On Thu, Jan 10, 2013 at 12:00 AM, Charles Moulliard <ch0...@gmail.com> wrote: > Find the issue. When we setup camel-cxf endpoint using as > DataFormat=MESSAGE, SOAP securityHeaders are removed. >
I think there is a new CXF_MESSAGE or something. There was some new formats added, but never documented. I logged a ticket about the missing docs. I think one of the new ones, support both headers + payload in a streaming like mode. > > On Wed, Jan 9, 2013 at 5:30 PM, Charles Moulliard <ch0...@gmail.com> wrote: > >> Hi, >> >> When I try to authenticate an HTTP request using WS-Security with >> camel-cxf & wss4j interceptor, I get the following error : >> >> org.apache.camel.spring.Main.main() INFO >> [org.apache.camel.spring.SpringCamelContext] - Total 1 routes, of which 1 >> is started. >> org.apache.camel.spring.Main.main() INFO >> [org.apache.camel.spring.SpringCamelContext] - Apache Camel 2.10.0 >> (CamelContext: camel-1) started in 0.993 seconds >> qtp370155726-26 INFO >> [org.apache.cxf.services.CustomerServiceService.CustomerServicePort.CustomerService] >> - Inbound Message >> ---------------------------- >> ID: 1 >> Address: http://127.0.0.1:9090/training/WebService >> Encoding: UTF-8 >> Http-Method: POST >> Content-Type: text/xml;charset=UTF-8 >> Headers: {accept-encoding=[gzip,deflate], connection=[keep-alive], >> Content-Length=[1590], content-type=[text/xml;charset=UTF-8], Host=[ >> 127.0.0.1:9090], SOAPAction=["http://training.fusesource.com/saveCustomer";], >> User-Agent=[Apache-HttpClient/4.1.1 (java 1.5)]} >> Payload: <soapenv:Envelope xmlns:soapenv=" >> http://schemas.xmlsoap.org/soap/envelope/"; xmlns:tra=" >> http://training.fusesource.com/";> >> <soapenv:Header> >> <wsse:Security xmlns:wsse=" >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd >> " >> soap:mustUnderstand="1"> >> <wsse:UsernameToken xmlns:wsse=" >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; >> xmlns:wsu=" >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; >> wsu:Id="UsernameToken-1"> >> <wsse:Username>charles</wsse:Username> >> <wsse:Password Type=" >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest >> ">TVzWGxNvhlixNVWol8poD9DHxl8=</wsse:Password> >> <wsse:Nonce EncodingType=" >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary >> ">WsMNSm/C4dzdPS3OhUi94Q==</wsse:Nonce> >> <wsu:Created>2013-01-09T15:46:14.908Z</wsu:Created> >> </wsse:UsernameToken> >> </wsse:Security> >> </soapenv:Header> >> <soapenv:Body> >> <tra:saveCustomer> >> <customer> >> <!--Optional:--> >> <name>?</name> >> <!--Zero or more repetitions:--> >> <address>?</address> >> <numOrders>?</numOrders> >> <revenue>?</revenue> >> <!--Optional:--> >> <test>?</test> >> <!--Optional:--> >> <birthDate>?</birthDate> >> <!--Optional:--> >> <type>?</type> >> </customer> >> </tra:saveCustomer> >> </soapenv:Body> >> </soapenv:Envelope> >> -------------------------------------- >> qtp370155726-26 DEBUG >> [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor] - WSS4JInInterceptor: >> enter handleMessage() >> qtp370155726-26 WARN [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor] >> - Security processing failed (actions mismatch) >> qtp370155726-26 WARN [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor] >> - >> org.apache.ws.security.WSSecurityException: An error was discovered >> processing the <wsse:Security> header >> at >> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4JInInterceptor.java:383) >> at >> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:333) >> at >> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97) >> at >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) >> at >> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) >> at >> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:348) >> at >> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:312) >> at >> org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:72) >> at >> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:943) >> at >> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:879) >> at >> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117) >> at >> org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:250) >> at >> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110) >> at org.eclipse.jetty.server.Server.handle(Server.java:349) >> at >> org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:441) >> at >> org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:936) >> at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:801) >> at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:224) >> at >> org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:51) >> at >> org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:586) >> at >> org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:44) >> at >> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:598) >> at >> org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:533) >> at java.lang.Thread.run(Thread.java:722) >> qtp370155726-26 WARN [org.apache.cxf.phase.PhaseInterceptorChain] - >> Interceptor for {http://training.fusesource.com/}CustomerServiceServicehas >> thrown exception, unwinding now >> org.apache.cxf.binding.soap.SoapFault: An error was discovered processing >> the <wsse:Security> header >> at >> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:804) >> at >> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:357) >> at >> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97) >> at >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) >> at >> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) >> at >> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:348) >> at >> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:312) >> at >> org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:72) >> at >> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:943) >> at >> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:879) >> at >> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117) >> at >> org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:250) >> at >> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110) >> at org.eclipse.jetty.server.Server.handle(Server.java:349) >> at >> org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:441) >> at >> org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:936) >> at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:801) >> at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:224) >> at >> org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:51) >> at >> org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:586) >> at >> org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:44) >> at >> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:598) >> at >> org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:533) >> at java.lang.Thread.run(Thread.java:722) >> Caused by: org.apache.ws.security.WSSecurityException: An error was >> discovered processing the <wsse:Security> header >> at >> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4JInInterceptor.java:383) >> at >> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:333) >> ... 22 more >> >> <cxf:cxfEndpoint id="WS" >> address="http://localhost:9090/training/WebService"; >> >> serviceClass="com.fusesource.training.CustomerService"> >> <cxf:outInterceptors> >> <ref bean="loggingOutInterceptor"/> >> </cxf:outInterceptors> >> <cxf:inInterceptors> >> <ref bean="loggingInInterceptor"/> >> <ref bean="wss4jInInterceptor"/> >> </cxf:inInterceptors> >> </cxf:cxfEndpoint> >> >> <bean id="loggingOutInterceptor" >> class="org.apache.cxf.interceptor.LoggingOutInterceptor"/> >> <bean id="loggingInInterceptor" >> class="org.apache.cxf.interceptor.LoggingInInterceptor"/> >> >> <bean id="wss4jInInterceptor" >> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> >> <constructor-arg> >> <map> >> <entry key="action" value="UsernameToken"/> >> <entry key="passwordType" value="PasswordDigest"/> >> <entry key="passwordCallbackClass" >> value="com.fusesource.training.camel.UTPasswordCallback"/> >> </map> >> </constructor-arg> >> </bean> >> >> It seems that there is an action mismatch during processing of WSS4J. >> Does anybody knows how to solve this issue which is perhaps a CXF or >> WSS4J question? >> >> Regards, >> >> -- >> Charles Moulliard >> Apache Committer / Sr. Enterprise Architect (RedHat) >> Twitter : @cmoulliard | Blog : http://cmoulliard.blogspot.com >> >> > > > -- > Charles Moulliard > Apache Committer / Sr. Enterprise Architect (RedHat) > Twitter : @cmoulliard | Blog : http://cmoulliard.blogspot.com -- Claus Ibsen ----------------- Red Hat, Inc. FuseSource is now part of Red Hat Email: cib...@redhat.com Web: http://fusesource.com Twitter: davsclaus Blog: http://davsclaus.com Author of Camel in Action: http://www.manning.com/ibsen
