[ https://issues.apache.org/jira/browse/CXF-3240?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Daniel Kulp updated CXF-3240: ----------------------------- Fix Version/s: (was: 2.2.9) NeedMoreInfo We would definitely need more information. Most likely, you would need to look at the logs on the server side to figure out what errors it displays there. For security related things, many times, generic fault messages are sent back to not give attackers extra information about what to try next. The error message above could be anything from an invalid signature or maybe a policy issue (like maybe it wan't a derived key), etc... You would realy need the server logs to figure it out. > The header 'Security' from the namespace > 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' > was not understood by the recipient of this message, causing the message to > not be processed. > -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > Key: CXF-3240 > URL: https://issues.apache.org/jira/browse/CXF-3240 > Project: CXF > Issue Type: Bug > Components: WS-* Components > Affects Versions: 2.2.9 > Environment: JDK 1.6, Eclipse Ganymede > Reporter: Asif Ali Mohammed > Priority: Blocker > Fix For: NeedMoreInfo > > > Hi, > I have written a webservice client for a secured webservice. Im able to build > the request along with signed header which takes security information from a > .jks file. But in the response Im gettng the following error. > {code} > Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: The header > 'Security' from the namespace > 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' > was not understood by the recipient of this message, causing the message to > not be processed. This error typically indicates that the sender of this > message has enabled a communication protocol that the receiver cannot > process. Please ensure that the configuration of the client's binding is > consistent with the service's binding. > at > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:146) > at $Proxy61.getAccountBalancesByUser(Unknown Source) > at IAccountsService_Client.main(Unknown Source) > Caused by: org.apache.cxf.binding.soap.SoapFault: The header 'Security' from > the namespace > 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' > was not understood by the recipient of this message, causing the message to > not be processed. This error typically indicates that the sender of this > message has enabled a communication protocol that the receiver cannot > process. Please ensure that the configuration of the client's binding is > consistent with the service's binding. > at > org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75) > at > org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46) > at > org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35) > at > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243) > at > org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:99) > at > org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69) > at > org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34) > at > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243) > at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:700) > at > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2261) > at > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2134) > at > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1988) > at > org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:47) > at > org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:188) > at > org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66) > at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:639) > at > org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62) > at > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:487) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265) > at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) > at > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124) > ... 2 more > {code} > The client program is : > {code} > public final class IAccountsService_Client { > public static void main(String args[]) throws Exception { > > IAccountsService accountsService = getServicePortType(); > > org.apache.cxf.endpoint.Client client = > org.apache.cxf.frontend.ClientProxy.getClient(accountsService); > org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint(); > > Map<String,Object> outProps = getOutInterceptorProps(); > > WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps); > cxfEndpoint.getOutInterceptors().add(wssOut); > > > java.lang.String userGuid = "f9f24f385d1b8cba373ad33eb015f98Z"; > ArrayOfstring accountNumbers = new ArrayOfstring(); > accountNumbers.getString().add("18630464"); > accountNumbers.getString().add("10003314"); > accountNumbers.getString().add("18602340"); > > UserAccountBalances _return = > accountsService.getAccountBalancesByUser(userGuid, accountNumbers, > SourceType.ALL); > > > } > > private static IAccountsService getServicePortType(){ > > JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean(); > //enable logging of outbound(request) and inbound(response) > soap messages > factory.getInInterceptors().add(new LoggingInInterceptor()); > factory.getOutInterceptors().add(new LoggingOutInterceptor()); > factory.setServiceClass(IAccountsService.class); > > factory.setAddress("http://uss1udp001ampvb.ampf.com:29039/tr/iWealthAcctService"); > return (IAccountsService) factory.create(); > } > > > private static Map<String, Object> getOutInterceptorProps(){ > Map<String,Object> outProps = new HashMap<String,Object>(); > // how to configure the properties is outlined below; > outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE); > outProps.put(WSHandlerConstants.USER, "clientPortal_e3"); > outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT); > outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, > KeystorePasswordCallback.class.getName()); > outProps.put(WSHandlerConstants.SIG_PROP_FILE, "crypto.properties"); > return outProps; > } > {code} > Request XML : > {code} > INFO: Outbound Message > --------------------------- > ID: 1 > Address: http://uss1udp001ampvb.ampf.com:29039/tr/iWealthAcctService > Encoding: UTF-8 > Content-Type: text/xml > Headers: > {SOAPAction=["https://iWealth.thomson.com/Services/2010/03/IAccountsService/GetAccountBalancesByUser"], > Accept=[*/*]} > Payload: <soap:Envelope > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><wsse:Security > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" > soap:mustUnderstand="1"><ds:Signature > xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-1"> > <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> > <ds:CanonicalizationMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#" > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod> > <ds:SignatureMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#" > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod> > <ds:Reference xmlns:ds="http://www.w3.org/2000/09/xmldsig#" URI="#id-2"> > <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> > <ds:Transform xmlns:ds="http://www.w3.org/2000/09/xmldsig#" > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform> > </ds:Transforms> > <ds:DigestMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#" > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod> > <ds:DigestValue > xmlns:ds="http://www.w3.org/2000/09/xmldsig#">oCglj+hmoQBUz+yqCDDg6FmPXzc=</ds:DigestValue> > </ds:Reference> > </ds:SignedInfo> > <ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> > CjPQCsoPsyfiiACZdkqx+LBeGkz1teu52Rf/BoTVBWTieh12fo7X0qznSN1AHEYiZCgXvuwdQkcn > ewUl2vFTj3g/btkHUX8Epgp5X/u2X5Aunk7ZdliGTxZ0Fyv2LAduzDiJim15ti3UBitRqU39iBWk > inx1jBpbgTeBI33acng= > </ds:SignatureValue> > <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#" > Id="KeyId-E8E2BE415B08955AA412947515791042"> > <wsse:SecurityTokenReference > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" > wsu:Id="STRId-E8E2BE415B08955AA412947515791043"><ds:X509Data > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> > <ds:X509IssuerSerial xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> > <ds:X509IssuerName > xmlns:ds="http://www.w3.org/2000/09/xmldsig#">OU=www.verisign.com/CPS > Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server > CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network</ds:X509IssuerName> > <ds:X509SerialNumber > xmlns:ds="http://www.w3.org/2000/09/xmldsig#">169372247684920926775018956902222426627</ds:X509SerialNumber> > </ds:X509IssuerSerial> > </ds:X509Data></wsse:SecurityTokenReference> > </ds:KeyInfo> > </ds:Signature></wsse:Security></soap:Header><soap:Body > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" > wsu:Id="id-2"><GetAccountBalancesByUser > xmlns="https://iWealth.thomson.com/Services/2010/03" > xmlns:ns2="http://schemas.datacontract.org/2004/07/TFOnline.Services.Accounts.DataContracts" > xmlns:ns3="http://schemas.microsoft.com/2003/10/Serialization/Arrays" > xmlns:ns4="http://schemas.datacontract.org/2004/07/Microsoft.Practices.EnterpriseLibrary.Validation.Integration.WCF" > > xmlns:ns5="http://www.microsoft.com/practices/EnterpriseLibrary/2007/01/wcf/validation" > > xmlns:ns6="http://schemas.microsoft.com/2003/10/Serialization/"><userGuid>f9f24f385d1b8cba373ad33eb015f98Z</userGuid><accountNumbers><ns3:string>18630464</ns3:string><ns3:string>10003314</ns3:string><ns3:string>28827094</ns3:string><ns3:string>18692571</ns3:string><ns3:string>10020272</ns3:string><ns3:string>79136285</ns3:string><ns3:string>38920300</ns3:string><ns3:string>16605981</ns3:string><ns3:string>18602340</ns3:string><ns3:string>10033541</ns3:string><ns3:string>10867300</ns3:string><ns3:string>18602340</ns3:string></accountNumbers><sourceType>All</sourceType></GetAccountBalancesByUser></soap:Body></soap:Envelope> > {code} > Response XML: > {code} > INFO: Inbound Message > ---------------------------- > ID: 1 > Response-Code: 500 > Encoding: ISO-8859-1 > Content-Type: text/xml > Headers: {content-type=[text/xml], X-AspNet-Version=[2.0.50727], > connection=[Keep-Alive], X-Backside-Transport=[FAIL FAIL], > transfer-encoding=[chunked], Date=[Tue, 11 Jan 2011 13:13:00 GMT], > Warning=[214 TR_AccountsService_XMLFW DataPower Transformation Applied], > Via=[1.1 TR_AccountsService_XMLFW], X-Client-IP=[159.202.161.253], > Server=[Microsoft-IIS/6.0], X-Powered-By=[ASP.NET], Cache-Control=[private]} > Payload: <?xml version="1.0" encoding="UTF-8"?> > <s:Envelope > xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><s:Fault><faultcode>s:MustUnderstand</faultcode><faultstring > xml:lang="en-US">The header 'Security' from the namespace > 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' > was not understood by the recipient of this message, causing the message to > not be processed. This error typically indicates that the sender of this > message has enabled a communication protocol that the receiver cannot > process. Please ensure that the configuration of the client's binding is > consistent with the service's binding. > </faultstring></s:Fault></s:Body></s:Envelope> > {code} > Please help me as this has become a blocking issue for my project. > Thanks in advance, > Asif ali Mohammed. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.