JAVA - CXF WS-security "A security error was encountered when verifying the message"
You have inProps.put("action", "UsernameToken Timestamp");
but no Timestamp in your security header. Either remove "Timestamp" from your actions or add the matching security header.
EDIT
The message is quite clear "Security processing failed (actions mismatch)" So looking at your request reveals another mistake: It should be wsse:UsernameToken
instead of wsse:Usernametoken
as of the official spec.
BrK
Updated on July 09, 2022Comments
-
BrK almost 2 years
Sorry for this question, it can appear recurrent by I'm completely blocked. I'm trying to implement a Web Service Server on top of CXF framework. Jax-ws is very helpful to handle a web service, it's easy to implement it. But, the problem come when you want to introduce security.
To handle security in implement the following source code :
EndpointImpl jaxWsEndpoint = (EndpointImpl) Endpoint.publish(endPointAddress, httpWebService); inProps.put("action", "UsernameToken Timestamp"); inProps.put("passwordType", "PasswordText"); inProps.put("passwordCallbackClass", "com.company.webService.PasswordListener"); jaxWsEndpoint.getInInterceptors().add(new WSS4JInInterceptor(inProps));
I push to this Web Service the following SOAP request :
... <soapenv:Header> <wsse:Security soapenv:mustunderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:Usernametoken wsu:id="UsernameToken-27777511" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsse:Username>admin</wsse:Username> <wsse:Password type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pass</wsse:Password> </wsse:Usernametoken> </wsse:Security> </soapenv:Header> ...
The CXF framework received my request try to handle the security part and throw me the following exception:
Jun 08, 2016 10:48:24 AM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor checkActions WARNING: Security processing failed (actions mismatch) Jun 08, 2016 10:48:24 AM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging WARNING: Interceptor for {http://httpAbstractHandlerImplementation.webService.company.co /}HttpWebServiceService has thrown exception, unwinding now org.apache.cxf.binding.soap.SoapFault: A security error was encountered when verifying the message at org.apache.cxf.ws.security.wss4j.WSS4JUtils.createSoapFault(WSS4JUtils.java:218) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:316)
If somebody have an idea where i have done an error.
Thanks