org.apache.axis2.AxisFault: WSDoAllReceiver: security processing failed

axis-java-user | jafaram@nationwideprovident.com | 9 years ago
  1. 0

    RE: WSDoAllReceiver: security processing failed error - rampart bug?

    axis-java-user | 9 years ago | jafaram@nationwideprovident.com
    org.apache.axis2.AxisFault: WSDoAllReceiver: security processing failed
  2. 0

    I run a web service under axis2 on tomcat and an axis2 java client . The scenario is as follows: The server (server6) is known by the client. The client is not known by the server. Therefore I use a symmetric binding here. In a 1st step I only want to sign the message, later I also want to encrypt the message. The call of the web service is working perfectly. When processing the response from the web service the client gets the following runtime error. I assume I do something wrong in the configuration of the symmetric binding scenario. Thanks in advance, Herwig --------------------------------- org.apache.axis2.AxisFault: WSDoAllReceiver: security processing failed at org.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.java:214) at org.apache.rampart.handler.WSDoAllReceiver.processMessage(WSDoAllReceiver.java:86) at org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:72) at org.apache.axis2.engine.Phase.invoke(Phase.java:318) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160) at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:364) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:417) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165) at com.kohlpharma.ws7x4.WS7X4NewAccountStub.getLetterOfAgreement(WS7X4NewAccountStub.java:203) at client.TestClient.getLetterOfAgreement(TestClient.java:171) at client.TestClient.main(TestClient.java:93) Caused by: org.apache.ws.security.WSSecurityException: General security error (WSSecurityEngine: No password callback supplied) at org.apache.ws.security.processor.DerivedKeyTokenProcessor.getSecret(DerivedKeyTokenProcessor.java:220) at org.apache.ws.security.processor.DerivedKeyTokenProcessor.extractSecret(DerivedKeyTokenProcessor.java:161) at org.apache.ws.security.processor.DerivedKeyTokenProcessor.handleToken(DerivedKeyTokenProcessor.java:74) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:326) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:243) at org.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.java:211) ... 12 more Service Configuration ================= ramp:user and ramp:userCertAlias are set to server alias (server6) service.xml ---------------- <?xml version="1.0" encoding="UTF-8"?> <service name="WS7X4NewAccount" scope="application"> <Description> Web Service 7x4 - New Account </Description> <messageReceivers> <messageReceiver mep="http://www.w3.org/ns/wsdl/in-out" class="com.kohlpharma.ws7x4gen.WS7X4NewAccountMessageReceiverInOut"/> </messageReceivers> <parameter name="ServiceClass" locked="false"> com.kohlpharma.ws7x4.WS7X4NewAccount </parameter> <parameter name="useOriginalwsdl">true</parameter> <parameter name="modifyUserWSDLPortAddress">true</parameter> <parameter name="allowedMethods" value="getLetterOfAgreement" /> <operation name="getLetterOfAgreement" mep="http://www.w3.org/ns/wsdl/in-out" namespace="http://ws7x4.kohlpharma.com/"> <actionMapping>urn:getLetterOfAgreement</actionMapping> <outputActionMapping>http://ws7x4.kohlpharma.com/WS7X4NewAccount/getLetterOfAgreementResponse</outputActionMapping> <faultActionMapping faultName="WebServiceException">http://ws7x4.kohlpharma.com/WS7X4NewAccount/getLetterOfAgreement/Fault/WebServiceException</faultActionMapping> </operation> <service targetNamespace="http://ws7x4.kohlpharma.com"> </service> <module ref="rampart" /> <module ref="addressing" /> <wsp:Policy Name="http://edv156-wskome.medical-intern.com/policies/P1" wsu:Id="SymmetricBindingPolicy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> <wsp:ExactlyOne> <wsp:All> <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:ProtectionToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> <wsp:Policy> <sp:RequireDerivedKeys/> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:ProtectionToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:TripleDesRsa15/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> <!-- Timestamp --> <sp:IncludeTimestamp wsp:Optional="false" /> <!-- Sign --> <sp:OnlySignEntireHeadersAndBody/> </wsp:Policy> </sp:SymmetricBinding> <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <sp:Body/> </sp:SignedParts> <!