org.apache.cxf.binding.soap.SoapFault

There are no available Samebug tips for this exception. Do you have an idea how to solve this issue? A short tip would help users who saw this issue last week.

  • I run a web service under axis2 on tomcat and an axis2 java client . The scenario is as follows: The server (server6) is known by the client. The client is not known by the server. Therefore I use a symmetric binding here. In a 1st step I only want to sign the message, later I also want to encrypt the message. The call of the web service is working perfectly. When processing the response from the web service the client gets the following runtime error. I assume I do something wrong in the configuration of the symmetric binding scenario. Thanks in advance, Herwig --------------------------------- org.apache.axis2.AxisFault: WSDoAllReceiver: security processing failed at org.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.java:214) at org.apache.rampart.handler.WSDoAllReceiver.processMessage(WSDoAllReceiver.java:86) at org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:72) at org.apache.axis2.engine.Phase.invoke(Phase.java:318) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160) at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:364) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:417) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165) at com.kohlpharma.ws7x4.WS7X4NewAccountStub.getLetterOfAgreement(WS7X4NewAccountStub.java:203) at client.TestClient.getLetterOfAgreement(TestClient.java:171) at client.TestClient.main(TestClient.java:93) Caused by: org.apache.ws.security.WSSecurityException: General security error (WSSecurityEngine: No password callback supplied) at org.apache.ws.security.processor.DerivedKeyTokenProcessor.getSecret(DerivedKeyTokenProcessor.java:220) at org.apache.ws.security.processor.DerivedKeyTokenProcessor.extractSecret(DerivedKeyTokenProcessor.java:161) at org.apache.ws.security.processor.DerivedKeyTokenProcessor.handleToken(DerivedKeyTokenProcessor.java:74) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:326) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:243) at org.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.java:211) ... 12 more Service Configuration ================= ramp:user and ramp:userCertAlias are set to server alias (server6) service.xml ---------------- <?xml version="1.0" encoding="UTF-8"?> <service name="WS7X4NewAccount" scope="application"> <Description> Web Service 7x4 - New Account </Description> <messageReceivers> <messageReceiver mep="http://www.w3.org/ns/wsdl/in-out" class="com.kohlpharma.ws7x4gen.WS7X4NewAccountMessageReceiverInOut"/> </messageReceivers> <parameter name="ServiceClass" locked="false"> com.kohlpharma.ws7x4.WS7X4NewAccount </parameter> <parameter name="useOriginalwsdl">true</parameter> <parameter name="modifyUserWSDLPortAddress">true</parameter> <parameter name="allowedMethods" value="getLetterOfAgreement" /> <operation name="getLetterOfAgreement" mep="http://www.w3.org/ns/wsdl/in-out" namespace="http://ws7x4.kohlpharma.com/"> <actionMapping>urn:getLetterOfAgreement</actionMapping> <outputActionMapping>http://ws7x4.kohlpharma.com/WS7X4NewAccount/getLetterOfAgreementResponse</outputActionMapping> <faultActionMapping faultName="WebServiceException">http://ws7x4.kohlpharma.com/WS7X4NewAccount/getLetterOfAgreement/Fault/WebServiceException</faultActionMapping> </operation> <service targetNamespace="http://ws7x4.kohlpharma.com"> </service> <module ref="rampart" /> <module ref="addressing" /> <wsp:Policy Name="http://edv156-wskome.medical-intern.com/policies/P1" wsu:Id="SymmetricBindingPolicy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> <wsp:ExactlyOne> <wsp:All> <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:ProtectionToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> <wsp:Policy> <sp:RequireDerivedKeys/> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:ProtectionToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:TripleDesRsa15/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> <!