Switched to:
wsdlLocation="/META-INF/resources/Authenticate-Service-single.wsdl"
And got:
2017-11-03 09:33:00.499 INFO
[org.apache.cxf.wsdl.service.factory.ReflectionServiceFactoryBean] Creating
Service {http://aamva.org/authentication/3.1.0}AuthenticationService from WSDL:
/META-INF/resources/Authenticate-Service-single.wsdl
So I guess it found it via the classpath.
More testing... more testing...
-----Original Message-----
From: Morein, Arnie
Sent: Friday, November 03, 2017 9:29 AM
To: 'Daniel Kulp'; [email protected]
Subject: RE: Help with configuring web service to match security from WSDL
2017-11-03 08:59:02.985 INFO
[org.apache.cxf.wsdl.service.factory.ReflectionServiceFactoryBean] Creating
Service {http://aamva.org/authentication/3.1.0}AuthenticationService from class
gov.niem.release.niem.codes.usps_states._3_1_0.IAuthenticationService
From class apparently. I tried this (though I hate the hard-coded file
name+version of it):
<jaxws:endpoint id="mockAuthenticationServiceEndpoint" bus="cxf"
address="/mockAuthenticationService"
implementor="gov.uscis.uscis.xsd.esb.authentication.AuthenticationServiceImpl"
wsdlLocation="jar:file://ws-dls-aamva-authentication-1.0.0.jar!META-INF/resources/Authenticate-Service-single.wsdl"
but got:
Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR:
Problem parsing
'jar:file://ws-dls-aamva-authentication-1.0.0.jar!META-INF/resources/Authenticate-Service-single.wsdl'.:
java.net.MalformedURLException: no !/ in spec
at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2198)
at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2390)
at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2422)
at
org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.java:238)
at
org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.java:163)
at
org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:85)
... 86 more
Caused by: java.net.MalformedURLException: no !/ in spec
So, what's the best way to do this?
-----Original Message-----
From: Daniel Kulp [mailto:[email protected]]
Sent: Friday, November 03, 2017 9:02 AM
To: [email protected]; Morein, Arnie
Subject: Re: Help with configuring web service to match security from WSDL
CAUTION: This email was received from an EXTERNAL source, use caution when
clicking links or opening attachments.
If you believe this to be a malicious and/or phishing email, please send this
email as an attachment to [email protected].
There aren’t any ws-security interceptors there. Two things to check:
1) Make sure the cxf-rt-ws-security jar is in the war/service.
2) Make sure you are specifying the WSDL when the service is started. Scroll
up in the log and make sure it says something like “creating service from WSDL”
and not “creating service from class”.
For some reason, the service does not think it needs any security processing.
Dan
> On Nov 3, 2017, at 9:31 AM, Morein, Arnie <[email protected]> wrote:
>
> You mean this:
>
> 2017-11-03 08:17:41.351 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Chain org.apache.cxf.phase.PhaseInterceptorChain@477ce666 was created.
> Current flow:
> receive [LoggingInInterceptor, PolicyInInterceptor, AttachmentInInterceptor]
> pre-stream [CertConstraintsInterceptor]
> post-stream [StaxInInterceptor]
> read [WSDLGetInterceptor, ReadHeadersInterceptor, SoapActionInInterceptor,
> StartBodyInterceptor, JavascriptGetInterceptor]
> pre-protocol [MEXInInterceptor, MustUnderstandInterceptor]
> post-protocol [CheckFaultInterceptor, JAXBAttachmentSchemaValidationHack]
> unmarshal [DocLiteralInInterceptor, SoapHeaderInterceptor]
> pre-logical [OneWayProcessorInterceptor]
> post-logical [WrapperClassInInterceptor]
> pre-invoke [SwAInInterceptor, HolderInInterceptor]
> invoke [ServiceInvokerInterceptor]
> post-invoke [OutgoingChainInterceptor]
>
> 2017-11-03 08:17:41.351 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleMessage on interceptor
> org.apache.cxf.interceptor.LoggingInInterceptor@74843c6e
> 2017-11-03 08:17:41.378 INFO
> [org.apache.cxf.interceptor.AbstractLoggingInterceptor] Inbound Message
> ----------------------------
> ID: 1
> Address: https://localhost:8443/mock-vls-ws/services/mockAuthenticationService
> Encoding: UTF-8
> Http-Method: POST
> Content-Type: application/soap+xml;
> action="http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT";; charset=UTF-8
> Headers: {Accept=[*/*], cache-control=[no-cache], connection=[keep-alive],
> content-type=[application/soap+xml;
> action="http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT";; charset=UTF-8],
> host=[localhost:8443], pragma=[no-cache], transfer-encoding=[chunked],
> user-agent=[Apache-CXF/3.1.10]}
> Payload: <soap:Envelope
> xmlns:soap="http://www.w3.org/2003/05/soap-envelope";><soap:Header><Action
> xmlns="http://www.w3.org/2005/08/addressing";>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</Action><MessageID
>
> xmlns="http://www.w3.org/2005/08/addressing";>urn:uuid:26fe3f6b-6e58-4149-84d6-91c7a5bcc37e</MessageID><To
> xmlns="http://www.w3.org/2005/08/addressing";
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>
> wsu:Id="_5f89bdcd-a9c5-4dfe-bd29-35e2a61ba27e">https://localhost:8443/mock-vls-ws/services/mockAuthenticationService</To><ReplyTo
>
> xmlns="http://www.w3.org/2005/08/addressing";><Address>http://www.w3.org/2005/08/addressing/anonymous</Address></ReplyTo><wsse:Security
>
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
>
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> soap:mustUnderstand="true"><wsse:BinarySecurityToken
> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
>
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
>
> wsu:Id="X509-a8890f7e-f564-4286-90ed-c92afe79af0c">MIIHPzCCBSegAwIBAgITRAAAc2IaBbGCTk7sGwAAAABzYjANBgkqhkiG9w0BAQsFADBBMRMwEQYKCZImiZPyLGQBGRYDRFBTMRMwEQYKCZImiZPyLGQBGRYDVExFMRUwEwYDVQQDEwxEUFNJc3N1ZUNBMDEwHhcNMTcxMTAxMTczMTUzWhcNMjAxMDMxMTczMTUzWjCBjTELMAkGA1UEBhMCVVMxDjAMBgNVBAgTBVRleGFzMQ8wDQYDVQQHEwZBdXN0aW4xKjAoBgNVBAoTIVRleGFzIERlcGFydG1lbnQgb2YgUHVibGljIFNhZmV0eTELMAkGA1UECxMCSVQxJDAiBgNVBAMMG2Rwcy5kZXZlbG9wZXJAZHBzLnRleGFzLmdvdjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIPrRFbLW92EYqeCr/jrEkFaHLP4Zm8lMnpNV1aJtEPuZno3GdBtRNadTHpg+x6dKQemTgrpZJIzBCsm6iCWliB2PWqdFbQKt3DQoG4o8fT8DxPNZLod9Y/Rfi8Lb7NO33WdFu6JG8KRypTs1mQUItQ03TbKapACMmyoXhctZEgnSkwQUBYF6jUHMoOpcxj6pPr/oaV9YMfh4P2eyKxNTdJGJXGe9kUPpLRydgoBq9NHluUfjsxKQ4STwG45+8TMZnXZOF3qQpW2Ny1shn5V2wSECZBHiTaTtshcIz6Kxew47nW9DQ2ITpbbalYTXdnaBOalKpKkS0r4/96QD2HrYQECAwEAAaOCAuEwggLdMB0GA1UdDgQWBBRHFQmUcuBtf6vI5ikCLF1uudlSezAfBgNVHSMEGDAWgBSqB1gVMhLVRX/DsU7Cy9JdkhJExjCCAQQGA1UdHwSB/DCB+TCB9qCB86CB8IaBt2xkYXA6Ly8vQ049RFBTSXNzdWVDQTAxLENOPUhEUVBSRElUU0lDQTAwMSxDTj1DRFAsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1UTEUsREM9RFBTP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludIY0aHR0cDovL2NybC5kcHMudGV4YXMuZ292L2NlcnRlbnJvbGwvRFBTSXNzdWVDQTAxLmNybDCB5QYIKwYBBQUHAQEEgdgwgdUwgacGCCsGAQUFBzAChoGabGRhcDovLy9DTj1EUFNJc3N1ZUNBMDEsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9VExFLERDPURQUz9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhvcml0eTApBggrBgEFBQcwAYYdaHR0cDovL2NybC5kcHMudGV4YXMuZ292L29jc3AwCwYDVR0PBAQDAgWgMDwGCSsGAQQBgjcVBwQvMC0GJSsGAQQBgjcVCKu3YYWw7zKHhZsih5egL4PJzHwhhI+/NoO2ljQCAWQCAQUwKQYDVR0lBCIwIAYIKwYBBQUHAwQGCisGAQQBgjcKAwQGCCsGAQUFBwMCMDUGCSsGAQQBgjcVCgQoMCYwCgYIKwYBBQUHAwQwDAYKKwYBBAGCNwoDBDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAgEApbhMNf/KZge1ZtpY9xpokh3Zuo3VbNnIi0A6V5PWE/UN8AXIvq6IsbjES+XLxecIkNmSBvZllSvEzZzSnDy/XFlqVGCYRWS8LDrm/1NAjyr4YXfRZyOTxE7W4RyyBsRpLRk2VsgCZ8wpO9kmG8vogp+6Bd0DQQayuTrJbAtlw0SBBgCd6pIWfG9LoCsvKKmNd6xi65clijxxWm82w14KqlUEcR/mgFoCJLJ1qpshHmqK5nc283nDmlnKB1jdOBHOZ3S6j5YpLlxxWHZhntwd01w/wKntwAZDHSagRCSvWz+gct47//chfjcCIzaUqTTY9Pw0VjDy+KDgOaVp2lAlHEWs5Ts3nT0AfTJDSDtDmOikyfAJlUIM08jfKUIIMOh1w/DC4SEFESl8vnmOimnqN2bFO5KmyulMD4XwWQBxuwmub1eR80Z3//hynXp6aCcUEaTswDmlws24Ecv9ILuSVohQC+WtJAB5bbRQTbbuYu+taabxGNl9Hyh9zTyNrbM3nG5GkaxtSYy2fNiVqzS88sXOShye3GEfgb0a/OFpC736wbMPV+I7HNbqGa9Zi+KdsJLA32cbnJO1g2yThdpT05uoikNNQrHuse0RtOZJdpLEnRejW96WQYHmxm/tlL64ZPskl5dnlUrbzTqQ9oyJqueDe1eP9jaId6NjAuKzLkQ=</wsse:BinarySecurityToken><wsu:Timestamp