-- <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <sp:Body/> </sp:EncryptedParts> --> <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:MustSupportRefKeyIdentifier/> <sp:MustSupportRefIssuerSerial/> </wsp:Policy> </sp:Wss10> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> <ramp:user>server6</ramp:user> <ramp:userCertAlias>server6</ramp:userCertAlias> <ramp:passwordCallbackClass>com.kohlpharma.common.PWCBServerHandler</ramp:passwordCallbackClass> <ramp:signatureCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">keystore.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">changeit</ramp:property> </ramp:crypto> </ramp:signatureCrypto> <ramp:encryptionCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">keystore.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">changeit</ramp:property> </ramp:crypto> <ramp:decryptionCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">keystore.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.alias">server6</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">changeit</ramp:property> </ramp:crypto> </ramp:decryptionCrypto> </ramp:encryptionCrypto> </ramp:RampartConfig> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> </service> Client Configuration ================= callback classes are defined in client.axis2.xml, policy.xml and set additionally in the code. I've tried everything :-) client.axis2.xml --------------------- <axisconfig name="AxisJava2.0"> <module ref="rampart" /> <parameter name="OutflowSecurity"> <action> <items>Timestamp Signature</items> <!-- Username Token --> <passwordCallbackClass>client.PWCBClientHandler</passwordCallbackClass> <!-- Signature - Keystore read--> <signaturePropFile>client/conf/keystore.properties</signaturePropFile> <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier> <signatureKeyTransportAlgorithm>http://www.w3.org/2000/09/xmlenc#rsa-sha1</signatureKeyTransportAlgorithm> <signatureParts>{}{}Body</signatureParts> <!-- Encryption - Truststore lesen --> <encryptionKeyTransportAlgorithm>http://www.w3.org/2001/04/xmlenc#rsa-1_5</encryptionKeyTransportAlgorithm> <!-- Disable Signature Confirmation --> <enableSignatureConfirmation>false</enableSignatureConfirmation> </action> </parameter> <parameter name="InflowSecurity"> <action> <items>Timestamp Signature</items> <!-- Timestamp Token --> <timestampStrict>false</timestampStrict> <!-- UserName Token --> <passwordCallbackClass>client.PWCBClientHandler</passwordCallbackClass> <!-- Signature - Truststore lesen --> <signaturePropFile>client/conf/keystore.properties</signaturePropFile> <!-- Encryption - Keystore lesen --> <decryptionPropFile>client/conf/keystore.properties</decryptionPropFile> <!-- Disable Signature Confirmation --> <enableSignatureConfirmation>false</enableSignatureConfirmation> </action> </parameter> clients policy.xml ----------------------- ramp:encryptionUser is set to server alias (server6) <wsp:Policy Name="http://edv156-wskome.medical-intern.com/policies/P1" wsu:Id="SymmetricBindingPolicy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> <wsp:ExactlyOne> <wsp:All> <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:ProtectionToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> <wsp:Policy> <sp:RequireDerivedKeys/> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:ProtectionToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:TripleDesRsa15/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> <!-- Timestamp --> <sp:IncludeTimestamp wsp:Optional="false" /> <!-- Sign --> <sp:OnlySignEntireHeadersAndBody/> </wsp:Policy> </sp:SymmetricBinding> <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <sp:Body/> </sp:SignedParts> <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:MustSupportRefKeyIdentifier/> <sp:MustSupportRefIssuerSerial/> </wsp:Policy> </sp:Wss10> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> <ramp:encryptionUser>server6</ramp:encryptionUser> <ramp:passwordCallbackClass>client.PWCBClientHandler</ramp:passwordCallbackClass> <ramp:signatureCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">client_keystore.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">clientclient</ramp:property> </ramp:crypto> </ramp:signatureCrypto> <ramp:encryptionCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">client_keystore.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">clientclient</ramp:property> </ramp:crypto> <ramp:decryptionCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">client_keystore.