cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: Understanding WSS4J actions
Date Tue, 23 Apr 2013 14:23:34 GMT
You are probably running into these issues:

https://issues.apache.org/jira/browse/WSS-231
https://issues.apache.org/jira/browse/WSS-424

Essentially, the ordering is the problem (I suspect).

Colm.


On Tue, Apr 23, 2013 at 3:13 PM, Andrew Hart <ahart@akimeka.com> wrote:

> Upgrading to a newer version is difficult in some DoD settings where
> there are lists of "approved" open source software and versions.
> Believe me, I'm not using out of date software by choice.
> I am constrained to use JBoss AS 6.x, which contains CXF 2.3.1, which I
> *think* contains WSS4J 1.5.8.   I'm lobbying to upgrade some of this
> but, if I am allowed to do so, it will be by upgrading JBossWS-CXF in
> that version of JBoss and I won't be surprised if that opens up a
> completely different can of worms.
>
> What I am really asking for here is a basic explanation of the actions.
> If the WSS4J action is  on an inbound interceptor is "signature", then
> what parts need to be signed?  If the actions are "timestamp signature",
> then does that mean the timestamp is expected to be signed?  If the
> action is encrypt, then what needs to be encrypted, the head, the body,
> the entire envelope?  That sort of thing.  Is there some documentation,
> or does everybody just debug step through the code and have to figure it
> out for themselves?  My configuration below looked ok to you??
>
> -----Original Message-----
> From: Colm O hEigeartaigh [mailto:coheigea@apache.org]
> Sent: Tuesday, April 23, 2013 4:02 AM
> To: users@cxf.apache.org
> Subject: Re: Understanding WSS4J actions
>
> Newer versions of CXF do not require that the actions match in the exact
> order, but only that they match in some order. So your best bet is to
> upgrade to a newer version.
>
> Colm.
>
>
> On Mon, Apr 22, 2013 at 11:04 PM, Andrew Hart <ahart@akimeka.com> wrote:
>
> > Ok, wrt my earlier message, I decided to just go ahead and write a
> > simple java web service client rather than try to figure out why
> > SoapUi wasn't working.
> > Unfortunately, I'm back into "actions mismatch" hell.
> >
> > I understand that the actions need to match up on the client request
> > to the server, i.e., from the client OutInterceptor to the server
> > InInterceptor and that the inverse is true, From the server response
> > OutInterceptor to the client InInterceptor.
> >
> > So, my client is configured like this in a cxf.xml file:
> >  (note: the jaxws:client element didn't work for me and I had to
> > replace it with the cxf:bus before my interceptors would load.)
> > ----------------------------------------------------------------------
> > --
> > -----------------
> >
> > <beans xmlns="http://www.springframework.org/schema/beans"
> >    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> >    xmlns:jaxws="http://cxf.apache.org/jaxws"
> >    xmlns:cxf="http://cxf.apache.org/core"
> >    xsi:schemaLocation="http://cxf.apache.org/core
> >         http://cxf.apache.org/schemas/core.xsd
> >         http://www.springframework.org/schema/beans
> >
> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
> >         http://cxf.apache.org/jaxws
> >         http://cxf.apache.org/schemas/jaxws.xsd">
> >
> > <!--
> >     <jaxws:client name=" MyWebServicePort" createdFromAPI="true">
> >         <jaxws:inInterceptors>
> >             <ref bean="TimestampSignEncrypt_Response"/>
> >             <ref bean="logInbound" />
> >         </jaxws:inInterceptors>
> >         <jaxws:outInterceptors>
> >             <ref bean="TimestampSignEncrypt_Request"/>
> >             <ref bean="logOutbound" />
> >         </jaxws:outInterceptors>
> >     </jaxws:client>
> > -->
> >
> >     <cxf:bus>
> >         <cxf:outInterceptors>
> >             <ref bean="ClientRequest_Interceptor"/>
> >             <ref bean="logOutbound" />
> >         </cxf:outInterceptors>
> >         <cxf:inInterceptors>
> >             <ref bean="ServerResponse_Interceptor"/>
> >             <ref bean="logInbound" />
> >         </cxf:inInterceptors>
> >     </cxf:bus>
> >
> >     <bean id="logInbound"
> > class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
> >     <bean id="logOutbound"
> > class="org.apache.cxf.interceptor.LoggingOutInterceptor"/>
> >     <bean
> >         class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"
> >         id="ClientRequest_Interceptor">
> >         <constructor-arg>
> >               <map>
> >                 <entry key="action" value="Timestamp Signature"/>
> >                 <entry key="user" value="client1alias"/>
> >                 <entry key="signaturePropFile"
> > value="clientKeystore.properties"/>
> >                         <entry key="signatureKeyIdentifier"
> > value="DirectReference"/>
> >                 <entry key="passwordCallbackClass"
> > value="com.akimeka.ws.testclient.clientsample.ClientKeystorePasswordCa
> > ll
> > back"/>
> >                 <entry key="signatureAlgorithm"