>
> wsu:Id="TS-965db706-62a9-4503-8ce5-1e03059d5233"><wsu:Created>2017-11-03T13:17:36.886Z</wsu:Created><wsu:Expires>2017-11-03T13:22:36.886Z</wsu:Expires></wsu:Timestamp><ds:Signature
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
> Id="SIG-8cc68916-e2f8-42d6-b1fd-7591d7d66284"><ds:SignedInfo><ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";><ec:InclusiveNamespaces
> xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#";
> PrefixList="soap"/></ds:CanonicalizationMethod><ds:SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference
> URI="#TS-965db706-62a9-4503-8ce5-1e03059d5233"><ds:Transforms><ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";><ec:InclusiveNamespaces
> xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="wsse
> soap"/></ds:Transform></ds:Transforms><ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>jCyyTSTT/fhP+KFW4k3zv1WTOHw=</ds:DigestValue></ds:Reference><ds:Reference
> URI="#_5f89bdcd-a9c5-4dfe-bd29-35e2a61ba27e"><ds:Transforms><ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";><ec:InclusiveNamespaces
> xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#";
> PrefixList="soap"/></ds:Transform></ds:Transforms><ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>J/jV6WUu2QgeJV6bMcDDJCyUGO8=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>e61E/Z1qCLUlGXWcTll3jBQYEmnkX61PDteYgltKXO88tU664sOOVYvWLqHe0UBj2JmvR3/GExPmpLn1LW5V6A6GtGZ2C6esawE+HuO27CGJ/f7+cbeD+rgT0a5yTLnP7rtBh8LZ23SIs2cKDG4mA0ERPQRsLt5uk44TKF+7NsvDYGgFGkC+BlSI8x2yd79680dBaQ9EKNCWjshptY/Bmuej1JhLFwLkcCd5po9OLyUgVUZ+0Qy+Gb2jV/i8oTnrRzRF2/EUL9iyUcQdlrnV9E9WR8w6OZ1IdEv18Y1c1LtfyyxA2rKO1uMyG/eY7+4lqPNREZ4dAHn6wvzX23Hvuw==</ds:SignatureValue><ds:KeyInfo
> Id="KI-83a121bd-fc04-4382-bd51-799bdd0cab16"><wsse:SecurityTokenReference
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
>
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="STR-1f9d82cf-2829-4700-9ab2-8411a9ab44e1"><wsse:KeyIdentifier
> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
>
> ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1";>y5plsGZ1ujCONeUMI+FuNgfF8LU=</wsse:KeyIdentifier></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature></wsse:Security></soap:Header><soap:Body><wst:RequestSecurityToken
>
> xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust";><wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType><wsp:AppliesTo
> xmlns:wsp="http://www.w3.org/ns/ws-policy";><wsa:EndpointReference
> xmlns:wsa="http://www.w3.org/2005/08/addressing";><wsa:Address>https://localhost:8443/mock-vls-ws/services/mockAuthenticationService</wsa:Address></wsa:EndpointReference></wsp:AppliesTo><wst:Lifetime
>
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";><wsu:Created>2017-11-03T13:17:35.389Z</wsu:Created><wsu:Expires>2017-11-03T13:22:35.389Z</wsu:Expires></wst:Lifetime><wst:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</wst:TokenType><wst:KeySize>256</wst:KeySize><wst:Entropy><wst:BinarySecret
>
> Type="http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce";>B/qWqscRUHLbwaB1QKpHEqpMNj3YVN8wwg00dx7GGFw=</wst:BinarySecret></wst:Entropy><wst:ComputedKeyAlgorithm>http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1</wst:ComputedKeyAlgorithm><wst:Renewing/></wst:RequestSecurityToken></soap:Body></soap:Envelope>
> --------------------------------------
> 2017-11-03 08:17:41.379 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleMessage on interceptor
> org.apache.cxf.ws.policy.PolicyInInterceptor@55b10b9d
> 2017-11-03 08:17:41.426 DEBUG [org.apache.cxf.common.logging.LogUtils] Could
> not determine bean name for instance of class
> org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl.
> 2017-11-03 08:17:41.433 DEBUG [org.apache.cxf.common.logging.LogUtils] Could
> not determine bean name for instance of class
> org.apache.cxf.ws.policy.PolicyBuilderImpl.
> 2017-11-03 08:17:41.439 DEBUG [org.apache.cxf.common.logging.LogUtils] Could
> not determine bean name for instance of class
> org.apache.cxf.ws.policy.attachment.ServiceModelPolicyProvider.
> 2017-11-03 08:17:41.452 DEBUG [org.apache.cxf.common.logging.LogUtils] Could
> not determine bean name for instance of class
> org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.
> 2017-11-03 08:17:41.459 DEBUG [org.apache.cxf.common.logging.LogUtils] Could
> not determine bean name for instance of class
> org.apache.cxf.ws.policy.PolicyInterceptorProviderRegistryImpl.
> 2017-11-03 08:17:41.461 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleMessage on interceptor
> org.apache.cxf.interceptor.AttachmentInInterceptor@5ad76477
> 2017-11-03 08:17:41.484 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleMessage on interceptor
> org.apache.cxf.transport.https.CertConstraintsInterceptor@6ce6895d
> 2017-11-03 08:17:41.485 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleMessage on interceptor
> org.apache.cxf.interceptor.StaxInInterceptor@1f5700bc
> 2017-11-03 08:17:41.635 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Adding interceptor
> org.apache.cxf.interceptor.StaxInEndingInterceptor@73e1dac1 to phase
> pre-invoke
> 2017-11-03 08:17:41.636 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Chain org.apache.cxf.phase.PhaseInterceptorChain@477ce666 was modified.
> Current flow:
> receive [LoggingInInterceptor, PolicyInInterceptor, AttachmentInInterceptor]
> pre-stream [CertConstraintsInterceptor]
> post-stream [StaxInInterceptor]
> read [WSDLGetInterceptor, ReadHeadersInterceptor, SoapActionInInterceptor,
> StartBodyInterceptor, JavascriptGetInterceptor]
> pre-protocol [MEXInInterceptor, MustUnderstandInterceptor]
> post-protocol [CheckFaultInterceptor, JAXBAttachmentSchemaValidationHack]
> unmarshal [DocLiteralInInterceptor, SoapHeaderInterceptor]
> pre-logical [OneWayProcessorInterceptor]
> post-logical [WrapperClassInInterceptor]
> pre-invoke [StaxInEndingInterceptor, SwAInInterceptor, HolderInInterceptor]
> invoke [ServiceInvokerInterceptor]
> post-invoke [OutgoingChainInterceptor]
>
> 2017-11-03 08:17:41.636 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleMessage on interceptor
> org.apache.cxf.frontend.WSDLGetInterceptor@6a36782f
> 2017-11-03 08:17:41.636 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleMessage on interceptor
> org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor@623e41c7
> 2017-11-03 08:17:41.687 DEBUG [org.apache.cxf.common.logging.LogUtils] Could
> not determine bean name for instance of class
> org.apache.cxf.bus.managers.HeaderManagerImpl.
> 2017-11-03 08:17:41.700 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleMessage on interceptor
> org.apache.cxf.binding.soap.interceptor.SoapActionInInterceptor@4679e479
> 2017-11-03 08:17:41.703 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Adding interceptor
> org.apache.cxf.binding.soap.interceptor.SoapActionInInterceptor$SoapActionInAttemptTwoInterceptor@378dc13f
> to phase pre-logical
> 2017-11-03 08:17:41.704 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Chain org.apache.cxf.phase.PhaseInterceptorChain@477ce666 was modified.