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.alias">server6</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">clientclient</ramp:property> </ramp:crypto> </ramp:decryptionCrypto> </ramp:encryptionCrypto> </ramp:RampartConfig> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> Coding client ------------------- As the callback class was not found simply using the policy.xml file, I have tried to set the rampart configuration manuelly here ... ServiceClient client = stub._getServiceClient(); client.engageModule("addressing"); client.engageModule("rampart"); // get option object Options options = client.getOptions(); // EndpointReference targetEprRef = new EndpointReference(targetEpr); // set username / password options.setUserName("testapojava1"); options.setProperty("user", "testapojava1"); // set rampart config RampartConfig rc = new RampartConfig(); Properties merlinProp = new Properties(); merlinProp.put("org.apache.ws.security.crypto.merlin.file", "client_keystore.jks"); merlinProp.put("org.apache.ws.security.crypto.merlin.keystore.type", "jks"); merlinProp.put("org.apache.ws.security.crypto.merlin.keystore.password", "clientclient"); CryptoConfig cryptoConfig = new CryptoConfig(); cryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merlin"); cryptoConfig.setProp(merlinProp); rc.setEncrCryptoConfig(cryptoConfig); rc.setSigCryptoConfig(cryptoConfig); rc.setDecCryptoConfig(cryptoConfig); rc.setUser("testapojava1"); // necessary rc.setEncryptionUser("server6"); rc.setPwCbClass("client.PWCBClientHandler"); // set policy Policy policy = loadPolicy("C:/usr/workspace/WSTestClient_NewAccount/build/client/conf/policy.xml"); policy.addAssertion(rc); options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy); ... Request send by client -------------------------------- POST /axis2/services/WS7X4NewAccount HTTP/1.1 Content-Type: text/xml; charset=UTF-8 SOAPAction: "urn:getLetterOfAgreement" User-Agent: Axis2 Host: 127.0.0.1:8081 Transfer-Encoding: chunked 800 <?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing"> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-4"> <wsu:Created>2010-05-28T08:25:04.322Z</wsu:Created> <wsu:Expires>2010-05-28T08:30:04.322Z</wsu:Expires> </wsu:Timestamp> <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-E6FAF9654A5312632512750351039631">MIIEBjCCAu6gAwIBAgIJAJAykBkpRUN4MA0GCSqGSIb3DQEBBQUAMIGJMQswCQYDVQQGEwJERTEPMA0GA1UEBxMGTWVyemlnMRMwEQYDVQQKEwprb2hscGhhcm1hMRcwFQYDVQQLEw5rb2hscGhhcm1hIEVEVjEVMBMGA1UEAxMMVGVzdEFwb0phdmExMSQwIgYJKoZIhvcNAQkBFhVoZGF2aWRAa29obHBoYXJtYS5jb20wHhcNMTAwMzExMTQxNDE0WhcNMjAwMzA4MTQxNDE0WjCBiTELMAkGA1UEBhMCREUxDzANBgNVBAcTBk1lcnppZzETMBEGA1UEChMKa29obHBoYXJtYTEXMBUGA1UECxMOa29obHBoYXJtYSBFRFYxFTATBgNVBAMTDFRlc3RBcG9KYXZhMTEkMCIGCSqGSIb3DQEJARYVaGRhdmlkQGtvaGxwaGFybWEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyjYi6q6jJ3InLY9dkuzxw5hU5bh7yoNhmtxmrDqpkG8wkn5fPSV+5Zn/cGfLJLrQssPNK1pgjq4Uh56oa78/Ifs9hgdtNxbF6ypUfqMS/sRkZBqNUUcZKfApfY+tuCJD/G+2j3Y0lGU39R2dg3/wh9kWbbRuBaP87Xq5uJThRkMUAmruDXltHLcacFIjJT5QJsn3WpYyRzyKzeyrLJbJoMYZ3Io01KgmQVEHdWAHY1M6dUt4TpQAm2PcOCHb62ZCmZHKzZXislb69FCkqVGV5tSPJb+JKSHl+Q7wtUpW25JVAZElqZIyhBHUDb7Z3C2QRGvkHhezq2Kik7Mbgks4cQIDAQABo28wbTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIE8DA0BgNVHSUELTArBggrBgEFBQcDAgYIKwYBBQUHAwgGCisGAQQBgjcKAwMGCWCGSAGG+EIEATAdBgNVHQ4EFgQUfhb9hJQXiiDwSOc/dYqA8O9ZbGgwDQYJKoZIhvcNAQEFBQADggEBAFvYWTlviZ0SeKAXINMpBB800mq2YqTaxeIrx0sEdAHhE3XnTQWucP+aSNernTPYfPMMtM9naPqniCzx8xyMq9M4wbQVUiiQrCFz+d0tQ25nLrMJbXo8HLFfSJKNgpgcgwGfgi7gXTvA4PfbCxKZegXSzw1wm412uC5Jt8b5AXgK3Cdv5u7fRd6ERB/Rw2iWvF4sP1hR4t4+cL/6hGWQlpmrZrzKG07mnwbqBoNlXnZTIUfF18Il9SvYAv0gnKD8MdVpcWDMBRZxBvALkm4buUjQ13FzAe2f5fGVxHyuVpfaF5EYYa3aIsu+t5vfMyf/R3/v6YOkAbjVyWK0V9K7pFsVlo=</wsse:BinarySecurityToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-2"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod> <ds:Reference URI="#id-3"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod> <ds:DigestValue>UB0Rrb4Io4e+rgGYBuaM8Pba5xk=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>ReDl748A91jo2Bd469f4NUjx7HDIJOS4DgnzlVTa4Tcvuzr04H+XkAaBwutjPwzAa8TmZVUcBSIgT+3tbwBSxnKUPAk6fUe+HA4H0RZBLvrkqIgOUFkghzMGjsv4xIK69H64bJsoVhaTTrw1HWv2AeVMWkMNhHqzI467wTcqoejEu3v/PpCVIQ/1wBtsz77XwW6Gp2T7YQRVBzbyTbVJPfpkLy2fvl1HGgEa++ClXIWasCnW+xWaJodAVnpufWr/cLwhu3O523pa3QE/mXiYY8ja4iBJN4BdvnLSnxxvw8vCnJ8KItrtKKya5yhO4u+MjDHTI4aVcdk5IFFKBfDNkw==</ds:SignatureValue> <ds:KeyInfo Id="KeyId-E6FAF9654A5312632512750351039632"> <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-E6FAF9654A5312632512750351039633"> <wsse:Reference URI="#CertId-E6FAF9654A5312632512750351039631" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"></wsse:Reference> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-1"> <wsu:Created>2010-05-28T08:25:03.948Z</wsu:Created> <wsu:Expires>2010-05-28T08:30:03.948Z800</wsu:Expires> </wsu:Timestamp> <xenc:EncryptedKey