullPointerException
at org.apache.cxf.wsdl11.WSDLServiceFactory.< init> (WSDLServiceFactory.java:91)
at org.apache.cxf.jaxws.ServiceImpl.initializePorts(ServiceImpl.java:207)
at org.apache.cxf.jaxws.ServiceImpl.< init> (ServiceImpl.java:150)
at org.apache.cxf.jaxws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:63)
at javax.xml.ws.Service.< init> (Service.java:67)

This means that CXF can’t verify your WSDL (yes it’s a naff error) due to security reasons, so you’re going to have to put the jar files in the ext directory on the server.

CXF uses more jar files than Axis. When you download the binary from http://cxf.apache.org you will find a “WHICH_JAR” text file in the lib directory that tells you which files you will need to include for which function. As my client is using quite a few of the extra functions (such as WS security), I ended up putting the following files in a directory called “CXF” inside the Dominojvmlibext directory (the extra sub-directory is just so I don’t get the files mixed up):

– cxf.jar
– commons-logging.jar
– geronimo-activation.jar
– geronimo-annotation.jar
– geronimo-stax-api.jar
– neethi.jar
– jaxb-api.jar
– jaxb-impl.jar
– XmlSchema.jar
– wstx-asl.jar
– wsdl4j.jar
– geronimo-ws-metadata.jar
– geronimo-jaxws_2.1_spec-1.0.jar
– saaj-api.jar
– saaj-impl.jar
– asm.jar
– geronimo-servlet.jar
– jetty.jar
– jetty-util.jar
– sl4j.jar & sl4j-jdk14.jar (optional – but improves logging)
– bcprov-jdk15.jar
– xalan.jar
– serializer.jar
– wss4j.jar
– xmlsec.jar

(NOTE: If you are already using Java heavily in domino you may already some of these in your ext directory, so be careful to not double-up or give yourself conflicts).

The next bubble of joy will be the following error message (or something very similar):

java.security.AccessControlException: Access denied
(java.lang.RuntimePermission setContextClassLoader)
at java.security.AccessControlException.<init> (AccessControlException.java:62)
at java.security.AccessController.checkPermission(AccessController.java:68)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.Thread.setContextClassLoader(Thread.java:752)
at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Fiber.java:545)
at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Fiber.java:537)
at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Fiber.java:434)
at com.sun.xml.internal.ws.client.Stub.process(Stub.java:247)
at com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(SEIStub.java:132)
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:242)
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:222)
at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:115)
at $Proxy27.getAdjustedLocationValues(Unknown Source)

This is a security message, and means you will have to edit the dominojvmlibsecurityjava.policy file. The exact entry will depend on the error you are getting, but this one:

java.security.AccessControlException: Access denied
(java.lang.RuntimePermission setContextClassLoader)

… meant I put the following lines in:

grant {
permission java.lang.RuntimePermission “setContextClassLoader”;
}

Restart your server and that should be it, your CXF calls should work fine.

PS. I have included full error messages to help future lost souls find this post.

PPS. This posts was corrected and sanitised by Mr Poole to make it readable (thank you)
Old Comments
————
##### Olle Thalen(05/01/2011 14:11:04 GMT)
I get the following exception all the time when I try to run a web service consumer using cxf in domino environment:

org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 24 in XML document from class path resource [META-INF/cxf/cxf.xml] is invalid; nested exception is org.xml.sax.SAXParseException: cvc-elt.1: Cannot find the declaration of element ‘beans’.
at org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:97)
at org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:87)
at org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:65)
at org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:54)
at org.apache.cxf.BusFactory.getDefaultBus(BusFactory.java:70)
at org.apache.cxf.BusFactory.getThreadDefaultBus(BusFactory.java:107)
at org.apache.cxf.BusFactory.getThreadDefaultBus(BusFactory.java:98)
at org.apache.cxf.jaxws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:64)

Got any ideas?

Software contractors nearly always have a good laptop, often far better than a client would provide for its staff, and certainly with much better software on it (I personally am a fully paid up member of microsoft,IBM and Genuitec developer networks), Contractor are nearly always happy to use this for all clients work, but the majority of major clients don’t want it on-site on the desk never mind on the network.

why is this?, when the client would save so much money? usually security is the given reason? (either allowing viruses in or confidential data out).

