cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Morein, Arnie" <Arnold.Mor...@dps.texas.gov>
Subject RE: Help with configuring web service to match security from WSDL
Date Fri, 03 Nov 2017 14:36:17 GMT
Switched to:

wsdlLocation="/META-INF/resources/Authenticate-Service-single.wsdl"

And got:

2017-11-03 09:33:00.499 INFO   [org.apache.cxf.wsdl.service.factory.ReflectionServiceFactoryBean] Creating Service {http://aamva.org/authentication/3.1.0}AuthenticationService from WSDL: /META-INF/resources/Authenticate-Service-single.wsdl

So I guess it found it via the classpath.

More testing... more testing...

-----Original Message-----
From: Morein, Arnie 
Sent: Friday, November 03, 2017 9:29 AM
To: 'Daniel Kulp'; users@cxf.apache.org
Subject: RE: Help with configuring web service to match security from WSDL

2017-11-03 08:59:02.985 INFO   [org.apache.cxf.wsdl.service.factory.ReflectionServiceFactoryBean] Creating Service {http://aamva.org/authentication/3.1.0}AuthenticationService from class gov.niem.release.niem.codes.usps_states._3_1_0.IAuthenticationService

From class apparently. I tried this (though I hate the hard-coded file name+version of it):

    <jaxws:endpoint id="mockAuthenticationServiceEndpoint" bus="cxf"
        address="/mockAuthenticationService"
        implementor="gov.uscis.uscis.xsd.esb.authentication.AuthenticationServiceImpl"
        wsdlLocation="jar:file://ws-dls-aamva-authentication-1.0.0.jar!META-INF/resources/Authenticate-Service-single.wsdl"

but got:

Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing 'jar:file://ws-dls-aamva-authentication-1.0.0.jar!META-INF/resources/Authenticate-Service-single.wsdl'.: java.net.MalformedURLException: no !/ in spec
	at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2198)
	at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2390)
	at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2422)
	at org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.java:238)
	at org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.java:163)
	at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:85)
	... 86 more
Caused by: java.net.MalformedURLException: no !/ in spec

So, what's the best way to do this?

-----Original Message-----
From: Daniel Kulp [mailto:dkulp@apache.org] 
Sent: Friday, November 03, 2017 9:02 AM
To: users@cxf.apache.org; Morein, Arnie
Subject: Re: Help with configuring web service to match security from WSDL

CAUTION: This email was received from an EXTERNAL source, use caution when clicking links or opening attachments.

If you believe this to be a malicious and/or phishing email, please send this email as an attachment to SPAM@dps.texas.gov.



There aren’t any ws-security interceptors there.   Two things to check:

1) Make sure the cxf-rt-ws-security jar is in the war/service.   

2) Make sure you are specifying the WSDL when the service is started.    Scroll up in the log and make sure it says something like “creating service from WSDL” and not “creating service from class”.   

For some reason, the service does not think it needs any security processing.