Id="EncKeyId-E6FAF9654A5312632512750351044795"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"></xenc:EncryptionMethod> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <wsse:SecurityTokenReference> <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier">nPB7TM1rFUDwQgAoIrs/e8cYGx8=</wsse:KeyIdentifier> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue>spTfVbRN0t62NqVDKmO0i0nUhSOeSE+kIcorYnL+dsT7aDpdHZGMLZ+xG6C54AE21Rzzojvn1KMwn5K7BzTZ1/uHBpgqEcBv7tNgkYg2VGW0MbIs3K3GRdvmYSMD6cqJWvfTp9ZPFkA/sSSOC47b85Hmfhhajp9QFM9n+LPC72s=</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedKey> <wsc:DerivedKeyToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="derivedKeyId-5"> <wsse:SecurityTokenReference> <wsse:Reference URI="#EncKeyId-E6FAF9654A5312632512750351044795" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"></wsse:Reference> </wsse:SecurityTokenReference> <wsc:Offset>0</wsc:Offset> <wsc:Length>24</wsc:Length> <wsc:Nonce>N793yAlM668s1AQm6gvg3w==</wsc:Nonce> </wsc:DerivedKeyToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-6"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"></ds:SignatureMethod> <ds:Reference URI="#id-3"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod> <ds:DigestValue>UB0Rrb4Io4e+rgGYBuaM8Pba5xk=</ds:DigestValue> </ds:Reference> <ds:Re54aference URI="#Timestamp-4"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod> <ds:DigestValue>gK2kN707ebfkex+bBeNeFgSOZ/Y=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>HuaF/3PQEJ/gJHPJ6fPf2S9mdHs=</ds:SignatureValue> <ds:KeyInfo Id="KeyId-E6FAF9654A5312632512750351045106"> <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-E6FAF9654A5312632512750351045107"> <wsse:Reference URI="#derivedKeyId-5"></wsse:Reference> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> <wsa:To>http://edv156-wskome.medical-intern.com:8081/axis2/services/WS7X4NewAccount</wsa:To> <wsa:MessageID>urn:uuid:32CBE5CDB1DA839B471275035103729</wsa:MessageID> <wsa:Action>urn:getLetterOfAgreement</wsa:Action> </soapenv:Header> <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-3"> <ns1:getLetterOfAgreement xmlns:ns1="http://ws7x4.kohlpharma.com/"> <ns1:LetterOfAgreementRequest> <ns1:customer> <ns1:custId>100584</ns1:custId> </ns1:customer> </ns1:LetterOfAgreementRequest> </ns1:getLetterOfAgreement> </soapenv:Body> </soapenv:Envelope> Response send by server ------------------------------------ HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: text/xml;charset=UTF-8 Transfer-Encoding: chunked Date: Fri, 28 May 2010 08:25:05 GMT dac <?xml version='1.0' encoding='UTF-8'?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing"> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-4"> <wsu:Created>2010-05-28T08:25:05.072Z</wsu:Created> <wsu:Expires>2010-05-28T08:30:05.072Z</wsu:Expires> </wsu:Timestamp> <wsc:DerivedKeyToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="derivedKeyId-5"> <wsse:SecurityTokenReference> <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1">3jHnkINI9gbCrYe5aQKh7zqowiY=</wsse:KeyIdentifier> </wsse:SecurityTokenReference> <wsc:Offset>0</wsc:Offset> <wsc:Length>24</wsc:Length> <wsc:Nonce>TBv+wL9NbtLHJDhhYt+Mkw==</wsc:Nonce> </wsc:DerivedKeyToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-6"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" /> <ds:Reference URI="#Id-8713829"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>jZ4ztbeK2KSnWBCkO2U6j6wcHwU=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#Timestamp-4"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>ZvSm746bKP59fxDIB+Gtz0SrPeM=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>HlKwOeUX6IJm4MDwcrStfBnlSho=</ds:SignatureValue> <ds:KeyInfo Id="KeyId-F37B34F8F458473FF412750351050723"> <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-F37B34F8F458473FF412750351050724"> <wsse:Reference URI="#derivedKeyId-5" /> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> <wsa:Action>http://ws7x4.kohlpharma.com/WS7X4NewAccount/getLetterOfAgreementResponse</wsa:Action> <wsa:RelatesTo>urn:uuid:32CBE5CDB1DA839B471275035103729</wsa:RelatesTo> </soapenv:Header> <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-8713829"> <ns1:getLetterOfAgreementResponse xmlns:ns1="http://ws7x4.kohlpharma.com/"> <ns1:return> <ns1:data> <ns1:generalInformation> <ns1:text>Dies ist der Informationstext der 7x4 Pharma.</ns1:text> </ns1:generalInformation> <ns1:agreement> <ns1:text>Dies ist die Einverst�ndniserkl�rung der 7x4 Pharma.===20100528102504791===</ns1:text> <ns1:timeStamp>20100528102504822</ns1:timeStamp> </ns1:agreement> </ns1:data> <ns1:status> <ns1:msgSet> <ns1:count>1</ns1:count> <ns1:msg> <ns1:msgCode>0</ns1:msgCode> <ns1:msgText>Okay</ns1:msgText> <ns1:msgType>S</ns1:msgType> <ns1:no>1</ns1:no> </ns1:msg> </ns1:msgSet> <ns1:statusType>S</ns1:statusType> </ns1:status> </ns1:return> </ns1:getLetterOfAgreementResponse> </soapenv:Body> </soapenv:Envelope>