> Current flow:
> receive [LoggingInInterceptor, PolicyInInterceptor, AttachmentInInterceptor]
> pre-stream [CertConstraintsInterceptor]
> post-stream [StaxInInterceptor]
> read [WSDLGetInterceptor, ReadHeadersInterceptor, SoapActionInInterceptor,
> StartBodyInterceptor, JavascriptGetInterceptor]
> pre-protocol [MEXInInterceptor, MustUnderstandInterceptor]
> post-protocol [CheckFaultInterceptor, JAXBAttachmentSchemaValidationHack]
> unmarshal [DocLiteralInInterceptor, SoapHeaderInterceptor]
> pre-logical [OneWayProcessorInterceptor, SoapActionInAttemptTwoInterceptor]
> post-logical [WrapperClassInInterceptor]
> pre-invoke [StaxInEndingInterceptor, SwAInInterceptor, HolderInInterceptor]
> invoke [ServiceInvokerInterceptor]
> post-invoke [OutgoingChainInterceptor]
>
> 2017-11-03 08:17:41.705 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleMessage on interceptor
> org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor@6bed3bd5
> 2017-11-03 08:17:41.705 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleMessage on interceptor
> org.apache.cxf.javascript.JavascriptGetInterceptor@337134db
> 2017-11-03 08:17:41.706 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleMessage on interceptor
> org.apache.cxf.ws.mex.MEXInInterceptor@5fb7ae4a
> 2017-11-03 08:17:41.706 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleMessage on interceptor
> org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor@23d1791f
> 2017-11-03 08:17:41.712 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Adding interceptor
> org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$UltimateReceiverMustUnderstandInterceptor@59039a16
> to phase invoke
> 2017-11-03 08:17:41.712 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Chain org.apache.cxf.phase.PhaseInterceptorChain@477ce666 was modified.
> Current flow:
> receive [LoggingInInterceptor, PolicyInInterceptor, AttachmentInInterceptor]
> pre-stream [CertConstraintsInterceptor]
> post-stream [StaxInInterceptor]
> read [WSDLGetInterceptor, ReadHeadersInterceptor, SoapActionInInterceptor,
> StartBodyInterceptor, JavascriptGetInterceptor]
> pre-protocol [MEXInInterceptor, MustUnderstandInterceptor]
> post-protocol [CheckFaultInterceptor, JAXBAttachmentSchemaValidationHack]
> unmarshal [DocLiteralInInterceptor, SoapHeaderInterceptor]
> pre-logical [OneWayProcessorInterceptor, SoapActionInAttemptTwoInterceptor]
> post-logical [WrapperClassInInterceptor]
> pre-invoke [StaxInEndingInterceptor, SwAInInterceptor, HolderInInterceptor]
> invoke [ServiceInvokerInterceptor, UltimateReceiverMustUnderstandInterceptor]
> post-invoke [OutgoingChainInterceptor]
>
> 2017-11-03 08:17:41.713 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Adding interceptor
> org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$MustUnderstandEndingInterceptor@57c5b6a6
> to phase pre-logical
> 2017-11-03 08:17:41.713 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Chain org.apache.cxf.phase.PhaseInterceptorChain@477ce666 was modified.
> Current flow:
> receive [LoggingInInterceptor, PolicyInInterceptor, AttachmentInInterceptor]
> pre-stream [CertConstraintsInterceptor]
> post-stream [StaxInInterceptor]
> read [WSDLGetInterceptor, ReadHeadersInterceptor, SoapActionInInterceptor,
> StartBodyInterceptor, JavascriptGetInterceptor]
> pre-protocol [MEXInInterceptor, MustUnderstandInterceptor]
> post-protocol [CheckFaultInterceptor, JAXBAttachmentSchemaValidationHack]
> unmarshal [DocLiteralInInterceptor, SoapHeaderInterceptor]
> pre-logical [OneWayProcessorInterceptor, SoapActionInAttemptTwoInterceptor,
> MustUnderstandEndingInterceptor]
> post-logical [WrapperClassInInterceptor]
> pre-invoke [StaxInEndingInterceptor, SwAInInterceptor, HolderInInterceptor]
> invoke [ServiceInvokerInterceptor, UltimateReceiverMustUnderstandInterceptor]
> post-invoke [OutgoingChainInterceptor]
>
> 2017-11-03 08:17:41.714 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleMessage on interceptor
> org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor@3959876d
> 2017-11-03 08:17:41.714 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleMessage on interceptor
> org.apache.cxf.jaxb.attachment.JAXBAttachmentSchemaValidationHack@31c082f3
> 2017-11-03 08:17:41.714 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleMessage on interceptor
> org.apache.cxf.wsdl.interceptors.DocLiteralInInterceptor@24ded702
> 2017-11-03 08:17:41.730 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleFault on interceptor
> org.apache.cxf.wsdl.interceptors.DocLiteralInInterceptor@24ded702
> 2017-11-03 08:17:41.731 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleFault on interceptor
> org.apache.cxf.jaxb.attachment.JAXBAttachmentSchemaValidationHack@31c082f3
> 2017-11-03 08:17:41.731 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleFault on interceptor
> org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor@3959876d
> 2017-11-03 08:17:41.731 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleFault on interceptor
> org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor@23d1791f
> 2017-11-03 08:17:41.732 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleFault on interceptor
> org.apache.cxf.ws.mex.MEXInInterceptor@5fb7ae4a
> 2017-11-03 08:17:41.732 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleFault on interceptor
> org.apache.cxf.javascript.JavascriptGetInterceptor@337134db
> 2017-11-03 08:17:41.733 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleFault on interceptor
> org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor@6bed3bd5
> 2017-11-03 08:17:41.733 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleFault on interceptor
> org.apache.cxf.binding.soap.interceptor.SoapActionInInterceptor@4679e479
> 2017-11-03 08:17:41.733 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleFault on interceptor
> org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor@623e41c7
> 2017-11-03 08:17:41.733 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleFault on interceptor
> org.apache.cxf.frontend.WSDLGetInterceptor@6a36782f
> 2017-11-03 08:17:41.734 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleFault on interceptor
> org.apache.cxf.interceptor.StaxInInterceptor@1f5700bc
> 2017-11-03 08:17:41.734 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleFault on interceptor
> org.apache.cxf.transport.https.CertConstraintsInterceptor@6ce6895d
> 2017-11-03 08:17:41.734 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleFault on interceptor
> org.apache.cxf.interceptor.AttachmentInInterceptor@5ad76477
> 2017-11-03 08:17:41.734 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleFault on interceptor
> org.apache.cxf.ws.policy.PolicyInInterceptor@55b10b9d
> 2017-11-03 08:17:41.735 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleFault on interceptor
> org.apache.cxf.interceptor.LoggingInInterceptor@74843c6e
> 2017-11-03 08:17:41.739 WARN [org.apache.cxf.common.logging.LogUtils]
> Interceptor for {http://aamva.org/authentication/3.1.0}AuthenticationService
> has thrown exception, unwinding now
> org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers:
> [{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security]
> are not understood.
> at
> org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor.handleFault(MustUnderstandInterceptor.java:107)
> ~[cxf-rt-bindings-soap-3.1.12.jar:3.1.12]
> at
> org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor.handleFault(MustUnderstandInterceptor.java:49)
> ~[cxf-rt-bindings-soap-3.1.12.jar:3.1.12]
> at
> org.apache.cxf.phase.PhaseInterceptorChain.unwind(PhaseInterceptorChain.java:491)
> [cxf-core-3.1.12.jar:3.1.12]
> at
> org.apache.cxf.phase.PhaseInterceptorChain.wrapExceptionAsFault(PhaseInterceptorChain.java:342)
> [cxf-core-3.1.12.jar:3.1.12]
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:324)
> [cxf-core-3.1.12.jar:3.1.12]
> at
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
> [cxf-core-3.1.12.jar:3.1.12]
> at
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:263)
> [cxf-rt-transports-http-3.1.12.jar:3.1.12]
> at
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
> [cxf-rt-transports-http-3.1.12.jar:3.1.12]
> at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
> [cxf-rt-transports-http-3.1.12.jar:3.1.12]
> at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
> [cxf-rt-transports-http-3.1.12.jar:3.1.12]
> at
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:189)
> [cxf-rt-transports-http-3.1.12.jar:3.1.12]
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:299)
> [cxf-rt-transports-http-3.1.12.jar:3.1.12]
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:218)
> [cxf-rt-transports-http-3.1.12.jar:3.1.12]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:644)
> [servlet-api.jar:?]