Dan



> On Nov 3, 2017, at 9:31 AM, Morein, Arnie <Arnold.Morein@dps.texas.gov> wrote:
> 
> You mean this:
> 
> 2017-11-03 08:17:41.351 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Chain org.apache.cxf.phase.PhaseInterceptorChain@477ce666 was created. Current flow:
>  receive [LoggingInInterceptor, PolicyInInterceptor, AttachmentInInterceptor]
>  pre-stream [CertConstraintsInterceptor]
>  post-stream [StaxInInterceptor]
>  read [WSDLGetInterceptor, ReadHeadersInterceptor, SoapActionInInterceptor, StartBodyInterceptor, JavascriptGetInterceptor]
>  pre-protocol [MEXInInterceptor, MustUnderstandInterceptor]
>  post-protocol [CheckFaultInterceptor, JAXBAttachmentSchemaValidationHack]
>  unmarshal [DocLiteralInInterceptor, SoapHeaderInterceptor]
>  pre-logical [OneWayProcessorInterceptor]
>  post-logical [WrapperClassInInterceptor]
>  pre-invoke [SwAInInterceptor, HolderInInterceptor]
>  invoke [ServiceInvokerInterceptor]
>  post-invoke [OutgoingChainInterceptor]
> 
> 2017-11-03 08:17:41.351 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleMessage on interceptor org.apache.cxf.interceptor.LoggingInInterceptor@74843c6e
> 2017-11-03 08:17:41.378 INFO   [org.apache.cxf.interceptor.AbstractLoggingInterceptor] Inbound Message
> ----------------------------
> ID: 1
> Address: https://localhost:8443/mock-vls-ws/services/mockAuthenticationService
> Encoding: UTF-8
> Http-Method: POST
> Content-Type: application/soap+xml; action="http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT"; charset=UTF-8
> Headers: {Accept=[*/*], cache-control=[no-cache], connection=[keep-alive], content-type=[application/soap+xml; action="http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT"; charset=UTF-8], host=[localhost:8443], pragma=[no-cache], transfer-encoding=[chunked], user-agent=[Apache-CXF/3.1.10]}
> Payload: <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"><soap:Header><Action xmlns="http://www.w3.org/2005/08/addressing">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</Action><MessageID xmlns="http://www.w3.org/2005/08/addressing">urn:uuid:26fe3f6b-6e58-4149-84d6-91c7a5bcc37e</MessageID><To xmlns="http://www.w3.org/2005/08/addressing" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="_5f89bdcd-a9c5-4dfe-bd29-35e2a61ba27e">https://localhost:8443/mock-vls-ws/services/mockAuthenticationService</To><ReplyTo xmlns="http://www.w3.org/2005/08/addressing"><Address>http://www.w3.org/2005/08/addressing/anonymous</Address></ReplyTo><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="true"><wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-a8890f7e-f564-4286-90ed-c92afe79af0c">MIIHPzCCBSegAwIBAgITRAAAc2IaBbGCTk7sGwAAAABzYjANBgkqhkiG9w0BAQsFADBBMRMwEQYKCZImiZPyLGQBGRYDRFBTMRMwEQYKCZImiZPyLGQBGRYDVExFMRUwEwYDVQQDEwxEUFNJc3N1ZUNBMDEwHhcNMTcxMTAxMTczMTUzWhcNMjAxMDMxMTczMTUzWjCBjTELMAkGA1UEBhMCVVMxDjAMBgNVBAgTBVRleGFzMQ8wDQYDVQQHEwZBdXN0aW4xKjAoBgNVBAoTIVRleGFzIERlcGFydG1lbnQgb2YgUHVibGljIFNhZmV0eTELMAkGA1UECxMCSVQxJDAiBgNVBAMMG2Rwcy5kZXZlbG9wZXJAZHBzLnRleGFzLmdvdjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIPrRFbLW92EYqeCr/jrEkFaHLP4Zm8lMnpNV1aJtEPuZno3GdBtRNadTHpg+x6dKQemTgrpZJIzBCsm6iCWliB2PWqdFbQKt3DQoG4o8fT8DxPNZLod9Y/Rfi8Lb7NO33WdFu6JG8KRypTs1mQUItQ03TbKapACMmyoXhctZEgnSkwQUBYF6jUHMoOpcxj6pPr/oaV9YMfh4P2eyKxNTdJGJXGe9kUPpLRydgoBq9NHluUfjsxKQ4STwG45+8TMZnXZOF3qQpW2Ny1shn5V2wSECZBHiTaTtshcIz6Kxew47nW9DQ2ITpbbalYTXdnaBOalKpKkS0r4/96QD2HrYQECAwEAAaOCAuEwggLdMB0GA1UdDgQWBBRHFQmUcuBtf6vI5ikCLF1uudlSezAfBgNVHSMEGDAWgBSqB1gVMhLVRX/DsU7Cy9JdkhJExjCCAQQGA1UdHwSB/DCB+TCB9qCB86CB8IaBt2xkYXA6Ly8vQ049RFBTSXNzdWVDQTAxLENOPUhEUVBSRElUU0lDQTAwMSxDTj1DRFAsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1UTEUsREM9RFBTP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludIY0aHR0cDovL2NybC5kcHMudGV4YXMuZ292L2NlcnRlbnJvbGwvRFBTSXNzdWVDQTAxLmNybDCB5QYIKwYBBQUHAQEEgdgwgdUwgacGCCsGAQUFBzAChoGabGRhcDovLy9DTj1EUFNJc3N1ZUNBMDEsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9VExFLERDPURQUz9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhvcml0eTApBggrBgEFBQcwAYYdaHR0cDovL2NybC5kcHMudGV4YXMuZ292L29jc3AwCwYDVR0PBAQDAgWgMDwGCSsGAQQBgjcVBwQvMC0GJSsGAQQBgjcVCKu3YYWw7zKHhZsih5egL4PJzHwhhI+/NoO2ljQCAWQCAQUwKQYDVR0lBCIwIAYIKwYBBQUHAwQGCisGAQQBgjcKAwQGCCsGAQUFBwMCMDUGCSsGAQQBgjcVCgQoMCYwCgYIKwYBBQUHAwQwDAYKKwYBBAGCNwoDBDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAgEApbhMNf/KZge1ZtpY9xpokh3Zuo3VbNnIi0A6V5PWE/UN8AXIvq6IsbjES+XLxecIkNmSBvZllSvEzZzSnDy/XFlqVGCYRWS8LDrm/1NAjyr4YXfRZyOTxE7W4RyyBsRpLRk2VsgCZ8wpO9kmG8vogp+6Bd0DQQayuTrJbAtlw0SBBgCd6pIWfG9LoCsvKKmNd6xi65clijxxWm82w14KqlUEcR/mgFoCJLJ1qpshHmqK5nc283nDmlnKB1jdOBHOZ3S6j5YpLlxxWHZhntwd01w/wKntwAZDHSagRCSvWz+gct47//chfjcCIzaUqTTY9Pw0VjDy+KDgOaVp2lAlHEWs5Ts3nT0AfTJDSDtDmOikyfAJlUIM08jfKUIIMOh1w/DC4SEFESl8vnmOimnqN2bFO5KmyulMD4XwWQBxuwmub1eR80Z3//hynXp6aCcUEaTswDmlws24Ecv9ILuSVohQC+WtJAB5bbRQTbbuYu+taabxGNl9Hyh9zTyNrbM3nG5GkaxtSYy2fNiVqzS88sXOShye3GEfgb0a/OFpC736wbMPV+I7HNbqGa9Zi+KdsJLA32cbnJO1g2yThdpT05uoikNNQrHuse0RtOZJdpLEnRejW96WQYHmxm/tlL64ZPskl5dnlUrbzTqQ9oyJqueDe1eP9jaId6NjAuKzLkQ=</wsse:BinarySecurityToken><wsu:Timestamp wsu:Id="TS-965db706-62a9-4503-8ce5-1e03059d5233"><wsu:Created>2017-11-03T13:17:36.886Z</wsu:Created><wsu:Expires>2017-11-03T13:22:36.886Z</wsu:Expires></wsu:Timestamp><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-8cc68916-e2f8-42d6-b1fd-7591d7d66284"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="soap"/></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#TS-965db706-62a9-4503-8ce5-1e03059d5233"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse soap"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>jCyyTSTT/fhP+KFW4k3zv1WTOHw=</ds:DigestValue></ds:Reference><ds:Reference URI="#_5f89bdcd-a9c5-4dfe-bd29-35e2a61ba27e"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="soap"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>J/jV6WUu2QgeJV6bMcDDJCyUGO8=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>e61E/Z1qCLUlGXWcTll3jBQYEmnkX61PDteYgltKXO88tU664sOOVYvWLqHe0UBj2JmvR3/GExPmpLn1LW5V6A6GtGZ2C6esawE+HuO27CGJ/f7+cbeD+rgT0a5yTLnP7rtBh8LZ23SIs2cKDG4mA0ERPQRsLt5uk44TKF+7NsvDYGgFGkC+BlSI8x2yd79680dBaQ9EKNCWjshptY/Bmuej1JhLFwLkcCd5po9OLyUgVUZ+0Qy+Gb2jV/i8oTnrRzRF2/EUL9iyUcQdlrnV9E9WR8w6OZ1IdEv18Y1c1LtfyyxA2rKO1uMyG/eY7+4lqPNREZ4dAHn6wvzX23Hvuw==</ds:SignatureValue><ds:KeyInfo Id="KI-83a121bd-fc04-4382-bd51-799bdd0cab16"><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STR-1f9d82cf-2829-4700-9ab2-8411a9ab44e1"><wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">y5plsGZ1ujCONeUMI+FuNgfF8LU=</wsse:KeyIdentifier></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature></wsse:Security></soap:Header><soap:Body><wst:RequestSecurityToken xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"><wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType><wsp:AppliesTo xmlns:wsp="http://www.w3.org/ns/ws-policy"><wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsa:Address>https://localhost:8443/mock-vls-ws/services/mockAuthenticationService</wsa:Address></wsa:EndpointReference></wsp:AppliesTo><wst:Lifetime xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsu:Created>2017-11-03T13:17:35.389Z</wsu:Created><wsu:Expires>2017-11-03T13:22:35.389Z</wsu:Expires></wst:Lifetime><wst:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</wst:TokenType><wst:KeySize>256</wst:KeySize><wst:Entropy><wst:BinarySecret Type="http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce">B/qWqscRUHLbwaB1QKpHEqpMNj3YVN8wwg00dx7GGFw=</wst:BinarySecret></wst:Entropy><wst:ComputedKeyAlgorithm>http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1</wst:ComputedKeyAlgorithm><wst:Renewing/></wst:RequestSecurityToken></soap:Body></soap:Envelope>
> --------------------------------------
> 2017-11-03 08:17:41.379 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleMessage on interceptor org.apache.cxf.ws.policy.PolicyInInterceptor@55b10b9d
> 2017-11-03 08:17:41.426 DEBUG  [org.apache.cxf.common.logging.LogUtils] Could not determine bean name for instance of class org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl.
> 2017-11-03 08:17:41.433 DEBUG  [org.apache.cxf.common.logging.LogUtils] Could not determine bean name for instance of class org.apache.cxf.ws.policy.PolicyBuilderImpl.
> 2017-11-03 08:17:41.439 DEBUG  [org.apache.cxf.common.logging.LogUtils] Could not determine bean name for instance of class org.apache.cxf.ws.policy.attachment.ServiceModelPolicyProvider.
> 2017-11-03 08:17:41.452 DEBUG  [org.apache.cxf.common.logging.LogUtils] Could not determine bean name for instance of class org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.
> 2017-11-03 08:17:41.459 DEBUG  [org.apache.cxf.common.logging.LogUtils] Could not determine bean name for instance of class org.apache.cxf.ws.policy.PolicyInterceptorProviderRegistryImpl.
> 2017-11-03 08:17:41.461 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleMessage on interceptor org.apache.cxf.interceptor.AttachmentInInterceptor@5ad76477
> 2017-11-03 08:17:41.484 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleMessage on interceptor org.apache.cxf.transport.https.CertConstraintsInterceptor@6ce6895d
> 2017-11-03 08:17:41.485 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleMessage on interceptor org.apache.cxf.interceptor.StaxInInterceptor@1f5700bc
