I'm having some issues to create a connection to (and reading from) a Tibco EMS JMS queue, using SSL and mutual authentication with certicates.
Here is my Spring config:
<!-- TIBCO Connection Factory Bean -->
<bean id="tibcoConnectionFactory" class="com.tibco.tibjms.TibjmsConnectionFactory">
<constructor-arg value="ssl://mytibco.server.address:30113" />
<property name="userName" value="userName" />
<property name="userPassword" value="${tibcoPwd}" />
<property name="connAttemptCount" value="10" />
<property name="connAttemptDelay" value="100" />
<property name="connAttemptTimeout" value="1000" />
<property name="reconnAttemptCount" value="10" />
<property name="reconnAttemptDelay" value="100" />
<property name="reconnAttemptTimeout" value="1000" />
<property name="SSLVendor" value="j2se" />
<property name="SSLEnableVerifyHost" value="false" />
<property name="SSLEnableVerifyHostName" value="false" />
<property name="SSLTrace" value="true" />
<property name="SSLDebugTrace" value="true" />
<property name="SSLIdentity" value="c:\\cert\\testCert.p12" />
<property name="SSLPassword" value="*******" />
</bean>
<!-- Spring CachingConnectionFactory Bean -->
<bean id="tibcoJmsConnectionFactory" class="org.springframework.jms.connection.CachingConnectionFactory">
<constructor-arg ref="tibcoConnectionFactory" />
<property name="reconnectOnException" value="true" />
<property name="sessionCacheSize" value="10" />
</bean>
When I try to put something on the queue, I receive the following stack trace:
[TIBCO EMS]: [J] [SSL] initializing security with vendor 'j2se'
[TIBCO EMS]: [J] [SSL] client version 5.1.0, security version 3.0.0, SSL initialized with vendor 'j2se'
[TIBCO EMS]: [J] [SSL] WARNING: server verification is disabled, will trust any server.
[TIBCO EMS]: [J] [SSL] reading client identity from byte array, format=AUTO
WARN [jmsContainer-1] org.springframework.jms.listener.DefaultMessageListenerContainer - Execution of JMS message listener failed
org.springframework.jms.JmsSecurityException: Error occured while reading identity data: Invalid or not supported identity data; nested exception is javax.jms.JMSSecurityException: Error occured while reading identity data: Invalid or not supported identity data
at org.springframework.jms.support.JmsUtils.convertJmsAccessException(JmsUtils.java:283)
at org.springframework.jms.support.JmsAccessor.convertJmsAccessException(JmsAccessor.java:168)
at org.springframework.jms.core.JmsTemplate.execute(JmsTemplate.java:474)
at org.springframework.jms.core.JmsTemplate.execute(JmsTemplate.java:436)
...
at org.springframework.jms.listener.AbstractMessageListenerContainer.doInvokeListener(AbstractMessageListenerContainer.java:543)
at org.springframework.jms.listener.AbstractMessageListenerContainer.invokeListener(AbstractMessageListenerContainer.java:482)
at org.springframework.jms.listener.AbstractMessageListenerContainer.doExecuteListener(AbstractMessageListenerContainer.java:451)
at org.springframework.jms.listener.AbstractPollingMessageListenerContainer.doReceiveAndExecute(AbstractPollingMessageListenerContainer.java:323)
at org.springframework.jms.listener.AbstractPollingMessageListenerContainer.receiveAndExecute(AbstractPollingMessageListenerContainer.java:241)
at org.springframework.jms.listener.DefaultMessageListenerContainer$AsyncMessageListenerInvoker.invokeListener(DefaultMessageListenerContainer.java:982)
at org.springframework.jms.listener.DefaultMessageListenerContainer$AsyncMessageListenerInvoker.executeOngoingLoop(DefaultMessageListenerContainer.java:974)
at org.springframework.jms.listener.DefaultMessageListenerContainer$AsyncMessageListenerInvoker.run(DefaultMessageListenerContainer.java:876)
at java.lang.Thread.run(Thread.java:662)
