Find the issue. When we setup camel-cxf endpoint using as DataFormat=MESSAGE, SOAP securityHeaders are removed.
On Wed, Jan 9, 2013 at 5:30 PM, Charles Moulliard <ch0...@gmail.com> wrote: > Hi, > > When I try to authenticate an HTTP request using WS-Security with > camel-cxf & wss4j interceptor, I get the following error : > > org.apache.camel.spring.Main.main() INFO > [org.apache.camel.spring.SpringCamelContext] - Total 1 routes, of which 1 > is started. > org.apache.camel.spring.Main.main() INFO > [org.apache.camel.spring.SpringCamelContext] - Apache Camel 2.10.0 > (CamelContext: camel-1) started in 0.993 seconds > qtp370155726-26 INFO > [org.apache.cxf.services.CustomerServiceService.CustomerServicePort.CustomerService] > - Inbound Message > ---------------------------- > ID: 1 > Address: http://127.0.0.1:9090/training/WebService > Encoding: UTF-8 > Http-Method: POST > Content-Type: text/xml;charset=UTF-8 > Headers: {accept-encoding=[gzip,deflate], connection=[keep-alive], > Content-Length=[1590], content-type=[text/xml;charset=UTF-8], Host=[ > 127.0.0.1:9090], SOAPAction=["http://training.fusesource.com/saveCustomer";], > User-Agent=[Apache-HttpClient/4.1.1 (java 1.5)]} > Payload: <soapenv:Envelope xmlns:soapenv=" > http://schemas.xmlsoap.org/soap/envelope/"; xmlns:tra=" > http://training.fusesource.com/";> > <soapenv:Header> > <wsse:Security xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > " > soap:mustUnderstand="1"> > <wsse:UsernameToken xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > wsu:Id="UsernameToken-1"> > <wsse:Username>charles</wsse:Username> > <wsse:Password Type=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest > ">TVzWGxNvhlixNVWol8poD9DHxl8=</wsse:Password> > <wsse:Nonce EncodingType=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary > ">WsMNSm/C4dzdPS3OhUi94Q==</wsse:Nonce> > <wsu:Created>2013-01-09T15:46:14.908Z</wsu:Created> > </wsse:UsernameToken> > </wsse:Security> > </soapenv:Header> > <soapenv:Body> > <tra:saveCustomer> > <customer> > <!--Optional:--> > <name>?</name> > <!--Zero or more repetitions:--> > <address>?</address> > <numOrders>?</numOrders> > <revenue>?</revenue> > <!--Optional:--> > <test>?</test> > <!--Optional:--> > <birthDate>?</birthDate> > <!--Optional:--> > <type>?</type> > </customer> > </tra:saveCustomer> > </soapenv:Body> > </soapenv:Envelope> > -------------------------------------- > qtp370155726-26 DEBUG > [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor] - WSS4JInInterceptor: > enter handleMessage() > qtp370155726-26 WARN [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor] > - Security processing failed (actions mismatch) > qtp370155726-26 WARN [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor] > - > org.apache.ws.security.WSSecurityException: An error was discovered > processing the <wsse:Security> header > at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4JInInterceptor.java:383) > at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:333) > at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97) > at > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) > at > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) > at > org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:348) > at > org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:312) > at > org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:72) > at > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:943) > at > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:879) > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117) > at > org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:250) > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110) > at org.eclipse.jetty.server.Server.handle(Server.java:349) > at > org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:441) > at > org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:936) > at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:801) > at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:224) > at > org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:51) > at > org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:586) > at > org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:44) > at > org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:598) > at > org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:533) > at java.lang.Thread.run(Thread.java:722) > qtp370155726-26 WARN [org.apache.cxf.phase.PhaseInterceptorChain] - > Interceptor for {http://training.fusesource.com/}CustomerServiceServicehas > thrown exception, unwinding now > org.apache.cxf.binding.soap.SoapFault: An error was discovered processing > the <wsse:Security> header > at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:804) > at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:357) > at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97) > at > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) > at > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) > at > org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:348) > at > org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:312) > at > org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:72) > at > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:943) > at > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:879) > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117) > at > org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:250) > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110) > at org.eclipse.jetty.server.Server.handle(Server.java:349) > at > org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:441) > at > org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:936) > at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:801) > at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:224) > at > org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:51) > at > org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:586) > at > org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:44) > at > org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:598) > at > org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:533) > at java.lang.Thread.run(Thread.java:722) > Caused by: org.apache.ws.security.WSSecurityException: An error was > discovered processing the <wsse:Security> header > at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4JInInterceptor.java:383) > at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:333) > ... 22 more > > <cxf:cxfEndpoint id="WS" > address="http://localhost:9090/training/WebService"; > > serviceClass="com.fusesource.training.CustomerService"> > <cxf:outInterceptors> > <ref bean="loggingOutInterceptor"/> > </cxf:outInterceptors> > <cxf:inInterceptors> > <ref bean="loggingInInterceptor"/> > <ref bean="wss4jInInterceptor"/> > </cxf:inInterceptors> > </cxf:cxfEndpoint> > > <bean id="loggingOutInterceptor" > class="org.apache.cxf.interceptor.LoggingOutInterceptor"/> > <bean id="loggingInInterceptor" > class="org.apache.cxf.interceptor.LoggingInInterceptor"/> > > <bean id="wss4jInInterceptor" > class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> > <constructor-arg> > <map> > <entry key="action" value="UsernameToken"/> > <entry key="passwordType" value="PasswordDigest"/> > <entry key="passwordCallbackClass" > value="com.fusesource.training.camel.UTPasswordCallback"/> > </map> > </constructor-arg> > </bean> > > It seems that there is an action mismatch during processing of WSS4J. > Does anybody knows how to solve this issue which is perhaps a CXF or > WSS4J question? > > Regards, > > -- > Charles Moulliard > Apache Committer / Sr. Enterprise Architect (RedHat) > Twitter : @cmoulliard | Blog : http://cmoulliard.blogspot.com > > -- Charles Moulliard Apache Committer / Sr. Enterprise Architect (RedHat) Twitter : @cmoulliard | Blog : http://cmoulliard.blogspot.com