> 2017-11-03 08:17:41.635 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Adding interceptor org.apache.cxf.interceptor.StaxInEndingInterceptor@73e1dac1 to phase pre-invoke
> 2017-11-03 08:17:41.636 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Chain org.apache.cxf.phase.PhaseInterceptorChain@477ce666 was modified. Current flow:
>  receive [LoggingInInterceptor, PolicyInInterceptor, AttachmentInInterceptor]
>  pre-stream [CertConstraintsInterceptor]
>  post-stream [StaxInInterceptor]
>  read [WSDLGetInterceptor, ReadHeadersInterceptor, SoapActionInInterceptor, StartBodyInterceptor, JavascriptGetInterceptor]
>  pre-protocol [MEXInInterceptor, MustUnderstandInterceptor]
>  post-protocol [CheckFaultInterceptor, JAXBAttachmentSchemaValidationHack]
>  unmarshal [DocLiteralInInterceptor, SoapHeaderInterceptor]
>  pre-logical [OneWayProcessorInterceptor]
>  post-logical [WrapperClassInInterceptor]
>  pre-invoke [StaxInEndingInterceptor, SwAInInterceptor, HolderInInterceptor]
>  invoke [ServiceInvokerInterceptor]
>  post-invoke [OutgoingChainInterceptor]
> 
> 2017-11-03 08:17:41.636 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleMessage on interceptor org.apache.cxf.frontend.WSDLGetInterceptor@6a36782f
> 2017-11-03 08:17:41.636 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleMessage on interceptor org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor@623e41c7
> 2017-11-03 08:17:41.687 DEBUG  [org.apache.cxf.common.logging.LogUtils] Could not determine bean name for instance of class org.apache.cxf.bus.managers.HeaderManagerImpl.
> 2017-11-03 08:17:41.700 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleMessage on interceptor org.apache.cxf.binding.soap.interceptor.SoapActionInInterceptor@4679e479
> 2017-11-03 08:17:41.703 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Adding interceptor org.apache.cxf.binding.soap.interceptor.SoapActionInInterceptor$SoapActionInAttemptTwoInterceptor@378dc13f to phase pre-logical
> 2017-11-03 08:17:41.704 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Chain org.apache.cxf.phase.PhaseInterceptorChain@477ce666 was modified. Current flow:
>  receive [LoggingInInterceptor, PolicyInInterceptor, AttachmentInInterceptor]
>  pre-stream [CertConstraintsInterceptor]
>  post-stream [StaxInInterceptor]
>  read [WSDLGetInterceptor, ReadHeadersInterceptor, SoapActionInInterceptor, StartBodyInterceptor, JavascriptGetInterceptor]
>  pre-protocol [MEXInInterceptor, MustUnderstandInterceptor]
>  post-protocol [CheckFaultInterceptor, JAXBAttachmentSchemaValidationHack]
>  unmarshal [DocLiteralInInterceptor, SoapHeaderInterceptor]
>  pre-logical [OneWayProcessorInterceptor, SoapActionInAttemptTwoInterceptor]
>  post-logical [WrapperClassInInterceptor]
>  pre-invoke [StaxInEndingInterceptor, SwAInInterceptor, HolderInInterceptor]
>  invoke [ServiceInvokerInterceptor]
>  post-invoke [OutgoingChainInterceptor]
> 
> 2017-11-03 08:17:41.705 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleMessage on interceptor org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor@6bed3bd5
> 2017-11-03 08:17:41.705 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleMessage on interceptor org.apache.cxf.javascript.JavascriptGetInterceptor@337134db
> 2017-11-03 08:17:41.706 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleMessage on interceptor org.apache.cxf.ws.mex.MEXInInterceptor@5fb7ae4a
> 2017-11-03 08:17:41.706 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleMessage on interceptor org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor@23d1791f
> 2017-11-03 08:17:41.712 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Adding interceptor org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$UltimateReceiverMustUnderstandInterceptor@59039a16 to phase invoke
> 2017-11-03 08:17:41.712 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Chain org.apache.cxf.phase.PhaseInterceptorChain@477ce666 was modified. Current flow:
>  receive [LoggingInInterceptor, PolicyInInterceptor, AttachmentInInterceptor]
>  pre-stream [CertConstraintsInterceptor]
>  post-stream [StaxInInterceptor]
>  read [WSDLGetInterceptor, ReadHeadersInterceptor, SoapActionInInterceptor, StartBodyInterceptor, JavascriptGetInterceptor]
>  pre-protocol [MEXInInterceptor, MustUnderstandInterceptor]
>  post-protocol [CheckFaultInterceptor, JAXBAttachmentSchemaValidationHack]
>  unmarshal [DocLiteralInInterceptor, SoapHeaderInterceptor]
>  pre-logical [OneWayProcessorInterceptor, SoapActionInAttemptTwoInterceptor]
>  post-logical [WrapperClassInInterceptor]
>  pre-invoke [StaxInEndingInterceptor, SwAInInterceptor, HolderInInterceptor]
>  invoke [ServiceInvokerInterceptor, UltimateReceiverMustUnderstandInterceptor]
>  post-invoke [OutgoingChainInterceptor]
> 
> 2017-11-03 08:17:41.713 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Adding interceptor org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$MustUnderstandEndingInterceptor@57c5b6a6 to phase pre-logical
> 2017-11-03 08:17:41.713 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Chain org.apache.cxf.phase.PhaseInterceptorChain@477ce666 was modified. Current flow:
>  receive [LoggingInInterceptor, PolicyInInterceptor, AttachmentInInterceptor]
>  pre-stream [CertConstraintsInterceptor]
>  post-stream [StaxInInterceptor]
>  read [WSDLGetInterceptor, ReadHeadersInterceptor, SoapActionInInterceptor, StartBodyInterceptor, JavascriptGetInterceptor]
>  pre-protocol [MEXInInterceptor, MustUnderstandInterceptor]
>  post-protocol [CheckFaultInterceptor, JAXBAttachmentSchemaValidationHack]
>  unmarshal [DocLiteralInInterceptor, SoapHeaderInterceptor]
>  pre-logical [OneWayProcessorInterceptor, SoapActionInAttemptTwoInterceptor, MustUnderstandEndingInterceptor]
>  post-logical [WrapperClassInInterceptor]
>  pre-invoke [StaxInEndingInterceptor, SwAInInterceptor, HolderInInterceptor]
>  invoke [ServiceInvokerInterceptor, UltimateReceiverMustUnderstandInterceptor]
>  post-invoke [OutgoingChainInterceptor]
> 
> 2017-11-03 08:17:41.714 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleMessage on interceptor org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor@3959876d
> 2017-11-03 08:17:41.714 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleMessage on interceptor org.apache.cxf.jaxb.attachment.JAXBAttachmentSchemaValidationHack@31c082f3
> 2017-11-03 08:17:41.714 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleMessage on interceptor org.apache.cxf.wsdl.interceptors.DocLiteralInInterceptor@24ded702
> 2017-11-03 08:17:41.730 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleFault on interceptor org.apache.cxf.wsdl.interceptors.DocLiteralInInterceptor@24ded702
> 2017-11-03 08:17:41.731 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleFault on interceptor org.apache.cxf.jaxb.attachment.JAXBAttachmentSchemaValidationHack@31c082f3
> 2017-11-03 08:17:41.731 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleFault on interceptor org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor@3959876d
> 2017-11-03 08:17:41.731 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleFault on interceptor org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor@23d1791f
> 2017-11-03 08:17:41.732 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleFault on interceptor org.apache.cxf.ws.mex.MEXInInterceptor@5fb7ae4a
> 2017-11-03 08:17:41.732 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleFault on interceptor org.apache.cxf.javascript.JavascriptGetInterceptor@337134db
> 2017-11-03 08:17:41.733 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleFault on interceptor org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor@6bed3bd5
> 2017-11-03 08:17:41.733 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleFault on interceptor org.apache.cxf.binding.soap.interceptor.SoapActionInInterceptor@4679e479
> 2017-11-03 08:17:41.733 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleFault on interceptor org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor@623e41c7
> 2017-11-03 08:17:41.733 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleFault on interceptor org.apache.cxf.frontend.WSDLGetInterceptor@6a36782f
> 2017-11-03 08:17:41.734 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleFault on interceptor org.apache.cxf.interceptor.StaxInInterceptor@1f5700bc
> 2017-11-03 08:17:41.734 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleFault on interceptor org.apache.cxf.transport.https.CertConstraintsInterceptor@6ce6895d
> 2017-11-03 08:17:41.734 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleFault on interceptor org.apache.cxf.interceptor.AttachmentInInterceptor@5ad76477
> 2017-11-03 08:17:41.734 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleFault on interceptor org.apache.cxf.ws.policy.PolicyInInterceptor@55b10b9d
> 2017-11-03 08:17:41.735 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleFault on interceptor org.apache.cxf.interceptor.LoggingInInterceptor@74843c6e
> 2017-11-03 08:17:41.739 WARN   [org.apache.cxf.common.logging.LogUtils] Interceptor for {http://aamva.org/authentication/3.1.0}AuthenticationService has thrown exception, unwinding now
> org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers: [{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] are not understood.