Caused by: javax.jms.JMSSecurityException: Error occured while reading identity data: Invalid or not supported identity data
at com.tibco.tibjms.TibjmsSSL._identityFromStore(TibjmsSSL.java:2670)
at com.tibco.tibjms.TibjmsSSL.createIdentity(TibjmsSSL.java:2575)
at com.tibco.tibjms.TibjmsxLinkSSL._initSSL(TibjmsxLinkSSL.java:309)
at com.tibco.tibjms.TibjmsxLinkSSL.connect(TibjmsxLinkSSL.java:390)
at com.tibco.tibjms.TibjmsConnection._create(TibjmsConnection.java:1288)
at com.tibco.tibjms.TibjmsConnection.<init>(TibjmsConnection.java:4115)
at com.tibco.tibjms.TibjmsxCFImpl._createImpl(TibjmsxCFImpl.java:209)
at com.tibco.tibjms.TibjmsxCFImpl._createConnection(TibjmsxCFImpl.java:253)
at com.tibco.tibjms.TibjmsConnectionFactory.createConnection(TibjmsConnectionFactory.java:36)
at org.springframework.jms.connection.SingleConnectionFactory.doCreateConnection(SingleConnectionFactory.java:343)
at org.springframework.jms.connection.SingleConnectionFactory.initConnection(SingleConnectionFactory.java:290)
at org.springframework.jms.connection.SingleConnectionFactory.createConnection(SingleConnectionFactory.java:227)
at org.springframework.jms.support.JmsAccessor.createConnection(JmsAccessor.java:184)
at org.springframework.jms.core.JmsTemplate.access$500(JmsTemplate.java:90)
at org.springframework.jms.core.JmsTemplate$JmsTemplateResourceFactory.createConnection(JmsTemplate.java:1028)
at org.springframework.jms.connection.ConnectionFactoryUtils.doGetTransactionalSession(ConnectionFactoryUtils.java:298)
at org.springframework.jms.core.JmsTemplate.execute(JmsTemplate.java:458)
... 12 more
Until now, I can't succeed to resolve the ssl handshake.
How to resolve this issue?
The problem you having is due to a combination of Spring and the fact that com.tibco.tibjms.TibjmsConnectionFactory overloads the setSSLIdentity method, allowing either a byte[] or String to be passed.
This is confusing Spring which is invoking setSSLIdentity(byte[]) meaning that com.tibco.tibjms.TibjmsConnectionFactory is treating the bytes of the string c:\\cert\\testCert.p12 as a certificate (which it clearly isn't).
Unfortunately Spring doesn't let you force the type on the property element (like it does on constructor-arg, at least at the time of writing), so you'll use the constructor that takes a java.utils.Map and pass the configuration as properties:
<bean id="tibcoConnectionFactory" class="com.tibco.tibjms.TibjmsConnectionFactory">
<constructor-arg value="ssl://mytibco.server.address:30113" />
<constructor-arg><null/></constructor-arg>
<constructor-arg>
<util:map>
<entry key="com.tibco.tibjms.factory.username" value="userName"/>
<entry key="com.tibco.tibjms.factory.password" value="${tibcoPwd}"/>
<entry key="com.tibco.tibjms.connect.attemptcount" value="10"/>
<entry key="com.tibco.tibjms.connect.attemptdelay" value="100"/>
<entry key="com.tibco.tibjms.connect.attempttimeout" value="1000"/>
<entry key="com.tibco.tibjms.reconnect.attemptcount" value="10"/>
<entry key="com.tibco.tibjms.reconnect.attemptdelay" value="10-"/>
<entry key="com.tibco.tibjms.reconnect.attempttimeout" value="1000" />
<entry key="com.tibco.tibjms.ssl.vendor" value="j2se"/>
<entry key="com.tibco.tibjms.ssl.enable_verify_host" value="false"/>
<entry key="com.tibco.tibjms.ssl.enable_verify_hostname" value="false"/>
<entry key="com.tibco.tibjms.ssl.trace" value="true"/>
<entry key="com.tibco.tibjms.ssl.debug_trace" value="true"/>
<entry key="com.tibco.tibjms.ssl.identity" value="c:/cert/testCert.p12"/>
<entry key="com.tibco.tibjms.ssl.password" value="value="*******"/>
<util:map>
</constructor-arg>
</bean>
For anyone looking for the names for other properties, you can drill into the associated setter and see property name there.
The problem is that TibjmsConnectionFactory overloads the setSSLIdentity(..) setter.
