cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kulp <dk...@apache.org>
Subject Re: An invalid security token was provided (Bad UsernameToken Values)
Date Wed, 03 Feb 2010 20:08:36 GMT

According to spec, the "Username" and "Password" child elements of 
"UsernameToken" are NOT supposed to be qualified.   The message you put here 
has them qualified.  

I think there is a setting in the WSConfig object to allow accepting the out 
of spec name/passwords, I'm just not sure how that would be used with the 
WSS4JInInterceptor.   I added some code last week to allow configuring in a 
specific WSConfig object relatively easily, but that's not available in a 
release yet.   

Dan


On Tue February 2 2010 6:22:08 pm huidong wrote:
> i am running a .Net WCF client to call a service on linux host with CXF
> framework.
> 
> the inbound message looks like:
> 
> Payload: <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
> xmlns:a="http://www.w3.org/2005/08/addressing"
> xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity
> -utility-1.0.xsd">
> 
> <s:Header><a:Action
> s:mustUnderstand="1"/><a:MessageID>urn:uuid:7f809251-17cb-4319-9fd8-0488960
> 1e956</a:MessageID>
> 
> <a:ReplyTo><a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Add
> ress></a:ReplyTo>
> 
> <a:To
> s:mustUnderstand="1">https://sas/ws/saw/services/SawSelfServices</a:To>
> 
> <o:Security s:mustUnderstand="1"
> xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity
> -secext-1.0.xsd">
> 
> <u:Timestamp
> u:Id="_0"><u:Created>2010-02-02T22:10:48.955Z</u:Created><u:Expires>2010-02
> -02T22:15:48.955Z</u:Expires></u:Timestamp>
> 
> <o:UsernameToken u:Id="uuid-17aef8db-845a-4b9c-bceb-f8cde31933b6-1
> <o:Username>wstest</o:Username>
> <o:Password
> o:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-to
> ken-profile-1.0#PasswordText">*****</o:Password> </o:UsernameToken>
> 
> </o:Security>
> </s:Header>
> <s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema">****</s:Body>
> </s:Envelope>
> 
> I received a error message:
> 
> [14:10:53.081] {http--81-5$573121065}
> org.apache.ws.security.WSSecurityException: An invalid security token was
> provided (Bad UsernameToken Values)
> [14:10:53.081] {http--81-5$573121065}   at
> org.apache.ws.security.message.token.UsernameToken.<init>(UsernameToken.jav
> a:179) [14:10:53.081] {http--81-5$573121065}   at
> org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken
> (UsernameTokenProcessor.java:91) [14:10:53.081] {http--81-5$573121065}   at
> org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(Usernam
> eTokenProcessor.java:56) [14:10:53.081] {http--81-5$573121065}   at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEng
> ine.java:326) [14:10:53.081] {http--81-5$573121065}   at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEng
> ine.java:243) [14:10:53.081] {http--81-5$573121065}   at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInIn
> terceptor.java:199) [14:10:53.081] {http--81-5$573121065}   at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInIn
> terceptor.java:78) [14:10:53.081] {http--81-5$573121065}   at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
> n.java:243) [14:10:53.081] {http--81-5$573121065}   at
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationO
> bserver.java:109) [14:10:53.081] {http--81-5$573121065}   at
> org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestinati
> on.java:98) [14:10:53.081] {http--81-5$573121065}   at
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(Servle
> tController.java:406) [14:10:53.081] {http--81-5$573121065}   at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController
> .java:178) [14:10:53.081] {http--81-5$573121065}   at
> org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServl
> et.java:142) [14:10:53.081] {http--81-5$573121065}   at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(Abstract
> HTTPServlet.java:179) [14:10:53.081] {http--81-5$573121065}   at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPSer
> vlet.java:103) [14:10:53.081] {http--81-5$573121065}   at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:153)
> [14:10:53.081] {http--81-5$573121065}   at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPSe
> rvlet.java:159) [14:10:53.081] {http--81-5$573121065}   at
> com.caucho.server.dispatch.ServletFilterChain.doFilter(ServletFilterChain.j
> ava:103) [14:10:53.081] {http--81-5$573121065}   at
> com.caucho.server.security.SecurityFilterChain.doFilter(SecurityFilterChain
> .java:134) [14:10:53.081] {http--81-5$573121065}   at
> com.caucho.server.webapp.WebAppFilterChain.doFilter(WebAppFilterChain.java:
> 187) [14:10:53.081] {http--81-5$573121065}   at
> com.caucho.server.dispatch.ServletInvocation.service(ServletInvocation.java
> :265) [14:10:53.081] {http--81-5$573121065}   at
> com.caucho.server.http.HttpRequest.handleRequest(HttpRequest.java:273)
> [14:10:53.081] {http--81-5$573121065}   at
> com.caucho.server.port.TcpConnection.run(TcpConnection.java:682)
> [14:10:53.081] {http--81-5$573121065}   at
> com.caucho.util.ThreadPool$Item.runTasks(ThreadPool.java:743)
> 
> 
> what was wrong?? i cannot see anything invalid. and a java client just runs
> fine. any help will be greatly appreciated!
> 

-- 
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog

Mime
View raw message