>     at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor.handleFault(MustUnderstandInterceptor.java:107) ~[cxf-rt-bindings-soap-3.1.12.jar:3.1.12]
>     at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor.handleFault(MustUnderstandInterceptor.java:49) ~[cxf-rt-bindings-soap-3.1.12.jar:3.1.12]
>     at org.apache.cxf.phase.PhaseInterceptorChain.unwind(PhaseInterceptorChain.java:491) [cxf-core-3.1.12.jar:3.1.12]
>     at org.apache.cxf.phase.PhaseInterceptorChain.wrapExceptionAsFault(PhaseInterceptorChain.java:342) [cxf-core-3.1.12.jar:3.1.12]
>     at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:324) [cxf-core-3.1.12.jar:3.1.12]
>     at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) [cxf-core-3.1.12.jar:3.1.12]
>     at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:263) [cxf-rt-transports-http-3.1.12.jar:3.1.12]
>     at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234) [cxf-rt-transports-http-3.1.12.jar:3.1.12]
>     at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208) [cxf-rt-transports-http-3.1.12.jar:3.1.12]
>     at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160) [cxf-rt-transports-http-3.1.12.jar:3.1.12]
>     at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:189) [cxf-rt-transports-http-3.1.12.jar:3.1.12]
>     at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:299) [cxf-rt-transports-http-3.1.12.jar:3.1.12]
>     at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:218) [cxf-rt-transports-http-3.1.12.jar:3.1.12]
>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:644) [servlet-api.jar:?]
>     at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:274) [cxf-rt-transports-http-3.1.12.jar:3.1.12]
>     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291) [catalina.jar:8.0.18]
>     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
>     at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) [tomcat-websocket.jar:8.0.18]
>     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
>     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
>     at org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71) [log4j-web-2.8.jar:2.8]
>     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
>     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
>     at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) [catalina.jar:8.0.18]
>     at org.apache.catalina.core.StandardContextValve.__invoke(StandardContextValve.java:106) [catalina.jar:8.0.18]
>     at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java) [catalina.jar:8.0.18]
>     at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) [catalina.jar:8.0.18]
>     at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142) [catalina.jar:8.0.18]
>     at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [catalina.jar:8.0.18]
>     at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:610) [catalina.jar:8.0.18]
>     at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) [catalina.jar:8.0.18]
>     at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:516) [catalina.jar:8.0.18]
>     at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1086) [tomcat-coyote.jar:8.0.18]
>     at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:659) [tomcat-coyote.jar:8.0.18]
>     at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:223) [tomcat-coyote.jar:8.0.18]
>     at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1558) [tomcat-coyote.jar:8.0.18]
>     at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1515) [tomcat-coyote.jar:8.0.18]
>     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [?:1.8.0_40]
>     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [?:1.8.0_40]
>     at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:8.0.18]
>     at java.lang.Thread.run(Thread.java:745) [?:1.8.0_40]
> 2017-11-03 08:17:41.762 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Adding interceptor org.apache.cxf.interceptor.LoggingOutInterceptor@230a5d8a to phase pre-stream
> 2017-11-03 08:17:41.763 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Adding interceptor org.apache.cxf.ws.policy.ServerPolicyOutFaultInterceptor@4009adf5 to phase setup
> 2017-11-03 08:17:41.763 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Adding interceptor org.apache.cxf.interceptor.LoggingOutInterceptor@1b864145 to phase pre-stream
> 2017-11-03 08:17:41.764 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Adding interceptor org.apache.cxf.jaxws.interceptors.WebFaultOutInterceptor@5f1819c0 to phase pre-protocol
> 2017-11-03 08:17:41.764 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Adding interceptor org.apache.cxf.interceptor.MessageSenderInterceptor@2e8ff9a4 to phase prepare-send
> 2017-11-03 08:17:41.765 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Adding interceptor org.apache.cxf.interceptor.StaxOutInterceptor@23e49f85 to phase pre-stream
> 2017-11-03 08:17:41.765 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Adding interceptor org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor@ac17ed5 to phase write
> 2017-11-03 08:17:41.765 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Adding interceptor org.apache.cxf.interceptor.AttachmentOutInterceptor@1588a054 to phase pre-stream
> 2017-11-03 08:17:41.766 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Adding interceptor org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor@449b3998 to phase write
> 2017-11-03 08:17:41.766 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Adding interceptor org.apache.cxf.binding.soap.interceptor.SoapHeaderOutFilterInterceptor@43849e39 to phase pre-logical
> 2017-11-03 08:17:41.767 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Adding interceptor org.apache.cxf.binding.soap.interceptor.Soap12FaultOutInterceptor@4232774a to phase prepare-send
> 2017-11-03 08:17:41.767 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Chain org.apache.cxf.phase.PhaseInterceptorChain@12e8e558 was created. Current flow:
>  setup [ServerPolicyOutFaultInterceptor]
>  pre-logical [SoapHeaderOutFilterInterceptor]
>  prepare-send [MessageSenderInterceptor, Soap12FaultOutInterceptor]
>  pre-stream [LoggingOutInterceptor, AttachmentOutInterceptor, StaxOutInterceptor]
>  pre-protocol [WebFaultOutInterceptor]
>  write [SoapOutInterceptor]
> 
> 2017-11-03 08:17:41.768 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleMessage on interceptor org.apache.cxf.ws.policy.ServerPolicyOutFaultInterceptor@4009adf5
> 2017-11-03 08:17:41.769 DEBUG  [org.apache.cxf.ws.policy.ServerPolicyOutFaultInterceptor] No binding operation info.
> 2017-11-03 08:17:41.770 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleMessage on interceptor org.apache.cxf.binding.soap.interceptor.SoapHeaderOutFilterInterceptor@43849e39
> 2017-11-03 08:17:41.770 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleMessage on interceptor org.apache.cxf.interceptor.MessageSenderInterceptor@2e8ff9a4
> 2017-11-03 08:17:41.784 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Adding interceptor org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor@5891e97c to phase prepare-send-ending
> 2017-11-03 08:17:41.784 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Chain org.apache.cxf.phase.PhaseInterceptorChain@12e8e558 was modified. Current flow:
>  setup [ServerPolicyOutFaultInterceptor]
>  pre-logical [SoapHeaderOutFilterInterceptor]
>  prepare-send [MessageSenderInterceptor, Soap12FaultOutInterceptor]
>  pre-stream [LoggingOutInterceptor, AttachmentOutInterceptor, StaxOutInterceptor]
>  pre-protocol [WebFaultOutInterceptor]
>  write [SoapOutInterceptor]
>  prepare-send-ending [MessageSenderEndingInterceptor]
> 
> 2017-11-03 08:17:41.785 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleMessage on interceptor org.apache.cxf.binding.soap.interceptor.Soap12FaultOutInterceptor@4232774a
> 2017-11-03 08:17:41.789 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Adding interceptor org.apache.cxf.binding.soap.interceptor.Soap12FaultOutInterceptor$Soap12FaultOutInterceptorInternal@e286796 to phase marshal
> 2017-11-03 08:17:41.790 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Chain org.apache.cxf.phase.PhaseInterceptorChain@12e8e558 was modified. Current flow:
>  setup [ServerPolicyOutFaultInterceptor]
>  pre-logical [SoapHeaderOutFilterInterceptor]
>  prepare-send [MessageSenderInterceptor, Soap12FaultOutInterceptor]
>  pre-stream [LoggingOutInterceptor, AttachmentOutInterceptor, StaxOutInterceptor]
>  pre-protocol [WebFaultOutInterceptor]
>  write [SoapOutInterceptor]
>  marshal [Soap12FaultOutInterceptorInternal]
>  prepare-send-ending [MessageSenderEndingInterceptor]
> 
> 2017-11-03 08:17:41.790 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleMessage on interceptor org.apache.cxf.interceptor.LoggingOutInterceptor@230a5d8a
> 2017-11-03 08:17:41.798 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleMessage on interceptor org.apache.cxf.interceptor.AttachmentOutInterceptor@1588a054
> 2017-11-03 08:17:41.806 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Adding interceptor org.apache.cxf.interceptor.AttachmentOutInterceptor$AttachmentOutEndingInterceptor@131f6cbf to phase pre-stream-ending