The available setters are:
setSSLIdentity(byte[] identity)
setSSLIdentity(java.lang.String sslIdentity)
This means that Spring doesn't know which setter to call. I haven't researched proof of this, but from a google search I found out that it's up to the JVM implementation to decide which setter will be called and, in my case, it was different with every application restart (Oracle JVM). In fact this is a known issue, see https://github.com/flyway/flyway/issues/890 .
One solution is to call the constructor with a Map containing your properties:
TibjmsConnectionFactory(java.lang.String serverUrl,
java.lang.String clientId,
java.util.Map properties)
See also https://docs.tibco.com/pub/enterprise_message_service/8.1.0/doc/html/tib_ems_api_reference/api/javadoc/com/tibco/tibjms/TibjmsConnectionFactory.html#setSSLIdentity(java.lang.String)
PS: Sorry for resurrecting an old question, but as there is quite a high traffic for this question, this may help others in the future.
It seems that it's not reading .p12 correctly. It must log something like:
[TIBCO EMS]: [J] [SSL] reading client identity from file 'c:\cert\testCert.p12', format=PKCS12
note the format=...
Enter SSLIdentity as /c:/cert/testCert.p12. Then only it will recognize your p12 file, else will treat it as byte array
Related
I am using different connection factories for sending and receiving messages, having trouble with partial commit issues incase of delivey failures. jms:message-driven-channel-adapter uses the receiveConnectionFactory ro receive the messages from the queue. jms:outbound-channel-adapter uses the deliverConnectionFactory to send the messages multiple to downstream queues. We have only one JmsTransactionManager which uses the receiveConnectionFactory and the jms:outbound-channel-adapter configured with session-transacted="true".
<beans>
<bean id="transactionManager"
class="org.springframework.jms.connection.JmsTransactionManager">
<property name="connectionFactory" ref="receiveConnectionFactory" />
</bean>
<bean id="receiveConnectionFactory"
class="org.springframework.jms.connection.CachingConnectionFactory">
<property name="targetConnectionFactory">
<bean class="com.ibm.mq.jms.MQQueueConnectionFactory">
<property name="hostName" value="${mq.host}" />
<property name="channel" value="${mq.channel}" />
<property name="port" value="${mq.port}" />
</bean>
</property>
<property name="sessionCacheSize" value="${receive.factory.cachesize}" />
<property name="cacheProducers" value="${receive.cache.producers.enabled}" />
<property name="cacheConsumers" value="${receive.cache.consumers.enabled}" />
</bean>
<bean id="deliverConnectionFactory"
class="org.springframework.jms.connection.CachingConnectionFactory">
<property name="targetConnectionFactory">
<bean class="com.ibm.mq.jms.MQQueueConnectionFactory">
<property name="hostName" value="${mq.host}" />
<property name="channel" value="${mq.channel}" />
<property name="port" value="${mq.port}" />
</bean>
</property>
<property name="sessionCacheSize" value="${send.factory.cachesize}" />
<property name="cacheProducers" value="${send.cache.producers.enabled}" />
<property name="cacheConsumers" value="${send.cache.consumers.enabled}" />
</bean>
<tx:advice id="txAdviceNew" transaction-manager="transactionManager">
<tx:attributes>
<tx:method name="send" propagation="REQUIRES_NEW" />
</tx:attributes>
</tx:advice>
<aop:config>
<aop:advisor advice-ref="txAdviceNew" pointcut="bean(inputChannel)" />
<aop:advisor advice-ref="txAdviceNew" pointcut="bean(errorChannel)" />
</aop:config>
<jms:message-driven-channel-adapter
id="mdchanneladapter" channel="inputChannel" task-executor="myTaskExecutor"
connection-factory="receiveConnectionFactory" destination="inputQueue"
error-channel="errorChannel" concurrent-consumers="${num.consumers}"
max-concurrent-consumers="${max.num.consumers}" max-messages-per-task="${max.messagesPerTask}"
transaction-manager="transactionManager" />
<jms:outbound-channel-adapter
connection-factory="deliverConnectionFactory" session-transacted="true"
destination-expression="headers.get('Deliver')" explicit-qos-enabled="true" />
</beans>
When there is MQ exception on any one destination, the partial commit occurs and then the failure queue commit happens. I am looking to see if I am missing some configuration to join the transactions so that the partial commit never happens.
I tried with only one connection factory for both send and receive (receiveConnectionFactory) and the parital commit is not happening, everything works as expected.
