Re: WS-Client throws Exception in WSS4JInInterceptor

[Freeman Fang]

One quick question, did you also add WSS4JOutInterceptor and 
SAAJOutInterceptor for your server side?

Regards
Freeman
[EMAIL PROTECTED] wrote:
Hi,

we use UsernameToken and Signature in our WS-Security Secenario. 

For the Client we add SAAJOutInterceptor (because of Apache CXF 2.0.x) and 
WSS4JOutInterceptor as additional OutInterceptors. ()
For the Server we add SAAJInInterceptor (because of Apache CXF 2.0.x), 
WSS4JInInterceptor and ValidateUserTokenInterceptor(own Implementation) as 
InInterceptors.

The client puts all necessary information into the request, as far as I 
understand the data in my TCP/IP Monitor. The server processes the Request 
and I see no errors in WSSecurityEngine, WSS4jInInterceptor etc. The 
server sends a HTTP/1.1 200 OK back to the client. And now the client 
throws an error:

INFO: Interceptor has thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: Request does not contain required 
Security header.
        at 
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:150)
        at 
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:60)
        at 
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:207)
        at 
org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:395)
        at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1932)
        at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1790)
        at 
org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
        at 
org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:576)
        at 
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
        at 
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:207)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:254)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:205)
        at 
org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
        at 
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135)

I checked the code of WSS4JInInterceptor and I see wsResult == null, 
because
                wsResult = 
secEngine.processSecurityHeader(doc.getSOAPPart(), actor, cbHandler, 
reqData
                    .getSigCrypto(), reqData.getDecCrypto());
is null as well.

I don't understand why the client calls this InInterceptor ???

-Josef
BGS Beratungsgesellschaft 
Software Systemplanung AG         Niederlassung Rhein/Main 
Robert-Koch-Straße 41 
55129 Mainz 
Fon: +49 (0) 6131 / 914-0 
Fax: +49 (0) 6131 / 914-400 
www.bgs-ag.de Geschäftssitz Mainz 
Registergericht 
Amtsgericht Mainz 
HRB 62 50 
  Aufsichtsratsvorsitzender 
Klaus Hellwig 
Vorstand 
Hanspeter Gau 
Hermann Kiefer 
Nils Manegold