According to spec, the "Username" and "Password" child elements of "UsernameToken" are NOT supposed to be qualified. The message you put here has them qualified.
I think there is a setting in the WSConfig object to allow accepting the out of spec name/passwords, I'm just not sure how that would be used with the WSS4JInInterceptor. I added some code last week to allow configuring in a specific WSConfig object relatively easily, but that's not available in a release yet. Dan On Tue February 2 2010 6:22:08 pm huidong wrote: > i am running a .Net WCF client to call a service on linux host with CXF > framework. > > the inbound message looks like: > > Payload: <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"; > xmlns:a="http://www.w3.org/2005/08/addressing"; > xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity > -utility-1.0.xsd"> > > <s:Header><a:Action > s:mustUnderstand="1"/><a:MessageID>urn:uuid:7f809251-17cb-4319-9fd8-0488960 > 1e956</a:MessageID> > > <a:ReplyTo><a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Add > ress></a:ReplyTo> > > <a:To > s:mustUnderstand="1">https://sas/ws/saw/services/SawSelfServices</a:To> > > <o:Security s:mustUnderstand="1" > xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity > -secext-1.0.xsd"> > > <u:Timestamp > u:Id="_0"><u:Created>2010-02-02T22:10:48.955Z</u:Created><u:Expires>2010-02 > -02T22:15:48.955Z</u:Expires></u:Timestamp> > > <o:UsernameToken u:Id="uuid-17aef8db-845a-4b9c-bceb-f8cde31933b6-1 > <o:Username>wstest</o:Username> > <o:Password > o:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-to > ken-profile-1.0#PasswordText">*****</o:Password> </o:UsernameToken> > > </o:Security> > </s:Header> > <s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xmlns:xsd="http://www.w3.org/2001/XMLSchema";>****</s:Body> > </s:Envelope> > > I received a error message: > > [14:10:53.081] {http--81-5$573121065} > org.apache.ws.security.WSSecurityException: An invalid security token was > provided (Bad UsernameToken Values) > [14:10:53.081] {http--81-5$573121065} at > org.apache.ws.security.message.token.UsernameToken.<init>(UsernameToken.jav > a:179) [14:10:53.081] {http--81-5$573121065} at > org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken > (UsernameTokenProcessor.java:91) [14:10:53.081] {http--81-5$573121065} at > org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(Usernam > eTokenProcessor.java:56) [14:10:53.081] {http--81-5$573121065} at > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEng > ine.java:326) [14:10:53.081] {http--81-5$573121065} at > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEng > ine.java:243) [14:10:53.081] {http--81-5$573121065} at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInIn > terceptor.java:199) [14:10:53.081] {http--81-5$573121065} at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInIn > terceptor.java:78) [14:10:53.081] {http--81-5$573121065} at > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai > n.java:243) [14:10:53.081] {http--81-5$573121065} at > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationO > bserver.java:109) [14:10:53.081] {http--81-5$573121065} at > org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestinati > on.java:98) [14:10:53.081] {http--81-5$573121065} at > org.apache.cxf.transport.servlet.ServletController.invokeDestination(Servle > tController.java:406) [14:10:53.081] {http--81-5$573121065} at > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController > .java:178) [14:10:53.081] {http--81-5$573121065} at > org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServl > et.java:142) [14:10:53.081] {http--81-5$573121065} at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(Abstract > HTTPServlet.java:179) [14:10:53.081] {http--81-5$573121065} at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPSer > vlet.java:103) [14:10:53.081] {http--81-5$573121065} at > javax.servlet.http.HttpServlet.service(HttpServlet.java:153) > [14:10:53.081] {http--81-5$573121065} at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPSe > rvlet.java:159) [14:10:53.081] {http--81-5$573121065} at > com.caucho.server.dispatch.ServletFilterChain.doFilter(ServletFilterChain.j > ava:103) [14:10:53.081] {http--81-5$573121065} at > com.caucho.server.security.SecurityFilterChain.doFilter(SecurityFilterChain > .java:134) [14:10:53.081] {http--81-5$573121065} at > com.caucho.server.webapp.WebAppFilterChain.doFilter(WebAppFilterChain.java: > 187) [14:10:53.081] {http--81-5$573121065} at > com.caucho.server.dispatch.ServletInvocation.service(ServletInvocation.java > :265) [14:10:53.081] {http--81-5$573121065} at > com.caucho.server.http.HttpRequest.handleRequest(HttpRequest.java:273) > [14:10:53.081] {http--81-5$573121065} at > com.caucho.server.port.TcpConnection.run(TcpConnection.java:682) > [14:10:53.081] {http--81-5$573121065} at > com.caucho.util.ThreadPool$Item.runTasks(ThreadPool.java:743) > > > what was wrong?? i cannot see anything invalid. and a java client just runs > fine. any help will be greatly appreciated! > -- Daniel Kulp [email protected] http://www.dankulp.com/blog