    Apache's JIRA Issue Tracker | 7 years ago | Herwig David
    org.apache.axis2.AxisFault: WSDoAllReceiver: security processing failed
  3. Speed up your debug routine!

    Automated exception search integrated into your IDE

  4. 0

    I run a web service under axis2 on tomcat and an axis2 java client . The scenario is as follows: The server (server6) is known by the client. The client is not known by the server. Therefore I use a symmetric binding here. In a 1st step I only want to sign the message, later I also want to encrypt the message. The call of the web service is working perfectly. When processing the response from the web service the client gets the following runtime error. I assume I do something wrong in the configuration of the symmetric binding scenario. Thanks in advance, Herwig --------------------------------- org.apache.axis2.AxisFault: WSDoAllReceiver: security processing failed at org.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.java:214) at org.apache.rampart.handler.WSDoAllReceiver.processMessage(WSDoAllReceiver.java:86) at org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:72) at org.apache.axis2.engine.Phase.invoke(Phase.java:318) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160) at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:364) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:417) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165) at com.kohlpharma.ws7x4.WS7X4NewAccountStub.getLetterOfAgreement(WS7X4NewAccountStub.java:203) at client.TestClient.getLetterOfAgreement(TestClient.java:171) at client.TestClient.main(TestClient.java:93) Caused by: org.apache.ws.security.WSSecurityException: General security error (WSSecurityEngine: No password callback supplied) at org.apache.ws.security.processor.DerivedKeyTokenProcessor.getSecret(DerivedKeyTokenProcessor.java:220) at org.apache.ws.security.processor.DerivedKeyTokenProcessor.extractSecret(DerivedKeyTokenProcessor.java:161) at org.apache.ws.security.processor.DerivedKeyTokenProcessor.handleToken(DerivedKeyTokenProcessor.java:74) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:326) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:243) at org.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.java:211) ... 12 more Service Configuration ================= ramp:user and ramp:userCertAlias are set to server alias (server6) service.xml ---------------- <?xml version="1.0" encoding="UTF-8"?> <service name="WS7X4NewAccount" scope="application"> <Description> Web Service 7x4 - New Account </Description> <messageReceivers> <messageReceiver mep="http://www.w3.org/ns/wsdl/in-out" class="com.kohlpharma.ws7x4gen.WS7X4NewAccountMessageReceiverInOut"/> </messageReceivers> <parameter name="ServiceClass" locked="false"> com.kohlpharma.ws7x4.WS7X4NewAccount </parameter> <parameter name="useOriginalwsdl">true</parameter> <parameter name="modifyUserWSDLPortAddress">true</parameter> <parameter name="allowedMethods" value="getLetterOfAgreement" /> <operation name="getLetterOfAgreement" mep="http://www.w3.org/ns/wsdl/in-out" namespace="http://ws7x4.kohlpharma.com/"> <actionMapping>urn:getLetterOfAgreement</actionMapping> <outputActionMapping>http://ws7x4.kohlpharma.com/WS7X4NewAccount/getLetterOfAgreementResponse</outputActionMapping> <faultActionMapping faultName="WebServiceException">http://ws7x4.kohlpharma.com/WS7X4NewAccount/getLetterOfAgreement/Fault/WebServiceException</faultActionMapping> </operation> <service targetNamespace="http://ws7x4.kohlpharma.com"> </service> <module ref="rampart" /> <module ref="addressing" /> <wsp:Policy Name="http://edv156-wskome.medical-intern.com/policies/P1" wsu:Id="SymmetricBindingPolicy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> <wsp:ExactlyOne> <wsp:All> <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:ProtectionToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> <wsp:Policy> <sp:RequireDerivedKeys/> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:ProtectionToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:TripleDesRsa15/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> <!-- Timestamp --> <sp:IncludeTimestamp wsp:Optional="false" /> <!-- Sign --> <sp:OnlySignEntireHeadersAndBody/> </wsp:Policy> </sp:SymmetricBinding> <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <sp:Body/> </sp:SignedParts> <!-- <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <sp:Body/> </sp:EncryptedParts> --> <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:MustSupportRefKeyIdentifier/> <sp:MustSupportRefIssuerSerial/> </wsp:Policy> </sp:Wss10> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> <ramp:user>server6</ramp:user> <ramp:userCertAlias>server6</ramp:userCertAlias> <ramp:passwordCallbackClass>com.kohlpharma.common.PWCBServerHandler</ramp:passwordCallbackClass> <ramp:signatureCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">keystore.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">changeit</ramp:property> </ramp:crypto> </ramp:signatureCrypto> <ramp:encryptionCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">keystore.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">changeit</ramp:property> </ramp:crypto> <ramp:decryptionCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">keystore.