I tried with only one connection factory for both send and receive (receiveConnectionFactory) and the parital commit is not happening, everything works as expected.
That's the right way to go in your case.
I see that your two ConnectionFactories are only different by their objects. Everything rest looks like the same target MQ server.
If you definitely can't live with only one ConnectionFactory, you should consider to use JtaTransactionManager or configure org.springframework.data.transaction.ChainedTransactionManager for two JmsTransactionManagers - one per connection factory.
See Dave Syer's article on the matter: https://www.javaworld.com/article/2077963/open-source-tools/distributed-transactions-in-spring--with-and-without-xa.html
We want to delegate the session-factory at run time to spring sftp inbound channel adapter. For that we have done the below configuration.
We have gone through the spring-sftp integration docs but we are not sure how to set the session-factory attribute value via java. Could you please suggest us how to delegate the session-factory run time in spring sftp inbound channel adapter using Delegating Session Factory.
XML Configuration
<beans>
<bean id="defaultSftpSessionFactoryOne" class="org.springframework.integration.sftp.session.DefaultSftpSessionFactory">
<property name="host" value="**.***.**.***" />
<property name="port" value="**" />
<property name="user" value="######" />
<property name="password" value="######" />
<property name="allowUnknownKeys" value="true" />
</bean>
<bean id="defaultSftpSessionFactoryTwo" class="org.springframework.integration.sftp.session.DefaultSftpSessionFactory">
<property name="host" value="**.***.**.***" />
<property name="port" value="**" />
<property name="user" value="######" />
<property name="password" value="######" />
<property name="allowUnknownKeys" value="true" />
</bean>
<bean id="delegatingSessionFactory" class="org.springframework.integration.file.remote.session.DelegatingSessionFactory">
<constructor-arg>
<bean id="factoryLocator"
class="org.springframework.integration.file.remote.session.DefaultSessionFactoryLocator">
<constructor-arg name="factories">
<map>
<entry key="one" value-ref="defaultSftpSessionFactoryOne"></entry>
<entry key="two" value-ref="defaultSftpSessionFactoryTwo"></entry>
</map>
</constructor-arg>
</bean>
</constructor-arg>
</bean>
<int:channel id="receiveChannel" />
<int-sftp:inbound-channel-adapter id="sftpInbondAdapter" auto-startup="false"
channel="receiveChannel" session-factory="delegatingSessionFactory"
local-directory="C:\\Users\\sftp" remote-directory="/tmp/archive"
auto-create-local-directory="true" delete-remote-files="false"
filename-regex=".*\.txt$">
<int:poller cron="0/10 * * * * ?">
</int:poller>
</int-sftp:inbound-channel-adapter>
java code
ApplicationContext ac = new ClassPathXmlApplicationContext("beans.xml");
DelegatingSessionFactory<String> dsf = (DelegatingSessionFactory<String>) ac.getBean("delegatingSessionFactory");
SessionFactory<String> one = dsf.getFactoryLocator().getSessionFactory("one");
SessionFactory<String> two = dsf.getFactoryLocator().getSessionFactory("two");
dsf.setThreadKey("two");
SourcePollingChannelAdapter spca = (SourcePollingChannelAdapter) ac.getBean("sftpInbondAdapter");
spca.start();
The delegating session factory was really intended for outbound adapters and gateways. Typically, inbound adapters don't switch to different servers.
Setting the thread key on the main thread like that does nothing.
You need to set/clear the key on the thread that invokes the adapter; this is shown for outbound adapters in the documentation.
For inbound adapters you need to do it on the poller thread.
I don't know what criteria you will use to select the factory, but you can use a smart poller to do it.
I am trying to test the connection timeout for my injected client.
