OK, this issue also discussed on camel mailing list, it's camel-cxf specific function kick in and change the behavior, [1] just for a better track
[1]http://camel.465427.n5.nabble.com/Issue-using-camel-cxf-and-wss4j-td5725191.html ------------- Freeman(Yue) Fang Red Hat, Inc. FuseSource is now part of Red Hat Web: http://fusesource.com | http://www.redhat.com/ Twitter: freemanfang Blog: http://freemanfang.blogspot.com http://blog.sina.com.cn/u/1473905042 weibo: @Freeman小屋 On 2013-1-10, at 下午3:49, Freeman Fang wrote: > Hi Christian, > > We have the doc here [1] about the ws-security configuration. > > And I spoke too fast, missing SAAJInInterceptor isn't the reason, I rechecked > the code, now WSS4JInInterceptor can pull in SAAJInInterceptor automatically. > Most likely it's a camel-cxf specific issue > > [1]http://cxf.apache.org/docs/ws-security.html > ------------- > Freeman(Yue) Fang > > Red Hat, Inc. > FuseSource is now part of Red Hat > Web: http://fusesource.com | http://www.redhat.com/ > Twitter: freemanfang > Blog: http://freemanfang.blogspot.com > http://blog.sina.com.cn/u/1473905042 > weibo: @Freeman小屋 > > On 2013-1-10, at 下午3:12, Christian Müller wrote: > >> Is this documented somewhere? >> >> Best, >> Christian >> Am 10.01.2013 06:14 schrieb "Freeman Fang" <freeman.f...@gmail.com>: >> >>> Hi Charles, >>> >>> Please also add org.apache.cxf.binding.soap.saaj.SAAJInInterceptor >>> for <cxf:inInterceptors> >>> ------------- >>> Freeman(Yue) Fang >>> >>> Red Hat, Inc. >>> FuseSource is now part of Red Hat >>> Web: http://fusesource.com | http://www.redhat.com/ >>> Twitter: freemanfang >>> Blog: http://freemanfang.blogspot.com >>> http://blog.sina.com.cn/u/1473905042 >>> weibo: @Freeman小屋 >>> >>> On 2013-1-10, at 上午3:30, Charles Moulliard wrote: >>> >>>> Hi, >>>> >>>> When I try to authenticate an HTTP request using WS-Security with >>> camel-cxf >>>> & wss4j interceptor, I get the following error : >>>> >>>> qtp370155726-26 DEBUG >>> [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor] >>>> - WSS4JInInterceptor: enter handleMessage() >>>> qtp370155726-26 WARN >>> [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor] >>>> - Security processing failed (actions mismatch) >>>> qtp370155726-26 WARN >>> [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor] >>>> - >>>> org.apache.ws.security.WSSecurityException: An error was discovered >>>> processing the <wsse:Security> header >>>> at >>>> >>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4JInInterceptor.java:383) >>>> at >>>> >>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:333) >>>> at >>>> >>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97) >>>> at >>>> >>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) >>>> at >>>> >>> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) >>>> at >>>> >>> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:348) >>>> at >>>> >>> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:312) >>>> at >>>> >>> org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:72) >>>> at >>>> >>> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:943) >>>> at >>>> >>> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:879) >>>> at >>>> >>> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117) >>>> at >>>> >>> org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:250) >>>> at >>>> >>> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110) >>>> at org.eclipse.jetty.server.Server.handle(Server.java:349) >>>> at >>>> >>> org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:441) >>>> at >>>> >>> org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:936) >>>> at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:801) >>>> at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:224) >>>> at >>>> >>> org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:51) >>>> at >>>> >>> org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:586) >>>> at >>>> >>> org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:44) >>>> at >>>> >>> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:598) >>>> at >>>> >>> org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:533) >>>> at java.lang.Thread.run(Thread.java:722) >>>> qtp370155726-26 WARN [org.apache.cxf.phase.PhaseInterceptorChain] - >>>> Interceptor for {http://training.fusesource.com/}CustomerServiceServicehas >>>> thrown exception, unwinding now >>>> org.apache.cxf.binding.soap.SoapFault: An error was discovered processing >>>> the <wsse:Security> header >>>> at >>>> >>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:804) >>>> at >>>> >>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:357) >>>> at >>>> >>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97) >>>> at >>>> >>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) >>>> at >>>> >>> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) >>>> at >>>> >>> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:348) >>>> at >>>> >>> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:312) >>>> at >>>> >>> org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:72) >>>> at >>>> >>> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:943) >>>> at >>>> >>> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:879) >>>> at >>>> >>> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117) >>>> at >>>> >>> org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:250) >>>> at >>>> >>> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110) >>>> at org.eclipse.jetty.server.Server.handle(Server.java:349) >>>> at >>>> >>> org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:441) >>>> at >>>> >>> org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:936) >>>> at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:801) >>>> at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:224) >>>> at >>>> >>> org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:51) >>>> at >>>> >>> org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:586) >>>> at >>>> >>> org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:44) >>>> at >>>> >>> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:598) >>>> at >>>> >>> org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:533) >>>> at java.lang.Thread.run(Thread.java:722) >>>> Caused by: org.apache.ws.security.WSSecurityException: An error was >>>> discovered processing the <wsse:Security> header >>>> at >>>> >>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4JInInterceptor.java:383) >>>> at >>>> >>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:333) >>>> ... 22 more >>>> >>>> even if SOAPEnvelopper message received by CXF contains SOAP Security >>> Header >>>> >>>> ID: 1 >>>> Address: http://127.0.0.1:9090/training/WebService >>>> Encoding: UTF-8 >>>> Http-Method: POST >>>> Content-Type: text/xml;charset=UTF-8 >>>> Headers: {accept-encoding=[gzip,deflate], connection=[keep-alive], >>>> Content-Length=[1590], content-type=[text/xml;charset=UTF-8], Host=[ >>>> 127.0.0.1:9090], SOAPAction=[" >>> http://training.fusesource.com/saveCustomer";], >>>> User-Agent=[Apache-HttpClient/4.1.1 (java 1.5)]} >>>> Payload: <soapenv:Envelope xmlns:soapenv=" >>>> http://schemas.xmlsoap.org/soap/envelope/"; xmlns:tra=" >>>> http://training.fusesource.com/";> >>>> <soapenv:Header> >>>> <wsse:Security xmlns:wsse=" >>>> >>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd >>>> " >>>> soap:mustUnderstand="1"> >>>> <wsse:UsernameToken xmlns:wsse=" >>>> >>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd >>> " >>>> xmlns:wsu=" >>>> >>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >>> " >>>> wsu:Id="UsernameToken-1"> >>>> <wsse:Username>charles</wsse:Username> >>>> <wsse:Password Type=" >>>> >>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest >>>> ">TVzWGxNvhlixNVWol8poD9DHxl8=</wsse:Password> >>>> <wsse:Nonce EncodingType=" >>>> >>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary >>>> ">WsMNSm/C4dzdPS3OhUi94Q==</wsse:Nonce> >>>> <wsu:Created>2013-01-09T15:46:14.908Z</wsu:Created> >>>> </wsse:UsernameToken> >>>> </wsse:Security> >>>> </soapenv:Header> >>>> <soapenv:Body> >>>> <tra:saveCustomer> >>>> <customer> >>>> <!--Optional:--> >>>> <name>?</name> >>>> <!--Zero or more repetitions:--> >>>> <address>?</address> >>>> <numOrders>?</numOrders> >>>> <revenue>?</revenue> >>>> <!--Optional:--> >>>> <test>?</test> >>>> <!--Optional:--> >>>> <birthDate>?</birthDate> >>>> <!--Optional:--> >>>> <type>?</type> >>>> </customer> >>>> </tra:saveCustomer> >>>> </soapenv:Body> >>>> </soapenv:Envelope> >>>> -------------------------------------- >>>> >>>> CXF & Camel config >>>> >>>> <cxf:cxfEndpoint id="WS" >>>> address="http://localhost:9090/training/WebService"; >>>> >>> serviceClass="com.fusesource.training.CustomerService"> >>>> <cxf:outInterceptors> >>>> <ref bean="loggingOutInterceptor"/> >>>> </cxf:outInterceptors> >>>> <cxf:inInterceptors> >>>> <ref bean="loggingInInterceptor"/> >>>> <ref bean="wss4jInInterceptor"/> >>>> </cxf:inInterceptors> >>>> </cxf:cxfEndpoint> >>>> >>>> <bean id="loggingOutInterceptor" >>>> class="org.apache.cxf.interceptor.LoggingOutInterceptor"/> >>>> <bean id="loggingInInterceptor" >>>> class="org.apache.cxf.interceptor.LoggingInInterceptor"/> >>>> >>>> <bean id="wss4jInInterceptor" >>>> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> >>>> <constructor-arg> >>>> <map> >>>> <entry key="action" value="UsernameToken"/> >>>> <entry key="passwordType" value="PasswordDigest"/> >>>> <entry key="passwordCallbackClass" >>>> value="com.fusesource.training.camel.UTPasswordCallback"/> >>>> </map> >>>> </constructor-arg> >>>> </bean> >>>> >>>> Version of CXF used : 2.7.1 >>>> WSS4J : 1.6.8 >>>> >>>> In debug mode, I can see that in the class WSS4JInInterceptor when we >>>> handle the message (handleMessage(SoapMessage msg) throws Fault), the >>>> element is null ( Element elem = >>>> WSSecurityUtil.getSecurityHeader(doc.getSOAPPart(), >>>> actor); ) like also wsResult. >>>> >>>> Does anybody knows how to solve this issue and why SoapHeaders have been >>>> removed ? >>>> >>>> Regards, >>>> >>>> Charles Moulliard >>>> Apache Committer / Sr. Enterprise Architect (RedHat) >>>> Twitter : @cmoulliard | Blog : http://cmoulliard.blogspot.com >>> >>> >