> 2017-11-03 08:17:41.807 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Chain org.apache.cxf.phase.PhaseInterceptorChain@12e8e558 was modified. Current flow:
>  setup [ServerPolicyOutFaultInterceptor]
>  pre-logical [SoapHeaderOutFilterInterceptor]
>  prepare-send [MessageSenderInterceptor, Soap12FaultOutInterceptor]
>  pre-stream [LoggingOutInterceptor, AttachmentOutInterceptor, StaxOutInterceptor]
>  pre-protocol [WebFaultOutInterceptor]
>  write [SoapOutInterceptor]
>  marshal [Soap12FaultOutInterceptorInternal]
>  pre-stream-ending [AttachmentOutEndingInterceptor]
>  prepare-send-ending [MessageSenderEndingInterceptor]
> 
> 2017-11-03 08:17:41.808 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleMessage on interceptor org.apache.cxf.interceptor.StaxOutInterceptor@23e49f85
> 2017-11-03 08:17:41.849 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Adding interceptor org.apache.cxf.interceptor.StaxOutEndingInterceptor@49353d7b to phase pre-stream-ending
> 2017-11-03 08:17:41.849 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Chain org.apache.cxf.phase.PhaseInterceptorChain@12e8e558 was modified. Current flow:
>  setup [ServerPolicyOutFaultInterceptor]
>  pre-logical [SoapHeaderOutFilterInterceptor]
>  prepare-send [MessageSenderInterceptor, Soap12FaultOutInterceptor]
>  pre-stream [LoggingOutInterceptor, AttachmentOutInterceptor, StaxOutInterceptor]
>  pre-protocol [WebFaultOutInterceptor]
>  write [SoapOutInterceptor]
>  marshal [Soap12FaultOutInterceptorInternal]
>  pre-stream-ending [AttachmentOutEndingInterceptor, StaxOutEndingInterceptor]
>  prepare-send-ending [MessageSenderEndingInterceptor]
> 
> 2017-11-03 08:17:41.849 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleMessage on interceptor org.apache.cxf.jaxws.interceptors.WebFaultOutInterceptor@5f1819c0
> 2017-11-03 08:17:41.850 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleMessage on interceptor org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor@ac17ed5
> 2017-11-03 08:17:41.855 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Adding interceptor org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor$SoapOutEndingInterceptor@6be61ce3 to phase write-ending
> 2017-11-03 08:17:41.858 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Chain org.apache.cxf.phase.PhaseInterceptorChain@12e8e558 was modified. Current flow:
>  setup [ServerPolicyOutFaultInterceptor]
>  pre-logical [SoapHeaderOutFilterInterceptor]
>  prepare-send [MessageSenderInterceptor, Soap12FaultOutInterceptor]
>  pre-stream [LoggingOutInterceptor, AttachmentOutInterceptor, StaxOutInterceptor]
>  pre-protocol [WebFaultOutInterceptor]
>  write [SoapOutInterceptor]
>  marshal [Soap12FaultOutInterceptorInternal]
>  write-ending [SoapOutEndingInterceptor]
>  pre-stream-ending [AttachmentOutEndingInterceptor, StaxOutEndingInterceptor]
>  prepare-send-ending [MessageSenderEndingInterceptor]
> 
> 2017-11-03 08:17:41.859 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleMessage on interceptor org.apache.cxf.binding.soap.interceptor.Soap12FaultOutInterceptor$Soap12FaultOutInterceptorInternal@e286796
> 2017-11-03 08:17:41.859 INFO   [org.apache.cxf.binding.soap.interceptor.Soap12FaultOutInterceptor$Soap12FaultOutInterceptorInternal] class org.apache.cxf.binding.soap.interceptor.Soap12FaultOutInterceptor$Soap12FaultOutInterceptorInternalmultipart/related; type="application/xop+xml"; boundary="uuid:961564f5-6667-4912-908f-52a80252797f"; start="<root.message@cxf.apache.org>"; start-info="application/soap+xml"
> 2017-11-03 08:17:41.860 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleMessage on interceptor org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor$SoapOutEndingInterceptor@6be61ce3
> 2017-11-03 08:17:41.860 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleMessage on interceptor org.apache.cxf.interceptor.AttachmentOutInterceptor$AttachmentOutEndingInterceptor@131f6cbf
> 2017-11-03 08:17:41.861 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleMessage on interceptor org.apache.cxf.interceptor.StaxOutEndingInterceptor@49353d7b
> 2017-11-03 08:17:41.861 DEBUG  [org.apache.cxf.phase.PhaseInterceptorChain] Invoking handleMessage on interceptor org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor@5891e97c
> 2017-11-03 08:17:41.861 INFO   [org.apache.cxf.interceptor.AbstractLoggingInterceptor] Outbound Message
> ---------------------------
> ID: 1
> Response-Code: 500
> Encoding: UTF-8
> Content-Type: multipart/related; type="application/xop+xml"; boundary="uuid:961564f5-6667-4912-908f-52a80252797f"; start="<root.message@cxf.apache.org>"; start-info="application/soap+xml"
> Headers: {}
> Payload: --uuid:961564f5-6667-4912-908f-52a80252797f
> Content-Type: application/xop+xml; charset=UTF-8; type="application/soap+xml"
> Content-Transfer-Encoding: binary
> Content-ID: <root.message@cxf.apache.org>
> 
> <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"><soap:Body><soap:Fault><soap:Code><soap:Value>soap:MustUnderstand</soap:Value></soap:Code><soap:Reason><soap:Text xml:lang="en">MustUnderstand headers: [{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] are not understood.</soap:Text></soap:Reason></soap:Fault></soap:Body></soap:Envelope>
> --uuid:961564f5-6667-4912-908f-52a80252797f--
> --------------------------------------
> 2017-11-03 08:17:41.870 DEBUG  [org.apache.cxf.transport.http.AbstractHTTPDestination] Finished servicing http request on thread: Thread[http-nio-8443-exec-7,5,main]
> 2017-11-03 08:17:41.870 DEBUG  [org.apache.cxf.transport.servlet.ServletController] Finished servicing http request on thread: Thread[http-nio-8443-exec-7,5,main]
> 
> 
> From: Colm O hEigeartaigh [mailto:coheigea@apache.org]
> Sent: Friday, November 03, 2017 8:30 AM
> To: Morein, Arnie
> Cc: users@cxf.apache.org
> Subject: Re: Help with configuring web service to match security from WSDL
> 
> CAUTION: This email was received from an EXTERNAL source, use caution when clicking links or opening attachments
> If you believe this to be a malicious and/or phishing email, please send this email as an attachment to SPAM@dps.texas.gov<mailto:SPAM@dps.texas.gov>.
> 
> 
> All I can suggest is add the CXF logging interceptors and enable debug logging. Then see what the "inbound" message is (and whether it is on the client or service side) that is causing the problem.
> Colm.
> 
> On Fri, Nov 3, 2017 at 1:26 PM, Morein, Arnie <Arnold.Morein@dps.texas.gov<mailto:Arnold.Morein@dps.texas.gov>> wrote:
> What about a SOAP handler? Or is something else missing or mis-configured?
> 
> -----Original Message-----
> From: Morein, Arnie
> Sent: Friday, November 03, 2017 8:13 AM
> To: users@cxf.apache.org<mailto:users@cxf.apache.org>; 'coheigea@apache.org<mailto:coheigea@apache.org>'
> Subject: RE: Help with configuring web service to match security from WSDL
> 
> No.
> 
> -----Original Message-----
> From: Colm O hEigeartaigh [mailto:coheigea@apache.org<mailto:coheigea@apache.org>]
> Sent: Friday, November 03, 2017 8:12 AM
> To: Morein, Arnie
> Cc: users@cxf.apache.org<mailto:users@cxf.apache.org>
> Subject: Re: Help with configuring web service to match security from WSDL
> 
> Do you have a test-case I can take a look at?
> 
> Colm.
> 
> On Fri, Nov 3, 2017 at 1:07 PM, Morein, Arnie <Arnold.Morein@dps.texas.gov<mailto:Arnold.Morein@dps.texas.gov>>
> wrote:
> 
>> Yes, In fact most of the CXF package is imported via Maven.
>> 
>> -----Original Message-----
>> From: Colm O hEigeartaigh [mailto:coheigea@apache.org<mailto:coheigea@apache.org>]
>> Sent: Friday, November 03, 2017 8:03 AM
>> To: Morein, Arnie
>> Cc: users@cxf.apache.org<mailto:users@cxf.apache.org>
>> Subject: Re: Help with configuring web service to match security from
>> WSDL
>> 
>> Have you got the cxf-rt-ws-policy on the classpath?
>> 
>> Colm.
>> 
>> On Fri, Nov 3, 2017 at 12:53 PM, Morein, Arnie <
>> Arnold.Morein@dps.texas.gov<mailto:Arnold.Morein@dps.texas.gov>>
>> wrote:
>> 
>>> That's what I was afraid of. I removed the registration of the
>>> intercepters and now am getting:
>>> 
>>> org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers: [{
>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-
>>> wssecurity-secext-1.0.xsd}Security] are not understood.
>>> 
>>> Both without and with the following properties added to the end point:
>>> 
>>>        <jaxws:properties>
>>>            <entry key="security.callback-handler.sct"
>>>                value="gov.uscis.uscis.xsd.esb.authentication.
>>> AuthenticationServicePasswordCallback" />
>>>            <entry key="security.signature.properties.sct"
>>> value="cxf/crypto.properties" />
>>>            <entry key="security.encryption.username.sct"
>>> value="dls-vls-mock-service-client-key" />
>>>        </jaxws:properties>
>>> 
>>> I must say, the documentation is very vague in places. I'm assuming
>>> that "username" is the JKS alias of the key used to sign/etc. the
>> messages.
>>> 
>>> So what I have I left out now?
>>> 
>>> What's more confusing is that the WAR containing the mock service is
>>> running in the same VM on my machine as the client. I deploy the
>>> service first (no errors) and then the client, then it attempts to
>>> connect. The logging doesn't clearly indicate if the exception is
