varun singhal created CXF-7902:
----------------------------------
Summary: Migrating to CXF 3.2.7 -> How to solve the password
related security error during SOAP RQ processing ?
Key: CXF-7902
URL: https://issues.apache.org/jira/browse/CXF-7902
Project: CXF
Issue Type: Bug
Affects Versions: 3.2.7
Reporter: varun singhal
Hello ALL,
Greetings !
We are trying to migrate a webservice from CXF 2.2.2 to CXF 3.2.7
Post migration all my previous HTTP SOAP requests that were fired by the client
against the web service are failing 🙁
*SOAP RQ :*
{{<SOAP-ENV:Header> <wsse:Security SOAP-ENV:mustUnderstand="1">
<wsse:UsernameToken wsu:Id=""> <wsse:Username>sampleUser</wsse:Username>
<wsse:Password>12345</wsse:Password>
<wsse:PartnerID>samplePartner</wsse:PartnerID></wsse:UsernameToken></wsse:Security>
<wsa:To>http://localhost:8080/sampleWs</wsa:To>
<wsa:Action>http://localhost:8080/sampleWs/sampleAction</wsa:Action> <wsa:From>
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address></wsa:From></SOAP-ENV:Header>}}
The SOAP rq fails with the following exception : *"Any PASSWORD MUST specify a
Type attribute"*
{{Caused by: org.apache.wss4j.common.ext.WSSecurityException: BSP:R4201: Any
PASSWORD MUST specify a Type attribute at
org.apache.wss4j.common.bsp.BSPEnforcer.handleBSPRule(BSPEnforcer.java:57)
[wss4j-ws-security-common-2.2.2.jar:2.2.2]}}
Now when i see [OASIS ws security
specs|http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd],
i dont find "TYPE" bieng mandatory, can you guys please advise if there is a
way through which we can prevent CXF from dropping the above request ?
I have also posted a SO question on the same :
[https://stackoverflow.com/questions/53338727/migrating-to-cxf-3-2-7-how-to-solve-the-password-related-security-error-durin]
Many thanks for helping me out !
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