I am able to call the client , but the timeout is not working. Its taking default and taking more than 1 mins.My configuration below :-
Spring context :-
<bean id="myServiceClient" class="org.springframework.remoting.jaxws.JaxWsPortProxyFactoryBean">
<property name="serviceInterface" value="au.com.my.service.employee.namespace.service"/>
<property name="namespaceUri" value="http://service.my.client.namespace.au/"/>
<property name="serviceName" value="MyWebService" />
<property name="endpointAddress" value="http://mywsdl.com?wsdl" />
<property name="wsdlDocumentUrl" value="http://mywsdl.com?wsdl" />
<property name="lookupServiceOnStartup" value="false" />
<property name="portName" value="myServicePort" />
<property name="customProperties" ref="jaxwsCustomProperties" />
</bean>
Custom properties:
<util:map id="jaxwsCustomProperties">
<entry key="com.sun.xml.internal.ws.request.timeout">
<value type="java.lang.Integer">1000</value>
</entry>
<entry key="com.sun.xml.internal.ws.connect.timeout">
<value type="java.lang.Integer">1000</value>
</entry>
<entry key="com.sun.xml.ws.request.timeout">
<value type="java.lang.Integer">1000</value>
</entry>
<entry key="com.sun.xml.ws.connect.timeout">
<value type="java.lang.Integer">1000</value>
</entry>
</util:map>
But, While I am calling this service its taking more than 1 mins. As per my understanding it should throw the connection timeout exception after 1 sec.
Please help me and advise if anything missed.
If you're expecting a Read timed out exception, try setting the javax.xml.ws.client.receiveTimeout property, that solved our similar issue.
As far as I understand, connect.timeout is used for how long the client is waiting to get a connection before throwing a connection refused error, socket timeout is how long the client is waiting for individual packets, see
ConnectionTimeout versus SocketTimeout.
Initially i was using different transaction manager for multiple data sources. But i had problem with managing rollback on all data sources if one of the data sources has transaction failure.I want to manage multiple datasources with single Transaction manager in Spring. So i opted for using JOTM or Atomikos. Both these transaction manager uses XA Connection pool(org.enhydra.jdbc.pool.StandardXAPoolDataSource). But in my project i was allowed to use only DBCP 2(org.apache.commons.dbcp.BasicDataSource) or Tomcat Connection Pool(org.apache.tomcat.jdbc.pool.DataSource). Is it possible to use either of this connection pools with JOTM or Atomikos. Please someone help me on this along with configuration example. Below is my configuration details,
<
bean id="jotm" class="org.springframework.transaction.jta.JotmFactoryBean"/>
<bean id="txManager" class="org.springframework.transaction.jta.JtaTransactionManager">
<property name="userTransaction" ref="jotm" />
</bean>
<bean id="dataSource1" class="org.enhydra.jdbc.pool.StandardXAPoolDataSource" destroy-method="shutdown">
<property name="dataSource">
<bean class ="org.enhydra.jdbc.standard.StandardXADataSource " destroy-method ="shutdown">
<property name="transactionManager" ref="jotm" />
<property name="driverName" value="${jdbc.d1.driver}" />
<property name ="url" value = "${jdbc.d1.url}" />
</bean>
</property>
<property name="user" value="${jdbc.d1.username}" />
<property name = "password" value="${jdbc.d1.password}" />
</bean>
<bean id="dataSource2" class="org.enhydra.jdbc.pool.StandardXAPoolDataSource" destroy-method="shutdown">
<property name="dataSource">
<bean class ="org. enhydra.jdbc.standard.StandardXADataSource " destroy-method ="shutdown">
<property name="transactionManager" ref="jotm" />
<property name="driverName" value="${jdbc.d2.driver}" />
<property name="url" value="${jdbc.d2.url}" />
</bean>
</property>
<property name="user" value="${jdbc.d2.username}" />
<property name = "password" value ="${jdbc.d2.password}" />
</bean>
Also do help if any other possible ways to achieve this.
I read the Restlet documentation on how to implement Basic HTTP Authentication but mine is not working when I make a request to a resource. Any reason why mine is not working?
Application Context:
<!-- Used to map routes to Restlet resources -->
<bean id="router" class="org.restlet.ext.spring.SpringRouter">
<property name="attachments">
<map>
<!-- I removed the actual values because it references a company -->
<entry key="/getCompanies" value="ClassResource" />
<entry key="/getList" value="ClassResource" />
<entry key="/getFile" value="ClassResource" />
<entry key="/archiveFile" value="ClassResource" />
</map>
</property>
</bean>
<!-- Used to have login authentication for requests -->
<bean id="challengeAuthenticator" class="org.restlet.security.ChallengeAuthenticator">
<constructor-arg><null /></constructor-arg>
<!-- Sets the Challenge scheme parameter to the static class member -->
<constructor-arg value="#{ T(org.restlet.data.ChallengeScheme).HTTP_BASIC }" />
<constructor-arg value="WSRealm" />
<property name="next" ref="router" />
</bean>
<!-- Creates a restlet component that contains the server and attachs the application -->
<bean id="restletComponent" class="org.restlet.ext.spring.SpringComponent">
<!-- Sets the server in the Restlet component -->
<property name="server" ref="server" />
<!-- Attachs the application to the virtual host -->
<property name="defaultTarget" ref="application" />
</bean>
I was assuming that since I set the challenge Authenticator next method to the router when I make a request it hits the router and hits the authenticator before going to the resource.
