Fwd: Issue using camel-cxf and wss4j

Charles Moulliard Wed, 09 Jan 2013 11:37:13 -0800

Hi,

When I try to authenticate an HTTP request using WS-Security with camel-cxf
& wss4j interceptor, I get the following error :


qtp370155726-26 DEBUG [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor]
- WSS4JInInterceptor: enter handleMessage()
qtp370155726-26 WARN [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor]
- Security processing failed (actions mismatch)
qtp370155726-26 WARN [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor]
-
org.apache.ws.security.WSSecurityException: An error was discovered
processing the <wsse:Security> header
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4JInInterceptor.java:383)
 at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:333)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97)
 at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
 at
org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:348)
at
org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:312)
 at
org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:72)
at
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:943)
 at
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:879)
at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
 at
org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:250)
at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110)
 at org.eclipse.jetty.server.Server.handle(Server.java:349)
at
org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:441)
 at
org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:936)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:801)
 at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:224)
at
org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:51)
 at
org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:586)
at
org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:44)
 at
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:598)
at
org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:533)
 at java.lang.Thread.run(Thread.java:722)
qtp370155726-26 WARN [org.apache.cxf.phase.PhaseInterceptorChain] -
Interceptor for {http://training.fusesource.com/}CustomerServiceService has
thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: An error was discovered processing
the <wsse:Security> header
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:804)
 at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:357)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97)
 at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
 at
org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:348)
at
org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:312)
 at
org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:72)
at
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:943)
 at
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:879)
at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
 at
org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:250)
at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110)
 at org.eclipse.jetty.server.Server.handle(Server.java:349)
at
org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:441)
 at
org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:936)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:801)
 at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:224)
at
org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:51)
 at
org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:586)
at
org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:44)
 at
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:598)
at
org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:533)
 at java.lang.Thread.run(Thread.java:722)
Caused by: org.apache.ws.security.WSSecurityException: An error was
discovered processing the <wsse:Security> header
 at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4JInInterceptor.java:383)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:333)
 ... 22 more

even if SOAPEnvelopper message received by CXF contains SOAP Security Header

ID: 1
Address: http://127.0.0.1:9090/training/WebService
Encoding: UTF-8
Http-Method: POST
Content-Type: text/xml;charset=UTF-8
Headers: {accept-encoding=[gzip,deflate], connection=[keep-alive],
Content-Length=[1590], content-type=[text/xml;charset=UTF-8], Host=[
127.0.0.1:9090], SOAPAction=["http://training.fusesource.com/saveCustomer";],
User-Agent=[Apache-HttpClient/4.1.1 (java 1.5)]}
Payload: <soapenv:Envelope xmlns:soapenv="
http://schemas.xmlsoap.org/soap/envelope/"; xmlns:tra="
http://training.fusesource.com/";>
   <soapenv:Header>
           <wsse:Security xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
"
                soap:mustUnderstand="1">
<wsse:UsernameToken xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="UsernameToken-1">
 <wsse:Username>charles</wsse:Username>
<wsse:Password Type="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest
">TVzWGxNvhlixNVWol8poD9DHxl8=</wsse:Password>
 <wsse:Nonce EncodingType="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
">WsMNSm/C4dzdPS3OhUi94Q==</wsse:Nonce>
 <wsu:Created>2013-01-09T15:46:14.908Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
   </soapenv:Header>
   <soapenv:Body>
      <tra:saveCustomer>
         <customer>
            <!--Optional:-->
            <name>?</name>
            <!--Zero or more repetitions:-->
            <address>?</address>
            <numOrders>?</numOrders>
            <revenue>?</revenue>
            <!--Optional:-->
            <test>?</test>
            <!--Optional:-->
            <birthDate>?</birthDate>
            <!--Optional:-->
            <type>?</type>
         </customer>
      </tra:saveCustomer>
   </soapenv:Body>
</soapenv:Envelope>
--------------------------------------

CXF & Camel config

    <cxf:cxfEndpoint id="WS"
                     address="http://localhost:9090/training/WebService";
                     serviceClass="com.fusesource.training.CustomerService">
        <cxf:outInterceptors>
            <ref bean="loggingOutInterceptor"/>
         </cxf:outInterceptors>
        <cxf:inInterceptors>
            <ref bean="loggingInInterceptor"/>
            <ref bean="wss4jInInterceptor"/>
        </cxf:inInterceptors>
    </cxf:cxfEndpoint>

    <bean id="loggingOutInterceptor"
class="org.apache.cxf.interceptor.LoggingOutInterceptor"/>
    <bean id="loggingInInterceptor"
class="org.apache.cxf.interceptor.LoggingInInterceptor"/>

    <bean id="wss4jInInterceptor"
class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
        <constructor-arg>
            <map>
                <entry key="action" value="UsernameToken"/>
                <entry key="passwordType" value="PasswordDigest"/>
                <entry key="passwordCallbackClass"
value="com.fusesource.training.camel.UTPasswordCallback"/>
            </map>
        </constructor-arg>
    </bean>

Version of CXF used : 2.7.1
WSS4J : 1.6.8

In debug mode, I can see that in the class WSS4JInInterceptor when we
handle the message (handleMessage(SoapMessage msg) throws Fault), the
element is null ( Element elem =
WSSecurityUtil.getSecurityHeader(doc.getSOAPPart(),
actor); ) like also wsResult.

Does anybody knows how to solve this issue and why SoapHeaders have been
removed ?

Regards,

Charles Moulliard
Apache Committer / Sr. Enterprise Architect (RedHat)
Twitter : @cmoulliard | Blog : http://cmoulliard.blogspot.com

Fwd: Issue using camel-cxf and wss4j

Reply via email to