While trying to make a CXF 2.4.0 service inter-operate with a WCF/.NET
3.5 client, I got this error:
WARNING: Interceptor for {http://wstest4.visionsolutions.com/}MySvc
has thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: An invalid security token was
provided (Bad TokenType "")
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:645)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:307)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:84)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:118)
at
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:208)
at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:223)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:205)
at
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:113)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:184)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:107)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:163)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:662)
Caused by: org.apache.ws.security.WSSecurityException: An invalid
security token was provided (Bad TokenType "")
at
org.apache.ws.security.str.BSPEnforcer.checkEncryptedKeyBSPCompliance(BSPEnforcer.java:115)
at
org.apache.ws.security.str.DerivedKeyTokenSTRParser.parseSecurityTokenReference(DerivedKeyTokenSTRParser.java:109)
at
org.apache.ws.security.processor.DerivedKeyTokenProcessor.handleToken(DerivedKeyTokenProcessor.java:53)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:248)
... 23 more
My reading of the code around the error is just CXF being pedantic.
Perhaps there is something I can configure on the .NET side to make it
more conformant to BSP?
Here is the current WCF configuration:
static void Init_WSHttp_Message_UsernameAuth_Darrin6()
{
_binding = new WSHttpBinding();
((WSHttpBinding)_binding).Security.Mode = SecurityMode.Message;
((WSHttpBinding)_binding).Security.Message.AlgorithmSuite =
SecurityAlgorithmSuite.Basic128;
((WSHttpBinding)_binding).Security.Message.ClientCredentialType
= MessageCredentialType.UserName;
((WSHttpBinding)_binding).Security.Message.NegotiateServiceCredential
= false;
((WSHttpBinding)_binding).Security.Message.EstablishSecurityContext
= false;
EndpointIdentity identity =
EndpointIdentity.CreateDnsIdentity("darrint-key");
EndpointAddress epa = new EndpointAddress(new
Uri("http://blah/wstest4/services/DoXLMath";), identity);
_channelFactory = new ChannelFactory<IMySvc>(_binding, epa);
_channelFactory.Credentials.UserName.UserName = "blah";
_channelFactory.Credentials.UserName.Password = "blah";
_channelFactory.Credentials.ServiceCertificate.SetDefaultCertificate(
StoreLocation.LocalMachine,
StoreName.My,
X509FindType.FindBySubjectName,
"blah");
}
--
Darrin
