Troubleshooting Web Services issues

WSDL generation problems during deployment

When deploying JAX-WS Web Services without associated WSDL, the application server will automatically generate the WSDL for the service. With Axis2 as the JAX-WS provider, the application server uses Sun's wsgen tool to generate the WSDL. Sometimes wsgen can fail to generate the WSDL (for example, because of invalid annotations). In most of such cases, the output of the wsgen tool will be logged to the geronimo.log file. However, in some cases the output might not get logged and it might be necessary to enable extra logging to see the full output of the wsgen tool. To enable full logging of the wsgen tool add the following line to server-log4j.properties file:


The output of wsgen will appear in the geronimo.log file.

AccessControlException when deploying Web Services using CXF

When deploying JAX-WS Web Services using CXF you might see the following exception:

Caused by: java.security.AccessControlException: access denied (javax.xml.ws.WebServicePermission publishEndpoint) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264) at java.security.AccessController.checkPermission(AccessController.java:427) at org.apache.cxf.jaxws.EndpointImpl.checkPublishPermission(EndpointImpl.java:389) at org.apache.cxf.jaxws.EndpointImpl.doPublish(EndpointImpl.java:248) at org.apache.cxf.jaxws.EndpointImpl.publish(EndpointImpl.java:201) at org.apache.cxf.jaxws.EndpointImpl.publish(EndpointImpl.java:394) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) ...

As per JSR-109 specification application servers are supposed to block publishing new Web Service endpoints via the Endpoint API. However, this can be disabled by setting the org.apache.cxf.jaxws.checkPublishEndpointPermission system property to false. For example, start the server after setting the following property:

export JAVA_OPTS=-Dorg.apache.cxf.jaxws.checkPublishEndpointPermission=false

Accessing Web Service by certificate using Web Service client

For the Web Service client, while using client-cert, you might need to ask the server to add your certificate to the trusted key store in Geronimo server. In the meanwhile, you need to get the server's certificate, and then add it into your local key store(Geronimp Administration Console can be used to export the server's certificate).

You also need to set the following properties before starting the server.

export GERONIMO_OPTS=-Djavax.net.ssl.trustStore=YOUR_CLIENT_TRUSTED_KEY_STORE -Djavax.net.ssl.trustStorePassword=YOUR_CLIENT_TRUSTED_KEY_STORE_PASSWORD -Djavax.net.ssl.keyStore=YOUR_CLIENT_KEY_STORE -Djavax.net.ssl.keyStorePassword=YOUR_CLIENT_KEY_STORE_PASSWORD
  • No labels