On the surface of it, that is a slightly insulting and contradictory implication, in that a client will trust someone to write the core code that grows and maintains their business (often valued in the hundreds of millions) but not trust them to maintain the software and security of a 2K laptop!.

to be fair to the support and security teams they are often not thinking of contractors when these rules are put in place, they are thinking about the guy from finance who habitually opens every attachment that anyone sends to him, and whos laptop is a seething pile of malware, spam bots and viruses, but they can hardly say “we only let people who arn’t dumb bring their laptops in” so we all cop for it.

Thankfully, one of my clients has support managers who are enlightened, so for some time they have overlooked contractors bringing their laptops on site and connecting them , with the general upstanding that if one of us ever screwed up and brought in something nasty, then it would be back to an “all off” and the offender would be fired, this has worked for 4 years, with the occasional bored managerial idiot who has a melt down when they find out being asking if they are prepared to fund the huge cost of providing internal laptops and software for contractors out of their budget (strangely enough none of them seem to care THAT much).

Now we are moving to a new building a more formal procedure is being put in place, and the support manager has come up with a perfect solution, and one I feel could be picked up and used by many corporates with minimal outlay

It is simplicity its self, all large clients have a VPN set-up for remote working, so you just put in a wireless access point (my client trialled it with a cheapo Netgear router) and that access point is only allowed to connect to the VPN servers (your existing firewalls and external facing switches will be able to do this, though you have to remember to present the VPN’s servers EXTERNAL IP address to your wireless access point), and that’s it!, any laptop that can use the VPN can just connect to the wireless network.

Advantages

• Secure (you will already have the precedent for VPN access even for contractors), and even if someone gets onto the wireless network they gain nothing (not even basic internet access)
• does not use internet bandwidth
• easy to control/revoke access
• CHEAP

  Top tips to make it easier for them to let your laptop on site

• Have up-to-date reputable anti virus software installed (a printout of your licence does not hurt), they may want to use their corporate one, but the fact you already have one looks good
• If you are in the UK have your laptops P.A.T. certificate to hand (only laptops older that a year need this)
• Have your limited liability insurance certificate to hand (you should have this anyway).
• If you are a Apple head or a Linux boy, or even a up-to-date windows person, you may need a copy of vmware (or you virtual machine poison of choice) as large corporations are notorious for only supporting/allowing old software on their networks

  I like simple solutions 🙂

Old Comments

Martin Scott(11/02/2011 18:23:05 GMT)

[link={ Link } PAT testing Leeds[/link]

For those of us who use the rather pleasant MyEclipse IDE (a commercial version of the Eclipse IDE as recommended by Matt White) and in particular “MyEclipse for Spring” we all have been waiting for their 8.6 update to take a look at the new MVC scaffolding feature which gives a comparable feature set to Spring Roo (basically giving the auto code generating and framework building that i remember people calling RAD, but without requiring a dedicated platform such as Domino),.

Anyway I installed the update which promptly broke my IDE in a major way, with it refusing to start and giving a

java.lang.RuntimeException: No application id has been found

error, which in the end turned out to be caused by my flash builder 4 plug-in, ah!, a bit of fiddling and i got it working again, but still it was not a happy ferret, so i just rolled back the VMWare image it lives on and continued as normal,

why is this noteworthy?

Well as i have had such success the powermonkey lot I thought a quick tweet to @skywaysoftware, would do no harm, quick as a flash I got a request from them for the error message and if possible the log, i sent the error message, and within a few hours the following link was sent to me: here, the full text is below

“For those with MyEclipse for Spring 8.5 who have the Adobe Flash Builder plug-in installed, there is an issue when upgrading to MyEclipse for Spring 8.6 that will prevent the IDE from restarting. It can be both avoided (and corrected) by removing the com.adobe.flexbuilder.feature.core.nl1.link from the dropins folder.

If you are upgrading, remove the file before starting ME4S, then perform the 8.5 to 8.6 upgrade. After that is complete, shut down ME4S, re-add the Adobe file, and restart.

If you have upgraded and ME4S won’t start, remove the Adobe drop-in, start ME4S, then stop and re-add the drop-in.”

A nice useable work round, while they sort the problem out, and one that works,it didn’t cost them much and kept me as a loyal customer,

LEARN BIG BUSINESS, LEARN!!!!

Now I’m up and going again, prepare for a review of MVC scaffolding Vs Spring Roo Vs Traditional Rad (in a few days).