Upgrading to a newer version is difficult in some DoD settings where there are lists of "approved" open source software and versions. Believe me, I'm not using out of date software by choice. I am constrained to use JBoss AS 6.x, which contains CXF 2.3.1, which I *think* contains WSS4J 1.5.8. I'm lobbying to upgrade some of this but, if I am allowed to do so, it will be by upgrading JBossWS-CXF in that version of JBoss and I won't be surprised if that opens up a completely different can of worms.
What I am really asking for here is a basic explanation of the actions. If the WSS4J action is on an inbound interceptor is "signature", then what parts need to be signed? If the actions are "timestamp signature", then does that mean the timestamp is expected to be signed? If the action is encrypt, then what needs to be encrypted, the head, the body, the entire envelope? That sort of thing. Is there some documentation, or does everybody just debug step through the code and have to figure it out for themselves? My configuration below looked ok to you?? -----Original Message----- From: Colm O hEigeartaigh [mailto:[email protected]] Sent: Tuesday, April 23, 2013 4:02 AM To: [email protected] Subject: Re: Understanding WSS4J actions Newer versions of CXF do not require that the actions match in the exact order, but only that they match in some order. So your best bet is to upgrade to a newer version. Colm. On Mon, Apr 22, 2013 at 11:04 PM, Andrew Hart <[email protected]> wrote: > Ok, wrt my earlier message, I decided to just go ahead and write a > simple java web service client rather than try to figure out why > SoapUi wasn't working. > Unfortunately, I'm back into "actions mismatch" hell. > > I understand that the actions need to match up on the client request > to the server, i.e., from the client OutInterceptor to the server > InInterceptor and that the inverse is true, From the server response > OutInterceptor to the client InInterceptor. > > So, my client is configured like this in a cxf.xml file: > (note: the jaxws:client element didn't work for me and I had to > replace it with the cxf:bus before my interceptors would load.) > ---------------------------------------------------------------------- > -- > ----------------- > > <beans xmlns="http://www.springframework.org/schema/beans"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xmlns:jaxws="http://cxf.apache.org/jaxws"; > xmlns:cxf="http://cxf.apache.org/core"; > xsi:schemaLocation="http://cxf.apache.org/core > http://cxf.apache.org/schemas/core.xsd > http://www.springframework.org/schema/beans > http://www.springframework.org/schema/beans/spring-beans-2.0.xsd > http://cxf.apache.org/jaxws > http://cxf.apache.org/schemas/jaxws.xsd";> > > <!-- > <jaxws:client name=" MyWebServicePort" createdFromAPI="true"> > <jaxws:inInterceptors> > <ref bean="TimestampSignEncrypt_Response"/> > <ref bean="logInbound" /> > </jaxws:inInterceptors> > <jaxws:outInterceptors> > <ref bean="TimestampSignEncrypt_Request"/> > <ref bean="logOutbound" /> > </jaxws:outInterceptors> > </jaxws:client> > --> > > <cxf:bus> > <cxf:outInterceptors> > <ref bean="ClientRequest_Interceptor"/> > <ref bean="logOutbound" /> > </cxf:outInterceptors> > <cxf:inInterceptors> > <ref bean="ServerResponse_Interceptor"/> > <ref bean="logInbound" /> > </cxf:inInterceptors> > </cxf:bus> > > <bean id="logInbound" > class="org.apache.cxf.interceptor.LoggingInInterceptor"/> > <bean id="logOutbound" > class="org.apache.cxf.interceptor.LoggingOutInterceptor"/> > <bean > class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor" > id="ClientRequest_Interceptor"> > <constructor-arg> > <map> > <entry key="action" value="Timestamp Signature"/> > <entry key="user" value="client1alias"/> > <entry key="signaturePropFile" > value="clientKeystore.properties"/> > <entry key="signatureKeyIdentifier" > value="DirectReference"/> > <entry key="passwordCallbackClass" > value="com.akimeka.ws.testclient.clientsample.ClientKeystorePasswordCa > ll > back"/> > <entry key="signatureAlgorithm" > value="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> > <entry key="signatureParts" > value="{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;{Eleme > nt > }{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-u > ti > lity-1.0.xsd}Timestamp"/> > > </map> > </constructor-arg> > </bean> > <bean > class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor" > id="ServerResponse_Interceptor"> > <constructor-arg> > <map> > <entry