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:274)
> [cxf-rt-transports-http-3.1.12.jar:3.1.12]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291)
> [catalina.jar:8.0.18]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> [catalina.jar:8.0.18]
> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
> [tomcat-websocket.jar:8.0.18]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
> [catalina.jar:8.0.18]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> [catalina.jar:8.0.18]
> at
> org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71)
> [log4j-web-2.8.jar:2.8]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
> [catalina.jar:8.0.18]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> [catalina.jar:8.0.18]
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
> [catalina.jar:8.0.18]
> at
> org.apache.catalina.core.StandardContextValve.__invoke(StandardContextValve.java:106)
> [catalina.jar:8.0.18]
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java)
> [catalina.jar:8.0.18]
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
> [catalina.jar:8.0.18]
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
> [catalina.jar:8.0.18]
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
> [catalina.jar:8.0.18]
> at
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:610)
> [catalina.jar:8.0.18]
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
> [catalina.jar:8.0.18]
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:516)
> [catalina.jar:8.0.18]
> at
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1086)
> [tomcat-coyote.jar:8.0.18]
> at
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:659)
> [tomcat-coyote.jar:8.0.18]
> at
> org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:223)
> [tomcat-coyote.jar:8.0.18]
> at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1558)
> [tomcat-coyote.jar:8.0.18]
> at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1515)
> [tomcat-coyote.jar:8.0.18]
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> [?:1.8.0_40]
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> [?:1.8.0_40]
> at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> [tomcat-util.jar:8.0.18]
> at java.lang.Thread.run(Thread.java:745) [?:1.8.0_40]
> 2017-11-03 08:17:41.762 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Adding interceptor org.apache.cxf.interceptor.LoggingOutInterceptor@230a5d8a
> to phase pre-stream
> 2017-11-03 08:17:41.763 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Adding interceptor
> org.apache.cxf.ws.policy.ServerPolicyOutFaultInterceptor@4009adf5 to phase
> setup
> 2017-11-03 08:17:41.763 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Adding interceptor org.apache.cxf.interceptor.LoggingOutInterceptor@1b864145
> to phase pre-stream
> 2017-11-03 08:17:41.764 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Adding interceptor
> org.apache.cxf.jaxws.interceptors.WebFaultOutInterceptor@5f1819c0 to phase
> pre-protocol
> 2017-11-03 08:17:41.764 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Adding interceptor
> org.apache.cxf.interceptor.MessageSenderInterceptor@2e8ff9a4 to phase
> prepare-send
> 2017-11-03 08:17:41.765 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Adding interceptor org.apache.cxf.interceptor.StaxOutInterceptor@23e49f85 to
> phase pre-stream
> 2017-11-03 08:17:41.765 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Adding interceptor
> org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor@ac17ed5 to phase
> write
> 2017-11-03 08:17:41.765 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Adding interceptor
> org.apache.cxf.interceptor.AttachmentOutInterceptor@1588a054 to phase
> pre-stream
> 2017-11-03 08:17:41.766 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Adding interceptor
> org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor@449b3998 to phase
> write
> 2017-11-03 08:17:41.766 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Adding interceptor
> org.apache.cxf.binding.soap.interceptor.SoapHeaderOutFilterInterceptor@43849e39
> to phase pre-logical
> 2017-11-03 08:17:41.767 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Adding interceptor
> org.apache.cxf.binding.soap.interceptor.Soap12FaultOutInterceptor@4232774a to
> phase prepare-send
> 2017-11-03 08:17:41.767 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Chain org.apache.cxf.phase.PhaseInterceptorChain@12e8e558 was created.
> Current flow:
> setup [ServerPolicyOutFaultInterceptor]
> pre-logical [SoapHeaderOutFilterInterceptor]
> prepare-send [MessageSenderInterceptor, Soap12FaultOutInterceptor]
> pre-stream [LoggingOutInterceptor, AttachmentOutInterceptor,
> StaxOutInterceptor]
> pre-protocol [WebFaultOutInterceptor]
> write [SoapOutInterceptor]
>
> 2017-11-03 08:17:41.768 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleMessage on interceptor
> org.apache.cxf.ws.policy.ServerPolicyOutFaultInterceptor@4009adf5
> 2017-11-03 08:17:41.769 DEBUG
> [org.apache.cxf.ws.policy.ServerPolicyOutFaultInterceptor] No binding
> operation info.
> 2017-11-03 08:17:41.770 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleMessage on interceptor
> org.apache.cxf.binding.soap.interceptor.SoapHeaderOutFilterInterceptor@43849e39
> 2017-11-03 08:17:41.770 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleMessage on interceptor
> org.apache.cxf.interceptor.MessageSenderInterceptor@2e8ff9a4
> 2017-11-03 08:17:41.784 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Adding interceptor
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor@5891e97c
> to phase prepare-send-ending
> 2017-11-03 08:17:41.784 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Chain org.apache.cxf.phase.PhaseInterceptorChain@12e8e558 was modified.
> Current flow:
> setup [ServerPolicyOutFaultInterceptor]
> pre-logical [SoapHeaderOutFilterInterceptor]
> prepare-send [MessageSenderInterceptor, Soap12FaultOutInterceptor]
> pre-stream [LoggingOutInterceptor, AttachmentOutInterceptor,
> StaxOutInterceptor]
> pre-protocol [WebFaultOutInterceptor]
> write [SoapOutInterceptor]
> prepare-send-ending [MessageSenderEndingInterceptor]
>
> 2017-11-03 08:17:41.785 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleMessage on interceptor
> org.apache.cxf.binding.soap.interceptor.Soap12FaultOutInterceptor@4232774a
> 2017-11-03 08:17:41.789 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Adding interceptor
> org.apache.cxf.binding.soap.interceptor.Soap12FaultOutInterceptor$Soap12FaultOutInterceptorInternal@e286796
> to phase marshal
> 2017-11-03 08:17:41.790 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Chain org.apache.cxf.phase.PhaseInterceptorChain@12e8e558 was modified.
> Current flow:
> setup [ServerPolicyOutFaultInterceptor]
> pre-logical [SoapHeaderOutFilterInterceptor]
> prepare-send [MessageSenderInterceptor, Soap12FaultOutInterceptor]
> pre-stream [LoggingOutInterceptor, AttachmentOutInterceptor,
> StaxOutInterceptor]
> pre-protocol [WebFaultOutInterceptor]
> write [SoapOutInterceptor]
> marshal [Soap12FaultOutInterceptorInternal]
> prepare-send-ending [MessageSenderEndingInterceptor]
>
> 2017-11-03 08:17:41.790 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleMessage on interceptor
> org.apache.cxf.interceptor.LoggingOutInterceptor@230a5d8a
> 2017-11-03 08:17:41.798 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleMessage on interceptor
> org.apache.cxf.interceptor.AttachmentOutInterceptor@1588a054
> 2017-11-03 08:17:41.806 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Adding interceptor
> org.apache.cxf.interceptor.AttachmentOutInterceptor$AttachmentOutEndingInterceptor@131f6cbf
> to phase pre-stream-ending
> 2017-11-03 08:17:41.807 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Chain org.apache.cxf.phase.PhaseInterceptorChain@12e8e558 was modified.
> Current flow:
> setup [ServerPolicyOutFaultInterceptor]
> pre-logical [SoapHeaderOutFilterInterceptor]
> prepare-send [MessageSenderInterceptor, Soap12FaultOutInterceptor]
> pre-stream [LoggingOutInterceptor, AttachmentOutInterceptor,
> StaxOutInterceptor]
> pre-protocol [WebFaultOutInterceptor]
> write [SoapOutInterceptor]
> marshal [Soap12FaultOutInterceptorInternal]
> pre-stream-ending [AttachmentOutEndingInterceptor]
> prepare-send-ending [MessageSenderEndingInterceptor]
>
> 2017-11-03 08:17:41.808 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleMessage on interceptor
> org.apache.cxf.interceptor.StaxOutInterceptor@23e49f85
> 2017-11-03 08:17:41.849 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Adding interceptor
> org.apache.cxf.interceptor.StaxOutEndingInterceptor@49353d7b to phase
> pre-stream-ending
> 2017-11-03 08:17:41.849 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Chain org.apache.cxf.phase.PhaseInterceptorChain@12e8e558 was modified.
> Current flow:
> setup [ServerPolicyOutFaultInterceptor]
> pre-logical [SoapHeaderOutFilterInterceptor]
> prepare-send [MessageSenderInterceptor, Soap12FaultOutInterceptor]
> pre-stream [LoggingOutInterceptor, AttachmentOutInterceptor,
> StaxOutInterceptor]
> pre-protocol [WebFaultOutInterceptor]
> write [SoapOutInterceptor]
> marshal [Soap12FaultOutInterceptorInternal]
> pre-stream-ending [AttachmentOutEndingInterceptor, StaxOutEndingInterceptor]
> prepare-send-ending [MessageSenderEndingInterceptor]
>
> 2017-11-03 08:17:41.849 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleMessage on interceptor
> org.apache.cxf.jaxws.interceptors.WebFaultOutInterceptor@5f1819c0
> 2017-11-03 08:17:41.850 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleMessage on interceptor
> org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor@ac17ed5
> 2017-11-03 08:17:41.855 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Adding interceptor
> org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor$SoapOutEndingInterceptor@6be61ce3
> to phase write-ending
> 2017-11-03 08:17:41.858 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Chain org.apache.cxf.phase.PhaseInterceptorChain@12e8e558 was modified.