-- Timestamp --> <sp:IncludeTimestamp wsp:Optional="false" /> <!-- Sign --> <sp:OnlySignEntireHeadersAndBody/> </wsp:Policy> </sp:SymmetricBinding> <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <sp:Body/> </sp:SignedParts> <!-- <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <sp:Body/> </sp:EncryptedParts> --> <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:MustSupportRefKeyIdentifier/> <sp:MustSupportRefIssuerSerial/> </wsp:Policy> </sp:Wss10> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> <ramp:user>server6</ramp:user> <ramp:userCertAlias>server6</ramp:userCertAlias> <ramp:passwordCallbackClass>com.kohlpharma.common.PWCBServerHandler</ramp:passwordCallbackClass> <ramp:signatureCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">keystore.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">changeit</ramp:property> </ramp:crypto> </ramp:signatureCrypto> <ramp:encryptionCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">keystore.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">changeit</ramp:property> </ramp:crypto> <ramp:decryptionCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">keystore.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.alias">server6</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">changeit</ramp:property> </ramp:crypto> </ramp:decryptionCrypto> </ramp:encryptionCrypto> </ramp:RampartConfig> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> </service> Client Configuration ================= callback classes are defined in client.axis2.xml, policy.xml and set additionally in the code. I've tried everything :-) client.axis2.xml --------------------- <axisconfig name="AxisJava2.0"> <module ref="rampart" /> <parameter name="OutflowSecurity"> <action> <items>Timestamp Signature</items> <!-- Username Token --> <passwordCallbackClass>client.PWCBClientHandler</passwordCallbackClass> <!-- Signature - Keystore read--> <signaturePropFile>client/conf/keystore.properties</signaturePropFile> <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier> <signatureKeyTransportAlgorithm>http://www.w3.org/2000/09/xmlenc#rsa-sha1</signatureKeyTransportAlgorithm> <signatureParts>{}{}Body</signatureParts> <!-- Encryption - Truststore lesen --> <encryptionKeyTransportAlgorithm>http://www.w3.org/2001/04/xmlenc#rsa-1_5</encryptionKeyTransportAlgorithm> <!-- Disable Signature Confirmation --> <enableSignatureConfirmation>false</enableSignatureConfirmation> </action> </parameter> <parameter name="InflowSecurity"> <action> <items>Timestamp Signature</items> <!-- Timestamp Token --> <timestampStrict>false</timestampStrict> <!-- UserName Token --> <passwordCallbackClass>client.PWCBClientHandler</passwordCallbackClass> <!-- Signature - Truststore lesen --> <signaturePropFile>client/conf/keystore.properties</signaturePropFile> <!-- Encryption - Keystore lesen --> <decryptionPropFile>client/conf/keystore.properties</decryptionPropFile> <!-- Disable Signature Confirmation --> <enableSignatureConfirmation>false</enableSignatureConfirmation> </action> </parameter> clients policy.xml ----------------------- ramp:encryptionUser is set to server alias (server6) <wsp:Policy Name="http://edv156-wskome.medical-intern.com/policies/P1" wsu:Id="SymmetricBindingPolicy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> <wsp:ExactlyOne> <wsp:All> <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:ProtectionToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> <wsp:Policy> <sp:RequireDerivedKeys/> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:ProtectionToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:TripleDesRsa15/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> <!-- Timestamp --> <sp:IncludeTimestamp wsp:Optional="false" /> <!-- Sign --> <sp:OnlySignEntireHeadersAndBody/> </wsp:Policy> </sp:SymmetricBinding> <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <sp:Body/> </sp:SignedParts> <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:MustSupportRefKeyIdentifier/> <sp:MustSupportRefIssuerSerial/> </wsp:Policy> </sp:Wss10> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> <ramp:encryptionUser>server6</ramp:encryptionUser> <ramp:passwordCallbackClass>client.PWCBClientHandler</ramp:passwordCallbackClass> <ramp:signatureCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">client_keystore.