[ 
https://issues.apache.org/jira/browse/CXF-3309?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Daniel Kulp updated CXF-3309:
-----------------------------

    Fix Version/s: NeedMoreInfo


How are you signing the request?   Are you using the WS-SecurityPolicy support 
or configuring the WSS4J interceptors directly?   If using the policy support, 
can you paste the policy in here?   If using the WSS4J interceptors directly, 
can you include the actions you are configuring in?

It looks like however you have it configured, it's putting the key directly in 
the wsse:SecurityTokenReference as an ds:X509Data element whereas the service 
is expecting a wsse:BinarySecurityToken and a wsse:Reference child.




> javax.xml.ws.soap.SOAPFaultException: 
> com.ibm.wsspi.wssecurity.SoapSecurityException: WSEC5043E: One 
> "{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Reference";
>  element is required.
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: CXF-3309
>                 URL: https://issues.apache.org/jira/browse/CXF-3309
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.2.9
>         Environment: JDK 1.6, Windows XP Professional
>            Reporter: Asif Ali Mohammed
>            Priority: Critical
>              Labels: security
>             Fix For: NeedMoreInfo
>
>   Original Estimate: 840h
>  Remaining Estimate: 840h
>
> Hi,
> I'm trying to invoke a webservice with security. In this attempt I'm signing 
> the request with the JKS file and posting the request, but I'm getting the 
> following exception :
> javax.xml.ws.soap.SOAPFaultException: 
> com.ibm.wsspi.wssecurity.SoapSecurityException: WSEC5043E: One 
> "{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Reference";
>  element is required.
> Below is the following trace :
> INFO: Creating Service 
> {http://service.ofm.ameriprise.com}OFMServiceImplService from class 
> com.ameriprise.ofm.service.OFMServiceImpl
> Invoking documentList...
> log4j:WARN No appenders could be found for logger 
> (org.apache.xml.security.Init).
> log4j:WARN Please initialize the log4j system properly.
> Feb 4, 2011 1:01:18 PM 
> org.apache.cxf.interceptor.LoggingOutInterceptor$LoggingCallback onClose
> INFO: Outbound Message
> ---------------------------
> ID: 1
> Address: http://159.202.149.94/OFMGenericService/services/OFMServiceImpl
> Encoding: UTF-8
> Content-Type: text/xml
> Headers: {SOAPAction=[""], Accept=[*/*]}
> Payload: <soap:Envelope 
> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:Header><wsse:Security
>  
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
>  soap:mustUnderstand="1"><ds:Signature 
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="Signature-1">
> <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
> <ds:CanonicalizationMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:CanonicalizationMethod>
> <ds:SignatureMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; 
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></ds:SignatureMethod>
> <ds:Reference xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; URI="#id-2">
> <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
> <ds:Transform xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; 
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
> <ds:DigestValue 
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>7gfxq0nIHVkq++bLSer/rVlXtao=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
> ln57zrUweYMuHDM+0ROIyMXZpehnh86jI/PhKBb1w8J81Z4e6anqqSNozB1CQfvii1zbc6m4OlC9
> ffGw34GEsFPL/kaTQDdbBmVuyi0PyRocXbcY0eZ9e2a24hNregM2ppJ1bRdwmHCYnl7ZVhhW/8tb
> ouw+TRPCeAe6J1GPn6o=
> </ds:SignatureValue>
> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; 
> Id="KeyId-E9BD058757E546EB9512968244784812">
> <wsse:SecurityTokenReference 
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
>  
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>  wsu:Id="STRId-E9BD058757E546EB9512968244784833"><ds:X509Data 
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
> <ds:X509IssuerSerial xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
> <ds:X509IssuerName xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>CN=VeriSign 
> Class 3 International Server CA - G3,OU=Terms of use at 
> https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign\, 
> Inc.,C=US</ds:X509IssuerName>
> <ds:X509SerialNumber 
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>139599931415386803972390598321435572148</ds:X509SerialNumber>
> </ds:X509IssuerSerial>
> </ds:X509Data></wsse:SecurityTokenReference>
> </ds:KeyInfo>
> </ds:Signature></wsse:Security></soap:Header><soap:Body 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>  wsu:Id="id-2"><ns2:DocumentList 
> xmlns:ns2="http://service.ofm.ameriprise.com";><consumer_application>FA</consumer_application><response_document_properties><property_name>client_id</property_name><property_name>group_id</property_name></response_document_properties><search_parameters><document_category>STMTS</document_category><document_type>CONSOLIDATED
>  
> STATEMENTS</document_type></search_parameters></ns2:DocumentList></soap:Body></soap:Envelope>
> --------------------------------------
> Feb 4, 2011 1:01:19 PM org.apache.cxf.interceptor.LoggingInInterceptor logging
> INFO: Inbound Message
> ----------------------------
> ID: 1
> Response-Code: 500
> Encoding: UTF-8
> Content-Type: text/xml; charset=utf-8
> Headers: {content-type=[text/xml; charset=utf-8], connection=[close], 
> Content-Language=[en], Date=[Fri, 04 Feb 2011 13:01:18 GMT], 
> Content-Length=[625], Server=[IBM_HTTP_Server]}
> Payload: <soapenv:Envelope 
> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; 
> xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"; 
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"; 
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";><soapenv:Header/><soapenv:Body><soapenv:Fault><faultcode>soapenv:Server.securityException</faultcode><faultstring>com.ibm.wsspi.wssecurity.SoapSecurityException:
>  WSEC5043E: One 
> &quot;{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Reference&quot;
>  element is required.</faultstring><detail 
> encodingStyle=""/></soapenv:Fault></soapenv:Body></soapenv:Envelope>
> --------------------------------------
> Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: 
> com.ibm.wsspi.wssecurity.SoapSecurityException: WSEC5043E: One 
> "{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Reference";
>  element is required.
>         at 
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:146)
>         at $Proxy49.documentList(Unknown Source)
>         at OFMServiceImpl_Client.main(OFMServiceImpl_Client.java:57)
> Caused by: org.apache.cxf.binding.soap.SoapFault: 
> com.ibm.wsspi.wssecurity.SoapSecurityException: WSEC5043E: One 
> "{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Reference";
>  element is required.
>         at 
> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75)
>         at 
> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46)
>         at 
> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35)
>         at 
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
>         at 
> org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:99)
>         at 
> org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
>         at 
> org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
>         at 
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
>         at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:700)
>         at 
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2261)
>         at 
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2134)
>         at 
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1988)
>         at 
> org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:47)
>         at 
> org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:188)
>         at 
> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
>         at 
> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:639)
>         at 
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
>         at 
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:487)
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
>         at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
>         at 
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
>         ... 2 more

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Reply via email to