cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-5464) An error was discovered processing the <wsse:Security> header
Date Wed, 18 Dec 2013 15:48:10 GMT

    [ https://issues.apache.org/jira/browse/CXF-5464?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13851852#comment-13851852
] 

Colm O hEigeartaigh commented on CXF-5464:
------------------------------------------


The problem is that you are re-sending the UsernameToken with the same nonce. You should generate
a new UsernameToken per-request.

Colm.

> An error was discovered processing the <wsse:Security> header
> -------------------------------------------------------------
>
>                 Key: CXF-5464
>                 URL: https://issues.apache.org/jira/browse/CXF-5464
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.7.9
>         Environment: 1.Apache CXF 2.7.8
> 2.Jboss EAP 6
> 3.SoapUI for testing client Side
> 4. Windows 7
>            Reporter: Mahesh Narke
>              Labels: apache, cxf, digest, password, token
>             Fix For: 2.7.9
>
>   Original Estimate: 10h
>  Remaining Estimate: 10h
>
> I tried to implement for simple authentication i.e with password simple text type, it
is working but when i tried to implement for password digest type ,then giving me exception:
> An error was discovered processing the <wsse:Security> header (An error happened
processing a Username Token "A replay attack has been detected")
> WSS4JInInterceptor Bean class defination:
> <jaxws:inInterceptors>
>          <bean
>             class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>             <constructor-arg>
>               <!--  <map>
>                   <entry key="action" value="UsernameToken"/>
>                   <entry key="passwordType" value="PasswordText"/>
>                   <entry key="passwordCallbackRef" value-ref="myPasswordCallback"/>
>                </map> -->
>                 <map>
>                   <entry key="action" value="UsernameToken"/>
>                   <entry key="passwordType" value="PasswordDigest"/>
>                   <entry key="passwordCallbackRef" value-ref="myPasswordCallback"/>
>                </map> 
>             </constructor-arg>
>          </bean>
>       </jaxws:inInterceptors>
> Client xml request Code:
> <soapenv:Header>
> <wsse:Security soapenv:mustUnderstand="true">
>            <wsse:UsernameToken>
>                  <wsu:Created>2013-12-17T13:47:15Z</wsu:Created>
>                      <wsse:Username>joe</wsse:Username>
>                    <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">rePSkfHXTM6NWODD1Cdsbw==</wsse:Nonce>
>                     <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">PE7F51/oyWFVMsiZURuUwjoZVPY=</wsse:Password>
>              </wsse:UsernameToken>
> </wsse:Security>
> </soapenv:Header>
> Exception:
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
>    <soap:Body>
>       <soap:Fault>
>          <faultcode xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ns1:InvalidSecurity</faultcode>
>          <faultstring>An error was discovered processing the &lt;wsse:Security>
header (An error happened processing a Username Token "A replay attack has been detected")</faultstring>
>       </soap:Fault>
>    </soap:Body>
> </soap:Envelope>
> What am i missing?



--
This message was sent by Atlassian JIRA
(v6.1.4#6159)

Mime
View raw message