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.alias">server6</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">changeit</ramp:property> </ramp:crypto> </ramp:decryptionCrypto> </ramp:encryptionCrypto> </ramp:RampartConfig> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> </service> Client Configuration ================= callback classes are defined in client.axis2.xml, policy.xml and set additionally in the code. I've tried everything :-) client.axis2.xml --------------------- <axisconfig name="AxisJava2.0"> <module ref="rampart" /> <parameter name="OutflowSecurity"> <action> <items>Timestamp Signature</items> <!-- Username Token --> <passwordCallbackClass>client.PWCBClientHandler</passwordCallbackClass> <!-- Signature - Keystore read--> <signaturePropFile>client/conf/keystore.properties</signaturePropFile> <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier> <signatureKeyTransportAlgorithm>http://www.w3.org/2000/09/xmlenc#rsa-sha1</signatureKeyTransportAlgorithm> <signatureParts>{}{}Body</signatureParts> <!-- Encryption - Truststore lesen --> <encryptionKeyTransportAlgorithm>http://www.w3.org/2001/04/xmlenc#rsa-1_5</encryptionKeyTransportAlgorithm> <!-- Disable Signature Confirmation --> <enableSignatureConfirmation>false</enableSignatureConfirmation> </action> </parameter> <parameter name="InflowSecurity"> <action> <items>Timestamp Signature</items> <!-- Timestamp Token --> <timestampStrict>false</timestampStrict> <!-- UserName Token --> <passwordCallbackClass>client.PWCBClientHandler</passwordCallbackClass> <!-- Signature - Truststore lesen --> <signaturePropFile>client/conf/keystore.properties</signaturePropFile> <!-- Encryption - Keystore lesen --> <decryptionPropFile>client/conf/keystore.properties</decryptionPropFile> <!-- Disable Signature Confirmation --> <enableSignatureConfirmation>false</enableSignatureConfirmation> </action> </parameter> clients policy.xml ----------------------- ramp:encryptionUser is set to server alias (server6) <wsp:Policy Name="http://edv156-wskome.medical-intern.com/policies/P1" wsu:Id="SymmetricBindingPolicy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> <wsp:ExactlyOne> <wsp:All> <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:ProtectionToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> <wsp:Policy> <sp:RequireDerivedKeys/> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:ProtectionToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:TripleDesRsa15/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> <!-- Timestamp --> <sp:IncludeTimestamp wsp:Optional="false" /> <!-- Sign --> <sp:OnlySignEntireHeadersAndBody/> </wsp:Policy> </sp:SymmetricBinding> <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <sp:Body/> </sp:SignedParts> <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:MustSupportRefKeyIdentifier/> <sp:MustSupportRefIssuerSerial/> </wsp:Policy> </sp:Wss10> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> <ramp:encryptionUser>server6</ramp:encryptionUser> <ramp:passwordCallbackClass>client.PWCBClientHandler</ramp:passwordCallbackClass> <ramp:signatureCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">client_keystore.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">clientclient</ramp:property> </ramp:crypto> </ramp:signatureCrypto> <ramp:encryptionCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">client_keystore.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">clientclient</ramp:property> </ramp:crypto> <ramp:decryptionCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">client_keystore.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.alias">server6</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">clientclient</ramp:property> </ramp:crypto> </ramp:decryptionCrypto> </ramp:encryptionCrypto> </ramp:RampartConfig> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> Coding client ------------------- As the callback class was not found simply using the policy.xml file, I have tried to set the rampart configuration manuelly here ... ServiceClient client = stub._getServiceClient(); client.engageModule("addressing"); client.engageModule("rampart"); // get option object Options options = client.getOptions(); // EndpointReference targetEprRef = new EndpointReference(targetEpr); // set username / password options.setUserName("testapojava1"); options.setProperty("user", "testapojava1"); // set rampart config RampartConfig rc = new RampartConfig(); Properties merlinProp = new Properties(); merlinProp.put("org.apache.ws.security.crypto.merlin.file", "client_keystore.jks"); merlinProp.put("org.apache.ws.security.crypto.merlin.keystore.type", "jks"); merlinProp.put("org.apache.ws.security.crypto.merlin.keystore.password", "clientclient"); CryptoConfig cryptoConfig = new CryptoConfig(); cryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merlin"); cryptoConfig.setProp(merlinProp); rc.setEncrCryptoConfig(cryptoConfig); rc.setSigCryptoConfig(cryptoConfig); rc.setDecCryptoConfig(cryptoConfig); rc.setUser("testapojava1"); // necessary rc.setEncryptionUser("server6"); rc.setPwCbClass("client.PWCBClientHandler"); // set policy Policy policy = loadPolicy("C:/usr/workspace/WSTestClient_NewAccount/build/client/conf/policy.xml"); policy.addAssertion(rc); options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy); ... Request send by client -------------------------------- POST /axis2/services/WS7X4NewAccount HTTP/1.1 Content-Type: text/xml; charset=UTF-8 SOAPAction: "urn:getLetterOfAgreement" User-Agent: Axis2 Host: 127.0.0.1:8081 Transfer-Encoding: chunked 800 <?