Hi Christian, We have the doc here [1] about the ws-security configuration.
And I spoke too fast, missing SAAJInInterceptor isn't the reason, I rechecked the code, now WSS4JInInterceptor can pull in SAAJInInterceptor automatically. Most likely it's a camel-cxf specific issue [1]http://cxf.apache.org/docs/ws-security.html ------------- Freeman(Yue) Fang Red Hat, Inc. FuseSource is now part of Red Hat Web: http://fusesource.com | http://www.redhat.com/ Twitter: freemanfang Blog: http://freemanfang.blogspot.com http://blog.sina.com.cn/u/1473905042 weibo: @Freeman小屋 On 2013-1-10, at 下午3:12, Christian Müller wrote: > Is this documented somewhere? > > Best, > Christian > Am 10.01.2013 06:14 schrieb "Freeman Fang" <freeman.f...@gmail.com>: > >> Hi Charles, >> >> Please also add org.apache.cxf.binding.soap.saaj.SAAJInInterceptor >> for <cxf:inInterceptors> >> ------------- >> Freeman(Yue) Fang >> >> Red Hat, Inc. >> FuseSource is now part of Red Hat >> Web: http://fusesource.com | http://www.redhat.com/ >> Twitter: freemanfang >> Blog: http://freemanfang.blogspot.com >> http://blog.sina.com.cn/u/1473905042 >> weibo: @Freeman小屋 >> >> On 2013-1-10, at 上午3:30, Charles Moulliard wrote: >> >>> Hi, >>> >>> When I try to authenticate an HTTP request using WS-Security with >> camel-cxf >>> & wss4j interceptor, I get the following error : >>> >>> qtp370155726-26 DEBUG >> [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor] >>> - WSS4JInInterceptor: enter handleMessage() >>> qtp370155726-26 WARN >> [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor] >>> - Security processing failed (actions mismatch) >>> qtp370155726-26 WARN >> [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor] >>> - >>> org.apache.ws.security.WSSecurityException: An error was discovered >>> processing the <wsse:Security> header >>> at >>> >> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4JInInterceptor.java:383) >>> at >>> >> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:333) >>> at >>> >> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97) >>> at >>> >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) >>> at >>> >> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) >>> at >>> >> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:348) >>> at >>> >> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:312) >>> at >>> >> org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:72) >>> at >>> >> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:943) >>> at >>> >> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:879) >>> at >>> >> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117) >>> at >>> >> org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:250) >>> at >>> >> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110) >>> at org.eclipse.jetty.server.Server.handle(Server.java:349) >>> at >>> >> org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:441) >>> at >>> >> org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:936) >>> at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:801) >>> at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:224) >>> at >>> >> org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:51) >>> at >>> >> org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:586) >>> at >>> >> org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:44) >>> at >>> >> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:598) >>> at >>> >> org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:533) >>> at java.lang.Thread.run(Thread.java:722) >>> qtp370155726-26 WARN [org.apache.cxf.phase.PhaseInterceptorChain] - >>> Interceptor for {http://training.fusesource.com/}CustomerServiceServicehas >>> thrown exception, unwinding now >>> org.apache.cxf.binding.soap.SoapFault: An error was discovered processing >>> the <wsse:Security> header >>> at >>> >> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:804) >>> at >>> >> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:357) >>> at >>> >> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97) >>> at >>> >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) >>> at >>> >> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) >>> at >>> >> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:348) >>> at >>> >> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:312) >>> at >>> >> org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:72) >>> at >>> >> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:943) >>> at >>> >> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:879) >>> at >>> >> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117) >>> at >>> >> org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:250) >>> at >>> >> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110) >>> at org.eclipse.jetty.server.Server.handle(Server.java:349) >>> at >>> >> org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:441) >>> at >>> >> org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:936) >>> at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:801) >>> at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:224) >>> at >>> >> org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:51) >>> at >>> >> org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:586) >>> at >>> >> org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:44) >>> at >>> >> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:598) >>> at >>> >> org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:533) >>> at java.lang.Thread.run(Thread.java:722) >>> Caused by: org.apache.ws.security.WSSecurityException: An error was >>> discovered processing the <wsse:Security> header >>> at >>> >> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4JInInterceptor.java:383) >>> at >>> >> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:333) >>> ... 22 more >>> >>> even if SOAPEnvelopper message received by CXF contains SOAP Security >> Header >>> >>> ID: 1 >>> Address: http://127.0.0.1:9090/training/WebService >>> Encoding: UTF-8 >>> Http-Method: POST >>> Content-Type: text/xml;charset=UTF-8 >>> Headers: {accept-encoding=[gzip,deflate], connection=[keep-alive], >>> Content-Length=[1590], content-type=[text/xml;charset=UTF-8], Host=[ >>> 127.0.0.1:9090], SOAPAction=[" >> http://training.fusesource.com/saveCustomer";], >>> User-Agent=[Apache-HttpClient/4.1.1 (java 1.5)]} >>> Payload: <soapenv:Envelope xmlns:soapenv=" >>> http://schemas.xmlsoap.org/soap/envelope/"; xmlns:tra=" >>> http://training.fusesource.com/";> >>> <soapenv:Header> >>> <wsse:Security xmlns:wsse=" >>> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd >>> " >>> soap:mustUnderstand="1"> >>> <wsse:UsernameToken xmlns:wsse=" >>> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd >> " >>> xmlns:wsu=" >>> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >> " >>> wsu:Id="UsernameToken-1"> >>> <wsse:Username>charles</wsse:Username> >>> <wsse:Password Type=" >>> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest >>> ">TVzWGxNvhlixNVWol8poD9DHxl8=</wsse:Password> >>> <wsse:Nonce EncodingType=" >>> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary >>> ">WsMNSm/C4dzdPS3OhUi94Q==</wsse:Nonce> >>> <wsu:Created>2013-01-09T15:46:14.908Z</wsu:Created> >>> </wsse:UsernameToken> >>> </wsse:Security> >>> </soapenv:Header> >>> <soapenv:Body> >>> <tra:saveCustomer> >>> <customer> >>> <!--Optional:--> >>> <name>?</name> >>> <!--Zero or more repetitions:--> >>> <address>?</address> >>> <numOrders>?</numOrders> >>> <revenue>?</revenue> >>> <!--Optional:--> >>> <test>?</test> >>> <!--Optional:--> >>> <birthDate>?</birthDate> >>> <!--Optional:--> >>> <type>?</type> >>> </customer> >>> </tra:saveCustomer> >>> </soapenv:Body> >>> </soapenv:Envelope> >>> -------------------------------------- >>> >>> CXF & Camel config >>> >>> <cxf:cxfEndpoint id="WS" >>> address="http://localhost:9090/training/WebService"; >>> >> serviceClass="com.fusesource.training.CustomerService"> >>> <cxf:outInterceptors> >>> <ref bean="loggingOutInterceptor"/> >>> </cxf:outInterceptors> >>> <cxf:inInterceptors> >>> <ref bean="loggingInInterceptor"/> >>> <ref bean="wss4jInInterceptor"/> >>> </cxf:inInterceptors> >>> </cxf:cxfEndpoint> >>> >>> <bean id="loggingOutInterceptor" >>> class="org.apache.cxf.interceptor.LoggingOutInterceptor"/> >>> <bean id="loggingInInterceptor" >>> class="org.apache.cxf.interceptor.LoggingInInterceptor"/> >>> >>> <bean id="wss4jInInterceptor" >>> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> >>> <constructor-arg> >>> <map> >>> <entry key="action" value="UsernameToken"/> >>> <entry key="passwordType" value="PasswordDigest"/> >>> <entry key="passwordCallbackClass" >>> value="com.fusesource.training.camel.UTPasswordCallback"/> >>> </map> >>> </constructor-arg> >>> </bean> >>> >>> Version of CXF used : 2.7.1 >>> WSS4J : 1.6.8 >>> >>> In debug mode, I can see that in the class WSS4JInInterceptor when we >>> handle the message (handleMessage(SoapMessage msg) throws Fault), the >>> element is null ( Element elem = >>> WSSecurityUtil.getSecurityHeader(doc.getSOAPPart(), >>> actor); ) like also wsResult. >>> >>> Does anybody knows how to solve this issue and why SoapHeaders have been >>> removed ? >>> >>> Regards, >>> >>> Charles Moulliard >>> Apache Committer / Sr. Enterprise Architect (RedHat) >>> Twitter : @cmoulliard | Blog : http://cmoulliard.blogspot.com >> >>