> > value="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> >                 <entry key="signatureParts"
> > value="{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;{Eleme
> > nt
> > }{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-u
> > ti
> > lity-1.0.xsd}Timestamp"/>
> >
> >               </map>
> >         </constructor-arg>
> >     </bean>
> >     <bean
> >         class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"
> >         id="ServerResponse_Interceptor">
> >         <constructor-arg>
> >             <map>
> >                 <entry key="action" value="Timestamp Signature
> > Encrypt"/>
> >                 <entry key="signaturePropFile"
> > value="clientKeystore.properties"/>
> >                 <entry key="decryptionPropFile"
> > value="clientKeystore.properties"/>
> >                 <entry key="passwordCallbackClass"
> > value="com.akimeka.ws.testclient.clientsample.ClientKeystorePasswordCa
> > ll
> > back"/>
> >                 <entry key="encryptionKeyTransportAlgorithm"
> > value="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
> >                 <entry key="signatureAlgorithm"
> > value="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> >             </map>
> >         </constructor-arg>
> >     </bean>
> > </beans>
> >
> >
> > ----------------------------------------------------------------------
> > --
> > ----------
> > The server has a jbossws-cxf.xml file and is configured like this:
> > ----------------------------------------------------------------------
> > --
> > ----------
> > <beans
> >   xmlns='http://www.springframework.org/schema/beans'
> >   xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
> >   xmlns:beans='http://www.springframework.org/schema/beans'
> >   xmlns:jaxws='http://cxf.apache.org/jaxws'
> >   xsi:schemaLocation='http://cxf.apache.org/core
> >     http://cxf.apache.org/schemas/core.xsd
> >     http://www.springframework.org/schema/beans
> >     http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
> >     http://cxf.apache.org/jaxws
> >     http://cxf.apache.org/schemas/jaxws.xsd'>
> >
> >
> >   <bean id="Sign_Request"
> > class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
> >     <constructor-arg>
> >       <map>
> >         <entry key="action" value="Timestamp Signature"/>
> >         <entry key="signaturePropFile"  value="security.properties"/>
> >         <entry key="decryptionPropFile" value="security.properties"/>
> >         <entry key="passwordCallbackClass"
> > value="com.akimeka.ws.common.KeystorePasswordCallback"/>
> >       </map>
> >     </constructor-arg>
> >   </bean>
> >
> >
> >   <bean id="Sign_Response"
> > class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
> >     <constructor-arg>
> >       <map>
> >         <entry key="action" value="Timestamp Signature Encrypt"/>
> >         <entry key="user" value="server.akimeka.com"/>
> >         <entry key="signaturePropFile"  value="security.properties"/>
> >         <entry key="encryptionPropFile" value="security.properties"/>
> >         <entry key="encryptionUser" value="useReqSigCert"/>
> >         <!-- <entry key="encryptionUser" value="client1.akimeka.com"
> > />
> > -->
> >         <entry key="signatureKeyIdentifier" value="DirectReference"/>
> >         <!--  <entry key="encryptionKeyIdentifier"
> > value="DirectReference" /> -->
> >         <entry key="passwordCallbackClass"
> > value="com.akimeka.ws.common.KeystorePasswordCallback"/>
> >         <entry key="signatureParts"
> > value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-w
> > ss
> > -wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap
> > .o
> > rg/soap/envelope/}Body"/>
> >         <entry key="encryptionParts"
> > value="{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body"/>
> >         <entry key="encryptionKeyTransportAlgorithm"
> > value="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
> >         <entry key="encryptionSymAlgorithm"
> > value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
> >         <entry key="signatureAlgorithm"
> > value="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> >       </map>
> >     </constructor-arg>
> >   </bean>
> >
> >   <jaxws:endpoint
> >     id='CipService'
> >     address='http://@jboss.bind.address@:8080/ws-cip'
> >     implementor='com.akimeka.cip.ws.CipService'>
> >     <jaxws:invoker>
> >       <bean class='org.jboss.wsf.stack.cxf.InvokerJSE'/>
> >     </jaxws:invoker>
> >
> >     <jaxws:inInterceptors>
> >         <bean
> > class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"/>
> >         <ref bean="Sign_Request"/>
> >     </jaxws:inInterceptors>
> >
> >     <jaxws:outInterceptors>
> >         <bean
> > class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor"/>
> >         <ref bean="Sign_Response"/>
> >     </jaxws:outInterceptors>
> >
> >   </jaxws:endpoint>
> > </beans>
> > ----------------------------------------------------------------------
> > --
> > -------------------------------
> >
> > And, so the server sees the incoming message here...