> Current flow:
> setup [ServerPolicyOutFaultInterceptor]
> pre-logical [SoapHeaderOutFilterInterceptor]
> prepare-send [MessageSenderInterceptor, Soap12FaultOutInterceptor]
> pre-stream [LoggingOutInterceptor, AttachmentOutInterceptor,
> StaxOutInterceptor]
> pre-protocol [WebFaultOutInterceptor]
> write [SoapOutInterceptor]
> marshal [Soap12FaultOutInterceptorInternal]
> write-ending [SoapOutEndingInterceptor]
> pre-stream-ending [AttachmentOutEndingInterceptor, StaxOutEndingInterceptor]
> prepare-send-ending [MessageSenderEndingInterceptor]
>
> 2017-11-03 08:17:41.859 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleMessage on interceptor
> org.apache.cxf.binding.soap.interceptor.Soap12FaultOutInterceptor$Soap12FaultOutInterceptorInternal@e286796
> 2017-11-03 08:17:41.859 INFO
> [org.apache.cxf.binding.soap.interceptor.Soap12FaultOutInterceptor$Soap12FaultOutInterceptorInternal]
> class
> org.apache.cxf.binding.soap.interceptor.Soap12FaultOutInterceptor$Soap12FaultOutInterceptorInternalmultipart/related;
> type="application/xop+xml";
> boundary="uuid:961564f5-6667-4912-908f-52a80252797f";
> start="<[email protected]>"; start-info="application/soap+xml"
> 2017-11-03 08:17:41.860 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleMessage on interceptor
> org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor$SoapOutEndingInterceptor@6be61ce3
> 2017-11-03 08:17:41.860 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleMessage on interceptor
> org.apache.cxf.interceptor.AttachmentOutInterceptor$AttachmentOutEndingInterceptor@131f6cbf
> 2017-11-03 08:17:41.861 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleMessage on interceptor
> org.apache.cxf.interceptor.StaxOutEndingInterceptor@49353d7b
> 2017-11-03 08:17:41.861 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain]
> Invoking handleMessage on interceptor
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor@5891e97c
> 2017-11-03 08:17:41.861 INFO
> [org.apache.cxf.interceptor.AbstractLoggingInterceptor] Outbound Message
> ---------------------------
> ID: 1
> Response-Code: 500
> Encoding: UTF-8
> Content-Type: multipart/related; type="application/xop+xml";
> boundary="uuid:961564f5-6667-4912-908f-52a80252797f";
> start="<[email protected]>"; start-info="application/soap+xml"
> Headers: {}
> Payload: --uuid:961564f5-6667-4912-908f-52a80252797f
> Content-Type: application/xop+xml; charset=UTF-8; type="application/soap+xml"
> Content-Transfer-Encoding: binary
> Content-ID: <[email protected]>
>
> <soap:Envelope
> xmlns:soap="http://www.w3.org/2003/05/soap-envelope";><soap:Body><soap:Fault><soap:Code><soap:Value>soap:MustUnderstand</soap:Value></soap:Code><soap:Reason><soap:Text
> xml:lang="en">MustUnderstand headers:
> [{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security]
> are not
> understood.</soap:Text></soap:Reason></soap:Fault></soap:Body></soap:Envelope>
> --uuid:961564f5-6667-4912-908f-52a80252797f--
> --------------------------------------
> 2017-11-03 08:17:41.870 DEBUG
> [org.apache.cxf.transport.http.AbstractHTTPDestination] Finished servicing
> http request on thread: Thread[http-nio-8443-exec-7,5,main]
> 2017-11-03 08:17:41.870 DEBUG
> [org.apache.cxf.transport.servlet.ServletController] Finished servicing http
> request on thread: Thread[http-nio-8443-exec-7,5,main]
>
>
> From: Colm O hEigeartaigh [mailto:[email protected]]
> Sent: Friday, November 03, 2017 8:30 AM
> To: Morein, Arnie
> Cc: [email protected]
> Subject: Re: Help with configuring web service to match security from WSDL
>
> CAUTION: This email was received from an EXTERNAL source, use caution when
> clicking links or opening attachments
> If you believe this to be a malicious and/or phishing email, please send this
> email as an attachment to [email protected]<mailto:[email protected]>.
>
>
> All I can suggest is add the CXF logging interceptors and enable debug
> logging. Then see what the "inbound" message is (and whether it is on the
> client or service side) that is causing the problem.
> Colm.
>
> On Fri, Nov 3, 2017 at 1:26 PM, Morein, Arnie
> <[email protected]<mailto:[email protected]>> wrote:
> What about a SOAP handler? Or is something else missing or mis-configured?
>
> -----Original Message-----
> From: Morein, Arnie
> Sent: Friday, November 03, 2017 8:13 AM
> To: [email protected]<mailto:[email protected]>;
> '[email protected]<mailto:[email protected]>'
> Subject: RE: Help with configuring web service to match security from WSDL
>
> No.
>
> -----Original Message-----
> From: Colm O hEigeartaigh
> [mailto:[email protected]<mailto:[email protected]>]
> Sent: Friday, November 03, 2017 8:12 AM
> To: Morein, Arnie
> Cc: [email protected]<mailto:[email protected]>
> Subject: Re: Help with configuring web service to match security from WSDL
>
> Do you have a test-case I can take a look at?
>
> Colm.
>
> On Fri, Nov 3, 2017 at 1:07 PM, Morein, Arnie
> <[email protected]<mailto:[email protected]>>
> wrote:
>
>> Yes, In fact most of the CXF package is imported via Maven.
>>
>> -----Original Message-----
>> From: Colm O hEigeartaigh
>> [mailto:[email protected]<mailto:[email protected]>]
>> Sent: Friday, November 03, 2017 8:03 AM
>> To: Morein, Arnie
>> Cc: [email protected]<mailto:[email protected]>
>> Subject: Re: Help with configuring web service to match security from
>> WSDL
>>
>> Have you got the cxf-rt-ws-policy on the classpath?
>>
>> Colm.
>>
>> On Fri, Nov 3, 2017 at 12:53 PM, Morein, Arnie <
>> [email protected]<mailto:[email protected]>>
>> wrote:
>>
>>> That's what I was afraid of. I removed the registration of the
>>> intercepters and now am getting:
>>>
>>> org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers: [{
>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-
>>> wssecurity-secext-1.0.xsd}Security] are not understood.
>>>
>>> Both without and with the following properties added to the end point:
>>>
>>> <jaxws:properties>
>>> <entry key="security.callback-handler.sct"
>>> value="gov.uscis.uscis.xsd.esb.authentication.
>>> AuthenticationServicePasswordCallback" />
>>> <entry key="security.signature.properties.sct"
>>> value="cxf/crypto.properties" />
>>> <entry key="security.encryption.username.sct"
>>> value="dls-vls-mock-service-client-key" />
>>> </jaxws:properties>
>>>
>>> I must say, the documentation is very vague in places. I'm assuming
>>> that "username" is the JKS alias of the key used to sign/etc. the
>> messages.
>>>
>>> So what I have I left out now?
>>>
>>> What's more confusing is that the WAR containing the mock service is
>>> running in the same VM on my machine as the client. I deploy the
>>> service first (no errors) and then the client, then it attempts to
>>> connect. The logging doesn't clearly indicate if the exception is
>>> coming from the client or the server. Could that be the case?
>>>
>>>
>>> -----Original Message-----
>>> From: Colm O hEigeartaigh
>>> [mailto:[email protected]<mailto:[email protected]>]
>>> Sent: Friday, November 03, 2017 3:17 AM
>>> To: [email protected]<mailto:[email protected]>
>>> Subject: Re: Help with configuring web service to match security
>>> from WSDL
>>>
>>> Hi,
>>>
>>> You are mixing up the two different ways of configuring WS-Security
>>> in
>> CXF.
>>> When there is a security policy available, then you don't manually
>>> configure the WSS4JInInterceptor or WSS4JOutInterceptors. They are
>>> used when there is no security policy and you have to manually tell
>>> CXF what WS-Security actions to perform. Instead the configuration
>>> is a lot simpler for the policy case.
>>>
>>> I'd suggest you look at the example test-case for
>>> WS-SecureConversation in the CXF source:
>>>
>>> https://github.com/apache/cxf/blob/master/systests/ws-
>>> security-examples/src/test/java/org/apache/cxf/systest/
>>> wssec/examples/secconv/SecureConversationTest.java
>>>
>>> In particular, the service configuration is here:
>>>
>>> https://github.com/apache/cxf/blob/master/systests/ws-
>>> security-examples/src/test/resources/org/apache/cxf/
>>> systest/wssec/examples/secconv/server.xml
>>>
>>> Colm.
>>>
>>> On Fri, Nov 3, 2017 at 2:43 AM, Morein, Arnie
>>> <[email protected]<mailto:[email protected]>
>>>>
>>> wrote:
>>>
>>>> I have created a mock service based on a WSDL from a vendor that
>>>> is already in use.
>>>>
>>>> One of the calls requires that the message be
>>>> timestamped/signed/encrypted before transmission.
>>>>
>>>> The real service provider issued an X.509 certificate for our use.
>>>> I have had our internal folks issue one like it with the same extensions.
>>>>
>>>> Everything is in place, but when the client app hits my mock
>>>> service, it gets an error that is neither clear or helpful:
>>>>
>>>>
>>>> org.apache.cxf.binding.soap.SoapFault: A security error was
>>>> encountered when verifying the message ...
>>>> Caused by: org.apache.wss4j.common.ext.WSSecurityException: An
>>>> error was discovered processing the <wsse:Security> header
>>>>
>>>> Digging into the CXF trace log, I barely managed to find these:
>>>>
>>>> 2017-11-02 19:49:52.018 DEBUG
>>>> [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor]
>>>> WSS4JInInterceptor: enter handleMessage()
>>>> 2017-11-02 19:49:54.037 WARN [org.apache.cxf.ws.security.
>>> wss4j.WSS4JInInterceptor]
>>>> Security processing failed (actions mismatch)
>>>>
>>>> The messages are being generated by CXF (wsdl2java situation).
