cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel Kulp (JIRA)" <j...@apache.org>
Subject [jira] Updated: (CXF-3240) The header 'Security' from the namespace 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' was not understood by the recipient of this message, causing the message to not be processed.
Date Wed, 12 Jan 2011 19:24:46 GMT

     [ https://issues.apache.org/jira/browse/CXF-3240?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Daniel Kulp updated CXF-3240:
-----------------------------

    Fix Version/s:     (was: 2.2.9)
                   NeedMoreInfo



We would definitely need more information.   Most likely, you would need to look at  the logs
on the server side to figure out what errors it displays there.   

For security related things, many times, generic fault messages are sent back to not give
attackers extra information about what to try next.   The error message above could be anything
from an invalid signature or maybe a policy issue (like maybe it wan't a derived key), etc...
   You would realy need the server logs to figure it out.


> The header 'Security' from the namespace 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
was not understood by the recipient of this message, causing the message to not be processed.
> --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: CXF-3240
>                 URL: https://issues.apache.org/jira/browse/CXF-3240
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.2.9
>         Environment: JDK 1.6, Eclipse Ganymede
>            Reporter: Asif Ali Mohammed
>            Priority: Blocker
>             Fix For: NeedMoreInfo
>
>
> Hi,
> I have written a webservice client for a secured webservice. Im able to build the request
along with signed header which takes security information from a .jks file. But in the response
Im gettng the following error. 
> {code}
> Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: The header 'Security'
from the namespace 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
was not understood by the recipient of this message, causing the message to not be processed.
 This error typically indicates that the sender of this message has enabled a communication
protocol that the receiver cannot process.  Please ensure that the configuration of the client's
binding is consistent with the service's binding. 
> 	at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:146)
> 	at $Proxy61.getAccountBalancesByUser(Unknown Source)
> 	at IAccountsService_Client.main(Unknown Source)
> Caused by: org.apache.cxf.binding.soap.SoapFault: The header 'Security' from the namespace
'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' was not
understood by the recipient of this message, causing the message to not be processed.  This
error typically indicates that the sender of this message has enabled a communication protocol
that the receiver cannot process.  Please ensure that the configuration of the client's binding
is consistent with the service's binding. 
> 	at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75)
> 	at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46)
> 	at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35)
> 	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
> 	at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:99)
> 	at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
> 	at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
> 	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
> 	at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:700)
> 	at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2261)
> 	at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2134)
> 	at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1988)
> 	at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:47)
> 	at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:188)
> 	at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
> 	at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:639)
> 	at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
> 	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
> 	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:487)
> 	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
> 	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
> 	at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
> 	at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
> 	... 2 more
> {code}
> The client program is :
> {code}
> public final class IAccountsService_Client {
>     public static void main(String args[]) throws Exception {
>     	
>     	IAccountsService accountsService = getServicePortType();
>    	 	
>         org.apache.cxf.endpoint.Client client = org.apache.cxf.frontend.ClientProxy.getClient(accountsService);
>         org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
>         
>         Map<String,Object> outProps = getOutInterceptorProps();
>         
>         WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
>         cxfEndpoint.getOutInterceptors().add(wssOut);
>         
>         
> 	java.lang.String userGuid = "f9f24f385d1b8cba373ad33eb015f98Z";
> 	ArrayOfstring accountNumbers = new ArrayOfstring();
> 	accountNumbers.getString().add("18630464");
> 	accountNumbers.getString().add("10003314");
> 	accountNumbers.getString().add("18602340");
> 		        
> 	UserAccountBalances  _return = accountsService.getAccountBalancesByUser(userGuid, accountNumbers,
SourceType.ALL);
> 	            
>               
>     }
>     
>     private static IAccountsService getServicePortType(){
> 		
> 		JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
