Get same issue even If I use camel with cxf 2.7.1 and wss4j 1.6.9. Surprisingly the example that we have in camel project (that I created a few years ago) including a unit test succeeds --> https://github.com/apache/camel/blob/trunk/examples/camel-example-reportincident-wssecurity/src/test/java/org/apache/camel/example/reportincident/ReportIncidentRoutesTest.java
On Wed, Jan 9, 2013 at 8:02 PM, Charles Moulliard <ch0...@gmail.com> wrote: > Will test with 1.6.9. > > Until now in debug mode, I see that in the class WSS4JInInterceptor, when > we handle the message (handleMessage(SoapMessage msg) throws Fault), the > element is empty ( Element elem = > WSSecurityUtil.getSecurityHeader(doc.getSOAPPart(), actor); ) even if a > SOAPHeader with usernameToken + timeStamp has been provided in the > SOAPEnveloppe > > > On Wed, Jan 9, 2013 at 6:53 PM, Christian Müller < > christian.muel...@gmail.com> wrote: > >> Can you upgrade to wss4j 1.6.9? I had a similar issue... >> Am 09.01.2013 17:31 schrieb "Charles Moulliard" <ch0...@gmail.com>: >> >> > Hi, >> > >> > When I try to authenticate an HTTP request using WS-Security with >> camel-cxf >> > & wss4j interceptor, I get the following error : >> > >> > org.apache.camel.spring.Main.main() INFO >> > [org.apache.camel.spring.SpringCamelContext] - Total 1 routes, of which >> 1 >> > is started. >> > org.apache.camel.spring.Main.main() INFO >> > [org.apache.camel.spring.SpringCamelContext] - Apache Camel 2.10.0 >> > (CamelContext: camel-1) started in 0.993 seconds >> > qtp370155726-26 INFO >> > >> > >> [org.apache.cxf.services.CustomerServiceService.CustomerServicePort.CustomerService] >> > - Inbound Message >> > ---------------------------- >> > ID: 1 >> > Address: http://127.0.0.1:9090/training/WebService >> > Encoding: UTF-8 >> > Http-Method: POST >> > Content-Type: text/xml;charset=UTF-8 >> > Headers: {accept-encoding=[gzip,deflate], connection=[keep-alive], >> > Content-Length=[1590], content-type=[text/xml;charset=UTF-8], Host=[ >> > 127.0.0.1:9090], SOAPAction=[" >> http://training.fusesource.com/saveCustomer >> > "], >> > User-Agent=[Apache-HttpClient/4.1.1 (java 1.5)]} >> > Payload: <soapenv:Envelope xmlns:soapenv=" >> > http://schemas.xmlsoap.org/soap/envelope/"; xmlns:tra=" >> > http://training.fusesource.com/";> >> > <soapenv:Header> >> > <wsse:Security xmlns:wsse=" >> > >> > >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd >> > " >> > soap:mustUnderstand="1"> >> > <wsse:UsernameToken xmlns:wsse=" >> > >> > >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd >> > " >> > xmlns:wsu=" >> > >> > >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >> > " >> > wsu:Id="UsernameToken-1"> >> > <wsse:Username>charles</wsse:Username> >> > <wsse:Password Type=" >> > >> > >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest >> > ">TVzWGxNvhlixNVWol8poD9DHxl8=</wsse:Password> >> > <wsse:Nonce EncodingType=" >> > >> > >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary >> > ">WsMNSm/C4dzdPS3OhUi94Q==</wsse:Nonce> >> > <wsu:Created>2013-01-09T15:46:14.908Z</wsu:Created> >> > </wsse:UsernameToken> >> > </wsse:Security> >> > </soapenv:Header> >> > <soapenv:Body> >> > <tra:saveCustomer> >> > <customer> >> > <!--Optional:--> >> > <name>?</name> >> > <!--Zero or more repetitions:--> >> > <address>?</address> >> > <numOrders>?</numOrders> >> > <revenue>?</revenue> >> > <!--Optional:--> >> > <test>?</test> >> > <!--Optional:--> >> > <birthDate>?</birthDate> >> > <!--Optional:--> >> > <type>?</type> >> > </customer> >> > </tra:saveCustomer> >> > </soapenv:Body> >> > </soapenv:Envelope> >> > -------------------------------------- >> > qtp370155726-26 DEBUG >> [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor] >> > - WSS4JInInterceptor: enter handleMessage() >> > qtp370155726-26 WARN >> [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor] >> > - Security processing failed (actions mismatch) >> > qtp370155726-26 WARN >> [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor] >> > - >> > org.apache.ws.security.WSSecurityException: An error was discovered >> > processing the <wsse:Security> header >> > at >> > >> > >> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4JInInterceptor.java:383) >> > at >> > >> > >> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:333) >> > at >> > >> > >> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97) >> > at >> > >> > >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) >> > at >> > >> > >> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) >> > at >> > >> > >> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:348) >> > at >> > >> > >> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:312) >> > at >> > >> > >> org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:72) >> > at >> > >> > >> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:943) >> > at >> > >> > >> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:879) >> > at >> > >> > >> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117) >> > at >> > >> > >> org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:250) >> > at >> > >> > >> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110) >> > at org.eclipse.jetty.server.Server.handle(Server.java:349) >> > at >> > >> > >> org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:441) >> > at >> > >> > >> org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:936) >> > at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:801) >> > at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:224) >> > at >> > >> > >> org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:51) >> > at >> > >> > >> org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:586) >> > at >> > >> > >> org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:44) >> > at >> > >> > >> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:598) >> > at >> > >> > >> org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:533) >> > at java.lang.Thread.run(Thread.java:722) >> > qtp370155726-26 WARN [org.apache.cxf.phase.PhaseInterceptorChain] - >> > Interceptor for { >> http://training.fusesource.com/}CustomerServiceServicehas >> > thrown exception, unwinding now >> > org.apache.cxf.binding.soap.SoapFault: An error was discovered >> processing >> > the <wsse:Security> header >> > at >> > >> > >> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:804) >> > at >> > >> > >> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:357) >> > at >> > >> > >> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97) >> > at >> > >> > >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) >> > at >> > >> > >> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) >> > at >> > >> > >> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:348) >> > at >> > >> > >> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:312) >> > at >> > >> > >> org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:72) >> > at >> > >> > >> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:943) >> > at >> > >> > >> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:879) >> > at >> > >> > >> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117) >> > at >> > >> > >> org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:250) >> > at >> > >> > >> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110) >> > at org.eclipse.jetty.server.Server.handle(Server.java:349) >> > at >> > >> > >> org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:441) >> > at >> > >> > >> org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:936) >> > at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:801) >> > at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:224) >> > at >> > >> > >> org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:51) >> > at >> > >> > >> org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:586) >> > at >> > >> > >> org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:44) >> > at >> > >> > >> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:598) >> > at >> > >> > >> org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:533) >> > at java.lang.Thread.run(Thread.java:722) >> > Caused by: org.apache.ws.security.WSSecurityException: An error was >> > discovered processing the <wsse:Security> header >> > at >> > >> > >> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4JInInterceptor.java:383) >> > at >> > >> > >> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:333) >> > ... 22 more >> > >> > <cxf:cxfEndpoint id="WS" >> > address="http://localhost:9090/training/WebService >> " >> > >> > serviceClass="com.fusesource.training.CustomerService"> >> > <cxf:outInterceptors> >> > <ref bean="loggingOutInterceptor"/> >> > </cxf:outInterceptors> >> > <cxf:inInterceptors> >> > <ref bean="loggingInInterceptor"/> >> > <ref bean="wss4jInInterceptor"/> >> > </cxf:inInterceptors> >> > </cxf:cxfEndpoint> >> > >> > <bean id="loggingOutInterceptor" >> > class="org.apache.cxf.interceptor.LoggingOutInterceptor"/> >> > <bean id="loggingInInterceptor" >> > class="org.apache.cxf.interceptor.LoggingInInterceptor"/> >> > >> > <bean id="wss4jInInterceptor" >> > class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> >> > <constructor-arg> >> > <map> >> > <entry key="action" value="UsernameToken"/> >> > <entry key="passwordType" value="PasswordDigest"/> >> > <entry key="passwordCallbackClass" >> > value="com.fusesource.training.camel.UTPasswordCallback"/> >> > </map> >> > </constructor-arg> >> > </bean> >> > >> > It seems that there is an action mismatch during processing of WSS4J. >> > Does anybody knows how to solve this issue which is perhaps a CXF or >> > WSS4J question? >> > >> > Regards, >> > >> > -- >> > Charles Moulliard >> > Apache Committer / Sr. Enterprise Architect (RedHat) >> > Twitter : @cmoulliard | Blog : http://cmoulliard.blogspot.com >> > >> > > > > -- > Charles Moulliard > Apache Committer / Sr. Enterprise Architect (RedHat) > Twitter : @cmoulliard | Blog : http://cmoulliard.blogspot.com > > -- Charles Moulliard Apache Committer / Sr. Enterprise Architect (RedHat) Twitter : @cmoulliard | Blog : http://cmoulliard.blogspot.com