>>>>
>>>> The WSDL policy section is thus:
>>>>
>>>> <wsp:Policy wsu:Id="wsHttpEndPoint_policy">
>>>> <wsp:ExactlyOne>
>>>> <wsp:All>
>>>> <sp:TransportBinding
>>>>
>>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/
>>>> securitypolicy"
>>>>>
>>>> <wsp:Policy>
>>>> <sp:TransportToken>
>>>> <wsp:Policy>
>>>> <sp:HttpsToken
>>>> RequireClientCertificate="false"
>> />
>>>> </wsp:Policy>
>>>> </sp:TransportToken>
>>>> <sp:AlgorithmSuite>
>>>> <wsp:Policy>
>>>> <sp:Basic256 />
>>>> </wsp:Policy>
>>>> </sp:AlgorithmSuite>
>>>> <sp:Layout>
>>>> <wsp:Policy>
>>>> <sp:Strict />
>>>> </wsp:Policy>
>>>> </sp:Layout>
>>>> <sp:IncludeTimestamp />
>>>> </wsp:Policy>
>>>> </sp:TransportBinding>
>>>> <sp:EndorsingSupportingTokens
>>>>
>>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/
>>>> securitypolicy"
>>>>>
>>>> <wsp:Policy>
>>>> <sp:SecureConversationToken
>>>> sp:IncludeToken="http://
>>>> schemas.xmlsoap.org/ws/2005/07/securitypolicy/<http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/>
>>>> IncludeToken/AlwaysToRecipient"
>>>>>
>>>> <wsp:Policy>
>>>> <sp:BootstrapPolicy>
>>>> <wsp:Policy>
>>>> <sp:SignedParts>
>>>> <sp:Body />
>>>> <sp:Header
>>>> Name="To"
>>>> Namespace="
>>>> http://www.w3.org/2005/08/addressing"; />
>>>> <sp:Header
>>>> Name="From"
>>>> Namespace="
>>>> http://www.w3.org/2005/08/addressing"; />
>>>> <sp:Header
>>>> Name="FaultTo"
>>>> Namespace="
>>>> http://www.w3.org/2005/08/addressing"; />
>>>> <sp:Header
>>>> Name="ReplyTo"
>>>> Namespace="
>>>> http://www.w3.org/2005/08/addressing"; />
>>>> <sp:Header
>>>> Name="MessageID"
>>>> Namespace="
>>>> http://www.w3.org/2005/08/addressing"; />
>>>> <sp:Header
>>>> Name="RelatesTo"
>>>> Namespace="
>>>> http://www.w3.org/2005/08/addressing"; />
>>>> <sp:Header
>>>> Name="Action"
>>>> Namespace="
>>>> http://www.w3.org/2005/08/addressing"; />
>>>> </sp:SignedParts>
>>>> <sp:EncryptedParts>
>>>> <sp:Body />
>>>> </sp:EncryptedParts>
>>>> <sp:TransportBinding>
>>>> <wsp:Policy>
>>>> <sp:TransportToken>
>>>> <wsp:Policy>
>>>>
>>>> <sp:HttpsToken
>>>>
>>>> RequireClientCertificate="false" />
>>>> </wsp:Policy>
>>>> </sp:TransportToken>
>>>> <sp:AlgorithmSuite>
>>>> <wsp:Policy>
>>>> <sp:Basic256 />
>>>> </wsp:Policy>
>>>> </sp:AlgorithmSuite>
>>>> <sp:Layout>
>>>> <wsp:Policy>
>>>> <sp:Strict />
>>>> </wsp:Policy>
>>>> </sp:Layout>
>>>> <sp:IncludeTimestamp />
>>>> </wsp:Policy>
>>>> </sp:TransportBinding>
>>>> <sp:EndorsingSupportingTokens>
>>>> <wsp:Policy>
>>>> <sp:X509Token
>>>> sp:IncludeToken="
>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/
>>>> IncludeToken/AlwaysToRecipient"
>>>>>
>>>> <wsp:Policy>
>>>>
>>>> <sp:RequireThumbprintReference />
>>>>
>>>> <sp:WssX509V3Token10 />
>>>> </wsp:Policy>
>>>> </sp:X509Token>
>>>> <sp:SignedParts>
>>>> <sp:Header
>>>> Name="To"
>>>> Namespace="
>>>> http://www.w3.org/2005/08/addressing"; />
>>>> </sp:SignedParts>
>>>> </wsp:Policy>
>>>> </sp:
>> EndorsingSupportingTokens>
>>>> <sp:Wss11>
>>>> <wsp:Policy>
>>>>
>>>> <sp:MustSupportRefThumbprint />
>>>> </wsp:Policy>
>>>> </sp:Wss11>
>>>> <sp:Trust10>
>>>> <wsp:Policy>
>>>>
>>>> <sp:MustSupportIssuedTokens />
>>>>
>>>> <sp:RequireClientEntropy
>>> />
>>>>
>>>> <sp:RequireServerEntropy
>>> />
>>>> </wsp:Policy>
>>>> </sp:Trust10>
>>>> </wsp:Policy>
>>>> </sp:BootstrapPolicy>
>>>> </wsp:Policy>
>>>> </sp:SecureConversationToken>
>>>> </wsp:Policy>
>>>> </sp:EndorsingSupportingTokens>
>>>> <sp:Wss11
>>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/
>>>> securitypolicy">
>>>> <wsp:Policy />
>>>> </sp:Wss11>
>>>> <sp:Trust10
>>>>
>>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/
>>>> securitypolicy"
>>>>>
>>>> <wsp:Policy>
>>>> <sp:MustSupportIssuedTokens />
>>>> <sp:RequireClientEntropy />
>>>> <sp:RequireServerEntropy />
>>>> </wsp:Policy>
>>>> </sp:Trust10>
>>>> <wsaw:UsingAddressing />
>>>> </wsp:All>
>>>> </wsp:ExactlyOne>
>>>> </wsp:Policy>
>>>>
>>>> and a message being sent to my mock service looks like:
>>>>
>>>> ID: 1
>>>> Address: https://localhost:8443/mock-vls-ws/services/
>>>> mockAuthenticationService
>>>> Encoding: UTF-8
>>>> Http-Method: POST
>>>> Content-Type: application/soap+xml; action="http://schemas.
>>>> xmlsoap.org/ws/2005/02/trust/RST/SCT<http://xmlsoap.org/ws/2005/02/trust/RST/SCT>";
>>>> charset=UTF-8
>>>> Headers: {Accept=[*/*], cache-control=[no-cache],
>>>> connection=[keep-alive], content-type=[application/soap+xml; action="
>>> http://schemas.
>>>> xmlsoap.org/ws/2005/02/trust/RST/SCT<http://xmlsoap.org/ws/2005/02/trust/RST/SCT>";
>>>> charset=UTF-8],
>>>> host=[localhost:8443], pragma=[no-cache],
>>>> transfer-encoding=[chunked], user-agent=[Apache-CXF/3.1.10]}
>>>> Payload:
>>>> <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope";>
>>>> <soap:Header>
>>>> <Action xmlns="http://www.w3.org/2005/08/addressing";>
>>>> http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</Action>
>>>> <MessageID xmlns="http://www.w3.org/2005/08/addressing
>>> ">urn:uuid:
>>>> d4a37685-340a-41e3-9ad5-33d21601b2b2</MessageID>
>>>> <To xmlns="http://www.w3.org/2005/08/addressing";
>>>>
>>>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-
>>>> 200401-wss-wssecurity-utility-1.0.xsd"
>>>> wsu:Id="_7f09a81a-706a-4d03-932e-c402c7af8d16"
>>>>> https://localhost:8443/mock-vls-ws/services/
>>>> mockAuthenticationService</To>
>>>> <ReplyTo xmlns="http://www.w3.org/2005/08/addressing";>
>>>>
>>>> <Address>http://www.w3.org/2005/08/addressing/anonymous</
>>>> Address>
>>>> </ReplyTo>
>>>> <wsse:Security
>>>>
>>>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-
>>>> 200401-wss-wssecurity-secext-1.0.xsd"
>>>>
>>>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-
>>>> 200401-wss-wssecurity-utility-1.0.xsd"
>>>> soap:mustUnderstand="true"
>>>>>
>>>> <wsse:BinarySecurityToken
>>>>
>>>> EncodingType="http://docs.oasis-open.org/wss/2004/01/
>>>> oasis-200401-wss-soap-message-security-1.0#Base64Binary"
>>>>