>>> coming from the client or the server. Could that be the case?
>>> 
>>> 
>>> -----Original Message-----
>>> From: Colm O hEigeartaigh [mailto:coheigea@apache.org<mailto:coheigea@apache.org>]
>>> Sent: Friday, November 03, 2017 3:17 AM
>>> To: users@cxf.apache.org<mailto:users@cxf.apache.org>
>>> Subject: Re: Help with configuring web service to match security
>>> from WSDL
>>> 
>>> Hi,
>>> 
>>> You are mixing up the two different ways of configuring WS-Security
>>> in
>> CXF.
>>> When there is a security policy available, then you don't manually
>>> configure the WSS4JInInterceptor or WSS4JOutInterceptors. They are
>>> used when there is no security policy and you have to manually tell
>>> CXF what WS-Security actions to perform. Instead the configuration
>>> is a lot simpler for the policy case.
>>> 
>>> I'd suggest you look at the example test-case for
>>> WS-SecureConversation in the CXF source:
>>> 
>>> https://github.com/apache/cxf/blob/master/systests/ws-
>>> security-examples/src/test/java/org/apache/cxf/systest/
>>> wssec/examples/secconv/SecureConversationTest.java
>>> 
>>> In particular, the service configuration is here:
>>> 
>>> https://github.com/apache/cxf/blob/master/systests/ws-
>>> security-examples/src/test/resources/org/apache/cxf/
>>> systest/wssec/examples/secconv/server.xml
>>> 
>>> Colm.
>>> 
>>> On Fri, Nov 3, 2017 at 2:43 AM, Morein, Arnie
>>> <Arnold.Morein@dps.texas.gov<mailto:Arnold.Morein@dps.texas.gov>
>>>> 
>>> wrote:
>>> 
>>>> I have created a mock service based on a WSDL from a vendor that
>>>> is already in use.
>>>> 
>>>> One of the calls requires that the message be
>>>> timestamped/signed/encrypted before transmission.
>>>> 
>>>> The real service provider issued an X.509 certificate for our use.
>>>> I have had our internal folks issue one like it with the same extensions.
>>>> 
>>>> Everything is in place, but when the client app hits my mock
>>>> service, it gets an error that is neither clear or helpful:
>>>> 
>>>> 
>>>> org.apache.cxf.binding.soap.SoapFault: A security error was
>>>> encountered when verifying the message ...
>>>> Caused by: org.apache.wss4j.common.ext.WSSecurityException: An
>>>> error was discovered processing the <wsse:Security> header
>>>> 
>>>> Digging into the CXF trace log, I barely managed to find these:
>>>> 
>>>> 2017-11-02 19:49:52.018 DEBUG
>>>> [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor]
>>>> WSS4JInInterceptor: enter handleMessage()
>>>> 2017-11-02 19:49:54.037 WARN   [org.apache.cxf.ws.security.
>>> wss4j.WSS4JInInterceptor]
>>>> Security processing failed (actions mismatch)
>>>> 
>>>> The messages are being generated by CXF (wsdl2java situation).
>>>> 
>>>> The WSDL policy section is thus:
>>>> 
>>>>    <wsp:Policy wsu:Id="wsHttpEndPoint_policy">
>>>>        <wsp:ExactlyOne>
>>>>            <wsp:All>
>>>>                <sp:TransportBinding
>>>> 
>>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/
>>>> securitypolicy"
>>>>> 
>>>>                    <wsp:Policy>
>>>>                        <sp:TransportToken>
>>>>                            <wsp:Policy>
>>>>                                <sp:HttpsToken
>>>>                                    RequireClientCertificate="false"
>> />
>>>>                            </wsp:Policy>
>>>>                        </sp:TransportToken>
>>>>                        <sp:AlgorithmSuite>
>>>>                            <wsp:Policy>
>>>>                                <sp:Basic256 />
>>>>                            </wsp:Policy>
>>>>                        </sp:AlgorithmSuite>
>>>>                        <sp:Layout>
>>>>                            <wsp:Policy>
>>>>                                <sp:Strict />
>>>>                            </wsp:Policy>
>>>>                        </sp:Layout>
>>>>                        <sp:IncludeTimestamp />
>>>>                    </wsp:Policy>
>>>>                </sp:TransportBinding>
>>>>                <sp:EndorsingSupportingTokens
>>>> 
>>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/
>>>> securitypolicy"
>>>>> 
>>>>                    <wsp:Policy>
>>>>                        <sp:SecureConversationToken
>>>>                            sp:IncludeToken="http://
>>>> schemas.xmlsoap.org/ws/2005/07/securitypolicy/<http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/>
>>>> IncludeToken/AlwaysToRecipient"
>>>>> 
>>>>                            <wsp:Policy>
>>>>                                <sp:BootstrapPolicy>
>>>>                                    <wsp:Policy>
>>>>                                        <sp:SignedParts>
>>>>                                            <sp:Body />
>>>>                                            <sp:Header
>>>>                                                Name="To"
>>>>                                                Namespace="
>>>> http://www.w3.org/2005/08/addressing" />
>>>>                                            <sp:Header
>>>>                                                Name="From"
>>>>                                                Namespace="
>>>> http://www.w3.org/2005/08/addressing" />
>>>>                                            <sp:Header
>>>>                                                Name="FaultTo"
>>>>                                                Namespace="
>>>> http://www.w3.org/2005/08/addressing" />
>>>>                                            <sp:Header
>>>>                                                Name="ReplyTo"
>>>>                                                Namespace="
>>>> http://www.w3.org/2005/08/addressing" />
>>>>                                            <sp:Header
>>>>                                                Name="MessageID"
>>>>                                                Namespace="
>>>> http://www.w3.org/2005/08/addressing" />
>>>>                                            <sp:Header
>>>>                                                Name="RelatesTo"
>>>>                                                Namespace="
>>>> http://www.w3.org/2005/08/addressing" />
>>>>                                            <sp:Header
>>>>                                                Name="Action"
>>>>                                                Namespace="
>>>> http://www.w3.org/2005/08/addressing" />
>>>>                                        </sp:SignedParts>
>>>>                                        <sp:EncryptedParts>
>>>>                                            <sp:Body />
>>>>                                        </sp:EncryptedParts>
>>>>                                        <sp:TransportBinding>
>>>>                                            <wsp:Policy>
>>>>                                                <sp:TransportToken>
>>>>                                                    <wsp:Policy>
>>>> 
>>>> <sp:HttpsToken
>>>> 
>>>> RequireClientCertificate="false" />
>>>>                                                    </wsp:Policy>
>>>>                                                </sp:TransportToken>
>>>>                                                <sp:AlgorithmSuite>
>>>>                                                    <wsp:Policy>
>>>>                                                        <sp:Basic256 />
>>>>                                                    </wsp:Policy>
>>>>                                                </sp:AlgorithmSuite>
>>>>                                                <sp:Layout>
>>>>                                                    <wsp:Policy>
>>>>                                                        <sp:Strict />
>>>>                                                    </wsp:Policy>
>>>>                                                </sp:Layout>
>>>>                                                <sp:IncludeTimestamp />
>>>>                                            </wsp:Policy>
>>>>                                        </sp:TransportBinding>
>>>>                                        <sp:EndorsingSupportingTokens>
>>>>                                            <wsp:Policy>
>>>>                                                <sp:X509Token
>>>>                                                    sp:IncludeToken="
>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/
>>>> IncludeToken/AlwaysToRecipient"
>>>>> 
>>>>                                                    <wsp:Policy>
>>>> 
>>>> <sp:RequireThumbprintReference />
>>>> 
>>>> <sp:WssX509V3Token10 />
>>>>                                                    </wsp:Policy>
>>>>                                                </sp:X509Token>
>>>>                                                <sp:SignedParts>
>>>>                                                    <sp:Header
>>>>                                                        Name="To"
>>>>                                                        Namespace="
>>>> http://www.w3.org/2005/08/addressing" />
>>>>                                                </sp:SignedParts>
>>>>                                            </wsp:Policy>
>>>>                                        </sp:
>> EndorsingSupportingTokens>
>>>>                                        <sp:Wss11>
>>>>                                            <wsp:Policy>
>>>> 
