Hi, the following sample:
https://github.com/gmazza/blog-samples/tree/master/cxf_ut_messagelayer,
hardcoded to use CXF 2.7.3, works fine with UsernameToken over
Message-Layer Encryption (here, an X.509 symmetric key as explained in
the first part of this short blog article:
http://www.jroller.com/gmazza/entry/usernametoken_messagelayer_encryption).
To confirm, all that needs to be done is to run "mvn clean install
tomcat7:run-war" from the cxf_ut_messagelayer base folder and "mvn
exec:exec" from the client subfolder. However, once I upgrade
cxf_ut_messagelayer/pom.xml to CXF 2.7.4 or more recent (tried 2.7.5 and
2.7.6 as well), I get the following error upon running the client:
Sep 01, 2013 4:16:53 PM org.apache.cxf.phase.PhaseInterceptorChain
doDefaultLogging
WARNING: Interceptor for
{http://www.example.org/contract/DoubleIt}DoubleItService#{http://www.example.org/contract/DoubleIt}DoubleIt
has thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: The security token could not be
authenticated or authorized
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:788)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:336)
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:120)
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:105)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:239)
.....
Caused by: org.apache.ws.security.WSSecurityException: The security
token could not be authenticated or authorized
at
org.apache.ws.security.validate.UsernameTokenValidator.verifyUnknownPassword(UsernameTokenValidator.java:228)
at
org.apache.ws.security.validate.UsernameTokenValidator.validate(UsernameTokenValidator.java:110)
at
org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:172)
at
org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:67)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:279)
Checking the dependencies via mvn dependency:tree, we upgrade from
Woodstox 4.1.4 to 4.2.0 between CXF 2.7.3 and CXF 2.7.4. However, even
if I force the use of Woodstox 4.1.4 in CXF 2.7.4 I get the same error
message above. I don't know if this is a regression in CXF or if there
is some configuration change that will require me to update my WSDL
configuration.
Thanks,
Glen
- Regression w/UT over Symmetric Key encryption between ... Glen Mazza
-
