Hi everyone, I just realized that I mistakenly put down the wrong outinterceptor to the outfault. My bad. The exception is properly encrypted and signed after I configured it properly.
Thanks, Billy -----Original Message----- From: Wu, Billy [mailto:[EMAIL PROTECTED] Sent: Monday, September 08, 2008 2:20 PM To: Daniel Kulp; [email protected] Subject: RE: Encrypting/Signing the Server Exception Thanks Dan for your reply. I just added the wss4joutinterceptor to the outfault chain, and I can see the body gets encrypted and signed. However, on the client side, I am now getting the below error even after I added wss4jininterceptor to my infaultinterceptors. The "Unexpected EOF in prolog" error seems like the fault message is not getting encrypted or decrypted properly. But I have the same set up for the regular in/out interceptors. If the non-fault message works, shouldn't the fault message work as well? Do I have to get the 2nd thing (below) to make this work? Thanks, Billy Sep 8, 2008 2:04:43 PM org.apache.cxf.phase.PhaseInterceptorChain doIntercept INFO: Interceptor has thrown exception, unwinding now org.apache.cxf.binding.soap.SoapFault: Error reading XMLStreamReader. at org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor.handleMes sage(ReadHeadersInterceptor.java:183) at org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor.handleMes sage(ReadHeadersInterceptor.java:54) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC hain.java:221) at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:449) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResp onse(HTTPConduit.java:1996) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTP Conduit.java:1832) at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66) at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:591) at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingI nterceptor.handleMessage(MessageSenderInterceptor.java:62) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC hain.java:221) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:296) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:242) at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:178) at $Proxy47.listConfigObjects(Unknown Source) at com.sterlingcommerce.sspgui.ws.client.ScmClient.testListing(ScmClient.ja va:188) at com.sterlingcommerce.sspgui.ws.client.ScmClient.main(ScmClient.java:133) Caused by: com.ctc.wstx.exc.WstxEOFException: Unexpected EOF in prolog at [row,col {unknown-source}]: [1,0] at com.ctc.wstx.sr.StreamScanner.throwUnexpectedEOF(StreamScanner.java:661) at com.ctc.wstx.sr.BasicStreamReader.handleEOF(BasicStreamReader.java:2134) at com.ctc.wstx.sr.BasicStreamReader.nextFromProlog(BasicStreamReader.java: 2040) at com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1069) at com.ctc.wstx.sr.BasicStreamReader.nextTag(BasicStreamReader.java:1095) at org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor.handleMes sage(ReadHeadersInterceptor.java:83) ... 16 more javax.xml.ws.soap.SOAPFaultException: Error reading XMLStreamReader. at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:199) at $Proxy47.listConfigObjects(Unknown Source) at com.sterlingcommerce.sspgui.ws.client.ScmClient.testListing(ScmClient.ja va:188) at com.sterlingcommerce.sspgui.ws.client.ScmClient.main(ScmClient.java:133) Caused by: org.apache.cxf.binding.soap.SoapFault: Error reading XMLStreamReader. at org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor.handleMes sage(ReadHeadersInterceptor.java:183) at org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor.handleMes sage(ReadHeadersInterceptor.java:54) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC hain.java:221) at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:449) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResp onse(HTTPConduit.java:1996) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTP Conduit.java:1832) at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66) at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:591) at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingI nterceptor.handleMessage(MessageSenderInterceptor.java:62) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC hain.java:221) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:296) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:242) at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:178) ... 3 more Caused by: com.ctc.wstx.exc.WstxEOFException: Unexpected EOF in prolog at [row,col {unknown-source}]: [1,0] at com.ctc.wstx.sr.StreamScanner.throwUnexpectedEOF(StreamScanner.java:661) at com.ctc.wstx.sr.BasicStreamReader.handleEOF(BasicStreamReader.java:2134) at com.ctc.wstx.sr.BasicStreamReader.nextFromProlog(BasicStreamReader.java: 2040) at com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1069) at com.ctc.wstx.sr.BasicStreamReader.nextTag(BasicStreamReader.java:1095) at org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor.handleMes sage(ReadHeadersInterceptor.java:83) ... 16 more -----Original Message----- From: Daniel Kulp [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2008 12:52 PM To: [email protected] Cc: Wu, Billy Subject: Re: Encrypting/Signing the Server Exception Two things: 1) Add the wss4joutinterceptor to the outfault chain as well to get the faults signed. 2) I just committed a change to the WSS4JInInterceptor to allow the on the wire fault to propogate if the security checks fail. Thus, the client would get the real fault message and not the security one. Dan On Thursday 04 September 2008 3:23:39 pm Wu, Billy wrote: > Hi, > > > > We are developing a web service using CXF 2.1.1, and we are > encrypting/signing all the inbound/outbound messages using WSS4J. > Everything works fine until when there is an exception. When an > exception is thrown from a web service, it bypasses all the > encryption/signing, and return a soap fault back to the client in clear > text. Here is an example, > > > > <soap:Envelope > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:Body><soap: > Fault><faultcode>soap:Server</faultcode><faultstring>VALD001E Missing > required field [name]. VALD001E Missing required field [name]. > </faultstring><detail><ns1:ValidationException > xmlns:ns1="http://service.ws.sspgui.sterlingcommerce.com/"; > /></detail></soap:Fault></soap:Body></soap:Envelope> > > > > However, since the client is expecting the message to be encrypted and > signed, the client will get the following without the original soap > fault message, > > > > Caused by: org.apache.ws.security.WSSecurityException: An error was > discovered processing the <wsse:Security> header > > at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JI > nInterceptor.java:168) > > > > What we really want to do is for the client to catch the exception, so > it can be handled appropriately. Does anyone know a good solution to > this issue? > > > > Thanks, > > > > Billy -- Daniel Kulp [EMAIL PROTECTED] http://www.dankulp.com/blog