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing"> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-4"> <wsu:Created>2010-05-28T08:25:04.322Z</wsu:Created> <wsu:Expires>2010-05-28T08:30:04.322Z</wsu:Expires> </wsu:Timestamp> <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-E6FAF9654A5312632512750351039631">MIIEBjCCAu6gAwIBAgIJAJAykBkpRUN4MA0GCSqGSIb3DQEBBQUAMIGJMQswCQYDVQQGEwJERTEPMA0GA1UEBxMGTWVyemlnMRMwEQYDVQQKEwprb2hscGhhcm1hMRcwFQYDVQQLEw5rb2hscGhhcm1hIEVEVjEVMBMGA1UEAxMMVGVzdEFwb0phdmExMSQwIgYJKoZIhvcNAQkBFhVoZGF2aWRAa29obHBoYXJtYS5jb20wHhcNMTAwMzExMTQxNDE0WhcNMjAwMzA4MTQxNDE0WjCBiTELMAkGA1UEBhMCREUxDzANBgNVBAcTBk1lcnppZzETMBEGA1UEChMKa29obHBoYXJtYTEXMBUGA1UECxMOa29obHBoYXJtYSBFRFYxFTATBgNVBAMTDFRlc3RBcG9KYXZhMTEkMCIGCSqGSIb3DQEJARYVaGRhdmlkQGtvaGxwaGFybWEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyjYi6q6jJ3InLY9dkuzxw5hU5bh7yoNhmtxmrDqpkG8wkn5fPSV+5Zn/cGfLJLrQssPNK1pgjq4Uh56oa78/Ifs9hgdtNxbF6ypUfqMS/sRkZBqNUUcZKfApfY+tuCJD/G+2j3Y0lGU39R2dg3/wh9kWbbRuBaP87Xq5uJThRkMUAmruDXltHLcacFIjJT5QJsn3WpYyRzyKzeyrLJbJoMYZ3Io01KgmQVEHdWAHY1M6dUt4TpQAm2PcOCHb62ZCmZHKzZXislb69FCkqVGV5tSPJb+JKSHl+Q7wtUpW25JVAZElqZIyhBHUDb7Z3C2QRGvkHhezq2Kik7Mbgks4cQIDAQABo28wbTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIE8DA0BgNVHSUELTArBggrBgEFBQcDAgYIKwYBBQUHAwgGCisGAQQBgjcKAwMGCWCGSAGG+EIEATAdBgNVHQ4EFgQUfhb9hJQXiiDwSOc/dYqA8O9ZbGgwDQYJKoZIhvcNAQEFBQADggEBAFvYWTlviZ0SeKAXINMpBB800mq2YqTaxeIrx0sEdAHhE3XnTQWucP+aSNernTPYfPMMtM9naPqniCzx8xyMq9M4wbQVUiiQrCFz+d0tQ25nLrMJbXo8HLFfSJKNgpgcgwGfgi7gXTvA4PfbCxKZegXSzw1wm412uC5Jt8b5AXgK3Cdv5u7fRd6ERB/Rw2iWvF4sP1hR4t4+cL/6hGWQlpmrZrzKG07mnwbqBoNlXnZTIUfF18Il9SvYAv0gnKD8MdVpcWDMBRZxBvALkm4buUjQ13FzAe2f5fGVxHyuVpfaF5EYYa3aIsu+t5vfMyf/R3/v6YOkAbjVyWK0V9K7pFsVlo=</wsse:BinarySecurityToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-2"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod> <ds:Reference URI="#id-3"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod> <ds:DigestValue>UB0Rrb4Io4e+rgGYBuaM8Pba5xk=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>ReDl748A91jo2Bd469f4NUjx7HDIJOS4DgnzlVTa4Tcvuzr04H+XkAaBwutjPwzAa8TmZVUcBSIgT+3tbwBSxnKUPAk6fUe+HA4H0RZBLvrkqIgOUFkghzMGjsv4xIK69H64bJsoVhaTTrw1HWv2AeVMWkMNhHqzI467wTcqoejEu3v/PpCVIQ/1wBtsz77XwW6Gp2T7YQRVBzbyTbVJPfpkLy2fvl1HGgEa++ClXIWasCnW+xWaJodAVnpufWr/cLwhu3O523pa3QE/mXiYY8ja4iBJN4BdvnLSnxxvw8vCnJ8KItrtKKya5yhO4u+MjDHTI4aVcdk5IFFKBfDNkw==</ds:SignatureValue> <ds:KeyInfo Id="KeyId-E6FAF9654A5312632512750351039632"> <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-E6FAF9654A5312632512750351039633"> <wsse:Reference URI="#CertId-E6FAF9654A5312632512750351039631" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"></wsse:Reference> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-1"> <wsu:Created>2010-05-28T08:25:03.948Z</wsu:Created> <wsu:Expires>2010-05-28T08:30:03.948Z800</wsu:Expires> </wsu:Timestamp> <xenc:EncryptedKey Id="EncKeyId-E6FAF9654A5312632512750351044795"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"></xenc:EncryptionMethod> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <wsse:SecurityTokenReference> <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier">nPB7TM1rFUDwQgAoIrs/e8cYGx8=</wsse:KeyIdentifier> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue>spTfVbRN0t62NqVDKmO0i0nUhSOeSE+kIcorYnL+dsT7aDpdHZGMLZ+xG6C54AE21Rzzojvn1KMwn5K7BzTZ1/uHBpgqEcBv7tNgkYg2VGW0MbIs3K3GRdvmYSMD6cqJWvfTp9ZPFkA/sSSOC47b85Hmfhhajp9QFM9n+LPC72s=</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedKey> <wsc:DerivedKeyToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="derivedKeyId-5"> <wsse:SecurityTokenReference> <wsse:Reference URI="#EncKeyId-E6FAF9654A5312632512750351044795" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"></wsse:Reference> </wsse:SecurityTokenReference> <wsc:Offset>0</wsc:Offset> <wsc:Length>24</wsc:Length> <wsc:Nonce>N793yAlM668s1AQm6gvg3w==</wsc:Nonce> </wsc:DerivedKeyToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-6"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"></ds:SignatureMethod> <ds:Reference URI="#id-3"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod> <ds:DigestValue>UB0Rrb4Io4e+rgGYBuaM8Pba5xk=</ds:DigestValue> </ds:Reference> <ds:Re54aference URI="#Timestamp-4"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod> <ds:DigestValue>gK2kN707ebfkex+bBeNeFgSOZ/Y=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>HuaF/3PQEJ/gJHPJ6fPf2S9mdHs=</ds:SignatureValue> <ds:KeyInfo Id="KeyId-E6FAF9654A5312632512750351045106"> <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-E6FAF9654A5312632512750351045107"> <wsse:Reference URI="#derivedKeyId-5"></wsse:Reference> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> <wsa:To>http://edv156-wskome.medical-intern.com:8081/axis2/services/WS7X4NewAccount</wsa:To> <wsa:MessageID>urn:uuid:32CBE5CDB1DA839B471275035103729</wsa:MessageID> <wsa:Action>urn:getLetterOfAgreement</wsa:Action> </soapenv:Header> <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-3"> <ns1:getLetterOfAgreement xmlns:ns1="http://ws7x4.kohlpharma.com/"> <ns1:LetterOfAgreementRequest> <ns1:customer> <ns1:custId>100584</ns1:custId> </ns1:customer> </ns1:LetterOfAgreementRequest> </ns1:getLetterOfAgreement> </soapenv:Body> </soapenv:Envelope> Response send by server ------------------------------------ HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: text/xml;charset=UTF-8 Transfer-Encoding: chunked Date: Fri, 28 May 2010 08:25:05 GMT dac <?xml version='1.0' encoding='UTF-8'?