>>>> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-
>>>> 200401-wss-x509-token-profile-1.0#X509v3"
>>>> wsu:Id="X509-fbd22553-2805-4f67-af0c-cd552b6c4ea1"
>>>>
>>>>> MIIHPzCCBSegAwIBAgITRAAAc2IaBbGCTk7sGwAAAABzYjANBgkqhkiG9w0B
>>>> AQsFADBBMRMwEQYKCZImiZPyLGQBGRYDRFBTMRMwEQYKCZImiZPyLGQBGRYD
>>>> VExFMRUwEwYDVQQDEwxEUFNJc3N1ZUNBMDEwHhcNMTcxMTAxMTczMTUzWhcN
>>>> MjAxMDMxMTczMTUzWjCBjTELMAkGA1UEBhMCVVMxDjAMBgNVBAgTBVRleGFz
>>>> MQ8wDQYDVQQHEwZBdXN0aW4xKjAoBgNVBAoTIVRleGFzIERlcGFydG1lbnQg
>>>> b2YgUHVibGljIFNhZmV0eTELMAkGA1UECxMCSVQxJDAiBgNVBAMMG2Rwcy5k
>>>> ZXZlbG9wZXJAZHBzLnRleGFzLmdvdjCCASIwDQYJKoZIhvcNAQEBBQADggEP
>>>> ADCCAQoCggEBAIPrRFbLW92EYqeCr/jrEkFaHLP4Zm8lMnpNV1aJtEPuZno3GdBtRN
>>>> ad
>>>> TH
>>>> pg+ x6dKQemTgrpZJIzBCsm6iCWliB2PWqdFbQKt3DQoG4o8fT8DxPNZLod9Y/
>>>> Rfi8Lb7NO33WdFu6JG8KRypTs1mQUItQ03TbKapACMmyoXhctZEgnSkwQUBY
>>>> F6jUHMoOpcxj6pPr/oaV9YMfh4P2eyKxNTdJGJXGe9kUPpLRydgoBq9NHluUfjsxKQ
>>>> 4S
>>>> Tw
>>>> G45+ 8TMZnXZOF3qQpW2Ny1shn5V2wSECZBHiTaTtshcIz6Kxew47nW9DQ2ITpbba
>>>> lYTXdnaBOalKpKkS0r4/96QD2HrYQECAwEAAaOCAuEwggLdMB0
>>>> GA1UdDgQWBBRHFQmUcuBtf6vI5ikCLF1uudlSezAfBgNVHSMEGDAWgBSqB1gVMhLVR
>>>> X/
>>>> DsU7Cy9JdkhJExjCCAQQGA1UdHwSB/DCB+TCB9qCB86CB8IaBt2xkYXA6Ly8vQ04
>>>> 9RFBTSXNzdWVDQTAxLENOPUhEUVBSRElUU0lDQTAwMSxDTj1DRFAsQ049UHV
>>>> ibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJ
>>>> hdGlvbixEQz1UTEUsREM9RFBTP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/
>>>> YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludIY0aHR0cDov
>>>> L2NybC5kcHMudGV4YXMuZ292L2NlcnRlbnJvbGwvRFBTSXNzdWVDQTAxLmNy
>>>> bDCB5QYIKwYBBQUHAQEEgdgwgdUwgacGCCsGAQUFBzAChoGabGRhcDovLy9D
>>>> Tj1EUFNJc3N1ZUNBMDEsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZp
>>>> Y2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9VExFLERDPURQ
>>>> Uz9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdG
>>>> lvbkF1dGhvcml0eTApBggrBgEFBQcwAYYdaHR0cDovL2NybC5kcHMudGV4YX
>>>> MuZ292L29jc3AwCwYDVR0PBAQDAgWgMDwGCSsGAQQBgjcVBwQvMC0GJSsGAQ
>>>> QBgjcVCKu3YYWw7zKHhZsih5egL4PJzHwhhI+/NoO2ljQCAWQCAQUwKQYDVR0lBCIw
>>>> QBgjcVCKu3YYWw7zKHhZsih5egL4PJzHwhhI+IA
>>>> YIKwYBBQUHAwQGCisGAQQBgjcKAwQGCCsGAQUFBwMCMDUGCSsGAQQBgjcVCg
>>>> QoMCYwCgYIKwYBBQUHAwQwDAYKKwYBBAGCNwoDBDAKBggrBgEFBQcDAjANBg
>>>> kqhkiG9w0BAQsFAAOCAgEApbhMNf/KZge1ZtpY9xpokh3Zuo3VbNnIi0A6V
>>>> 5PWE/UN8AXIvq6IsbjES+XLxecIkNmSBvZllSvEzZzSnDy/XFlqVGCYRWS8LDrm/
>>>> 1NAjyr4YXfRZyOTxE7W4RyyBsRpLRk2VsgCZ8wpO9kmG8vogp+
>>>> 6Bd0DQQayuTrJbAtlw0SBBgCd6pIWfG9LoCsvKKmNd6xi65clijxxWm82w14KqlUEc
>>>> R/ mgFoCJLJ1qpshHmqK5nc283nDmlnKB1jdOBHOZ3S6j5YpLlxxWHZhntwd01w
>>>> /wKntwAZDHSagRCSvWz+gct47//chfjcCIzaUqTTY9Pw0VjDy+
>>>> KDgOaVp2lAlHEWs5Ts3nT0AfTJDSDtDmOikyfAJlUIM08jfKUIIMOh1w/
>>>> DC4SEFESl8vnmOimnqN2bFO5KmyulMD4XwWQBxuwmub1eR80Z3//
>>>> hynXp6aCcUEaTswDmlws24Ecv9ILuSVohQC+WtJAB5bbRQTbbuYu+
>>>> taabxGNl9Hyh9zTyNrbM3nG5GkaxtSYy2fNiVqzS88sXOShye3GEfgb0a/
>>>> OFpC736wbMPV+I7HNbqGa9Zi+KdsJLA32cbnJO1g2yThdpT05uoikNN
>>>> QrHuse0RtOZJdpLEnRejW96WQYHmxm/tlL64ZPskl5dnlUrbzTqQ9oyJqueDe
>>>> 1eP9jaId6NjAuKzLkQ=</wsse:BinarySecurityToken>
>>>> <wsu:Timestamp wsu:Id="TS-c1511394-ae6f-4a4c-
>>>> b8c4-a97df1bbd782">
>>>> <wsu:Created>2017-11-02T22:02:30.558Z</wsu:Created>
>>>> <wsu:Expires>2017-11-02T22:07:30.558Z</wsu:Expires>
>>>> </wsu:Timestamp>
>>>> <ds:Signature
>>>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#<http://www.w3.org/2000/09/xmldsig>
>> "
>>>> Id="SIG-d17430ac-1be2-410d-b4ed-389fa2c71d9c"
>>>>>
>>>> <ds:SignedInfo>
>>>> <ds:CanonicalizationMethod
>>>>
>>>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#<http://www.w3.org/2001/10/xml-exc-c14n>
>>>> "
>>>>>
>>>> <ec:InclusiveNamespaces
>>>> xmlns:ec="http://www.w3.org/
>>>> 2001/10/xml-exc-c14n#"
>>>> PrefixList="soap" />
>>>> </ds:CanonicalizationMethod>
>>>> <ds:SignatureMethod
>>>> Algorithm="http://www.w3.org/
>>>> 2000/09/xmldsig#rsa-sha1" />
>>>> <ds:Reference URI="#TS-c1511394-ae6f-4a4c-
>>>> b8c4-a97df1bbd782">
>>>> <ds:Transforms>
>>>> <ds:Transform
>>>> Algorithm="http://www.w3.org/
>>>> 2001/10/xml-exc-c14n#"
>>>>>
>>>> <ec:InclusiveNamespaces
>>>> xmlns:ec="http://www.w3.org/
>>>> 2001/10/xml-exc-c14n#"
>>>> PrefixList="wsse soap" />
>>>> </ds:Transform>
>>>> </ds:Transforms>
>>>> <ds:DigestMethod
>>>> Algorithm="http://www.w3.org/
>>>> 2000/09/xmldsig#sha1" />
>>>>
>>>> <ds:DigestValue>oUUE187y3bNvLUk0KvKAMQi5oS0=</
>>>> ds:DigestValue>
>>>> </ds:Reference>
>>>> <ds:Reference URI="#_7f09a81a-706a-4d03-
>>>> 932e-c402c7af8d16">
>>>> <ds:Transforms>
>>>> <ds:Transform
>>>> Algorithm="http://www.w3.org/
>>>> 2001/10/xml-exc-c14n#"
>>>>>
>>>> <ec:InclusiveNamespaces
>>>> xmlns:ec="http://www.w3.org/
>>>> 2001/10/xml-exc-c14n#"
>>>> PrefixList="soap" />
>>>> </ds:Transform>
>>>> </ds:Transforms>
>>>> <ds:DigestMethod
>>>> Algorithm="http://www.w3.org/
>>>> 2000/09/xmldsig#sha1" />
>>>>
>>>> <ds:DigestValue>J3b0s0Tc7Z9nwyg6ryeyXi5V7Wk=</
>>>> ds:DigestValue>
>>>> </ds:Reference>
>>>> </ds:SignedInfo>
>>>> <ds:SignatureValue>UED8ewbdSQUhh6k7Py+P+
>>>> 5wveYhhM8xwpaBhn5IYKqqPSFzQSkFCG3q7oN/tOL3Oe33N2Xm+
>>>> zPD26Qr7t7LGSEIXUU3ALxtnf8MtS3FRo9C6pxPPC6QuN0dYupPFZnQpYtNB
>>>> L9i9HIRB9dqh9I7NAdz3OGBCjdB8j0scP9V830YSf5fy5Sq5uC2uNV4Ee9tE
>>>> mPbY1yStH8htwPHeQEAFlQ0eNRCGrKL30af9waXGPXetMfuoQPMIbNssImie
>>>> 5cz2O56DGs88bBLZZaLG8LdoouAti9v2DGmlL9A42iJjXs19jQy+HP+4zy/
>>>> vteV/aRhk4t8Q+tJcbn3piy7+pFnuhQ==</ds:SignatureValue>
>>>> <ds:KeyInfo Id="KI-2b2d8678-1047-4bbb-
>>> a9f6-33de176b569e">
>>>> <wsse:SecurityTokenReference
>>>> xmlns:wsse="http://docs.oasis-
>>>> open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd<http://open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd>"
>>>> xmlns:wsu="http://docs.oasis-
>>>> open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd<http://open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd>"
>>>> wsu:Id="STR-2e70c6dd-87f9-
>>> 449e-9659-e0853efef74f"
>>>>>
>>>> <wsse:KeyIdentifier
>>>> EncodingType="http://docs.
