The incoming message is completely invalid. What is being used to produce that?
The security header in there should have a LOT more information in it include information about the EndryptedKey (that is then referenced in the body), the signature, etc... Dan On Wednesday, August 01, 2012 10:54:41 AM Alejandro wrote: > Hi, I'm using cxf 2.6.1 and wss4j 1.6.6, and I get this error when I've > invoke the webserives: [WSS4JInInterceptor] Security processing failed > (actions mismatch). > > I've google this error but I can't find a solution. > > This is may configuration: > <jaxws:inInterceptors> > <bean > class="org.apache.cxf.interceptor.LoggingInInterceptor" /> > <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> > <constructor-arg> > <map> > <entry key="action" > value="Timestamp Signature Encrypt"/> > <entry key="decryptionPropFile" > value="META-INF/wssecurity_in.properties"/> > <entry key="signaturePropFile" > value="META-INF/wssecurity_in.properties"/> > <entry > key="passwordCallbackRef"><ref > bean="passwordCallback"/></entry> > <entry > key="encryptionSymAlgorithm" > value="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> > <entry > key="encryptionKeyTransportAlgorithm" > value="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> > </map> > </constructor-arg> > </bean> > </jaxws:inInterceptors> > > <jaxws:outInterceptors> > <bean class="org.apache.cxf.interceptor.LoggingOutInterceptor" /> > <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"> > <constructor-arg> > <map> > <entry key="action" > value="Timestamp Signature Encrypt"/> > <entry key="timeToLive" > value="300" /> > <entry > key="passwordCallbackRef"><ref > bean="passwordCallback"/></entry> > <entry key="user" > value="#######" /> > <entry key="signaturePropFile" > value="META-INF/wssecurity_out.properties"/> > <entry > key="signatureKeyIdentifier" value="DirectReference" /> > <entry key="signatureParts" > value="{Content}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-w > ssecurity-utility-1.0.xsd}Timestamp;{Content}{http://schemas.xmlsoap.org/s > oap/envelope/}Body"/> <entry key="encryptionPropFile" > value="META-INF/wssecurity_out.properties"/> > <entry > key="encryptionSymAlgorithm" > value="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> > <entry > key="encryptionKeyTransportAlgorithm" > value="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> > <entry > key="encryptionKeyIdentifier" value="SKIKeyIdentifier" /> > <entry key="encryptionParts" > value="{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body"/> > <entry key="encryptionUser" value="useReqSigCert" /> <entry > key="enableSignatureConfirmation" value="false" /> > </map> > </constructor-arg> > </bean> > </jaxws:outInterceptors> > > And this is my in soap message: > > ---------------------------- > ID: 9 > Address: http://localhost:8080/biometria/BiometricService > Encoding: UTF-8 > Http-Method: POST > Content-Type: text/xml;charset=UTF-8 > Headers: {accept-encoding=[gzip,deflate], connection=[Keep-Alive], > Content-Length=[2661], content-type=[text/xml;charset=UTF-8], > host=[localhost:8080], SOAPAction=[""], > user-agent=[Apache-HttpClient/4.1.1 (java 1.5)]} > Payload: <soapenv:Envelope > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; > xmlns:ws="ws.biometria.com"> > <soapenv:Header><wsse:Security > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecu > rity-secext-1.0.xsd" > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecu > rity-utility-1.0.xsd"><wsu:Timestamp > wsu:Id="TS-12"><wsu:Created>2012-08-01T17:53:01.679Z</wsu:Created><wsu:Ex > pires>2012-08-01T18:03:01.679Z</wsu:Expires></wsu:Timestamp></wsse:Securit > y></soapenv:Header> <soapenv:Body><xenc:EncryptedData Id="ED-14" > Type="http://www.w3.org/2001/04/xmlenc#Content"; > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";><xenc:EncryptionMethod > Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><ds:KeyInfo > xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><wsse:SecurityTokenReference > wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-s > ecurity-1.1#EncryptedKey" > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec > urity-secext-1.0.xsd" > xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext- > 1.1.xsd"><wsse:Reference > URI="#EK-B2CC4E4A32165847EA134384358169220"/></wsse:SecurityTokenReferenc > e></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>UQ6tloLPInjzEL6eX6oeGdsC > Uj785To2oN8Nt5PRsEGXtz4MtDWhS2lGVV4f7ZY5GxEe/KcSWD3QJdJlyn9xiZk2Co1sk+aBX4 > PAxp7S1YdQbYZUUvMzcRh1iGrNZQXZN6l9rQfOIwFVxNIf6F+cmGyVTEOnaD1v6qe+UBdVXP42 > wbfp2jYelZ7DFEK7XJ4PzmVfTWQdpj6T2TV91P5KNc0DAK/GcomsWc0PiW9NtXcDx8hOtuBY0a > G/NWZCrLFWgAx/F8iBBQArRtf0dL8JY2dKAq9hdj85B6JC1j0KIQvZkfPKI3LNP3dvGsZnVpMz > iVsOb09r0Jf9JHvNccCioaz0fw6pT/8wIXg6r2aEr1/mHQbjidgomAC/o/cwtSl7fAhHxvJ+oT > UdGBqCA+Rf8FpaVgLH2fyc0GJKT9gp2sQQMx6y90ssKp6ZtX6b8aEd6xA1AUA7KGKmJkfYZqXU > nwBQxzjwnbxEwZzn1+pNLTEOQsp1eXqEHnbgKBLMbDdkXbv2iTZAYJIjDhCWO5LfCgJupX3uUl > cnwfmxdN5bamkXUyFyyHP9LCumju3EhnmKlZd8krDgmTPIlM3NJX8JTZq9dicpK50X49Wu/YMo > CDqU0BtINOoNPFbgzB9/62cKlFGjw5UIlYY+WIfhwl7A/bvPt0OY7N+iN5nkW8L9vLscSSkvdo > heXJfaY7GVq43iQkksTZZSMonjVRcwjuI0KFTA8yiC4zPOfr7Wimu85dm377gU1HbyjhR/rLPe > vAPWZflpmnPstIQkNQ86bqxx6h4OIIdkDWtiGiNC+KnDx2lQmZucz6btDt5Mr8uegwc8V9OdRT > kO0PzzgvQUZ6fEaszx5G/bczPw4kh1TP+wgFYyLDlq600AKY2YDU7vLI17NUS6nmWX2pCiUUKy > 6GCAxGSWCDfAcNnzRhyJ1+OcLtXMnytjnG2ZIz/VwBU/2WQUgQsrcgkhlpqQWfZgcaOLwDIVyq > uUg6kUMculEozdKH3k5Po4VWlzRI5frJM1iWkZLTr9K24Af9nF6run8XC8ZPseddZVtEgFrEbj > kV5qJDAwKEzZTrsermBhIbO67DdxfLqIwFy1OgxsybMc7Yy+Ahz1zt3eqh6a0rYozHzIbErhIm > mKURY9MorICoRLk2gTkAbpBQwpPkCq+QtzqwhI4cdMDKGyZhXIZVIxR94EJYryxIfN2t3NV4IO > USiWLvT41yRMNPgr1BViPpagkImDoE5OvJcOmOgSgoBM8X94Xfy0vQNvIAQUf+i/ORTb+c0syI > oXxwv6/WDNh6YP0RUdMhcni4LbgU5A/AqY8i61oFs=</xenc:CipherValue></xenc:Cipher > Data></xenc:EncryptedData></soapenv:Body> </soapenv:Envelope> > -------------------------------------- > > Where is the problem? > > Regards > Alejandro > > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/WS-Security-Problem-WSS4JInInterceptor-Se > curity-processing-failed-actions-mismatch-tp5711868.html Sent from the > cxf-user mailing list archive at Nabble.com. -- Daniel Kulp [email protected] - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com