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">clientclient</ramp:property> </ramp:crypto> </ramp:signatureCrypto> <ramp:encryptionCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">client_keystore.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">clientclient</ramp:property> </ramp:crypto> <ramp:decryptionCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">client_keystore.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.alias">server6</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">clientclient</ramp:property> </ramp:crypto> </ramp:decryptionCrypto> </ramp:encryptionCrypto> </ramp:RampartConfig> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> Coding client ------------------- As the callback class was not found simply using the policy.xml file, I have tried to set the rampart configuration manuelly here ... ServiceClient client = stub._getServiceClient(); client.engageModule("addressing"); client.engageModule("rampart"); // get option object Options options = client.getOptions(); // EndpointReference targetEprRef = new EndpointReference(targetEpr); // set username / password options.setUserName("testapojava1"); options.setProperty("user", "testapojava1"); // set rampart config RampartConfig rc = new RampartConfig(); Properties merlinProp = new Properties(); merlinProp.put("org.apache.ws.security.crypto.merlin.file", "client_keystore.jks"); merlinProp.put("org.apache.ws.security.crypto.merlin.keystore.type", "jks"); merlinProp.put("org.apache.ws.security.crypto.merlin.keystore.password", "clientclient"); CryptoConfig cryptoConfig = new CryptoConfig(); cryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merlin"); cryptoConfig.setProp(merlinProp); rc.setEncrCryptoConfig(cryptoConfig); rc.setSigCryptoConfig(cryptoConfig); rc.setDecCryptoConfig(cryptoConfig); rc.setUser("testapojava1"); // necessary rc.setEncryptionUser("server6"); rc.setPwCbClass("client.PWCBClientHandler"); // set policy Policy policy = loadPolicy("C:/usr/workspace/WSTestClient_NewAccount/build/client/conf/policy.xml"); policy.addAssertion(rc); options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy); ... Request send by client -------------------------------- POST /axis2/services/WS7X4NewAccount HTTP/1.1 Content-Type: text/xml; charset=UTF-8 SOAPAction: "urn:getLetterOfAgreement" User-Agent: Axis2 Host: 127.0.0.1:8081 Transfer-Encoding: chunked 800 <?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing"> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-4"> <wsu:Created>2010-05-28T08:25:04.322Z</wsu:Created> <wsu:Expires>2010-05-28T08:30:04.322Z</wsu:Expires> </wsu:Timestamp> <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-E6FAF9654A5312632512750351039631">MIIEBjCCAu6gAwIBAgIJAJAykBkpRUN4MA0GCSqGSIb3DQEBBQUAMIGJMQswCQYDVQQGEwJERTEPMA0GA1UEBxMGTWVyemlnMRMwEQYDVQQKEwprb2hscGhhcm1hMRcwFQYDVQQLEw5rb2hscGhhcm1hIEVEVjEVMBMGA1UEAxMMVGVzdEFwb0phdmExMSQwIgYJKoZIhvcNAQkBFhVoZGF2aWRAa29obHBoYXJtYS5jb20wHhcNMTAwMzExMTQxNDE0WhcNMjAwMzA4MTQxNDE0WjCBiTELMAkGA1UEBhMCREUxDzANBgNVBAcTBk1lcnppZzETMBEGA1UEChMKa29obHBoYXJtYTEXMBUGA1UECxMOa29obHBoYXJtYSBFRFYxFTATBgNVBAMTDFRlc3RBcG9KYXZhMTEkMCIGCSqGSIb3DQEJARYVaGRhdmlkQGtvaGxwaGFybWEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyjYi6q6jJ3InLY9dkuzxw5hU5bh7yoNhmtxmrDqpkG8wkn5fPSV+5Zn/cGfLJLrQssPNK1pgjq4Uh56oa78/Ifs9hgdtNxbF6ypUfqMS/sRkZBqNUUcZKfApfY+tuCJD/G+2j3Y0lGU39R2dg3/wh9kWbbRuBaP87Xq5uJThRkMUAmruDXltHLcacFIjJT5QJsn3WpYyRzyKzeyrLJbJoMYZ3Io01KgmQVEHdWAHY1M6dUt4TpQAm2PcOCHb62ZCmZHKzZXislb69FCkqVGV5tSPJb+JKSHl+Q7wtUpW25JVAZElqZIyhBHUDb7Z3C2QRGvkHhezq2Kik7Mbgks4cQIDAQABo28wbTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIE8DA0BgNVHSUELTArBggrBgEFBQcDAgYIKwYBBQUHAwgGCisGAQQBgjcKAwMGCWCGSAGG+EIEATAdBgNVHQ4EFgQUfhb9hJQXiiDwSOc/dYqA8O9ZbGgwDQYJKoZIhvcNAQEFBQADggEBAFvYWTlviZ0SeKAXINMpBB800mq2YqTaxeIrx0sEdAHhE3XnTQWucP+aSNernTPYfPMMtM9naPqniCzx8xyMq9M4wbQVUiiQrCFz+d0tQ25nLrMJbXo8HLFfSJKNgpgcgwGfgi7gXTvA4PfbCxKZegXSzw1wm412uC5Jt8b5AXgK3Cdv5u7fRd6ERB/Rw2iWvF4sP1hR4t4+cL/6hGWQlpmrZrzKG07mnwbqBoNlXnZTIUfF18Il9SvYAv0gnKD8MdVpcWDMBRZxBvALkm4buUjQ13FzAe2f5fGVxHyuVpfaF5EYYa3aIsu+t5vfMyf/R3/v6YOkAbjVyWK0V9K7pFsVlo=</wsse:BinarySecurityToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-2"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod> <ds:Reference