Different things should be done to improve what we have Why : The warn message which is created by wss4j has nothing to do with the existing problem ?
We get this message in the log when we use WS-SECURITTY and camel-cxf with dataFormat=MESSAGE qtp370155726-26 DEBUG [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor] - WSS4JInInterceptor: enter handleMessage() qtp370155726-26 WARN [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor] - Security processing failed (actions mismatch) qtp370155726-26 WARN [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor] - org.apache.ws.security.WSSecurityException: An error was discovered processing the <wsse:Security> header at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4JInInterceptor.java:383) This message means that action provided for the interceptor (and in fact for Apache WSS4J) "UsernameToken Timestamp" in my case were not correct ... This is ABSOLUTELY false and can be verified in debug mode where it appears that the actions have been checked. In WSS4JInterceptor class , there is a missing control because when it detects that this object is null --> Element elem = WSSecurityUtil.getSecurityHeader(doc.getSOAPPart(), actor) then no ERROR message is created. So it continues to process the handle message till it reach this control generating the warning message because wsResult is also empty http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf/cxf-rt-ws-security/2.2.9/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java#WSS4JInInterceptor.checkActions%28org.apache.cxf.binding.soap.SoapMessage%2Corg.apache.cxf.ws.security.wss4j.RequestData%2Cjava.util.Vector%2Cjava.util.Vector%29 I will raise a ticket regarding to what I describe here to improve CXF. On Thu, Jan 10, 2013 at 8:43 AM, Willem jiang <willem.ji...@gmail.com>wrote: > In the MESSAGE data format, camel-cxf will not let the interceptor which > can build the SOAP message from the input stream to be called. > So the WSS4JInInterceptor will not work any more. > I think that is why CXF_MESSAGE is introduced, I will dig the code to see > if I see the whole picture of it. > > > -- > Willem Jiang > > Red Hat, Inc. > FuseSource is now part of Red Hat > Web: http://www.fusesource.com | http://www.redhat.com > Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/) > (English) > http://jnn.iteye.com (http://jnn.javaeye.com/) (Chinese) > Twitter: willemjiang > Weibo: 姜宁willem > > > > > > On Thursday, January 10, 2013 at 7:00 AM, Charles Moulliard wrote: > > > Find the issue. When we setup camel-cxf endpoint using as > > DataFormat=MESSAGE, SOAP securityHeaders are removed. > > > > > > On Wed, Jan 9, 2013 at 5:30 PM, Charles Moulliard <ch0...@gmail.com(mailto: > ch0...@gmail.com)> wrote: > > > > > Hi, > > > > > > When I try to authenticate an HTTP request using WS-Security with > > > camel-cxf & wss4j interceptor, I get the following error : > > > > > > org.apache.camel.spring.Main.main() INFO > > > [org.apache.camel.spring.SpringCamelContext] - Total 1 routes, of > which 1 > > > is started. > > > org.apache.camel.spring.Main.main() INFO > > > [org.apache.camel.spring.SpringCamelContext] - Apache Camel 2.10.0 > > > (CamelContext: camel-1) started in 0.993 seconds > > > qtp370155726-26 INFO > > > > [org.apache.cxf.services.CustomerServiceService.CustomerServicePort.CustomerService] > > > - Inbound Message > > > ---------------------------- > > > ID: 1 > > > Address: http://127.0.0.1:9090/training/WebService > > > Encoding: UTF-8 > > > Http-Method: POST > > > Content-Type: text/xml;charset=UTF-8 > > > Headers: {accept-encoding=[gzip,deflate], connection=[keep-alive], > > > Content-Length=[1590], content-type=[text/xml;charset=UTF-8], Host=[ > > > 127.0.0.1:9090], SOAPAction=[" > http://training.fusesource.com/saveCustomer";], > > > User-Agent=[Apache-HttpClient/4.1.1 (java 1.5)]} > > > Payload: <soapenv:Envelope xmlns:soapenv=" > > > http://schemas.xmlsoap.org/soap/envelope/"; xmlns:tra=" > > > http://training.fusesource.com/";> > > > <soapenv:Header> > > > <wsse:Security xmlns:wsse=" > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > > > " > > > soap:mustUnderstand="1"> > > > <wsse:UsernameToken xmlns:wsse=" > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > " > > > xmlns:wsu=" > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > > > wsu:Id="UsernameToken-1"> > > > <wsse:Username>charles</wsse:Username> > > > <wsse:Password Type=" > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest > > > ">TVzWGxNvhlixNVWol8poD9DHxl8=</wsse:Password> > > > <wsse:Nonce EncodingType=" > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary > > > ">WsMNSm/C4dzdPS3OhUi94Q==</wsse:Nonce> > > > <wsu:Created>2013-01-09T15:46:14.908Z</wsu:Created> > > > </wsse:UsernameToken> > > > </wsse:Security> > > > </soapenv:Header> > > > <soapenv:Body> > > > <tra:saveCustomer> > > > <customer> > > > <!--Optional:--> > > > <name>?</name> > > > <!--Zero or more repetitions:--> > > > <address>?</address> > > > <numOrders>?</numOrders> > > > <revenue>?</revenue> > > > <!--Optional:--> > > > <test>?</test> > > > <!--Optional:--> > > > <birthDate>?</birthDate> > > > <!--Optional:--> > > > <type>?