> >
> > --------------------------------------
> > 16:43:36,935 INFO  [org.apache.cxf.interceptor.LoggingInInterceptor]
> > Inbound Message
> > ----------------------------
> > ID: 16
> > Address: /ws-cip/CipService
> > Encoding: UTF-8
> > Content-Type: text/xml; charset=UTF-8
> > Headers: {cache-control=[no-cache], content-type=[text/xml;
> > charset=UTF-8], connection=[keep-alive],
> > host=[msat-ah-01.akimeka.com:8080], Content-Length=[3496],
> > SOAPAction=[""], user-agent=[Apache CXF 2.3.1-patch-01],
> > Content-Type=[text/xml; charset=UTF-8], Accept=[*/*],
> > pragma=[no-cache]}
> > Payload: <soap:Envelope
> > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><w
> > ss
> > e:Security
> > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws
> > se curity-secext-1.0.xsd"
> > soap:mustUnderstand="1"><wsse:BinarySecurityToken
> > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws
> > se
> > curity-secext-1.0.xsd"
> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss
> > ec
> > urity-utility-1.0.xsd"
> > EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-
> > so
> > ap-message-security-1.0#Base64Binary"
> > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x50
> > 9-
> > token-profile-1.0#X509v3"
> > wsu:Id="CertId-8FE55E1C1DB8D8548C13666670167941">MIIBozCCAQygAwIBAgIEU
> > XV
> > eiTANBgkqhkiG9w0BAQUFADAWMRQwEgYDVQQDEwtjbGllbnQxdXNlcjAeFw0xMzA0MjIxN
> > jA
> > wMDlaFw0xNTA0MjIxNjAwMDlaMBYxFDASBgNVBAMTC2NsaWVudDF1c2VyMIGfMA0GCSqGS
> > Ib
> > 3DQEBAQUAA4GNADCBiQKBgQCd4AXM4VgvaScl6kdJVyaej50gr08XXSOntVki80znasD1t
> > jE
> > +TwUBBIjMzWUtLN+vWO211cbggaNP8mLZ2Tti3mEY0sS4ixZHLZz41/mLHU4YcQEFFZ5p6
> > +TwUBBIjMzWUtLN+1W
> > p1L3C37gQ7pm37SfKerwlrM4HnxSY6y7MinJSfQ0iDYaMu+XizQIDAQABMA0GCSqGSIb3D
> > p1L3C37gQ7pm37SfKerwlrM4HnxSY6y7MinJSfQ0iDYaMu+QE
> > BBQUAA4GBACiZwyRmSfjcjZDrIRe1A4PPHp+fMNHVssnvtOSaVEKjDRPeS1uXM7RLFUIvj
> > BBQUAA4GBACiZwyRmSfjcjZDrIRe1A4PPHp+EO
> > sbiSGMWSswFj/M61dRwNQreUxK737EpX8yko0gzKG+mH9bZZnEzroX5BROxa1luUTDmK2d
> > Ug
> > oPmLIwZI8gB8rJL6W3F3I6zfHwqHGbW6Xqt+J</wsse:BinarySecurityToken><ds:Si
> > oPmLIwZI8gB8rJL6W3F3I6zfHwqHGbW6Xqt+gn
> > ature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-2">
> > <ds:SignedInfo> <ds:CanonicalizationMethod
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > <ds:SignatureMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
> > <ds:Reference URI="#id-3"> <ds:Transforms> <ds:Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </ds:Transforms> <ds:DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> > <ds:DigestValue>Ki9mmuZ/IPEazLZiTmt1cqDq7pQ=</ds:DigestValue>
> > </ds:Reference>
> > <ds:Reference URI="#Timestamp-1">
> > <ds:Transforms>
> > <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > </ds:Transforms> <ds:DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> > <ds:DigestValue>dc/iT6EKpqAL9crdJORImAfavcU=</ds:DigestValue>
> > </ds:Reference>
> > </ds:SignedInfo>
> > <ds:SignatureValue>
> > FmXE1n5OKy4PVtLkTeuycQf6d6gMl4fgIrucJw6Ms8OnFLs4jbN6PMbkKIkv3DogfYPzSr
> > r6
> > Incd
> > Gus2miH1Qb5dFOhRDUSTDBaMeROxCyfKtzpvhTezboS1lYTF1jgFlmih5Ly1pTEwK46XmB
> > L4
> > KKeD
> > Jjo5xjN6eqUAYgrcGjs=
> > </ds:SignatureValue>
> > <ds:KeyInfo Id="KeyId-8FE55E1C1DB8D8548C13666670168262">
> > <wsse:SecurityTokenReference
> > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws
> > se
> > curity-secext-1.0.xsd"
> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss
> > ec
> > urity-utility-1.0.xsd"
> > wsu:Id="STRId-8FE55E1C1DB8D8548C13666670168263"><wsse:Reference
> > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws
> > se curity-secext-1.0.xsd"
> > URI="#CertId-8FE55E1C1DB8D8548C13666670167941"
> > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x50
> > 9- token-profile-1.0#X509v3" /></wsse:SecurityTokenReference>
> > </ds:KeyInfo> </ds:Signature><wsu:Timestamp
> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss
