ws-dev mailing list archives

Site index · List index

Message view	« Date » · « Thread »
Top	« Date » · « Thread »
From	"Sudarshan Menon (JIRA)" <j...@apache.org>
Subject	[jira] [Created] (WSS-528) warning("Security processing failed (actions mismatch)")
Date	Sun, 05 Apr 2015 15:04:33 GMT
Sudarshan Menon created WSS-528: ----------------------------------- Summary: warning("Security processing failed (actions mismatch)") Key: WSS-528 URL: https://issues.apache.org/jira/browse/WSS-528 Project: WSS4J Issue Type: Bug Components: WSS4J Core Affects Versions: 2.0.3, 2.0.0 Environment: Windows7 Reporter: Sudarshan Menon Assignee: Colm O hEigeartaigh I upgraded WSS4J 1.6.1 to WSS4J 2.0.X. The main motive is to encrypt passwords in crypto properties file. I see error in my web service response."A security error was encountered when verifying the message". So by debugging the error happens at below line of code in StaxActionInInterceptor.java if (requiredEvent != null && !isEventInResults(requiredEvent, incomingSecurityEventList)) { LOG.warning("Security processing failed (actions mismatch)"); WSSecurityException ex = new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_ERROR); throw WSS4JUtils.createSoapFault(soapMessage, soapMessage.getVersion(), ex); } I also see that incomingSecurityEventList is coming empty in my case. Below is the SOAP Header. <soap:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/oasis-200512-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/oasis-200512-wss-wssecurity-utility-1.0.xsd"> <xenc:EncryptedKey Id="EK-2891A1F499E94EA11A13831255443381" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <wsse:SecurityTokenReference> <ds:X509Data> <ds:X509IssuerSerial> <ds:X509IssuerName>Some Issuer Name</ds:X509IssuerName> <ds:X509SerialNumber>Some Serial Number</ds:X509SerialNumber> </ds:X509IssuerSerial> </ds:X509Data> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue>UtcgDv+Fbo3lPnuuHMYl7jD90WOdMcfnIEAic3BnVJM/dhqbmt/LsNoS3dRMQPJZwoseuXXPX/vJgPK+oMDhDGKjPXAynwU9XFoYWAVPeHj0rq5x9zwDd3rrmm4E4cD12AIeXTg/42J6HDx+NhCtSYcDeUUJqscb0EQDJXoZ99P3uo7UhTUyIFgiy6wYyBVtmfmXPIYjxqOg+cSEN1erVFiPlSl6uZlw7ZQOuXj38QVWGJIYKjWDOsN5zIU3qXFxaQUgViTmxOoIMjLp1HQAP9Ttcl0WTIjdbomM9dNvuPNNa/9Y/44sbEqGzwYy0XrmbCMgWBtia0mgJzxU4Lfj7A==</xenc:CipherValue> </xenc:CipherData> <xenc:ReferenceList> <xenc:DataReference URI="#ED-3"/> </xenc:ReferenceList> </xenc:EncryptedKey> <wsse:UsernameToken wsu:Id="UsernameToken-2"> <wsse:Username>SPD_DEV_USER</wsse:Username> <xenc:EncryptedData Id="ED-3" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/oasis-wss-soap-message-security-1.1#EncryptedKey" xmlns:wsse11="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/oasis-wss-wssecurity-secext-1.1.xsd"> <wsse:Reference URI="#EK-2891A1F499E94EA11A13831255443381"/> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue>o3h3NrJHxVVMl6qNjZ4thRaaNMkXMmSkfgXidp9lgkQO62EsmTEuve6J1jYGCWsRGwC9ro7YTP9Ms21veox8JD9yeDQJjQIHeatDVb9NKp1AKZZDn5Kt3KAfEZfwp1EScJaTh3KrpD/AihBj8IYPyvCtRViuAsWGxbj9aSxTsW+ht35rlSK0fU0P7gRg17IsoeURhbafNOouX18wOzyZruizo55GUYvXBWmqqa5/5k2oV8elaqQRnhSz2EkQ7D5dmGUOGEG1OoMbfbZADha3mbRYTnDzP3cKf4sn4Fvx2JF+OEXhp3ZbUfqXtx2WWxlAreguqmVu04wMlQhYkUTKSJ3qRG7LMhlHHQTM8VhLHRafmKua8WALbCJfjG5mcXNF28HA6eeNJjWlA2wsozmFLS3yncEX7fKDeURHX5eHjL8yE+QtmMvH32EbN7nwsIvVz1qCvm1jsuqo81crpxOAm2N4uDGldJCjH7POaMQG90jK1y8f1LFyH+SPh6zwcQhDbZ2LP8Pt6/UGiiikm1Uiq5ZDwfChUz9+ULd2iwbNo/7jHWNhEllhF2n1McTDNPrHl7UTIQBSubY/F2qjjk3Vww==</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </wsse:UsernameToken> <wsu:Timestamp wsu:Id="TS-1"> <wsu:Created>2013-10-30T09:32:24.283Z</wsu:Created> <wsu:Expires>2015-12-30T09:37:24.283Z</wsu:Expires> </wsu:Timestamp> </wsse:Security> </soap:Header> Below is the WSS4JStaxInInterceptor configuration <jaxws:inInterceptors> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor"> <constructor-arg> <map> <entry key="#{T(org.apache.wss4j.dom.handler.WSHandlerConstants).ACTION}" value="SAMLTokenSigned" /> <entry key="faultStackTraceEnabled" value="true" /> <entry key="signaturePropFile" value="${cloudenv}.ess.properties" /> <entry key="passwordCallbackClass" value="com.uhg.optuminsight.pim.service.ws.interceptor.SAMLSecurityCallback" /> </map> </constructor-arg> </bean> <bean class="com.uhg.optuminsight.pim.service.ws.interceptor.WebServiceInterceptor" /> </jaxws:inInterceptors> <jaxws:properties> <entry key="ws-security.signature.properties" value="${cloudenv}.ess.properties" /> <entry key="ws-security.saml2.validator"> <ref bean="samlTokenValidator" /> </entry> <entry key="ws-security.return.security.error" value="true" /> <entry key="jaxb.encoding" value="UTF-8"/> <entry key="schema-validation-enabled" value="true" /> </jaxws:properties> Note : All these were working before with WSS4JInInterceptor in WSS4J 1.6.1 -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org For additional commands, e-mail: dev-help@ws.apache.org
Mime	Unnamed text/plain (inline, 7-Bit, 6252 bytes)
	View raw message