Return-Path: 
 <issues-return-15581-apmail-cxf-issues-archive=cxf.apache.org@cxf.apache.org>
Delivered-To: apmail-cxf-issues-archive@www.apache.org
Received: (qmail 2480 invoked from network); 12 Jan 2011 19:25:12 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 12 Jan 2011 19:25:12 -0000
Received: (qmail 33800 invoked by uid 500); 12 Jan 2011 19:25:12 -0000
Delivered-To: apmail-cxf-issues-archive@cxf.apache.org
Received: (qmail 33564 invoked by uid 500); 12 Jan 2011 19:25:12 -0000
Mailing-List: contact issues-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:issues-help@cxf.apache.org>
List-Unsubscribe: <mailto:issues-unsubscribe@cxf.apache.org>
List-Post: <mailto:issues@cxf.apache.org>
List-Id: <issues.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list issues@cxf.apache.org
Received: (qmail 33413 invoked by uid 99); 12 Jan 2011 19:25:12 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 Jan 2011 19:25:12 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=10.0
	tests=ALL_TRUSTED,WEIRD_PORT
X-Spam-Check-By: apache.org
Received: from [140.211.11.22] (HELO thor.apache.org) (140.211.11.22)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 Jan 2011 19:25:08 +0000
Received: from thor (localhost [127.0.0.1])
	by thor.apache.org (8.13.8+Sun/8.13.8) with ESMTP id p0CJOkU9005869
	for <issues@cxf.apache.org>; Wed, 12 Jan 2011 19:24:46 GMT
Message-ID: <22699705.320751294860286405.JavaMail.jira@thor>
Date: Wed, 12 Jan 2011 14:24:46 -0500 (EST)
From: "Daniel Kulp (JIRA)" <jira@apache.org>
To: issues@cxf.apache.org
Subject: [jira] Updated: (CXF-3240) The header 'Security' from the namespace
 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
 was not understood by the recipient of this message, causing the message to
 not be processed.
In-Reply-To: <881730.281591294752286533.JavaMail.jira@thor>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394
X-Virus-Checked: Checked by ClamAV on apache.org


     [ https://issues.apache.org/jira/browse/CXF-3240?page=3Dcom.atlassian.=
jira.plugin.system.issuetabpanels:all-tabpanel ]

Daniel Kulp updated CXF-3240:
-----------------------------

    Fix Version/s:     (was: 2.2.9)
                   NeedMoreInfo



We would definitely need more information.   Most likely, you would need to=
 look at  the logs on the server side to figure out what errors it displays=
 there.  =20

For security related things, many times, generic fault messages are sent ba=
ck to not give attackers extra information about what to try next.   The er=
ror message above could be anything from an invalid signature or maybe a po=
licy issue (like maybe it wan't a derived key), etc...    You would realy n=
eed the server logs to figure it out.