>>>> oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-<http://oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message->
>>>> security-1.0#Base64Binary"
>>>> ValueType="http://docs.oasis-
>>>> open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1<http://open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1>"
>>>>> y5plsGZ1ujCONeUMI+FuNgfF8LU=<
>>> /wsse:KeyIdentifier>
>>>> </wsse:SecurityTokenReference>
>>>> </ds:KeyInfo>
>>>> </ds:Signature>
>>>> </wsse:Security>
>>>> </soap:Header>
>>>> <soap:Body>
>>>> <wst:RequestSecurityToken xmlns:wst="http://schemas.
>>>> xmlsoap.org/ws/2005/02/trust<http://xmlsoap.org/ws/2005/02/trust>">
>>>> <wst:RequestType>http://schemas.xmlsoap.org/ws/2005/
>>>> 02/trust/Issue</wst:RequestType>
>>>> <wsp:AppliesTo xmlns:wsp="http://www.w3.org/ns/ws-policy";>
>>>> <wsa:EndpointReference
>>>> xmlns:wsa="http://www.w3.org/ 2005/08/addressing">
>>>>
>>>> <wsa:Address>https://localhost:8443/mock-vls-ws/
>>>> services/mockAuthenticationService</wsa:Address>
>>>> </wsa:EndpointReference>
>>>> </wsp:AppliesTo>
>>>> <wst:Lifetime
>>>>
>>>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-
>>>> 200401-wss-wssecurity-utility-1.0.xsd"
>>>>>
>>>> <wsu:Created>2017-11-02T22:02:29.214Z</wsu:Created>
>>>> <wsu:Expires>2017-11-02T22:07:29.214Z</wsu:Expires>
>>>> </wst:Lifetime>
>>>>
>>>> <wst:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct<
>>>> /wst:TokenType>
>>>> <wst:KeySize>256</wst:KeySize>
>>>> <wst:Entropy>
>>>> <wst:BinarySecret
>>>> Type="http://schemas.xmlsoap.
>>>> org/ws/2005/02/trust/Nonce"
>>>>> 0UEx1yrKYAbPt0/m6tuSeyjFvVV4bE1bvN97D9lT0bw=<
>>>> /wst:BinarySecret>
>>>> </wst:Entropy>
>>>>
>>>> <wst:ComputedKeyAlgorithm>http://schemas.xmlsoap.org/ws/
>>>> 2005/02/trust/CK/PSHA1</wst:ComputedKeyAlgorithm>
>>>> <wst:Renewing />
>>>> </wst:RequestSecurityToken>
>>>> </soap:Body>
>>>> </soap:Envelope>
>>>>
>>>>
>>>> Here is my Spring Endpoint config:
>>>>
>>>>
>>>> <bean id="Aamva_Authentication_Request"
>>>> class="org.apache.cxf.ws<http://org.apache.cxf.ws>.
>>>> security.wss4j.WSS4JInInterceptor">
>>>> <constructor-arg>
>>>> <map>
>>>> <entry key="action" value="Timestamp Signature" />
>>>> <entry key="user" value="dls-vls-mock-service-
>>> client-key"
>>>> />
>>>> <entry key="passwordType" value="PasswordText" />
>>>> <entry key="passwordCallbackClass"
>>>> value="gov.uscis.uscis.xsd.esb.authentication.
>>>> AuthenticationServicePasswordCallback" />
>>>> <entry key="decryptionPropFile" value="cxf/cxf-crypto.
>>> properties"
>>>> />
>>>> <entry key="signaturePropFile" value="cxf/cxf-crypto.
>>> properties"
>>>> />
>>>> <entry key="signatureUser"
>>>> value="dls-vls-mock-service-
>>> client-key"
>>>> />
>>>> <entry key="signatureKeyIdentifier"
>>>> value="X509KeyIdentifier " />
>>>> <entry key="signatureParts"
>>>> value="{Element}{http://docs.
>>>> oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0<http://oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0>.
>>>> xs d} BinarySecurityToken;{Element}{http://docs.oasis-open.org/
>>>> wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}
>>>> Timestamp;{}{http://www.w3.org/2000/09/xmldsig}Signature<http://www.w3.org/2000/09/xmldsig%7dSignature>;
>>>> {Content}{http://schemas.xmlsoap.org/soap/envelope/}Body<http://schemas.xmlsoap.org/soap/envelope/%7dBody>;"
>>>> />
>>>>
>>>> <!--
>>>> <entry key="encryptionPropFile" value="cxf/cxf-crypto.
>>> properties"
>>>> />
>>>> <entry key="encryptionParts"
>>>>
>>>> value="{Content}{http://schemas.xmlsoap.org/ws/2005/
>>>> 07/securitypolicy}Body;" />
>>>> -->
>>>> </map>
>>>> </constructor-arg>
>>>> </bean>
>>>>
>>>> <bean id="Aamva_Authentication_Response"
>>>> class="org.apache.cxf.ws<http://org.apache.cxf.ws>.
>>>> security.wss4j.WSS4JOutInterceptor">
>>>> <constructor-arg>
>>>> <map>
>>>> <entry key="action" value="Timestamp Signature" />
>>>> <entry key="user" value="dls-vls-mock-service-
>>> client-key"
>>>> />
>>>> <entry key="passwordType" value="PasswordText" />
>>>> <entry key="passwordCallbackClass"
>>>> value="gov.uscis.uscis.xsd.esb.authentication.
>>>> AuthenticationServicePasswordCallback" />
>>>> <entry key="signaturePropFile" value="cxf/cxf-crypto.
>>> properties"
>>>> />
>>>> <entry key="signatureKeyIdentifier"
>>>> value="X509KeyIdentifier " />
>>>> <entry key="signatureParts"
>>>> value="{Element}{http://docs.
>>>> oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0<http://oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0>.
>>>> xs d} BinarySecurityToken;{Element}{http://docs.oasis-open.org/
>>>> wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}
>>>> Timestamp;{}{http://www.w3.org/2000/09/xmldsig}Signature<http://www.w3.org/2000/09/xmldsig%7dSignature>;
>>>> {Content}{http://schemas.xmlsoap.org/soap/envelope/}Body<http://schemas.xmlsoap.org/soap/envelope/%7dBody>;"
>>>> />
>>>> <!--
>>>> <entry key="encryptionPropFile" value="cxf/cxf-crypto.
>>> properties"
>>>> />
>>>> <entry key="encryptionParts"
>>>>
>>>> value="{Content}{http://schemas.xmlsoap.org/ws/2005/
>>>> 07/securitypolicy}Body;" />
>>>> -->
>>>> </map>
>>>> </constructor-arg>
>>>> </bean>
>>>>
>>>> <jaxws:endpoint id="mockAuthenticationServiceEndpoint" bus="cxf"
>>>> address="/mockAuthenticationService"
>>>> implementor="gov.uscis.uscis.xsd.esb.authentication.
>>>> AuthenticationServiceImpl"
>>>>>
>>>> <jaxws:binding>
>>>> <soap:soapBinding mtomEnabled="true" version="1.2" />
>>>> </jaxws:binding>
>>>>
>>>> <jaxws:inInterceptors>
>>>> <ref bean="Aamva_Authentication_Request" />
>>>> <bean class="org.apache.cxf.binding.
>>> soap.saaj.SAAJInInterceptor"
>>>> />
>>>> </jaxws:inInterceptors>
>>>>
>>>> <jaxws:outInterceptors>
>>>> <ref bean="Aamva_Authentication_Response" />
>>>> <bean class="org.apache.cxf.binding.
>>> soap.saaj.SAAJOutInterceptor"
>>>> />
>>>> </jaxws:outInterceptors>
>>>>
>>>> </jaxws:endpoint>
>>>>
>>>> Since adding the signatureParts entries, now I am getting:
>>>>
>>>> 2017-11-02 21:40:11.369 WARN [org.apache.cxf.common.
>> logging.LogUtils]
>>>> Interceptor for {http://aamva.org/authentication/3.1.0}
>>>> AuthenticationService has thrown exception, unwinding now
>>>> org.apache.cxf.interceptor.Fault: Message part {
>>>> http://schemas.xmlsoap.org/ws/2005/02/trust}RequestSecurityToken<http://schemas.xmlsoap.org/ws/2005/02/trust%7dRequestSecurityToken>
>>>> was not recognized. (Does it exist in service WSDL?)
>>>>
>>>>
>>>> I am out of my depth here. Can anyone suggest how to get the
>>>> JAX:WS markup to match up with the WSDL policy?
>>>>
>>>> Thanks.
>>>>
>>>
>>>
>>>
>>> --
>>> Colm O hEigeartaigh
>>>
>>> Talend Community Coder
>>> http://coders.talend.com
>>>
>>
>>
>>
>> --
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>>
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
--
Daniel Kulp
[email protected] - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com
