You may be running into the fixes needed for: https://issues.apache.org/jira/browse/CXF-2150
According to the code at that line number, your passwordType on the server is set to "PasswordDigest", but you are sending a Text. We now make sure that isn't allowed as the passwords actually verified with that combination in WSS4J. Definitely check to make sure your passwordType is PasswordText if you want a text password. Dan On Tue January 26 2010 4:37:53 pm Yognhe wrote: > Hi, > > After upgrading cxf from 2.2.5 to 2.2.6, wss4j authentication failed. > Switching back to 2.2.5, everything is okey. Seems that there is bug in > 2.2.6. My version of wss4j is 1.5.8, passwordType is PasswordText and it is > sent over http (actually hashed password is sent by cleartext). > > Cxf prints the following exception: > > Jan 26, 2010 3:18:25 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor > handleMessage > WARNING: > org.apache.ws.security.WSSecurityException: An error was discovered > processing the <wsse:Security> header > at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.doResults(WSS4JInInterc > eptor.java:367) at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInIn > terceptor.java:293) at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInIn > terceptor.java:78) at > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai > n.java:243) at > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationO > bserver.java:109) at > org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestinati > on.java:98) at > org.apache.cxf.transport.servlet.ServletController.invokeDestination(Servle > tController.java:406) at > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController > .java:178) at > org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServl > et.java:142) at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(Abstract > HTTPServlet.java:179) at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPSer > vlet.java:103) at > javax.servlet.http.HttpServlet.service(HttpServlet.java:710) > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPSe > rvlet.java:159) at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applicatio > nFilterChain.java:290) at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterC > hain.java:206) at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.j > ava:230) at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.j > ava:175) at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:12 > 8) at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:10 > 4) at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.jav > a:109) at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261) > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) > at > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Htt > p11Protocol.java:581) at > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at > java.lang.Thread.run(Thread.java:619) > -- Daniel Kulp [email protected] http://www.dankulp.com/blog