Java Code:
ApplicationContext springContext = new GenericXmlApplicationContext("applicationContext.xml");
Component restletComponent = (Component) springContext.getBean("restletComponent");
GetFilesApplication application = (GetFilesApplication) springContext.getBean("application");
ChallengeAuthenticator challengeAuthenticator =
(ChallengeAuthenticator) springContext.getBean("challengeAuthenticator");
Config config = application.getConfig();
MapVerifier mapVerifier = new MapVerifier();
// Puts the user name and password (encrypted) in the map verifier
mapVerifier.getLocalSecrets().put(config.getUsername(), StringCipher.encrypt(
config.getPassword()).toCharArray());
challengeAuthenticator.setVerifier(mapVerifier);
restletComponent.getDefaultHost().attachDefault(challengeAuthenticator);
// Start the component
restletComponent.start();
Like I said earlier, the only thing I can see wrong with it is, I am unsure about setting challenge authenticator next method value to the router.
Also for the client side added:
clientResource.setChallengeResponse(ChallengeScheme.HTTP_BASIC, "correctUser", StringCipher.encrypt("password"));
Forgot to mention that I am testing this on my local machine the client and the web service.
Solved it. It took so long to figure out but here is how I got it to work.
Java Code on Server Side:
// Removed and added to Application Context
restletComponent.getDefaultHost().attachDefault(challengeAuthenticator);
Application Context:
<bean id="propertyConfigurer"
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="locations">
<list>
<value>configuration.properties</value>
<value>log4j.properties</value>
</list>
</property>
</bean>
<bean id="config" class="Config class path location">
<property name="filePath" value="${Properties entry value}"/>
<property name="archivePath" value="${Properties entry value}"/>
<property name="username" value="${Properties entry value}"/>
<property name="password" value="${Properties entry value}"/>
</bean>
<!-- Restlet application -->
<bean id="application" class="Application class path location" scope="singleton">
<!-- Sets the router for the application -->
<property name="root" ref="router" />
<property name="config" ref="config" />
</bean>
<!-- Sets up the server -->
<bean id="server" class="org.restlet.ext.spring.SpringServer">
<constructor-arg value="${Properties entry value}" />
<constructor-arg value="${Properties entry value}" />
</bean>
<!-- Used to map routes to Restlet resources -->
<bean id="router" class="org.restlet.ext.spring.SpringRouter">
<property name="attachments">
<map>
<entry key="/getCompanies" value="Resource class path location" />
<entry key="/getList" value="Resource class path location" />
<entry key="/getFile" value="Resource class path location" />
<entry key="/archiveFile" value="Resource class path location" />
</map>
</property>
</bean>
<!-- Creates a restlet component that contains the server and attachs the application -->
<bean id="restletComponent" class="org.restlet.ext.spring.SpringComponent">
<!-- Sets the server in the Restlet component -->
<property name="server" ref="server" />
<!-- Attachs the application to the virtual host -->
<property name="defaultTarget" ref="application" />
<property name="defaultHost" ref="defaultHost" />
</bean>
<!-- Used to have login authentication for requests -->
<bean id="challengeAuthenticator" class="org.restlet.security.ChallengeAuthenticator">
<constructor-arg><null /></constructor-arg>
<!-- Sets the Challenge scheme parameter to the static class member -->
<constructor-arg value="#{ T(org.restlet.data.ChallengeScheme).HTTP_BASIC }" />
<constructor-arg value="GetWSRealm" />
<property name="next" ref="application" />
</bean>
<bean id="defaultHost" class="org.restlet.ext.spring.SpringHost">
<constructor-arg ref="restletComponent" />
<property name="defaultAttachment" ref="challengeAuthenticator" />
</bean>
Hope this helps others trying to get their application working. It took me a while to get this to work. :)