> The header 'Security' from the namespace 'http://docs.oasis-open.org/wss/=
2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' was not understood by t=
he recipient of this message, causing the message to not be processed.
> -------------------------------------------------------------------------=
---------------------------------------------------------------------------=
----------------------------------------------------------------------
>
>                 Key: CXF-3240
>                 URL: https://issues.apache.org/jira/browse/CXF-3240
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.2.9
>         Environment: JDK 1.6, Eclipse Ganymede
>            Reporter: Asif Ali Mohammed
>            Priority: Blocker
>             Fix For: NeedMoreInfo
>
>
> Hi,
> I have written a webservice client for a secured webservice. Im able to b=
uild the request along with signed header which takes security information =
from a .jks file. But in the response Im gettng the following error.=20
> {code}
> Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: The head=
er 'Security' from the namespace 'http://docs.oasis-open.org/wss/2004/01/oa=
sis-200401-wss-wssecurity-secext-1.0.xsd' was not understood by the recipie=
nt of this message, causing the message to not be processed.  This error ty=
pically indicates that the sender of this message has enabled a communicati=
on protocol that the receiver cannot process.  Please ensure that the confi=
guration of the client's binding is consistent with the service's binding.=
=20
> =09at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:=
146)
> =09at $Proxy61.getAccountBalancesByUser(Unknown Source)
> =09at IAccountsService_Client.main(Unknown Source)
> Caused by: org.apache.cxf.binding.soap.SoapFault: The header 'Security' f=
rom the namespace 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-=
wssecurity-secext-1.0.xsd' was not understood by the recipient of this mess=
age, causing the message to not be processed.  This error typically indicat=
es that the sender of this message has enabled a communication protocol tha=
t the receiver cannot process.  Please ensure that the configuration of the=
 client's binding is consistent with the service's binding.=20
> =09at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.un=
marshalFault(Soap11FaultInInterceptor.java:75)
> =09at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.ha=
ndleMessage(Soap11FaultInInterceptor.java:46)
> =09at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.ha=
ndleMessage(Soap11FaultInInterceptor.java:35)
> =09at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterce=
ptorChain.java:243)
> =09at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMe=
ssage(AbstractFaultChainInitiatorObserver.java:99)
> =09at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handl=
eMessage(CheckFaultInterceptor.java:69)
> =09at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handl=
eMessage(CheckFaultInterceptor.java:34)
> =09at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterce=
ptorChain.java:243)
> =09at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:700)
> =09at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handl=
eResponseInternal(HTTPConduit.java:2261)
> =09at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handl=
eResponse(HTTPConduit.java:2134)
> =09at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close=
(HTTPConduit.java:1988)
> =09at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWrite=
OutputStream.java:47)
> =09at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:=
188)
> =09at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java=
:66)
> =09at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:63=
9)
> =09at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEn=
dingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
> =09at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterce=
ptorChain.java:243)
> =09at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:487)
> =09at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
> =09at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