> > ec
> > urity-utility-1.0.xsd"
> > wsu:Id="Timestamp-1"><wsu:Created>2013-04-22T21:43:36.793Z</wsu:Create
> > d>
> > <wsu:Expires>2013-04-22T21:48:36.793Z</wsu:Expires></wsu:Timestamp></w
> > ss
> > e:Security></soap:Header><soap:Body
> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss
> > ec urity-utility-1.0.xsd" wsu:Id="id-3"><ns2:testWebService
> > xmlns:ns2="http://akimeka.com"><arg0>Test
> > String</arg0></ns2:testWebService></soap:Body></soap:Envelope>
> > --------------------------------------
> >
> > And then blows up with this stacktrace and sends back a fault:
> >
> > 16:43:36,935 WARN
> > [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor]
> > Security processing failed (actions mismatch)
> > 16:43:36,935 WARN
> > [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor]
> > : org.apache.ws.security.WSSecurityException: An error was discovered
> > processing the <wsse:Security> header
> >         at
> > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4J
> > In
> > Interceptor.java:294) [:2.3.1-patch-01]
> >         at
> > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4
> > JI
> > nInterceptor.java:234) [:2.3.1-patch-01]
> >         at
> > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4
> > JI
> > nInterceptor.java:81) [:2.3.1-patch-01]
> >         at
> > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIntercepto
> > rC
> > hain.java:255) [:2.3.1-patch-01]
> >         at
> > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitia
> > ti
> > onObserver.java:113) [:2.3.1-patch-01]
> >         at
> > org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDest
> > in
> > ation.java:97) [:2.3.1-patch-01]
> >         at
> > org.apache.cxf.transport.servlet.ServletController.invokeDestination(S
> > er
> > vletController.java:461) [:2.3.1-patch-01]
> >         at
> > org.jboss.wsf.stack.cxf.ServletControllerExt.invoke(ServletControllerE
> > xt
> > .java:172) [:3.4.1.GA]
> >         at
> > org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHa
> > nd
> > lerImpl.java:57) [:3.4.1.GA]
> >         at
> > org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(Ser
> > vl
> > etHelper.java:156) [:3.4.1.GA]
> >         at
> > org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:90)
> > [:3.4.1.GA]
> >         at
> > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(Abs
> > tr
> > actHTTPServlet.java:179) [:2.3.1-patch-01]
> >         at
> > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHT
> > TP
> > Servlet.java:103) [:2.3.1-patch-01]
> >         at
> > javax.servlet.http.HttpServlet.service(HttpServlet.java:754)
> > [:1.0.0.Final]
> >         at
> > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractH
> > TT
> > PServlet.java:159) [:2.3.1-patch-01]
> >         at
> > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
> > ca
> > tionFilterChain.java:324) [:6.1.0.Final]
> >         at
> > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
> > lt
> > erChain.java:242) [:6.1.0.Final]
> >         at
> > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperVa
> > lv
> > e.java:275) [:6.1.0.Final]
> >         at
> > org.apache.catalina.core.StandardContextValve.invoke(StandardContextVa
> > lv
> > e.java:161) [:6.1.0.Final]
> >         at
> > org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(Security
> > As
> > sociationValve.java:181) [:6.1.0.Final]
> >         at
> > org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticat
> > or
> > Base.java:501) [:6.1.0.Final]
> >         at
> > org.jboss.modcluster.catalina.CatalinaContext$RequestListenerValve.eve
> > nt
> > (CatalinaContext.java:285) [:1.1.0.Final]
> >         at
> > org.jboss.modcluster.catalina.CatalinaContext$RequestListenerValve.inv
> > ok
> > e(CatalinaContext.java:261) [:1.1.0.Final]
> >         at
> > org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve
> > .j
> > ava:88) [:6.1.0.Final]
> >         at
> > org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke
> > (S
> > ecurityContextEstablishmentValve.java:100) [:6.1.0.Final]
> >         at
> > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.ja
> > va
> > :159) [:6.1.0.Final]
> >         at
> > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.ja
> > va
> > :102) [:6.1.0.Final]
> >         at
> > org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedCo
> > nn
> > ectionValve.java:158) [:6.1.0.Final]
> >         at
> >
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.
> > java:109) [:6.1.0.Final]
> >         at
> > org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.i
> > nv
> > oke(ActiveRequestResponseCacheValve.java:53) [:6.1.0.Final]
> >         at
> > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java
> > :3
> > 62) [:6.1.0.Final]
> >         at
> > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:
> > 87
> > 7) [:6.1.0.Final]
> >         at
> > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.proces
> > s(
> > Http11Protocol.java:654) [:6.1.0.Final]
> >         at
> > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:951
> > )
> > [:6.1.0.Final]
> >         at java.lang.Thread.run(Thread.java:662) [:1.6.0_35]
> >
> > 16:43:36,936 WARN  [org.apache.cxf.phase.PhaseInterceptorChain]
> > Interceptor for {http://akimeka.com}TMDS_CIP_Web_Service has thrown
> > exception, unwinding now: org.apache.cxf.binding.soap.SoapFault: An
> > error was discovered processing the <wsse:Security> header
> >         at
> > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WS
> > S4
> > JInInterceptor.java:654) [:2.3.1-patch-01]
> >         at
> > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4
> > JI
> > nInterceptor.java:275) [:2.3.1-patch-01]
> >         at
> > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4
> > JI
> > nInterceptor.java:81) [:2.3.1-patch-01]
> >         at
> > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIntercepto
> > rC
> > hain.java:255) [:2.3.1-patch-01]
> >         at
> > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitia
> > ti
> > onObserver.java:113) [:2.3.1-patch-01]
> >         at
> > org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDest
> > in
> > ation.java:97) [:2.3.1-patch-01]
> >         at
> > org.apache.cxf.transport.servlet.ServletController.invokeDestination(S
> > er
> > vletController.java:461) [:2.3.1-patch-01]
> >         at
> > org.jboss.wsf.stack.cxf.ServletControllerExt.invoke(ServletControllerE
> > xt
> > .java:172) [:3.4.1.GA]
> >         at
> > org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHa
> > nd
> > lerImpl.java:57) [:3.4.1.GA]
> >         at
> > org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(Ser
> > vl
> > etHelper.java:156) [:3.4.1.GA]
> >         at
> > org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:90)
> > [:3.4.1.GA]
> >         at
> > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(Abs
> > tr
> > actHTTPServlet.java:179) [:2.3.1-patch-01]
> >         at
> > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHT
> > TP
> > Servlet.java:103) [:2.3.1-patch-01]
> >         at
> > javax.servlet.http.HttpServlet.service(HttpServlet.java:754)
> > [:1.0.0.Final]
> >         at
> > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractH
> > TT
> > PServlet.java:159) [:2.3.1-patch-01]
> >         at
> > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
> > ca
> > tionFilterChain.java:324) [:6.1.0.Final]
> >         at
> > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
> > lt
> > erChain.java:242) [:6.1.0.Final]
> >         at
> > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperVa
> > lv
> > e.java:275) [:6.1.0.Final]
> >         at
> > org.apache.catalina.core.StandardContextValve.invoke(StandardContextVa
> > lv
> > e.java:161) [:6.1.0.Final]
