[xfire-user] Request does not contain required Security header

[Nayan Hajratwala]

I'm trying to get WS-Security working, but i keep getting the  
following stacktrace:

SEVERE: WSS4JInHandler: Request does not contain required Security header
Nov 20, 2007 1:32:26 PM org.codehaus.xfire.handler.DefaultFaultHandler invoke
INFO: Fault occurred!
org.codehaus.xfire.fault.XFireFault: WSS4JInHandler: Request does not  
contain required Security header
        at  
org.codehaus.xfire.security.wss4j.WSS4JInHandler.invoke(WSS4JInHandler.java:163)
        at  
org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
        at  
org.codehaus.xfire.transport.DefaultEndpoint.onReceive(DefaultEndpoint.java:64)
        at  
org.codehaus.xfire.transport.AbstractChannel.receive(AbstractChannel.java:38)
        at  
org.codehaus.xfire.transport.http.XFireServletController.invoke(XFireServletController.java:304)
        at  
org.codehaus.xfire.transport.http.XFireServletController.doService(XFireServletController.java:129)
        at  
org.codehaus.xfire.transport.http.XFireServlet.doPost(XFireServlet.java:116)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
        at  
com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:834)
        at  
com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:340)
        at  
com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:830)
        at  
com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:285)
        at  
com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:126)
        at  
com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:192)
        at java.lang.Thread.run(Thread.java:534)

=======================

The request coming in to the server is (note that I copied this  
message example from http://www.w3.org/TR/SOAP-dsig/#hes:

-----
POST /caps2/services/AggregatorService?invoke HTTP/1.1
SOAPAction: ""
User-Agent: Jakarta Commons-HttpClient/3.1
Host: localhost:7000
Content-Length: 1443
Content-Type: text/xml; charset=UTF-8

<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope
  xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";>
  <SOAP-ENV:Header>
    <SOAP-SEC:Signature
      xmlns:SOAP-SEC="http://schemas.xmlsoap.org/soap/security/2000-12";
      SOAP-ENV:actor="some-URI"
      SOAP-ENV:mustUnderstand="1">
      <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
        <ds:SignedInfo>
          <ds:CanonicalizationMethod
            Algorithm="http://www.w3.org/TR/2000/CR-xml-c14n-20001026";>
          </ds:CanonicalizationMethod>
          <ds:SignatureMethod  
Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
          <ds:Reference URI="#Body">
            <ds:Transforms>
              <ds:Transform  
Algorithm="http://www.w3.org/TR/2000/CR-xml-c14n-20001026"/>
            </ds:Transforms>
            <ds:DigestMethod  
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>j6lwx3rvEPO0vKtMup4NbeVu8nk=</ds:DigestValue>
          </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>MC0CFFrVLtRlk=...</ds:SignatureValue>
      </ds:Signature>
    </SOAP-SEC:Signature>
  </SOAP-ENV:Header>
  <SOAP-ENV:Body
    xmlns:SOAP-SEC="http://schemas.xmlsoap.org/soap/security/2000-12";
    SOAP-SEC:id="Body">
    <m:GetLastTradePrice xmlns:m="some-URI">
      <m:symbol>IBM</m:symbol>
    </m:GetLastTradePrice>
  </SOAP-ENV:Body>
</SOAP-ENV:Envelope>
-----------

My server config is:

-----------
	<bean name="aggregator-webservice"  
class="org.codehaus.xfire.spring.ServiceBean">
                <property name="serviceBean" ref="aggregatorService" />
		<property name="serviceClass"  
value="com.ca.caps.aggregator.service.AggregatorService" />
                <property name="serviceFactory" ref="xfire.messageServiceFactory" 
/>
                <property name="style" value="message" />
                <property name="use" value="literal" />
                <property name="inHandlers">
                        <list>
                                <ref bean="domInHandler" />
                                <ref bean="wss4jInHandler" />
                        </list>
                </property>
        </bean>

        <bean id="domInHandler"    
class="org.codehaus.xfire.util.dom.DOMInHandler" />

	<bean id="wss4jInHandler"  
class="org.codehaus.xfire.security.wss4j.WSS4JInHandler">
                <property name="properties">
                        <props>
                                <prop key="action">Signature</prop>
                                <prop 
key="signaturePropFile">xfire/insecurity_sign.properties</prop>
                        </props>
                </property>
        </bean>
-----------

The only thing I seem to be missing from the examples is:

          <prop  
key="passwordCallbackClass">org.codehaus.xfire.demo.PasswordHandler</prop>

but i'm not sure what should go in there anyway...


Thoughts?



---------------------------------------------------------------------
To unsubscribe from this list please visit:

   http://xircles.codehaus.org/manage_email