>>>> <sp:MustSupportRefThumbprint />
>>>>                                            </wsp:Policy>
>>>>                                        </sp:Wss11>
>>>>                                        <sp:Trust10>
>>>>                                            <wsp:Policy>
>>>> 
>>>> <sp:MustSupportIssuedTokens />
>>>> 
>>>> <sp:RequireClientEntropy
>>> />
>>>> 
>>>> <sp:RequireServerEntropy
>>> />
>>>>                                            </wsp:Policy>
>>>>                                        </sp:Trust10>
>>>>                                    </wsp:Policy>
>>>>                                </sp:BootstrapPolicy>
>>>>                            </wsp:Policy>
>>>>                        </sp:SecureConversationToken>
>>>>                    </wsp:Policy>
>>>>                </sp:EndorsingSupportingTokens>
>>>>                <sp:Wss11
>>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/
>>>> securitypolicy">
>>>>                    <wsp:Policy />
>>>>                </sp:Wss11>
>>>>                <sp:Trust10
>>>> 
>>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/
>>>> securitypolicy"
>>>>> 
>>>>                    <wsp:Policy>
>>>>                        <sp:MustSupportIssuedTokens />
>>>>                        <sp:RequireClientEntropy />
>>>>                        <sp:RequireServerEntropy />
>>>>                    </wsp:Policy>
>>>>                </sp:Trust10>
>>>>                <wsaw:UsingAddressing />
>>>>            </wsp:All>
>>>>        </wsp:ExactlyOne>
>>>>    </wsp:Policy>
>>>> 
>>>> and a message being sent to my mock service looks like:
>>>> 
>>>> ID: 1
>>>> Address: https://localhost:8443/mock-vls-ws/services/
>>>> mockAuthenticationService
>>>> Encoding: UTF-8
>>>> Http-Method: POST
>>>> Content-Type: application/soap+xml; action="http://schemas.
>>>> xmlsoap.org/ws/2005/02/trust/RST/SCT<http://xmlsoap.org/ws/2005/02/trust/RST/SCT>"; charset=UTF-8
>>>> Headers: {Accept=[*/*], cache-control=[no-cache],
>>>> connection=[keep-alive], content-type=[application/soap+xml; action="
>>> http://schemas.
>>>> xmlsoap.org/ws/2005/02/trust/RST/SCT<http://xmlsoap.org/ws/2005/02/trust/RST/SCT>"; charset=UTF-8],
>>>> host=[localhost:8443], pragma=[no-cache],
>>>> transfer-encoding=[chunked], user-agent=[Apache-CXF/3.1.10]}
>>>> Payload:
>>>> <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
>>>>    <soap:Header>
>>>>        <Action xmlns="http://www.w3.org/2005/08/addressing">
>>>> http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</Action>
>>>>        <MessageID xmlns="http://www.w3.org/2005/08/addressing
>>> ">urn:uuid:
>>>> d4a37685-340a-41e3-9ad5-33d21601b2b2</MessageID>
>>>>        <To xmlns="http://www.w3.org/2005/08/addressing"
>>>> 
>>>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-
>>>> 200401-wss-wssecurity-utility-1.0.xsd"
>>>>            wsu:Id="_7f09a81a-706a-4d03-932e-c402c7af8d16"
>>>>> https://localhost:8443/mock-vls-ws/services/
>>>> mockAuthenticationService</To>
>>>>        <ReplyTo xmlns="http://www.w3.org/2005/08/addressing">
>>>> 
>>>> <Address>http://www.w3.org/2005/08/addressing/anonymous</
>>>> Address>
>>>>        </ReplyTo>
>>>>        <wsse:Security
>>>> 
>>>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-
>>>> 200401-wss-wssecurity-secext-1.0.xsd"
>>>> 
>>>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-
>>>> 200401-wss-wssecurity-utility-1.0.xsd"
>>>>            soap:mustUnderstand="true"
>>>>> 
>>>>            <wsse:BinarySecurityToken
>>>> 
>>>> EncodingType="http://docs.oasis-open.org/wss/2004/01/
>>>> oasis-200401-wss-soap-message-security-1.0#Base64Binary"
>>>> 
>>>> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-
>>>> 200401-wss-x509-token-profile-1.0#X509v3"
>>>>                wsu:Id="X509-fbd22553-2805-4f67-af0c-cd552b6c4ea1"
>>>> 
>>>>> MIIHPzCCBSegAwIBAgITRAAAc2IaBbGCTk7sGwAAAABzYjANBgkqhkiG9w0B
>>>> AQsFADBBMRMwEQYKCZImiZPyLGQBGRYDRFBTMRMwEQYKCZImiZPyLGQBGRYD
>>>> VExFMRUwEwYDVQQDEwxEUFNJc3N1ZUNBMDEwHhcNMTcxMTAxMTczMTUzWhcN
>>>> MjAxMDMxMTczMTUzWjCBjTELMAkGA1UEBhMCVVMxDjAMBgNVBAgTBVRleGFz
>>>> MQ8wDQYDVQQHEwZBdXN0aW4xKjAoBgNVBAoTIVRleGFzIERlcGFydG1lbnQg
>>>> b2YgUHVibGljIFNhZmV0eTELMAkGA1UECxMCSVQxJDAiBgNVBAMMG2Rwcy5k
>>>> ZXZlbG9wZXJAZHBzLnRleGFzLmdvdjCCASIwDQYJKoZIhvcNAQEBBQADggEP
>>>> ADCCAQoCggEBAIPrRFbLW92EYqeCr/jrEkFaHLP4Zm8lMnpNV1aJtEPuZno3GdBtRN
>>>> ad
>>>> TH
>>>> pg+ x6dKQemTgrpZJIzBCsm6iCWliB2PWqdFbQKt3DQoG4o8fT8DxPNZLod9Y/
>>>> Rfi8Lb7NO33WdFu6JG8KRypTs1mQUItQ03TbKapACMmyoXhctZEgnSkwQUBY
>>>> F6jUHMoOpcxj6pPr/oaV9YMfh4P2eyKxNTdJGJXGe9kUPpLRydgoBq9NHluUfjsxKQ
>>>> 4S
>>>> Tw
>>>> G45+ 8TMZnXZOF3qQpW2Ny1shn5V2wSECZBHiTaTtshcIz6Kxew47nW9DQ2ITpbba
>>>> lYTXdnaBOalKpKkS0r4/96QD2HrYQECAwEAAaOCAuEwggLdMB0
>>>> GA1UdDgQWBBRHFQmUcuBtf6vI5ikCLF1uudlSezAfBgNVHSMEGDAWgBSqB1gVMhLVR
>>>> X/
>>>> DsU7Cy9JdkhJExjCCAQQGA1UdHwSB/DCB+TCB9qCB86CB8IaBt2xkYXA6Ly8vQ04
>>>> 9RFBTSXNzdWVDQTAxLENOPUhEUVBSRElUU0lDQTAwMSxDTj1DRFAsQ049UHV
>>>> ibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJ
>>>> hdGlvbixEQz1UTEUsREM9RFBTP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/
>>>> YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludIY0aHR0cDov
>>>> L2NybC5kcHMudGV4YXMuZ292L2NlcnRlbnJvbGwvRFBTSXNzdWVDQTAxLmNy
>>>> bDCB5QYIKwYBBQUHAQEEgdgwgdUwgacGCCsGAQUFBzAChoGabGRhcDovLy9D
>>>> Tj1EUFNJc3N1ZUNBMDEsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZp
>>>> Y2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9VExFLERDPURQ
>>>> Uz9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdG
>>>> lvbkF1dGhvcml0eTApBggrBgEFBQcwAYYdaHR0cDovL2NybC5kcHMudGV4YX
>>>> MuZ292L29jc3AwCwYDVR0PBAQDAgWgMDwGCSsGAQQBgjcVBwQvMC0GJSsGAQ
>>>> QBgjcVCKu3YYWw7zKHhZsih5egL4PJzHwhhI+/NoO2ljQCAWQCAQUwKQYDVR0lBCIw
>>>> QBgjcVCKu3YYWw7zKHhZsih5egL4PJzHwhhI+IA
>>>> YIKwYBBQUHAwQGCisGAQQBgjcKAwQGCCsGAQUFBwMCMDUGCSsGAQQBgjcVCg
>>>> QoMCYwCgYIKwYBBQUHAwQwDAYKKwYBBAGCNwoDBDAKBggrBgEFBQcDAjANBg
>>>> kqhkiG9w0BAQsFAAOCAgEApbhMNf/KZge1ZtpY9xpokh3Zuo3VbNnIi0A6V
>>>> 5PWE/UN8AXIvq6IsbjES+XLxecIkNmSBvZllSvEzZzSnDy/XFlqVGCYRWS8LDrm/
>>>> 1NAjyr4YXfRZyOTxE7W4RyyBsRpLRk2VsgCZ8wpO9kmG8vogp+
>>>> 6Bd0DQQayuTrJbAtlw0SBBgCd6pIWfG9LoCsvKKmNd6xi65clijxxWm82w14KqlUEc
>>>> R/ mgFoCJLJ1qpshHmqK5nc283nDmlnKB1jdOBHOZ3S6j5YpLlxxWHZhntwd01w
>>>> /wKntwAZDHSagRCSvWz+gct47//chfjcCIzaUqTTY9Pw0VjDy+
>>>> KDgOaVp2lAlHEWs5Ts3nT0AfTJDSDtDmOikyfAJlUIM08jfKUIIMOh1w/
>>>> DC4SEFESl8vnmOimnqN2bFO5KmyulMD4XwWQBxuwmub1eR80Z3//
>>>> hynXp6aCcUEaTswDmlws24Ecv9ILuSVohQC+WtJAB5bbRQTbbuYu+
>>>> taabxGNl9Hyh9zTyNrbM3nG5GkaxtSYy2fNiVqzS88sXOShye3GEfgb0a/
>>>> OFpC736wbMPV+I7HNbqGa9Zi+KdsJLA32cbnJO1g2yThdpT05uoikNN
>>>> QrHuse0RtOZJdpLEnRejW96WQYHmxm/tlL64ZPskl5dnlUrbzTqQ9oyJqueDe
>>>> 1eP9jaId6NjAuKzLkQ=</wsse:BinarySecurityToken>
>>>>            <wsu:Timestamp wsu:Id="TS-c1511394-ae6f-4a4c-
>>>> b8c4-a97df1bbd782">
>>>>                <wsu:Created>2017-11-02T22:02:30.558Z</wsu:Created>
>>>>                <wsu:Expires>2017-11-02T22:07:30.558Z</wsu:Expires>
>>>>            </wsu:Timestamp>
>>>>            <ds:Signature
>>>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#<http://www.w3.org/2000/09/xmldsig>
>> "
>>>>                Id="SIG-d17430ac-1be2-410d-b4ed-389fa2c71d9c"
>>>>> 
>>>>                <ds:SignedInfo>
>>>>                    <ds:CanonicalizationMethod
>>>> 
>>>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#<http://www.w3.org/2001/10/xml-exc-c14n>
>>>> "
>>>>> 
>>>>                        <ec:InclusiveNamespaces
>>>>                            xmlns:ec="http://www.w3.org/
>>>> 2001/10/xml-exc-c14n#"
>>>>                            PrefixList="soap" />
>>>>                    </ds:CanonicalizationMethod>
>>>>                    <ds:SignatureMethod
>>>>                        Algorithm="http://www.w3.org/
>>>> 2000/09/xmldsig#rsa-sha1" />
>>>>                    <ds:Reference URI="#TS-c1511394-ae6f-4a4c-
>>>> b8c4-a97df1bbd782">
>>>>                        <ds:Transforms>
>>>>                            <ds:Transform
>>>>                                Algorithm="http://www.w3.org/
>>>> 2001/10/xml-exc-c14n#"
>>>>> 
>>>>                                <ec:InclusiveNamespaces
>>>>                                    xmlns:ec="http://www.w3.org/
>>>> 2001/10/xml-exc-c14n#"
>>>>                                    PrefixList="wsse soap" />
>>>>                            </ds:Transform>
>>>>                        </ds:Transforms>
>>>>                        <ds:DigestMethod
>>>>                            Algorithm="http://www.w3.org/
>>>> 2000/09/xmldsig#sha1" />
>>>> 
>>>> <ds:DigestValue>oUUE187y3bNvLUk0KvKAMQi5oS0=</
>>>> ds:DigestValue>
>>>>                    </ds:Reference>
>>>>                    <ds:Reference URI="#_7f09a81a-706a-4d03-
>>>> 932e-c402c7af8d16">
>>>>                        <ds:Transforms>
>>>>                            <ds:Transform
>>>>                                Algorithm="http://www.w3.org/
>>>> 2001/10/xml-exc-c14n#"
>>>>> 
>>>>                                <ec:InclusiveNamespaces
>>>>                                    xmlns:ec="http://www.w3.org/
>>>> 2001/10/xml-exc-c14n#"
>>>>                                    PrefixList="soap" />
>>>>                            </ds:Transform>
>>>>                        </ds:Transforms>
>>>>                        <ds:DigestMethod
>>>>                            Algorithm="http://www.w3.org/