</type> > > > </customer> > > > </tra:saveCustomer> > > > </soapenv:Body> > > > </soapenv:Envelope> > > > -------------------------------------- > > > qtp370155726-26 DEBUG > > > [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor] - > WSS4JInInterceptor: > > > enter handleMessage() > > > qtp370155726-26 WARN > [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor] > > > - Security processing failed (actions mismatch) > > > qtp370155726-26 WARN > [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor] > > > - > > > org.apache.ws.security.WSSecurityException: An error was discovered > > > processing the <wsse:Security> header > > > at > > > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4JInInterceptor.java:383) > > > at > > > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:333) > > > at > > > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97) > > > at > > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) > > > at > > > > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) > > > at > > > > org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:348) > > > at > > > > org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:312) > > > at > > > > org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:72) > > > at > > > > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:943) > > > at > > > > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:879) > > > at > > > > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117) > > > at > > > > org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:250) > > > at > > > > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110) > > > at org.eclipse.jetty.server.Server.handle(Server.java:349) > > > at > > > > org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:441) > > > at > > > > org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:936) > > > at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:801) > > > at > org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:224) > > > at > > > > org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:51) > > > at > > > > org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:586) > > > at > > > > org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:44) > > > at > > > > org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:598) > > > at > > > > org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:533) > > > at java.lang.Thread.run(Thread.java:722) > > > qtp370155726-26 WARN [org.apache.cxf.phase.PhaseInterceptorChain] - > > > Interceptor for { > http://training.fusesource.com/}CustomerServiceServicehas thrown > exception, unwinding now > > > org.apache.cxf.binding.soap.SoapFault: An error was discovered > processing > > > the <wsse:Security> header > > > at > > > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:804) > > > at > > > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:357) > > > at > > > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97) > > > at > > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) > > > at > > > > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) > > > at > > > > org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:348) > > > at > > > > org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:312) > > > at > > > > org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:72) > > > at > > > > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:943) > > > at > > > > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:879) > > > at > > > > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117) > > > at > > > > org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:250) > > > at > > > > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110) > > > at org.eclipse.jetty.server.Server.handle(Server.java:349) > > > at > > > > org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:441) > > > at > > > > org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:936) > > > at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:801) > > > at > org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:224) > > > at > > > > org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:51) > > > at > > > > org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:586) > > > at > > > > org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:44) > > > at > > > > org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:598) > > > at > > > > org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:533) > > > at java.lang.Thread.run(Thread.java:722) > > > Caused by: org.apache.ws.security.WSSecurityException: An error was > > > discovered processing the <wsse:Security> header > > > at > > > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4JInInterceptor.java:383) > > > at > > > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:333) > > > ... 22 more > > > > > > <cxf:cxfEndpoint id="WS" > > > address="http://localhost:9090/training/WebService"; > > > > > > serviceClass="com.fusesource.training.CustomerService"> > > > <cxf:outInterceptors> > > > <ref bean="loggingOutInterceptor"/> > > > </cxf:outInterceptors> > > > <cxf:inInterceptors> > > > <ref bean="loggingInInterceptor"/> > > > <ref bean="wss4jInInterceptor"/> > > > </cxf:inInterceptors> > > > </cxf:cxfEndpoint> > > > > > > <bean id="loggingOutInterceptor" > > > class="org.apache.cxf.interceptor.LoggingOutInterceptor"/> > > > <bean id="loggingInInterceptor" > > > class="org.apache.cxf.interceptor.LoggingInInterceptor"/> > > > > > > <bean id="wss4jInInterceptor" > > > class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> > > > <constructor-arg> > > > <map> > > > <entry key="action" value="UsernameToken"/> > > > <entry key="passwordType" value="PasswordDigest"/> > > > <entry key="passwordCallbackClass" > > > value="com.fusesource.training.camel.UTPasswordCallback"/> > > > </map> > > > </constructor-arg> > > > </bean> > > > > > > It seems that there is an action mismatch during processing of WSS4J. > > > Does anybody knows how to solve this issue which is perhaps a CXF or > > > WSS4J question? > > > > > > Regards, > > > > > > -- > > > Charles Moulliard > > > Apache Committer / Sr. Enterprise Architect (RedHat) > > > Twitter : @cmoulliard | Blog : http://cmoulliard.blogspot.com > > > > > > > > > > -- > > Charles Moulliard > > Apache Committer / Sr. Enterprise Architect (RedHat) > > Twitter : @cmoulliard | Blog : http://cmoulliard.blogspot.com > > > > -- Charles Moulliard Apache Committer / Sr. Enterprise Architect (RedHat) Twitter : @cmoulliard | Blog : http://cmoulliard.blogspot.com