key="action" value="Timestamp Signature > Encrypt"/> > <entry key="signaturePropFile" > value="clientKeystore.properties"/> > <entry key="decryptionPropFile" > value="clientKeystore.properties"/> > <entry key="passwordCallbackClass" > value="com.akimeka.ws.testclient.clientsample.ClientKeystorePasswordCa > ll > back"/> > <entry key="encryptionKeyTransportAlgorithm" > value="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> > <entry key="signatureAlgorithm" > value="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> > </map> > </constructor-arg> > </bean> > </beans> > > > ---------------------------------------------------------------------- > -- > ---------- > The server has a jbossws-cxf.xml file and is configured like this: > ---------------------------------------------------------------------- > -- > ---------- > <beans > xmlns='http://www.springframework.org/schema/beans' > xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' > xmlns:beans='http://www.springframework.org/schema/beans' > xmlns:jaxws='http://cxf.apache.org/jaxws' > xsi:schemaLocation='http://cxf.apache.org/core > http://cxf.apache.org/schemas/core.xsd > http://www.springframework.org/schema/beans > http://www.springframework.org/schema/beans/spring-beans-2.0.xsd > http://cxf.apache.org/jaxws > http://cxf.apache.org/schemas/jaxws.xsd'> > > > <bean id="Sign_Request" > class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> > <constructor-arg> > <map> > <entry key="action" value="Timestamp Signature"/> > <entry key="signaturePropFile" value="security.properties"/> > <entry key="decryptionPropFile" value="security.properties"/> > <entry key="passwordCallbackClass" > value="com.akimeka.ws.common.KeystorePasswordCallback"/> > </map> > </constructor-arg> > </bean> > > > <bean id="Sign_Response" > class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"> > <constructor-arg> > <map> > <entry key="action" value="Timestamp Signature Encrypt"/> > <entry key="user" value="server.akimeka.com"/> > <entry key="signaturePropFile" value="security.properties"/> > <entry key="encryptionPropFile" value="security.properties"/> > <entry key="encryptionUser" value="useReqSigCert"/> > <!-- <entry key="encryptionUser" value="client1.akimeka.com" > /> > --> > <entry key="signatureKeyIdentifier" value="DirectReference"/> > <!-- <entry key="encryptionKeyIdentifier" > value="DirectReference" /> --> > <entry key="passwordCallbackClass" > value="com.akimeka.ws.common.KeystorePasswordCallback"/> > <entry key="signatureParts" > value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-w > ss > -wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap > .o > rg/soap/envelope/}Body"/> > <entry key="encryptionParts" > value="{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body"/> > <entry key="encryptionKeyTransportAlgorithm" > value="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> > <entry key="encryptionSymAlgorithm" > value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> > <entry key="signatureAlgorithm" > value="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> > </map> > </constructor-arg> > </bean> > > <jaxws:endpoint > id='CipService' > address='http://@jboss.bind.address@:8080/ws-cip' > implementor='com.akimeka.cip.ws.CipService'> > <jaxws:invoker> > <bean class='org.jboss.wsf.stack.cxf.InvokerJSE'/> > </jaxws:invoker> > > <jaxws:inInterceptors> > <bean > class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"/> > <ref bean="Sign_Request"/> > </jaxws:inInterceptors> > > <jaxws:outInterceptors> > <bean > class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor"/> > <ref bean="Sign_Response"/> > </jaxws:outInterceptors> > > </jaxws:endpoint> > </beans> > ---------------------------------------------------------------------- > -- > ------------------------------- > > And, so the server sees the incoming message here... > > -------------------------------------- > 16:43:36,935 INFO [org.apache.cxf.interceptor.LoggingInInterceptor] > Inbound Message > ---------------------------- > ID: 16 > Address: /ws-cip/CipService > Encoding: UTF-8 > Content-Type: text/xml; charset=UTF-8 > Headers: {cache-control=[no-cache], content-type=[text/xml; > charset=UTF-8], connection=[keep-alive], > host=[msat-ah-01.akimeka.com:8080], Content-Length=[3496], > SOAPAction=[""], user-agent=[Apache CXF 2.3.1-patch-01], > Content-Type=[text/xml; charset=UTF-8], Accept=[*/*], > pragma=[no-cache]} > Payload: <soap:Envelope > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:Header><w > ss > e:Security > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws > se curity-secext-1.0.xsd" > soap:mustUnderstand="1"><wsse:BinarySecurityToken > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws > se > curity-secext-1.0.xsd" > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss > ec > urity-utility-1.0.xsd" > EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- > so > ap-message-security-1.0#Base64Binary" > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x50 > 9- > token-profile-1.0#X509v3" > wsu:Id="CertId-8FE55E1C1DB8D8548C13666670167941">MIIBozCCAQygAwIBAgIEU > XV > eiTANBgkqhkiG9w0BAQUFADAWMRQwEgYDVQQDEwtjbGllbnQxdXNlcjAeFw0xMzA0MjIxN > jA > wMDlaFw0xNTA0MjIxNjAwMDlaMBYxFDASBgNVBAMTC2NsaWVudDF1c2VyMIGfMA0GCSqGS > Ib > 3DQEBAQUAA4GNADCBiQKBgQCd4AXM4VgvaScl6kdJVyaej50gr08XXSOntVki80znasD1t > jE > +TwUBBIjMzWUtLN+vWO211cbggaNP8mLZ2Tti3mEY0sS4ixZHLZz41/mLHU4YcQEFFZ5p6 > +TwUBBIjMzWUtLN+1W > p1L3C37gQ7pm37SfKerwlrM4HnxSY6y7MinJSfQ0iDYaMu+XizQIDAQABMA0GCSqGSIb3D > p1L3C37gQ7pm37SfKerwlrM4HnxSY6y7MinJSfQ0iDYaMu+QE > BBQUAA4GBACiZwyRmSfjcjZDrIRe1A4PPHp+fMNHVssnvtOSaVEKjDRPeS1uXM7RLFUIvj > BBQUAA4GBACiZwyRmSfjcjZDrIRe1A4PPHp+EO > sbiSGMWSswFj/M61dRwNQreUxK737EpX8yko0gzKG+mH9bZZnEzroX5BROxa1luUTDmK2d > Ug > oPmLIwZI8gB8rJL6W3F3I6zfHwqHGbW6Xqt+J</wsse:BinarySecurityToken><ds:Si > oPmLIwZI8gB8rJL6W3F3I6zfHwqHGbW6Xqt+gn > ature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="Signature-2"> > <ds:SignedInfo> <ds:CanonicalizationMethod > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> > <ds:SignatureMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> > <ds:Reference URI="#id-3"> <ds:Transforms> <ds:Transform > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> > </ds:Transforms> <ds:DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> > <ds:DigestValue>Ki9mmuZ/IPEazLZiTmt1cqDq7pQ=</ds:DigestValue> > </ds:Reference> > <ds:Reference URI="#Timestamp-1"> > <ds:Transforms> > <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> > </ds:Transforms> <ds:DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> > <ds:DigestValue>dc/iT6EKpqAL9crdJORImAfavcU=</ds:DigestValue> > </ds:Reference> > </ds:SignedInfo> > <ds:SignatureValue> > FmXE1n5OKy4PVtLkTeuycQf6d6gMl4fgIrucJw6Ms8OnFLs4jbN6PMbkKIkv3DogfYPzSr > r6 > Incd > Gus2miH1Qb5dFOhRDUSTDBaMeROxCyfKtzpvhTezboS1lYTF1jgFlmih5Ly1pTEwK46XmB > L4 > KKeD > Jjo5xjN6eqUAYgrcGjs= > </ds:SignatureValue> > <ds:KeyInfo Id="KeyId-8FE55E1C1DB8D8548C13666670168262"> > <wsse:SecurityTokenReference > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws > se > curity-secext-1.0.xsd" > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss > ec > urity-utility-1.0.xsd" > wsu:Id="STRId-8FE55E1C1DB8D8548C13666670168263"><wsse:Reference > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws > se curity-secext-1.0.xsd" > URI="#CertId-8FE55E1C1DB8D8548C13666670167941" > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x50 > 9- token-profile-1.0#X509v3" /></wsse:SecurityTokenReference> > </ds:KeyInfo> </ds:Signature><wsu:Timestamp > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss > ec > urity-utility-1.0.xsd" > wsu:Id="Timestamp-1"><wsu:Created>2013-04-22T21:43:36.793Z</wsu:Create > d> > <wsu:Expires>2013-04-22T21:48:36.793Z</wsu:Expires></wsu:Timestamp></w > ss > e:Security></soap:Header><soap:Body > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss > ec urity-utility-1.0.xsd" wsu:Id="id-3"><ns2:testWebService > xmlns:ns2="http://akimeka.com";><arg0>Test > String</arg0></ns2:testWebService></soap:Body></soap:Envelope> > -------------------------------------- > > And then blows up with this stacktrace and sends back a fault: > > 16:43:36,935 WARN > [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor] > Security processing failed (actions mismatch) > 16:43:36,935 WARN > [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor] > : org.apache.ws.security.WSSecurityException: An error was discovered > processing the <wsse:Security> header > at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4J > In > Interceptor.java:294) [:2.3.1-patch-01] > at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4 > JI > nInterceptor.java:234) [:2.3.1-patch-01] > at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4 > JI > nInterceptor.java:81) [:2.3.1-patch-01] > at > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIntercepto > rC > hain.java:255) [:2.3.1-patch-01] > at > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitia > ti > onObserver.java:113) [:2.3.1-patch-01] > at > org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDest > in > ation.java:97) [:2.3.1-patch-01] > at > org.apache.cxf.transport.servlet.ServletController.invokeDestination(S > er > vletController.java:461) [:2.3.1-patch-01] > at > org.jboss.wsf.stack.cxf.ServletControllerExt.invoke(ServletControllerE > xt > .java:172) [:3.4.1.GA] > at > org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHa > nd > lerImpl.java:57) [:3.4.1.GA] > at > org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(Ser > vl > etHelper.java:156) [:3.4.1.GA] > at > org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:90) > [:3.4.1.GA] > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(Abs > tr > actHTTPServlet.java:179) [:2.3.1-patch-01] > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHT > TP > Servlet.java:103) [:2.3.1-patch-01] > at > javax.servlet.http.HttpServlet.service(HttpServlet.java:754) > [:1.0.0.Final] > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractH > TT > PServlet.java:159) [:2.3.1-patch-01] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli > ca > tionFilterChain.java:324) [:6.1.0.Final] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi > lt > erChain.java:242) [:6.1.0.Final] > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperVa > lv > e.java:275) [:6.1.0.Final] > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextVa > lv > e.java:161) [:6.1.0.Final] > at > org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(Security > As > sociationValve.java:181) [:6.1.0.Final] > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticat > or > Base.java:501) [:6.1.0.Final] > at > org.jboss.modcluster.catalina.CatalinaContext$RequestListenerValve.eve > nt > (CatalinaContext.java:285) [:1.1.0.Final] > at > org.jboss.modcluster.catalina.CatalinaContext$RequestListenerValve.inv > ok > e(CatalinaContext.java:261) [:1.1.0.Final] > at > org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve > .j > ava:88) [:6.1.0.Final] > at > org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke > (S > ecurityContextEstablishmentValve.java:100) [:6.1.0.Final] > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.ja > va > :159) [:6.1.0.Final] > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.ja > va > :102) [:6.1.0.Final] > at > org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedCo > nn > ectionValve.java:158) [:6.1.0.Final] > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. > java:109) [:6.1.0.Final] > at > org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.i > nv > oke(ActiveRequestResponseCacheValve.java:53) [:6.1.0.Final] > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java > :3 > 62) [:6.1.0.Final] > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java: > 87 > 7) [:6.1.0.Final] > at > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.proces > s( > Http11Protocol.java:654) [:6.1.0.Final] > at > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:951 > ) > [:6.1.0.Final] > at java.lang.Thread.run(Thread.java:662) [:1.6.0_35] > > 16:43:36,936 WARN [org.apache.cxf.phase.PhaseInterceptorChain] > Interceptor for {http://akimeka.com}TMDS_CIP_Web_Service has thrown > exception, unwinding now: org.apache.cxf.binding.soap.SoapFault: An > error was discovered processing the <wsse:Security> header > at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WS > S4 > JInInterceptor.java:654) [:2.3.1-patch-01] > at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4 > JI > nInterceptor.java:275) [:2.3.1-patch-01] > at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4 > JI > nInterceptor.java:81) [:2.3.1-patch-01] > at > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIntercepto > rC > hain.java:255) [:2.3.1-patch-01] > at > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitia > ti > onObserver.java:113) [:2.3.1-patch-01] > at > org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDest > in > ation.java:97) [:2.3.1-patch-01] > at > org.apache.cxf.transport.servlet.ServletController.invokeDestination(S > er > vletController.java:461) [:2.3.1-patch-01] > at > org.jboss.wsf.stack.cxf.ServletControllerExt.invoke(ServletControllerE > xt > .java:172) [:3.4.1.GA] > at > org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHa > nd > lerImpl.java:57) [:3.4.1.GA] > at > org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(Ser > vl > etHelper.java:156) [:3.4.1.GA] > at > org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:90) > [:3.4.1.GA] > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(Abs > tr > actHTTPServlet.java:179) [:2.3.1-patch-01] > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHT > TP > Servlet.java:103) [:2.3.1-patch-01] > at > javax.servlet.http.HttpServlet.service(HttpServlet.java:754) > [:1.0.0.Final] > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractH > TT > PServlet.java:159) [:2.3.1-patch-01] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli > ca > tionFilterChain.java:324) [:6.1.0.Final] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi > lt > erChain.java:242) [:6.1.0.Final] > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperVa > lv > e.java:275) [:6.1.0.Final] > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextVa > lv > e.java:161) [:6.1.0.Final] > at > org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(Security > As > sociationValve.java:181) [:6.1.0.Final] > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticat > or > Base.java:501) [:6.1.0.Final] > at > org.jboss.modcluster.catalina.CatalinaContext$RequestListenerValve.eve > nt > (CatalinaContext.java:285) [:1.1.0.Final] > at > org.jboss.modcluster.catalina.CatalinaContext$RequestListenerValve.inv > ok > e(CatalinaContext.java:261) [:1.1.0.Final] > at > org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve > .j > ava:88) [:6.1.0.Final] > at > org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke > (S > ecurityContextEstablishmentValve.java:100) [:6.1.0.Final] > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.ja > va > :159) [:6.1.0.Final] > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.ja > va > :102) [:6.1.0.Final] > at > org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedCo > nn > ectionValve.java:158) [:6.1.0.Final] > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. > java:109) [:6.1.0.Final] > at > org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.i > nv > oke(ActiveRequestResponseCacheValve.java:53) [:6.1.0.Final] > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java > :3 > 62) [:6.1.0.Final] > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java: > 87 > 7) [:6.1.0.Final] > at > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.proces > s( > Http11Protocol.java:654) [:6.1.0.Final] > at > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:951 > ) > [:6.1.0.Final] > at java.lang.Thread.run(Thread.java:662) [:1.6.0_35] Caused > by: org.apache.ws.security.WSSecurityException: An error was > discovered processing the <wsse:Security> header > at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4J > In > Interceptor.java:294) [:2.3.1-patch-01] > at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4 > JI > nInterceptor.java:234) [:2.3.1-patch-01] > ... 33 more > > > ---------------------------------------------------------------------- > -- > ------------------------------------------- > > So, the client actions for the request are "Timestamp Signature" and > the server inInterceptor actions match that. > > What am I failing to understand about this? Is there a simple > explanation anywhere of what it means to specify a list of actions on > a web service incoming interceptor EXACTLY what is required fo on the > client end to match up, including details about specific parts that > have to be signed? > > > > > > > > > > NOTICE: This transmission (including all attachments) is company > confidential, is intended only for the individual or entity named > above, and is likely to contain privileged, proprietary and > confidential information that is exempt from disclosure requests under applicable law. > If you are not the intended recipient, you are hereby notified that > any disclosure, copying, distribution, use of or reliance upon any of > the information contained in this transmission is strictly prohibited. > Any inadvertent or unauthorized disclosure shall not compromise or > waive the confidentiality of this transmission. If you have received > this transmission in error, please forward this message immediately to > [email protected] <mailto:[email protected]> and delete or > otherwise remove this email from your system. Thank you > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
