>From the request image you linked, it appears the SOAP header is empty - hence no UsernameToken and the CXF service is throwing an exception. So it looks like the problem is that you are not configuring SOAP-UI to send a UsernameToken in the request.
Colm. On Fri, Oct 25, 2019 at 1:40 PM Dmitry <[email protected]> wrote: > Hi > I'm new in Apache CXF. Try develop soap service with Apache cxf 3.3.3, > Spring Boot 2.1.7, java 11(Amazon Open JDK) > Service well work without basic authority. Need add security(basic auth+ > https(its be a later)) > > Configure endpoind: > > * > @Bean > public Endpoint endpointReferenceService(Bus bus, ReferenceServiceImpl > referenceService) { > EndpointImpl endpoint = new EndpointImpl(bus, referenceService); > Map<String,Object> inProps = new HashMap<String,Object>(); > inProps.put(WSHandlerConstants.ACTION, > WSHandlerConstants.USERNAME_TOKEN); > //inProps.put(WSHandlerConstants.PASSWORD_TYPE, > WSConstants.PW_TEXT); > inProps.put(WSHandlerConstants.PASSWORD_TYPE, > WSConstants.PW_DIGEST); > inProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, > ServerPasswordCallback.class.getName()); > WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps); > endpoint.getInInterceptors().add(wssIn); > endpoint.publish("/ReferenceService"); > return endpoint; > } > * > Configure callback: > * > public class ServerPasswordCallback implements CallbackHandler { > private Map<String, String> passwords = new HashMap<>(); > > public ServerPasswordCallback() { > passwords.put("soap", "123"); > } > public void handle(Callback[] callbacks) throws IOException, > UnsupportedCallbackException { > for (int i = 0; i < callbacks.length; i++) { > WSPasswordCallback pc = (WSPasswordCallback)callbacks[i]; > String pass = passwords.get(pc.getIdentifier()); > if (pass != null) { > pc.setPassword(pass); > return; > } > } > } > }* > client - SoapUI > > 1.png <http://cxf.547215.n5.nabble.com/file/t341863/1.png> > > get error after run web service method: > > *2019-10-25 12:24:24.662 WARN 5523 --- [http-nio-9090-exec-4] > o.a.c.w.s.wss4j.WSS4JInInterceptor : Security processing failed > (actions mismatch) > 2019-10-25 12:24:24.663 WARN 5523 --- [http-nio-9090-exec-4] > o.a.cxf.phase.PhaseInterceptorChain : Interceptor for > { > http://endpoint.mobilcard.ru/}ReferenceServiceImplService#{http://services.mobilcard.ru/}getGlobalReferenceList > has thrown exception, unwinding now > > org.apache.cxf.binding.soap.SoapFault: A security error was encountered > when > verifying the message > at > > org.apache.cxf.ws.security.wss4j.WSS4JUtils.createSoapFault(WSS4JUtils.java:234) > ~[cxf-rt-ws-security-3.3.3.jar:3.3.3] > at > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:376) > ~[cxf-rt-ws-security-3.3.3.jar:3.3.3] > at > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:212) > ~[cxf-rt-ws-security-3.3.3.jar:3.3.3] > at > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:92) > ~[cxf-rt-ws-security-3.3.3.jar:3.3.3] > at > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) > ~[cxf-core-3.3.3.jar:3.3.3] > at > > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) > ~[cxf-core-3.3.3.jar:3.3.3] > at > > org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267) > ~[cxf-rt-transports-http-3.3.3.jar:3.3.3] > at > > org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234) > ~[cxf-rt-transports-http-3.3.3.jar:3.3.3] > at > > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208) > ~[cxf-rt-transports-http-3.3.3.jar:3.3.3] > at > > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160) > ~[cxf-rt-transports-http-3.3.3.jar:3.3.3] > at > > org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:216) > ~[cxf-rt-transports-http-3.3.3.jar:3.3.3] > at > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301) > ~[cxf-rt-transports-http-3.3.3.jar:3.3.3] > at > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:220) > ~[cxf-rt-transports-http-3.3.3.jar:3.3.3] > at javax.servlet.http.HttpServlet.service(HttpServlet.java:660) > ~[tomcat-embed-core-9.0.22.jar:9.0.22] > at > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:276) > ~[cxf-rt-transports-http-3.3.3.jar:3.3.3] > at > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) > ~[tomcat-embed-core-9.0.22.jar:9.0.22] > at > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > ~[tomcat-embed-core-9.0.22.jar:9.0.22] > at > org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) > ~[tomcat-embed-websocket-9.0.22.jar:9.0.22] > at > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > ~[tomcat-embed-core-9.0.22.jar:9.0.22] > at > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > ~[tomcat-embed-core-9.0.22.jar:9.0.22] > at > > org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) > ~[spring-web-5.1.9.RELEASE.jar:5.1.9.RELEASE] > at > > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:118) > ~[spring-web-5.1.9.RELEASE.jar:5.1.9.RELEASE] > at > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > ~[tomcat-embed-core-9.0.22.jar:9.0.22] > at > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > ~[tomcat-embed-core-9.0.22.jar:9.0.22] > at > > org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:92) > ~[spring-web-5.1.9.RELEASE.jar:5.1.9.RELEASE] > at > > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:118) > ~[spring-web-5.1.9.RELEASE.jar:5.1.9.RELEASE] > at > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > ~[tomcat-embed-core-9.0.22.jar:9.0.22] > at > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > ~[tomcat-embed-core-9.0.22.jar:9.0.22] > at > > org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93) > ~[spring-web-5.1.9.RELEASE.jar:5.1.9.RELEASE] > at > > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:118) > ~[spring-web-5.1.9.RELEASE.jar:5.1.9.RELEASE] > at > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > ~[tomcat-embed-core-9.0.22.jar:9.0.22] > at > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > ~[tomcat-embed-core-9.0.22.jar:9.0.22] > at > > org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200) > ~[spring-web-5.1.9.RELEASE.jar:5.1.9.RELEASE] > at > > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:118) > ~[spring-web-5.1.9.RELEASE.jar:5.1.9.RELEASE] > at > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > ~[tomcat-embed-core-9.0.22.jar:9.0.22] > at > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > ~[tomcat-embed-core-9.0.22.jar:9.0.22] > at > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) > ~[tomcat-embed-core-9.0.22.jar:9.0.22] > at > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) > ~[tomcat-embed-core-9.0.22.jar:9.0.22] > at > > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490) > ~[tomcat-embed-core-9.0.22.jar:9.0.22] > at > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) > ~[tomcat-embed-core-9.0.22.jar:9.0.22] > at > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) > ~[tomcat-embed-core-9.0.22.jar:9.0.22] > at > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) > ~[tomcat-embed-core-9.0.22.jar:9.0.22] > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) > ~[tomcat-embed-core-9.0.22.jar:9.0.22] > at > org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408) > ~[tomcat-embed-core-9.0.22.jar:9.0.22] > at > > org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) > ~[tomcat-embed-core-9.0.22.jar:9.0.22] > at > > org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:853) > ~[tomcat-embed-core-9.0.22.jar:9.0.22] > at > org.apache.tomcat.util.net > .NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1587) > ~[tomcat-embed-core-9.0.22.jar:9.0.22] > at > org.apache.tomcat.util.net > .SocketProcessorBase.run(SocketProcessorBase.java:49) > ~[tomcat-embed-core-9.0.22.jar:9.0.22] > at > > java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) > ~[na:na] > at > > java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) > ~[na:na] > at > > org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > ~[tomcat-embed-core-9.0.22.jar:9.0.22] > at java.base/java.lang.Thread.run(Thread.java:834) ~[na:na] > Caused by: org.apache.wss4j.common.ext.WSSecurityException: An error was > discovered processing the <wsse:Security> header > at > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4JInInterceptor.java:470) > ~[cxf-rt-ws-security-3.3.3.jar:3.3.3] > at > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:358) > ~[cxf-rt-ws-security-3.3.3.jar:3.3.3] > ... 50 common frames omitted* > > > > > > -- > Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html >
