On 01/16/2017 03:32 PM, Colm O hEigeartaigh wrote: > It's a bug...either in CXF or WSS4J. It manifests when there is whitespace > between the SOAP Body tag and the first Element in the Body itself.
Is this reported somewhere? > For a workaround, you can just use the DOM WSS4JInInterceptor instead. Changing it to org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor did not solve the issue. I get the same error. Kind regards, Martijn Brinkers > On Sat, Jan 14, 2017 at 9:20 AM, martijn.list <[email protected]> > wrote: > >> Hi, >> >> I have CXF configured server side with spring and enabled UsernameToken >> authentication: >> >> <bean id="publicWebServicePasswordInterceptor" >> class="org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor"> >> <constructor-arg> >> <map> >> <entry key="action" value="UsernameToken" /> >> <entry key="passwordType" value="PasswordText" /> >> <entry key="passwordCallbackRef"> >> <ref bean="publicWebServicePasswordHandler"/> >> </entry> >> </map> >> </constructor-arg> >> </bean> >> >> <jaxws:inInterceptors> >> <ref bean="publicWebServicePasswordInterceptor"/> >> </jaxws:inInterceptors> >> >> This works when the SOAP client is created with CXF. However when I use >> SoapUI to test the web service I always get the following error in the >> SOAP server: >> >> "Security processing failed (actions mismatch)" >> >> With some debugging I noticed that the "incomingSecurityEventList" is >> empty when >> >> From StaxActionInInterceptor: >> >> public void handleMessage(SoapMessage soapMessage) >> { >> [SNIP] >> ... >> List<SecurityEvent> incomingSecurityEventList = >> (List)soapMessage.get(SecurityEvent.class.getName() + ".in"); >> ... >> >> This is why a few lines later a SoapFault exception is thrown because >> the incomingSecurityEventList should not be empty. >> >> If I use the CXF SOAP client (which works), the >> incomingSecurityEventList contains the following object: >> >> org.apache.wss4j.stax.securityEvent.UsernameTokenSecurityEvent >> >> It might be that the SOAP call from SoapUI is incorrect or that >> something is missing but I have not figured out why this is not working. >> >> I hope someone can tell me what's not correct with the SOAP call from >> SoapUI: >> >> SOAP call from SoapUI (from tcpdump): >> >> POST /usersws HTTP/1.1 >> >> Content-Type: text/xml;charset=UTF-8 >> >> SOAPAction: "" >> >> Content-Length: 829 >> >> Host: 127.0.0.1:9009 >> >> Connection: Keep-Alive >> >> User-Agent: Apache-HttpClient/4.1.1 (java 1.5) >> >> >> >> <soapenv:Envelope >> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; >> xmlns:ws="http://ws.djigzo.application.mitm/";> >> <soapenv:Header><wsse:Security soapenv:mustUnderstand="1" >> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis- >> 200401-wss-wssecurity-secext-1.0.xsd" >> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis- >> 200401-wss-wssecurity-utility-1.0.xsd"><wsse:UsernameToken >> wsu:Id="UsernameToken-A74ECD7A71C7695F3D148438453965 >> 395"><wsse:Username>admin</wsse:Username><wsse:Password >> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401- >> wss-username-token-profile-1.0#PasswordText">password</ >> wsse:Password></wsse:UsernameToken></wsse:Security></soapenv:Header> >> <soapenv:Body> >> <ws:isUser> >> <!--Optional:--> >> <email>?</email> >> </ws:isUser> >> </soapenv:Body> >> </soapenv:Envelope> >> >> I have tested it with CXF 3.0.9 and with 3.0.12 >> >> Any idea why this is not working? >> >> Kind regards, >> >> Martijn Brinkers >> > > > -- CipherMail email encryption Email encryption with support for S/MIME, OpenPGP, PDF encryption and secure webmail pull. https://www.ciphermail.com Twitter: http://twitter.com/CipherMail
