Try using the action configuration: <entry key="action" value="UsernameTokenNoPassword Timestamp"/>
Colm. On Fri, Jan 11, 2013 at 12:35 PM, Mike Thomsen <[email protected]>wrote: > I turned on debugging at the log4j root logger and saw this: > > 07:06:22,754 DEBUG UsernameTokenProcessor:49 - Found UsernameToken list > element > 07:06:22,754 DEBUG UsernameTokenValidator:78 - UsernameToken user Mike > 07:06:22,754 DEBUG UsernameTokenValidator:79 - UsernameToken password type > null > 07:06:22,754 DEBUG TimestampProcessor:46 - Found Timestamp list element > 07:06:22,754 DEBUG Timestamp:151 - Current time: 2013-01-11T12:06:22.754Z > 07:06:22,754 DEBUG Timestamp:156 - Timestamp created: > 2013-01-11T12:06:22.738Z > 07:06:22,754 DEBUG Timestamp:162 - Timestamp expires: > 2013-01-11T12:11:22.738Z > 07:06:22,785 DEBUG Timestamp:342 - Validation of Timestamp: Everything is > ok > Jan 11, 2013 7:06:22 AM > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor checkActions > WARNING: Security processing failed (actions mismatch) > Jan 11, 2013 7:06:22 AM > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage > WARNING: > org.apache.ws.security.WSSecurityException: An error was discovered > processing the <wsse:Security> header > > I then tried these changes: > > 1. Changed the client to send a dummy password in plain text. > 2. Put the dummy password into the CXF service's interceptor configuration. > 3. Added a CallbackHandler to the service's WSS4JInInterceptor that set > the dummy password on the WSPasswordCallback. > > That passed through the security checks just fine. Do you have any > suggestions on how to make UsernameToken validation pass without any > password tag? > > Thanks, > > Mike > > > On Fri, Jan 11, 2013 at 5:34 AM, Colm O hEigeartaigh > <[email protected]>wrote: > >> Hi Mike, >> >> Turn logging to "DEBUG" and see what the reason for the >> "WSSecurityException" was. >> >> Colm. >> >> On Thu, Jan 10, 2013 at 9:14 PM, Mike Thomsen <[email protected] >> >wrote: >> >> > I'm still fairly new to CXF and Java web services, so please bear with >> me. >> > The service I am calling expects a WS-Security header like this: >> > >> > <SOAP-ENV:Header> >> > <wsse:Security xmlns:wsse=" >> > >> > >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd >> > " >> > soapenv:mustUnderstand="1"> >> > <wsu:Timestamp xmlns:wsu=" >> > >> > >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >> > " >> > wsu:Id="Timestamp-29345020"> >> > <wsu:Created>2008-11-24T19:17:43.880Z</wsu:Created> >> > <wsu:Expires>2008-11-24T19:22:43.880Z</wsu:Expires> >> > </wsu:Timestamp> >> > <wsse:UsernameToken xmlns:wsu=" >> > >> > >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >> > " >> > wsu:Id="UsernameToken-18724539"> >> > <wsse:Username>Mike</wsse:Username> >> > </wsse:UsernameToken> >> > </wsse:Security> >> > </SOAP-ENV:Header> >> > >> > (No password) >> > >> > This is how I have it configured in my beans.xml file: >> > >> > <jaxws:endpoint id="managementService" >> > implementor="com.mycompany.ManagementService" >> address="/ManagementService"> >> > <jaxws:inInterceptors> >> > <bean >> > class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> >> > <constructor-arg> >> > <map> >> > <entry key="action" value="UsernameToken >> > Timestamp"/> >> > <entry key="passwordType" value="PasswordNone"/> >> > </map> >> > </constructor-arg> >> > </bean> >> > </jaxws:inInterceptors> >> > </jaxws:endpoint> >> > >> > When I run the client I get this exception: >> > >> > org.apache.ws.security.WSSecurityException: An error was discovered >> > processing the <wsse:Security> header >> > >> > I know the client (Spring-WS, not CXF) is sending WS-Security headers >> based >> > on the debugging output from it. >> > >> > Any help would be appreciated. >> > >> > Thanks, >> > >> > Mike >> > >> >> >> >> -- >> Colm O hEigeartaigh >> >> Talend Community Coder >> http://coders.talend.com >> > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
