It's a bug...either in CXF or WSS4J. It manifests when there is whitespace between the SOAP Body tag and the first Element in the Body itself. For a workaround, you can just use the DOM WSS4JInInterceptor instead.
Colm. On Sat, Jan 14, 2017 at 9:20 AM, martijn.list <[email protected]> wrote: > Hi, > > I have CXF configured server side with spring and enabled UsernameToken > authentication: > > <bean id="publicWebServicePasswordInterceptor" > class="org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor"> > <constructor-arg> > <map> > <entry key="action" value="UsernameToken" /> > <entry key="passwordType" value="PasswordText" /> > <entry key="passwordCallbackRef"> > <ref bean="publicWebServicePasswordHandler"/> > </entry> > </map> > </constructor-arg> > </bean> > > <jaxws:inInterceptors> > <ref bean="publicWebServicePasswordInterceptor"/> > </jaxws:inInterceptors> > > This works when the SOAP client is created with CXF. However when I use > SoapUI to test the web service I always get the following error in the > SOAP server: > > "Security processing failed (actions mismatch)" > > With some debugging I noticed that the "incomingSecurityEventList" is > empty when > > From StaxActionInInterceptor: > > public void handleMessage(SoapMessage soapMessage) > { > [SNIP] > ... > List<SecurityEvent> incomingSecurityEventList = > (List)soapMessage.get(SecurityEvent.class.getName() + ".in"); > ... > > This is why a few lines later a SoapFault exception is thrown because > the incomingSecurityEventList should not be empty. > > If I use the CXF SOAP client (which works), the > incomingSecurityEventList contains the following object: > > org.apache.wss4j.stax.securityEvent.UsernameTokenSecurityEvent > > It might be that the SOAP call from SoapUI is incorrect or that > something is missing but I have not figured out why this is not working. > > I hope someone can tell me what's not correct with the SOAP call from > SoapUI: > > SOAP call from SoapUI (from tcpdump): > > POST /usersws HTTP/1.1 > > Content-Type: text/xml;charset=UTF-8 > > SOAPAction: "" > > Content-Length: 829 > > Host: 127.0.0.1:9009 > > Connection: Keep-Alive > > User-Agent: Apache-HttpClient/4.1.1 (java 1.5) > > > > <soapenv:Envelope > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; > xmlns:ws="http://ws.djigzo.application.mitm/";> > <soapenv:Header><wsse:Security soapenv:mustUnderstand="1" > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis- > 200401-wss-wssecurity-secext-1.0.xsd" > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis- > 200401-wss-wssecurity-utility-1.0.xsd"><wsse:UsernameToken > wsu:Id="UsernameToken-A74ECD7A71C7695F3D148438453965 > 395"><wsse:Username>admin</wsse:Username><wsse:Password > Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401- > wss-username-token-profile-1.0#PasswordText">password</ > wsse:Password></wsse:UsernameToken></wsse:Security></soapenv:Header> > <soapenv:Body> > <ws:isUser> > <!--Optional:--> > <email>?</email> > </ws:isUser> > </soapenv:Body> > </soapenv:Envelope> > > I have tested it with CXF 3.0.9 and with 3.0.12 > > Any idea why this is not working? > > Kind regards, > > Martijn Brinkers > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
