varun singhal created CXF-7902: ---------------------------------- Summary: Migrating to CXF 3.2.7 -> How to solve the password related security error during SOAP RQ processing ? Key: CXF-7902 URL: https://issues.apache.org/jira/browse/CXF-7902 Project: CXF Issue Type: Bug Affects Versions: 3.2.7 Reporter: varun singhal
Hello ALL, Greetings ! We are trying to migrate a webservice from CXF 2.2.2 to CXF 3.2.7 Post migration all my previous HTTP SOAP requests that were fired by the client against the web service are failing 🙁 *SOAP RQ :* {{<SOAP-ENV:Header> <wsse:Security SOAP-ENV:mustUnderstand="1"> <wsse:UsernameToken wsu:Id=""> <wsse:Username>sampleUser</wsse:Username> <wsse:Password>12345</wsse:Password> <wsse:PartnerID>samplePartner</wsse:PartnerID></wsse:UsernameToken></wsse:Security> <wsa:To>http://localhost:8080/sampleWs</wsa:To> <wsa:Action>http://localhost:8080/sampleWs/sampleAction</wsa:Action> <wsa:From> <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address></wsa:From></SOAP-ENV:Header>}} The SOAP rq fails with the following exception : *"Any PASSWORD MUST specify a Type attribute"* {{Caused by: org.apache.wss4j.common.ext.WSSecurityException: BSP:R4201: Any PASSWORD MUST specify a Type attribute at org.apache.wss4j.common.bsp.BSPEnforcer.handleBSPRule(BSPEnforcer.java:57) [wss4j-ws-security-common-2.2.2.jar:2.2.2]}} Now when i see [OASIS ws security specs|http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd], i dont find "TYPE" bieng mandatory, can you guys please advise if there is a way through which we can prevent CXF from dropping the above request ? I have also posted a SO question on the same : [https://stackoverflow.com/questions/53338727/migrating-to-cxf-3-2-7-how-to-solve-the-password-related-security-error-durin] Many thanks for helping me out ! -- This message was sent by Atlassian JIRA (v7.6.3#76005)