> 		//enable logging of outbound(request) and inbound(response) soap messages
>     	      factory.getInInterceptors().add(new LoggingInInterceptor());
>     	     factory.getOutInterceptors().add(new LoggingOutInterceptor());
>     	       factory.setServiceClass(IAccountsService.class);
>    	 	factory.setAddress("http://uss1udp001ampvb.ampf.com:29039/tr/iWealthAcctService");
>    	 	return (IAccountsService) factory.create();
> 	}
> 	
> 	
> 	private static Map<String, Object> getOutInterceptorProps(){
> 		Map<String,Object> outProps = new HashMap<String,Object>();
>         // how to configure the properties is outlined below;
>         outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE);
>         outProps.put(WSHandlerConstants.USER, "clientPortal_e3");
>         outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
>         outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, KeystorePasswordCallback.class.getName());
>         outProps.put(WSHandlerConstants.SIG_PROP_FILE, "crypto.properties");
>         return outProps;
> 	}
> {code}
> Request XML :
> {code}
> INFO: Outbound Message
> ---------------------------
> ID: 1
> Address: http://uss1udp001ampvb.ampf.com:29039/tr/iWealthAcctService
> Encoding: UTF-8
> Content-Type: text/xml
> Headers: {SOAPAction=["https://iWealth.thomson.com/Services/2010/03/IAccountsService/GetAccountBalancesByUser"],
Accept=[*/*]}
> Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
soap:mustUnderstand="1"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
Id="Signature-1">
> <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:CanonicalizationMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
> <ds:SignatureMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
> <ds:Reference xmlns:ds="http://www.w3.org/2000/09/xmldsig#" URI="#id-2">
> <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:Transform xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
> <ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">oCglj+hmoQBUz+yqCDDg6FmPXzc=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> CjPQCsoPsyfiiACZdkqx+LBeGkz1teu52Rf/BoTVBWTieh12fo7X0qznSN1AHEYiZCgXvuwdQkcn
> ewUl2vFTj3g/btkHUX8Epgp5X/u2X5Aunk7ZdliGTxZ0Fyv2LAduzDiJim15ti3UBitRqU39iBWk
> inx1jBpbgTeBI33acng=
> </ds:SignatureValue>
> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="KeyId-E8E2BE415B08955AA412947515791042">
> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="STRId-E8E2BE415B08955AA412947515791043"><ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:X509IssuerSerial xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:X509IssuerName xmlns:ds="http://www.w3.org/2000/09/xmldsig#">OU=www.verisign.com/CPS
Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\,
Inc.,O=VeriSign Trust Network</ds:X509IssuerName>
> <ds:X509SerialNumber xmlns:ds="http://www.w3.org/2000/09/xmldsig#">169372247684920926775018956902222426627</ds:X509SerialNumber>
> </ds:X509IssuerSerial>
> </ds:X509Data></wsse:SecurityTokenReference>
> </ds:KeyInfo>
> </ds:Signature></wsse:Security></soap:Header><soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="id-2"><GetAccountBalancesByUser xmlns="https://iWealth.thomson.com/Services/2010/03"
xmlns:ns2="http://schemas.datacontract.org/2004/07/TFOnline.Services.Accounts.DataContracts"
xmlns:ns3="http://schemas.microsoft.com/2003/10/Serialization/Arrays" xmlns:ns4="http://schemas.datacontract.org/2004/07/Microsoft.Practices.EnterpriseLibrary.Validation.Integration.WCF"
xmlns:ns5="http://www.microsoft.com/practices/EnterpriseLibrary/2007/01/wcf/validation" xmlns:ns6="http://schemas.microsoft.com/2003/10/Serialization/"><userGuid>f9f24f385d1b8cba373ad33eb015f98Z</userGuid><accountNumbers><ns3:string>18630464</ns3:string><ns3:string>10003314</ns3:string><ns3:string>28827094</ns3:string><ns3:string>18692571</ns3:string><ns3:string>10020272</ns3:string><ns3:string>79136285</ns3:string><ns3:string>38920300</ns3:string><ns3:string>16605981</ns3:string><ns3:string>18602340</ns3:string><ns3:string>10033541</ns3:string><ns3:string>10867300</ns3:string><ns3:string>18602340</ns3:string></accountNumbers><sourceType>All</sourceType></GetAccountBalancesByUser></soap:Body></soap:Envelope>
> {code}
> Response XML:
> {code}
> INFO: Inbound Message
> ----------------------------
> ID: 1
> Response-Code: 500
> Encoding: ISO-8859-1
> Content-Type: text/xml
> Headers: {content-type=[text/xml], X-AspNet-Version=[2.0.50727], connection=[Keep-Alive],
X-Backside-Transport=[FAIL FAIL], transfer-encoding=[chunked], Date=[Tue, 11 Jan 2011 13:13:00
GMT], Warning=[214 TR_AccountsService_XMLFW DataPower Transformation Applied], Via=[1.1 TR_AccountsService_XMLFW],
X-Client-IP=[159.202.161.253], Server=[Microsoft-IIS/6.0], X-Powered-By=[ASP.NET], Cache-Control=[private]}
> Payload: <?xml version="1.0" encoding="UTF-8"?>
> <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><s:Fault><faultcode>s:MustUnderstand</faultcode><faultstring
xml:lang="en-US">The header 'Security' from the namespace 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
was not understood by the recipient of this message, causing the message to not be processed.
 This error typically indicates that the sender of this message has enabled a communication
protocol that the receiver cannot process.  Please ensure that the configuration of the client's
binding is consistent with the service's binding. </faultstring></s:Fault></s:Body></s:Envelope>
> {code}
> Please help me as this has become a blocking issue for my project.
> Thanks in advance,
> Asif ali Mohammed.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message