> >         at
> > org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(Security
> > As
> > sociationValve.java:181) [:6.1.0.Final]
> >         at
> > org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticat
> > or
> > Base.java:501) [:6.1.0.Final]
> >         at
> > org.jboss.modcluster.catalina.CatalinaContext$RequestListenerValve.eve
> > nt
> > (CatalinaContext.java:285) [:1.1.0.Final]
> >         at
> > org.jboss.modcluster.catalina.CatalinaContext$RequestListenerValve.inv
> > ok
> > e(CatalinaContext.java:261) [:1.1.0.Final]
> >         at
> > org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve
> > .j
> > ava:88) [:6.1.0.Final]
> >         at
> > org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke
> > (S
> > ecurityContextEstablishmentValve.java:100) [:6.1.0.Final]
> >         at
> > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.ja
> > va
> > :159) [:6.1.0.Final]
> >         at
> > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.ja
> > va
> > :102) [:6.1.0.Final]
> >         at
> > org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedCo
> > nn
> > ectionValve.java:158) [:6.1.0.Final]
> >         at
> >
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.
> > java:109) [:6.1.0.Final]
> >         at
> > org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.i
> > nv
> > oke(ActiveRequestResponseCacheValve.java:53) [:6.1.0.Final]
> >         at
> > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java
> > :3
> > 62) [:6.1.0.Final]
> >         at
> > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:
> > 87
> > 7) [:6.1.0.Final]
> >         at
> > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.proces
> > s(
> > Http11Protocol.java:654) [:6.1.0.Final]
> >         at
> > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:951
> > )
> > [:6.1.0.Final]
> >         at java.lang.Thread.run(Thread.java:662) [:1.6.0_35] Caused
> > by: org.apache.ws.security.WSSecurityException: An error was
> > discovered processing the <wsse:Security> header
> >         at
> > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4J
> > In
> > Interceptor.java:294) [:2.3.1-patch-01]
> >         at
> > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4
> > JI
> > nInterceptor.java:234) [:2.3.1-patch-01]
> >         ... 33 more
> >
> >
> > ----------------------------------------------------------------------
> > --
> > -------------------------------------------
> >
> > So, the client actions for the request are "Timestamp Signature"  and
> > the server inInterceptor actions match that.
> >
> > What am I failing to understand about this?  Is there a simple
> > explanation anywhere of what it means to specify a list of actions on
> > a web service incoming interceptor EXACTLY what is required fo on the
> > client end to match up, including details about specific parts that
> > have to be signed?
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > NOTICE: This transmission (including all attachments) is company
> > confidential, is intended only for the individual or entity named
> > above, and is likely to contain privileged, proprietary and
> > confidential information that is exempt from disclosure requests under
> applicable law.
> > If you are not the intended recipient, you are hereby notified that
> > any disclosure, copying, distribution, use of or reliance upon any of
> > the information contained in this transmission is strictly prohibited.
>
> > Any inadvertent or unauthorized disclosure shall not compromise or
> > waive the confidentiality of this transmission. If you have received
> > this transmission in error, please forward this message immediately to
>
> > postmaster@akimeka.com <mailto:postmaster@akimeka.com>  and delete or
> > otherwise remove this email from your system.  Thank you
> >
> >
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message