> =09at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
> =09at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:=
124)
> =09... 2 more
> {code}
> The client program is :
> {code}
> public final class IAccountsService_Client {
>     public static void main(String args[]) throws Exception {
>     =09
>     =09IAccountsService accountsService =3D getServicePortType();
>    =09 =09
>         org.apache.cxf.endpoint.Client client =3D org.apache.cxf.frontend=
.ClientProxy.getClient(accountsService);
>         org.apache.cxf.endpoint.Endpoint cxfEndpoint =3D client.getEndpoi=
nt();
>        =20
>         Map<String,Object> outProps =3D getOutInterceptorProps();
>        =20
>         WSS4JOutInterceptor wssOut =3D new WSS4JOutInterceptor(outProps);
>         cxfEndpoint.getOutInterceptors().add(wssOut);
>        =20
>        =20
> =09java.lang.String userGuid =3D "f9f24f385d1b8cba373ad33eb015f98Z";
> =09ArrayOfstring accountNumbers =3D new ArrayOfstring();
> =09accountNumbers.getString().add("18630464");
> =09accountNumbers.getString().add("10003314");
> =09accountNumbers.getString().add("18602340");
> =09=09       =20
> =09UserAccountBalances  _return =3D accountsService.getAccountBalancesByU=
ser(userGuid, accountNumbers, SourceType.ALL);
> =09           =20
>              =20
>     }
>    =20
>     private static IAccountsService getServicePortType(){
> =09=09
> =09=09JaxWsProxyFactoryBean factory =3D new JaxWsProxyFactoryBean();
> =09=09//enable logging of outbound(request) and inbound(response) soap me=
ssages
>     =09      factory.getInInterceptors().add(new LoggingInInterceptor());
>     =09     factory.getOutInterceptors().add(new LoggingOutInterceptor())=
;
>     =09       factory.setServiceClass(IAccountsService.class);
>    =09 =09factory.setAddress("http://uss1udp001ampvb.ampf.com:29039/tr/iW=
ealthAcctService");
>    =09 =09return (IAccountsService) factory.create();
> =09}
> =09
> =09
> =09private static Map<String, Object> getOutInterceptorProps(){
> =09=09Map<String,Object> outProps =3D new HashMap<String,Object>();
>         // how to configure the properties is outlined below;
>         outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNAT=
URE);
>         outProps.put(WSHandlerConstants.USER, "clientPortal_e3");
>         outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEX=
T);
>         outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, KeystorePasswo=
rdCallback.class.getName());
>         outProps.put(WSHandlerConstants.SIG_PROP_FILE, "crypto.properties=
");
>         return outProps;
> =09}
> {code}
> Request XML :
> {code}
> INFO: Outbound Message
> ---------------------------
> ID: 1
> Address: http://uss1udp001ampvb.ampf.com:29039/tr/iWealthAcctService
> Encoding: UTF-8
> Content-Type: text/xml
> Headers: {SOAPAction=3D["https://iWealth.thomson.com/Services/2010/03/IAc=
countsService/GetAccountBalancesByUser"], Accept=3D[*/*]}
> Payload: <soap:Envelope xmlns:soap=3D"http://schemas.xmlsoap.org/soap/env=
elope/"><soap:Header><wsse:Security xmlns:wsse=3D"http://docs.oasis-open.or=
g/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUndersta=
nd=3D"1"><ds:Signature xmlns:ds=3D"http://www.w3.org/2000/09/xmldsig#" Id=
=3D"Signature-1">
> <ds:SignedInfo xmlns:ds=3D"http://www.w3.org/2000/09/xmldsig#">
> <ds:CanonicalizationMethod xmlns:ds=3D"http://www.w3.org/2000/09/xmldsig#=
" Algorithm=3D"http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Canonicalizati=
onMethod>
> <ds:SignatureMethod xmlns:ds=3D"http://www.w3.org/2000/09/xmldsig#" Algor=
ithm=3D"http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
> <ds:Reference xmlns:ds=3D"http://www.w3.org/2000/09/xmldsig#" URI=3D"#id-=
2">
> <ds:Transforms xmlns:ds=3D"http://www.w3.org/2000/09/xmldsig#">
> <ds:Transform xmlns:ds=3D"http://www.w3.org/2000/09/xmldsig#" Algorithm=
=3D"http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod xmlns:ds=3D"http://www.w3.org/2000/09/xmldsig#" Algorith=
m=3D"http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
> <ds:DigestValue xmlns:ds=3D"http://www.w3.org/2000/09/xmldsig#">oCglj+hmo=