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing"> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-4"> <wsu:Created>2010-05-28T08:25:05.072Z</wsu:Created> <wsu:Expires>2010-05-28T08:30:05.072Z</wsu:Expires> </wsu:Timestamp> <wsc:DerivedKeyToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="derivedKeyId-5"> <wsse:SecurityTokenReference> <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1">3jHnkINI9gbCrYe5aQKh7zqowiY=</wsse:KeyIdentifier> </wsse:SecurityTokenReference> <wsc:Offset>0</wsc:Offset> <wsc:Length>24</wsc:Length> <wsc:Nonce>TBv+wL9NbtLHJDhhYt+Mkw==</wsc:Nonce> </wsc:DerivedKeyToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-6"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" /> <ds:Reference URI="#Id-8713829"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>jZ4ztbeK2KSnWBCkO2U6j6wcHwU=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#Timestamp-4"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>ZvSm746bKP59fxDIB+Gtz0SrPeM=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>HlKwOeUX6IJm4MDwcrStfBnlSho=</ds:SignatureValue> <ds:KeyInfo Id="KeyId-F37B34F8F458473FF412750351050723"> <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-F37B34F8F458473FF412750351050724"> <wsse:Reference URI="#derivedKeyId-5" /> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> <wsa:Action>http://ws7x4.kohlpharma.com/WS7X4NewAccount/getLetterOfAgreementResponse</wsa:Action> <wsa:RelatesTo>urn:uuid:32CBE5CDB1DA839B471275035103729</wsa:RelatesTo> </soapenv:Header> <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-8713829"> <ns1:getLetterOfAgreementResponse xmlns:ns1="http://ws7x4.kohlpharma.com/"> <ns1:return> <ns1:data> <ns1:generalInformation> <ns1:text>Dies ist der Informationstext der 7x4 Pharma.</ns1:text> </ns1:generalInformation> <ns1:agreement> <ns1:text>Dies ist die Einverst�ndniserkl�rung der 7x4 Pharma.===20100528102504791===</ns1:text> <ns1:timeStamp>20100528102504822</ns1:timeStamp> </ns1:agreement> </ns1:data> <ns1:status> <ns1:msgSet> <ns1:count>1</ns1:count> <ns1:msg> <ns1:msgCode>0</ns1:msgCode> <ns1:msgText>Okay</ns1:msgText> <ns1:msgType>S</ns1:msgType> <ns1:no>1</ns1:no> </ns1:msg> </ns1:msgSet> <ns1:statusType>S</ns1:statusType> </ns1:status> </ns1:return> </ns1:getLetterOfAgreementResponse> </soapenv:Body> </soapenv:Envelope>

    Apache's JIRA Issue Tracker | 7 years ago | Herwig David
    org.apache.axis2.AxisFault: WSDoAllReceiver: security processing failed
  5. 0

    Replace JBoss error page with Axis2 fault XML response

    Stack Overflow | 8 years ago | Dario
    org.apache.axis2.AxisFault: WSDoAllReceiver: security processing failed

    5 unregistered visitors
    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. org.apache.ws.security.WSSecurityException

      General security error (WSSecurityEngine: Callback supplied no password for: client)

      at org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey()
    2. Apache WSS4J
      WSSecurityEngine.processSecurityHeader
      1. org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(EncryptedKeyProcessor.java:279)
      2. org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(EncryptedKeyProcessor.java:87)
      3. org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:76)
      4. org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:284)
      5. org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:206)
      5 frames
    3. Rampart - Core
      WSDoAllHandler.invoke
      1. org.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.java:213)
      2. org.apache.rampart.handler.WSDoAllReceiver.processMessage(WSDoAllReceiver.java:86)
      3. org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:72)
      3 frames
    4. org.apache.axis2
      OperationClient.execute
      1. org.apache.axis2.engine.Phase.invoke(Phase.java:292)
      2. org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:212)
      3. org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:132)
      4. org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:336)
      5. org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:389)
      6. org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:211)
      7. org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
      7 frames
    5. com.nfn.wsclients
      AsrPolicyServiceClient.main
      1. com.nfn.wsclients.AsrsPolicyServiceStub.getStatuses(AsrsPolicyServiceStub.java:153)
      2. com.nfn.wsclients.AsrPolicyServiceClient.printAccountStatuses(AsrPolicyServiceClient.java:35)
      3. com.nfn.wsclients.AsrPolicyServiceClient.main(AsrPolicyServiceClient.java:23)
      3 frames