cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mahesh Narke (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CXF-5464) An error was discovered processing the <wsse:Security> header
Date Tue, 17 Dec 2013 11:15:07 GMT
Mahesh Narke created CXF-5464:
---------------------------------

             Summary: An error was discovered processing the <wsse:Security> header
                 Key: CXF-5464
                 URL: https://issues.apache.org/jira/browse/CXF-5464
             Project: CXF
          Issue Type: Bug
          Components: WS-* Components
    Affects Versions: 2.7.9
         Environment: 1.Apache CXF 2.7.8
2.Jboss EAP 6
3.SoapUI for testing client Side
4. Windows 7
            Reporter: Mahesh Narke
             Fix For: 2.7.9


I tried to implement for simple authentication i.e with password simple text type, it is working
but when i tried to implement for password digest type ,then giving me exception:
An error was discovered processing the <wsse:Security> header (An error happened processing
a Username Token "A replay attack has been detected")

WSS4JInInterceptor Bean class defination:

<jaxws:inInterceptors>
         <bean
            class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
            <constructor-arg>
              <!--  <map>
                  <entry key="action" value="UsernameToken"/>
                  <entry key="passwordType" value="PasswordText"/>
                  <entry key="passwordCallbackRef" value-ref="myPasswordCallback"/>
               </map> -->
                <map>
                  <entry key="action" value="UsernameToken"/>
                  <entry key="passwordType" value="PasswordDigest"/>
                  <entry key="passwordCallbackRef" value-ref="myPasswordCallback"/>
               </map> 
            </constructor-arg>
         </bean>
      </jaxws:inInterceptors>


Client xml request Code:

<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="true">
           <wsse:UsernameToken>
                 <wsu:Created>2013-12-17T13:47:15Z</wsu:Created>
                     <wsse:Username>joe</wsse:Username>
                   <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">rePSkfHXTM6NWODD1Cdsbw==</wsse:Nonce>
                    <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">PE7F51/oyWFVMsiZURuUwjoZVPY=</wsse:Password>
             </wsse:UsernameToken>


</wsse:Security>
</soapenv:Header>


Exception:

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
   <soap:Body>
      <soap:Fault>
         <faultcode xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ns1:InvalidSecurity</faultcode>
         <faultstring>An error was discovered processing the &lt;wsse:Security>
header (An error happened processing a Username Token "A replay attack has been detected")</faultstring>
      </soap:Fault>
   </soap:Body>
</soap:Envelope>

What am i missing?




--
This message was sent by Atlassian JIRA
(v6.1.4#6159)

Mime
View raw message