>>>> 2000/09/xmldsig#sha1" />
>>>> 
>>>> <ds:DigestValue>J3b0s0Tc7Z9nwyg6ryeyXi5V7Wk=</
>>>> ds:DigestValue>
>>>>                    </ds:Reference>
>>>>                </ds:SignedInfo>
>>>>                <ds:SignatureValue>UED8ewbdSQUhh6k7Py+P+
>>>> 5wveYhhM8xwpaBhn5IYKqqPSFzQSkFCG3q7oN/tOL3Oe33N2Xm+
>>>> zPD26Qr7t7LGSEIXUU3ALxtnf8MtS3FRo9C6pxPPC6QuN0dYupPFZnQpYtNB
>>>> L9i9HIRB9dqh9I7NAdz3OGBCjdB8j0scP9V830YSf5fy5Sq5uC2uNV4Ee9tE
>>>> mPbY1yStH8htwPHeQEAFlQ0eNRCGrKL30af9waXGPXetMfuoQPMIbNssImie
>>>> 5cz2O56DGs88bBLZZaLG8LdoouAti9v2DGmlL9A42iJjXs19jQy+HP+4zy/
>>>> vteV/aRhk4t8Q+tJcbn3piy7+pFnuhQ==</ds:SignatureValue>
>>>>                <ds:KeyInfo Id="KI-2b2d8678-1047-4bbb-
>>> a9f6-33de176b569e">
>>>>                    <wsse:SecurityTokenReference
>>>>                        xmlns:wsse="http://docs.oasis-
>>>> open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd<http://open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd>"
>>>>                        xmlns:wsu="http://docs.oasis-
>>>> open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd<http://open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd>"
>>>>                        wsu:Id="STR-2e70c6dd-87f9-
>>> 449e-9659-e0853efef74f"
>>>>> 
>>>>                        <wsse:KeyIdentifier
>>>>                            EncodingType="http://docs.
>>>> oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-<http://oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message->
>>>> security-1.0#Base64Binary"
>>>>                            ValueType="http://docs.oasis-
>>>> open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1<http://open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1>"
>>>>> y5plsGZ1ujCONeUMI+FuNgfF8LU=<
>>> /wsse:KeyIdentifier>
>>>>                    </wsse:SecurityTokenReference>
>>>>                </ds:KeyInfo>
>>>>            </ds:Signature>
>>>>        </wsse:Security>
>>>>    </soap:Header>
>>>>    <soap:Body>
>>>>        <wst:RequestSecurityToken xmlns:wst="http://schemas.
>>>> xmlsoap.org/ws/2005/02/trust<http://xmlsoap.org/ws/2005/02/trust>">
>>>>            <wst:RequestType>http://schemas.xmlsoap.org/ws/2005/
>>>> 02/trust/Issue</wst:RequestType>
>>>>            <wsp:AppliesTo xmlns:wsp="http://www.w3.org/ns/ws-policy">
>>>>                <wsa:EndpointReference
>>>> xmlns:wsa="http://www.w3.org/ 2005/08/addressing">
>>>> 
>>>> <wsa:Address>https://localhost:8443/mock-vls-ws/
>>>> services/mockAuthenticationService</wsa:Address>
>>>>                </wsa:EndpointReference>
>>>>            </wsp:AppliesTo>
>>>>            <wst:Lifetime
>>>> 
>>>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-
>>>> 200401-wss-wssecurity-utility-1.0.xsd"
>>>>> 
>>>>                <wsu:Created>2017-11-02T22:02:29.214Z</wsu:Created>
>>>>                <wsu:Expires>2017-11-02T22:07:29.214Z</wsu:Expires>
>>>>            </wst:Lifetime>
>>>> 
>>>> <wst:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct<
>>>> /wst:TokenType>
>>>>            <wst:KeySize>256</wst:KeySize>
>>>>            <wst:Entropy>
>>>>                <wst:BinarySecret
>>>>                    Type="http://schemas.xmlsoap.
>>>> org/ws/2005/02/trust/Nonce"
>>>>> 0UEx1yrKYAbPt0/m6tuSeyjFvVV4bE1bvN97D9lT0bw=<
>>>> /wst:BinarySecret>
>>>>            </wst:Entropy>
>>>> 
>>>> <wst:ComputedKeyAlgorithm>http://schemas.xmlsoap.org/ws/
>>>> 2005/02/trust/CK/PSHA1</wst:ComputedKeyAlgorithm>
>>>>            <wst:Renewing />
>>>>        </wst:RequestSecurityToken>
>>>>    </soap:Body>
>>>> </soap:Envelope>
>>>> 
>>>> 
>>>> Here is my Spring Endpoint config:
>>>> 
>>>> 
>>>>    <bean id="Aamva_Authentication_Request" class="org.apache.cxf.ws<http://org.apache.cxf.ws>.
>>>> security.wss4j.WSS4JInInterceptor">
>>>>        <constructor-arg>
>>>>            <map>
>>>>                <entry key="action" value="Timestamp Signature" />
>>>>                <entry key="user" value="dls-vls-mock-service-
>>> client-key"
>>>> />
>>>>                <entry key="passwordType" value="PasswordText" />
>>>>                <entry key="passwordCallbackClass"
>>>>                    value="gov.uscis.uscis.xsd.esb.authentication.
>>>> AuthenticationServicePasswordCallback" />
>>>>                <entry key="decryptionPropFile" value="cxf/cxf-crypto.
>>> properties"
>>>> />
>>>>                <entry key="signaturePropFile" value="cxf/cxf-crypto.
>>> properties"
>>>> />
>>>>                <entry key="signatureUser"
>>>> value="dls-vls-mock-service-
>>> client-key"
>>>> />
>>>>                <entry key="signatureKeyIdentifier"
>>>> value="X509KeyIdentifier " />
>>>>                <entry key="signatureParts"
>>>>                    value="{Element}{http://docs.
>>>> oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0<http://oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0>.
>>>> xs d} BinarySecurityToken;{Element}{http://docs.oasis-open.org/
>>>> wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}
>>>> Timestamp;{}{http://www.w3.org/2000/09/xmldsig}Signature<http://www.w3.org/2000/09/xmldsig%7dSignature>;
>>>> {Content}{http://schemas.xmlsoap.org/soap/envelope/}Body<http://schemas.xmlsoap.org/soap/envelope/%7dBody>;" />
>>>> 
>>>> <!--
>>>>                <entry key="encryptionPropFile" value="cxf/cxf-crypto.
>>> properties"
>>>> />
>>>>                <entry key="encryptionParts"
>>>> 
>>>> value="{Content}{http://schemas.xmlsoap.org/ws/2005/
>>>> 07/securitypolicy}Body;" />
>>>> -->
>>>>            </map>
>>>>        </constructor-arg>
>>>>    </bean>
>>>> 
>>>>    <bean id="Aamva_Authentication_Response" class="org.apache.cxf.ws<http://org.apache.cxf.ws>.
>>>> security.wss4j.WSS4JOutInterceptor">
>>>>        <constructor-arg>
>>>>            <map>
>>>>                <entry key="action" value="Timestamp Signature" />
>>>>                <entry key="user" value="dls-vls-mock-service-
>>> client-key"
>>>> />
>>>>                <entry key="passwordType" value="PasswordText" />
>>>>                <entry key="passwordCallbackClass"
>>>>                    value="gov.uscis.uscis.xsd.esb.authentication.
>>>> AuthenticationServicePasswordCallback" />
>>>>                <entry key="signaturePropFile" value="cxf/cxf-crypto.
>>> properties"
>>>> />
>>>>                <entry key="signatureKeyIdentifier"
>>>> value="X509KeyIdentifier " />
>>>>                <entry key="signatureParts"
>>>>                    value="{Element}{http://docs.
>>>> oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0<http://oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0>.
>>>> xs d} BinarySecurityToken;{Element}{http://docs.oasis-open.org/
>>>> wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}
>>>> Timestamp;{}{http://www.w3.org/2000/09/xmldsig}Signature<http://www.w3.org/2000/09/xmldsig%7dSignature>;
>>>> {Content}{http://schemas.xmlsoap.org/soap/envelope/}Body<http://schemas.xmlsoap.org/soap/envelope/%7dBody>;" />
>>>> <!--
>>>>                <entry key="encryptionPropFile" value="cxf/cxf-crypto.
>>> properties"
>>>> />
>>>>                <entry key="encryptionParts"
>>>> 
>>>> value="{Content}{http://schemas.xmlsoap.org/ws/2005/
>>>> 07/securitypolicy}Body;" />
>>>> -->
>>>>            </map>
>>>>        </constructor-arg>
>>>>    </bean>
>>>> 
>>>>    <jaxws:endpoint id="mockAuthenticationServiceEndpoint" bus="cxf"
>>>>        address="/mockAuthenticationService"
>>>>        implementor="gov.uscis.uscis.xsd.esb.authentication.
>>>> AuthenticationServiceImpl"
>>>>> 
>>>>        <jaxws:binding>
>>>>            <soap:soapBinding mtomEnabled="true" version="1.2" />
>>>>        </jaxws:binding>
>>>> 
>>>>        <jaxws:inInterceptors>
>>>>            <ref bean="Aamva_Authentication_Request" />
>>>>            <bean class="org.apache.cxf.binding.
>>> soap.saaj.SAAJInInterceptor"
>>>> />
>>>>        </jaxws:inInterceptors>
>>>> 
>>>>        <jaxws:outInterceptors>
>>>>            <ref bean="Aamva_Authentication_Response" />
>>>>            <bean class="org.apache.cxf.binding.
>>> soap.saaj.SAAJOutInterceptor"
>>>> />
>>>>        </jaxws:outInterceptors>
>>>> 
>>>>    </jaxws:endpoint>
>>>> 
>>>> Since adding the signatureParts entries, now I am getting:
>>>> 
>>>> 2017-11-02 21:40:11.369 WARN   [org.apache.cxf.common.
>> logging.LogUtils]
>>>> Interceptor for {http://aamva.org/authentication/3.1.0}
>>>> AuthenticationService has thrown exception, unwinding now
>>>> org.apache.cxf.interceptor.Fault: Message part {
>>>> http://schemas.xmlsoap.org/ws/2005/02/trust}RequestSecurityToken<http://schemas.xmlsoap.org/ws/2005/02/trust%7dRequestSecurityToken>
>>>> was not recognized.  (Does it exist in service WSDL?)
>>>> 
>>>> 
>>>> I am out of my depth here. Can anyone suggest how to get the
>>>> JAX:WS markup to match up with the WSDL policy?
>>>> 
>>>> Thanks.
>>>> 
>>> 
>>> 
>>> 
>>> --
>>> Colm O hEigeartaigh
>>> 
>>> Talend Community Coder
>>> http://coders.talend.com
>>> 
>> 
>> 
>> 
>> --
>> Colm O hEigeartaigh
>> 
>> Talend Community Coder
>> http://coders.talend.com
>> 
> 
> 
> 
> --
> Colm O hEigeartaigh
> 
> Talend Community Coder
> http://coders.talend.com
> 
> 
> 
> --
> Colm O hEigeartaigh
> 
> Talend Community Coder
> http://coders.talend.com

-- 
Daniel Kulp
dkulp@apache.org - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com


Mime
View raw message