QBUz+yqCDDg6FmPXzc=3D</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue xmlns:ds=3D"http://www.w3.org/2000/09/xmldsig#">
> CjPQCsoPsyfiiACZdkqx+LBeGkz1teu52Rf/BoTVBWTieh12fo7X0qznSN1AHEYiZCgXvuwdQ=
kcn
> ewUl2vFTj3g/btkHUX8Epgp5X/u2X5Aunk7ZdliGTxZ0Fyv2LAduzDiJim15ti3UBitRqU39i=
BWk
> inx1jBpbgTeBI33acng=3D
> </ds:SignatureValue>
> <ds:KeyInfo xmlns:ds=3D"http://www.w3.org/2000/09/xmldsig#" Id=3D"KeyId-E=
8E2BE415B08955AA412947515791042">
> <wsse:SecurityTokenReference xmlns:wsse=3D"http://docs.oasis-open.org/wss=
/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu=3D"http://do=
cs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" =
wsu:Id=3D"STRId-E8E2BE415B08955AA412947515791043"><ds:X509Data xmlns:ds=3D"=
http://www.w3.org/2000/09/xmldsig#">
> <ds:X509IssuerSerial xmlns:ds=3D"http://www.w3.org/2000/09/xmldsig#">
> <ds:X509IssuerName xmlns:ds=3D"http://www.w3.org/2000/09/xmldsig#">OU=3Dw=
ww.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=3DVeriSi=
gn International Server CA - Class 3,OU=3DVeriSign\, Inc.,O=3DVeriSign Trus=
t Network</ds:X509IssuerName>
> <ds:X509SerialNumber xmlns:ds=3D"http://www.w3.org/2000/09/xmldsig#">1693=
72247684920926775018956902222426627</ds:X509SerialNumber>
> </ds:X509IssuerSerial>
> </ds:X509Data></wsse:SecurityTokenReference>
> </ds:KeyInfo>
> </ds:Signature></wsse:Security></soap:Header><soap:Body xmlns:wsu=3D"http=
://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.=
xsd" wsu:Id=3D"id-2"><GetAccountBalancesByUser xmlns=3D"https://iWealth.tho=
mson.com/Services/2010/03" xmlns:ns2=3D"http://schemas.datacontract.org/200=
4/07/TFOnline.Services.Accounts.DataContracts" xmlns:ns3=3D"http://schemas.=
microsoft.com/2003/10/Serialization/Arrays" xmlns:ns4=3D"http://schemas.dat=
acontract.org/2004/07/Microsoft.Practices.EnterpriseLibrary.Validation.Inte=
gration.WCF" xmlns:ns5=3D"http://www.microsoft.com/practices/EnterpriseLibr=
ary/2007/01/wcf/validation" xmlns:ns6=3D"http://schemas.microsoft.com/2003/=
10/Serialization/"><userGuid>f9f24f385d1b8cba373ad33eb015f98Z</userGuid><ac=
countNumbers><ns3:string>18630464</ns3:string><ns3:string>10003314</ns3:str=
ing><ns3:string>28827094</ns3:string><ns3:string>18692571</ns3:string><ns3:=
string>10020272</ns3:string><ns3:string>79136285</ns3:string><ns3:string>38=
920300</ns3:string><ns3:string>16605981</ns3:string><ns3:string>18602340</n=
s3:string><ns3:string>10033541</ns3:string><ns3:string>10867300</ns3:string=
><ns3:string>18602340</ns3:string></accountNumbers><sourceType>All</sourceT=
ype></GetAccountBalancesByUser></soap:Body></soap:Envelope>
> {code}
> Response XML:
> {code}
> INFO: Inbound Message
> ----------------------------
> ID: 1
> Response-Code: 500
> Encoding: ISO-8859-1
> Content-Type: text/xml
> Headers: {content-type=3D[text/xml], X-AspNet-Version=3D[2.0.50727], conn=
ection=3D[Keep-Alive], X-Backside-Transport=3D[FAIL FAIL], transfer-encodin=
g=3D[chunked], Date=3D[Tue, 11 Jan 2011 13:13:00 GMT], Warning=3D[214 TR_Ac=
countsService_XMLFW DataPower Transformation Applied], Via=3D[1.1 TR_Accoun=
tsService_XMLFW], X-Client-IP=3D[159.202.161.253], Server=3D[Microsoft-IIS/=
6.0], X-Powered-By=3D[ASP.NET], Cache-Control=3D[private]}
> Payload: <?xml version=3D"1.0" encoding=3D"UTF-8"?>
> <s:Envelope xmlns:s=3D"http://schemas.xmlsoap.org/soap/envelope/"><s:Body=
><s:Fault><faultcode>s:MustUnderstand</faultcode><faultstring xml:lang=3D"e=
n-US">The header 'Security' from the namespace 'http://docs.oasis-open.org/=
wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' was not understood =
by the recipient of this message, causing the message to not be processed. =
 This error typically indicates that the sender of this message has enabled=
 a communication protocol that the receiver cannot process.  Please ensure =
that the configuration of the client's binding is consistent with the servi=
ce's binding. </faultstring></s:Fault></s:Body></s:Envelope>
> {code}
> Please help me as this has become a blocking issue for my project.
> Thanks in advance,
> Asif ali Mohammed.

--=20
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.