I googled more, and found this link: http://marc.info/?l=wss4j-dev&m=124386256631302&w=2
it seems it is a on-going issue for a while. Microsoft messed it up. however, how to get around it? interop is so frustrating. huidong wrote: > > i am running a .Net WCF client to call a service on linux host with CXF > 2.2.6 framework. > > the inbound message looks like: > > Payload: <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"; > xmlns:a="http://www.w3.org/2005/08/addressing"; > xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> > > <s:Header><a:Action > s:mustUnderstand="1"/><a:MessageID>urn:uuid:7f809251-17cb-4319-9fd8-04889601e956</a:MessageID> > > <a:ReplyTo><a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address></a:ReplyTo> > > <a:To > s:mustUnderstand="1">https://sas/ws/saw/services/SawSelfServices</a:To> > > <o:Security s:mustUnderstand="1" > xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";> > > <u:Timestamp > u:Id="_0"><u:Created>2010-02-02T22:10:48.955Z</u:Created><u:Expires>2010-02-02T22:15:48.955Z</u:Expires></u:Timestamp> > > <o:UsernameToken u:Id="uuid-17aef8db-845a-4b9c-bceb-f8cde31933b6-1 > <o:Username>wstest</o:Username> > <o:Password > o:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>*****</o:Password> > </o:UsernameToken> > > </o:Security> > </s:Header> > <s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xmlns:xsd="http://www.w3.org/2001/XMLSchema";>****</s:Body> > </s:Envelope> > > I received a error message: > > [14:10:53.081] {http--81-5$573121065} > org.apache.ws.security.WSSecurityException: An invalid security token was > provided (Bad UsernameToken Values) > [14:10:53.081] {http--81-5$573121065} at > org.apache.ws.security.message.token.UsernameToken.<init>(UsernameToken.java:179) > [14:10:53.081] {http--81-5$573121065} at > org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:91) > [14:10:53.081] {http--81-5$573121065} at > org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:56) > [14:10:53.081] {http--81-5$573121065} at > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:326) > [14:10:53.081] {http--81-5$573121065} at > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:243) > [14:10:53.081] {http--81-5$573121065} at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:199) > [14:10:53.081] {http--81-5$573121065} at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:78) > [14:10:53.081] {http--81-5$573121065} at > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243) > [14:10:53.081] {http--81-5$573121065} at > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:109) > [14:10:53.081] {http--81-5$573121065} at > org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:98) > [14:10:53.081] {http--81-5$573121065} at > org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:406) > [14:10:53.081] {http--81-5$573121065} at > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:178) > [14:10:53.081] {http--81-5$573121065} at > org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:142) > [14:10:53.081] {http--81-5$573121065} at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:179) > [14:10:53.081] {http--81-5$573121065} at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:103) > [14:10:53.081] {http--81-5$573121065} at > javax.servlet.http.HttpServlet.service(HttpServlet.java:153) > [14:10:53.081] {http--81-5$573121065} at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:159) > [14:10:53.081] {http--81-5$573121065} at > com.caucho.server.dispatch.ServletFilterChain.doFilter(ServletFilterChain.java:103) > [14:10:53.081] {http--81-5$573121065} at > com.caucho.server.security.SecurityFilterChain.doFilter(SecurityFilterChain.java:134) > [14:10:53.081] {http--81-5$573121065} at > com.caucho.server.webapp.WebAppFilterChain.doFilter(WebAppFilterChain.java:187) > [14:10:53.081] {http--81-5$573121065} at > com.caucho.server.dispatch.ServletInvocation.service(ServletInvocation.java:265) > [14:10:53.081] {http--81-5$573121065} at > com.caucho.server.http.HttpRequest.handleRequest(HttpRequest.java:273) > [14:10:53.081] {http--81-5$573121065} at > com.caucho.server.port.TcpConnection.run(TcpConnection.java:682) > [14:10:53.081] {http--81-5$573121065} at > com.caucho.util.ThreadPool$Item.runTasks(ThreadPool.java:743) > > > what was wrong?? i cannot see anything invalid. i am using WSHttpBinding > to connect to CXF services. and a java client just runs fine. any help > will be greatly appreciated! > > -- View this message in context: http://old.nabble.com/An-invalid-security-token-was-provided-%28Bad-UsernameToken-Values%29-tp27429163p27444367.html Sent from the cxf-user mailing list archive at Nabble.com.
