Richard, sometime ago we had a discussion about the same problem.
I thought we had fixed that problem - but because it was not listed in JIRA it somehow was lost. A quick fix: if you are working with a SVN soure and arr able to rebuild WSS4J then please do the following: in the java file *.handler.WSHandler.java locate the method checkReceiverResults(...) and comment out all lines except the last "return true;" thus the method always returns true. This solves your problem. I'll do a similar fix in the SVN during the weekend. Regards, Werner > -----Ursprüngliche Nachricht----- > Von: Richard Gregory [mailto:[EMAIL PROTECTED] > Gesendet: Freitag, 17. Februar 2006 09:51 > An: [email protected] > Betreff: order of actions > > Hi, > > I have a service with the Timestamp, UsernameToken and > Encrypt defined > as actions for the WSDoAllReceiver handler in the requestFlow of the > service: > > <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver"> > <parameter name="passwordCallbackClass" > value="de.biomax.biors.ws.advancedquery.ServicePWCallback"/> > <parameter name="action" value="Timestamp UsernameToken > Encrypt"/> > <parameter name="decryptionPropFile" > value="crypto.properties4" /> > </handler> > > A .Net client sends the following SOAP message, which also > has the same > 3 actions in the same order in the security header, but I get a > "WSDoAllReceiver: security processing failed (actions > mismatch)" message > returned. > > <?xml version="1.0" encoding="utf-8"?> > <soap:Envelope > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"; > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-20040 > 1-wss-wssecurity-secext-1.0.xsd" > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-wssecurity-utility-1.0.xsd"> > <soap:Header> > <wsa:Action>getBiorsEntry</wsa:Action> > > <wsa:MessageID>uuid:e755b5ce-b02a-42ed-b321-0632ba635f9e</wsa: > MessageID> > <wsa:ReplyTo> > > <wsa:Address>http://schemas.xmlsoap.org/ws/2004/03/addressing/ > role/anonymous</wsa:Address> > </wsa:ReplyTo> > > <wsa:To>http://146.107.217.111:8081/biorsWSS4J/services/BiorsA > dvancedQuery</wsa:To> > <wsse:Security soap:mustUnderstand="1"> > <wsu:Timestamp > wsu:Id="Timestamp-7a80d432-3325-4f6f-bc6c-4957981d8d37"> > <wsu:Created>2006-02-16T16:25:22Z</wsu:Created> > <wsu:Expires>2006-02-16T16:30:22Z</wsu:Expires> > </wsu:Timestamp> > <wsse:UsernameToken > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-wssecurity-utility-1.0.xsd" > wsu:Id="SecurityToken-f755a5d8-7fb8-441e-b8ab-014fa0f54f2b"> > <wsse:Username>wss4j</wsse:Username> > <wsse:Password > Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- > username-token-profile-1.0#PasswordDigest">LoayOaGBKwfPBdtSWIj > fgEwJvqs=</wsse:Password> > <wsse:Nonce>pKFrLuJH12YOlEhUfzicHA==</wsse:Nonce> > <wsu:Created>2006-02-16T16:25:22Z</wsu:Created> > </wsse:UsernameToken> > <xenc:EncryptedKey > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> > <xenc:EncryptionMethod > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; /> > <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";> > <wsse:SecurityTokenReference> > <wsse:KeyIdentifier > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-x509-token-profile-1.0#X509SubjectKeyIdentifier" > EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200 > 401-wss-soap-message-security-1.0#Base64Binary">l8oWQGPoXKiTy6 > QBZ1j0uLDFw9w=</wsse:KeyIdentifier> > </wsse:SecurityTokenReference> > </KeyInfo> > <xenc:CipherData> > > <xenc:CipherValue>S8nN6qFC0psXwfAc6TqRuyv7sURb/Z4VtE8tng3vDGOF EQcJ7/3D440bdmpVAhnFaUAQSuAvxdXQkFt+jecedE0oiBw/6Ag6khIcT4oltKmrEd/pCwQOBJCQeUk1/p767guSMzDx85e9l4+lnGhfybm3IGgEpZU3wL16zCL39Ro=</xenc:CipherValue> > </xenc:CipherData> > <xenc:ReferenceList> > <xenc:DataReference > URI="#EncryptedContent-691448b3-c25a-4059-a1a7-f249538a323a" /> > </xenc:ReferenceList> > </xenc:EncryptedKey> > </wsse:Security> > </soap:Header> > <soap:Body> > <xenc:EncryptedData > Id="EncryptedContent-691448b3-c25a-4059-a1a7-f249538a323a" > Type="http://www.w3.org/2001/04/xmlenc#Content"; > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> > <xenc:EncryptionMethod > Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"; /> > <xenc:CipherData> > > <xenc:CipherValue>5ZpTdhcOx8UDMtS6d7rLTPWkX+zup1gemrSpJwC/rgTB > JMJhcGDK5B+cfi17oe5h+N7or9N+uE5XMVPh5xduxpqKAblwKtYKfxe78NPmSZ > LW5mxK9Dsoz34C8Vvte7mgSt4UbGjcl8l9yeUrhq0LMoSI7b9KcQz6DyDrTzlc > ny39TCMTf0NSEg5JSnt0Wun5dGdoBU5GubOUxx+xhczOwtEeyA46jf5NmIKmGp > FgfDkAIxIpeZLBH9XttOL5Ex7pNsUGoyvy86AqG2kjRvEzFZopogp+SDcHiGJC > sbm5aBny10JL6XRSQHBPifnDSQRGH3FmDTtepGHLNbhE04m/F/2q0c0Z6j88Hy > xGxHIt9EigRMyeg+Em5LZj3X5OcK2PmYrmnwzfrlU7y06IFBPkYYzGISAea4nw > yDPtH7X1kM9iHtqitkRunrgdH5oj159GMYHbX8xJnF+R7cV++fa6u0mTENzIvY > XKXHnmc/v7v+eRnFPd2SzIFWYuqMwdXxiOQAq/HJSMuRFuVx5SHiOrEQ==</xe > nc:CipherValue> > </xenc:CipherData> > </xenc:EncryptedData> > </soap:Body> > </soap:Envelope> > > I edited the WSDoAllReciever to print out the number > constants relating > to these actions as it does this check, and it's getting the actions > from the SOAP message in the order Encrypt, UsernameToken, Timestamp, > but expecting UsernameToken, Timestamp, Encrypt. I did the > same with a > SOAP message from an axis client (which had the actions in the order > Encrypt Timestamp, UsernameToken in the actual message), and > the headers > were processed in the order UsernameToken, Timestamp, > Encrypt, which is > what the handler expects. If I change the deployment > descriptor so the > actions are listed in the order Encrypt, UsernameToken, > Timestamp, the > .Net client will work, but the axis client now gives the "actions > mismatch" error. > > If anyone could help me figure out what is going on here, I'd be very > grateful. > > Thanks, > > Richard. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