URI="#id-3"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod> <ds:DigestValue>UB0Rrb4Io4e+rgGYBuaM8Pba5xk=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>ReDl748A91jo2Bd469f4NUjx7HDIJOS4DgnzlVTa4Tcvuzr04H+XkAaBwutjPwzAa8TmZVUcBSIgT+3tbwBSxnKUPAk6fUe+HA4H0RZBLvrkqIgOUFkghzMGjsv4xIK69H64bJsoVhaTTrw1HWv2AeVMWkMNhHqzI467wTcqoejEu3v/PpCVIQ/1wBtsz77XwW6Gp2T7YQRVBzbyTbVJPfpkLy2fvl1HGgEa++ClXIWasCnW+xWaJodAVnpufWr/cLwhu3O523pa3QE/mXiYY8ja4iBJN4BdvnLSnxxvw8vCnJ8KItrtKKya5yhO4u+MjDHTI4aVcdk5IFFKBfDNkw==</ds:SignatureValue> <ds:KeyInfo Id="KeyId-E6FAF9654A5312632512750351039632"> <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-E6FAF9654A5312632512750351039633"> <wsse:Reference URI="#CertId-E6FAF9654A5312632512750351039631" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"></wsse:Reference> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-1"> <wsu:Created>2010-05-28T08:25:03.948Z</wsu:Created> <wsu:Expires>2010-05-28T08:30:03.948Z800</wsu:Expires> </wsu:Timestamp> <xenc:EncryptedKey Id="EncKeyId-E6FAF9654A5312632512750351044795"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"></xenc:EncryptionMethod> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <wsse:SecurityTokenReference> <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier">nPB7TM1rFUDwQgAoIrs/e8cYGx8=</wsse:KeyIdentifier> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue>spTfVbRN0t62NqVDKmO0i0nUhSOeSE+kIcorYnL+dsT7aDpdHZGMLZ+xG6C54AE21Rzzojvn1KMwn5K7BzTZ1/uHBpgqEcBv7tNgkYg2VGW0MbIs3K3GRdvmYSMD6cqJWvfTp9ZPFkA/sSSOC47b85Hmfhhajp9QFM9n+LPC72s=</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedKey> <wsc:DerivedKeyToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="derivedKeyId-5"> <wsse:SecurityTokenReference> <wsse:Reference URI="#EncKeyId-E6FAF9654A5312632512750351044795" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"></wsse:Reference> </wsse:SecurityTokenReference> <wsc:Offset>0</wsc:Offset> <wsc:Length>24</wsc:Length> <wsc:Nonce>N793yAlM668s1AQm6gvg3w==</wsc:Nonce> </wsc:DerivedKeyToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-6"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"></ds:SignatureMethod> <ds:Reference URI="#id-3"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod> <ds:DigestValue>UB0Rrb4Io4e+rgGYBuaM8Pba5xk=</ds:DigestValue> </ds:Reference> <ds:Re54aference URI="#Timestamp-4"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod> <ds:DigestValue>gK2kN707ebfkex+bBeNeFgSOZ/Y=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>HuaF/3PQEJ/gJHPJ6fPf2S9mdHs=</ds:SignatureValue> <ds:KeyInfo Id="KeyId-E6FAF9654A5312632512750351045106"> <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-E6FAF9654A5312632512750351045107"> <wsse:Reference URI="#derivedKeyId-5"></wsse:Reference> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> <wsa:To>http://edv156-wskome.medical-intern.com:8081/axis2/services/WS7X4NewAccount</wsa:To> <wsa:MessageID>urn:uuid:32CBE5CDB1DA839B471275035103729</wsa:MessageID> <wsa:Action>urn:getLetterOfAgreement</wsa:Action> </soapenv:Header> <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-3"> <ns1:getLetterOfAgreement xmlns:ns1="http://ws7x4.kohlpharma.com/"> <ns1:LetterOfAgreementRequest> <ns1:customer> <ns1:custId>100584</ns1:custId> </ns1:customer> </ns1:LetterOfAgreementRequest> </ns1:getLetterOfAgreement> </soapenv:Body> </soapenv:Envelope> Response send by server ------------------------------------ HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: text/xml;charset=UTF-8 Transfer-Encoding: chunked Date: Fri, 28 May 2010 08:25:05 GMT dac <?xml version='1.0' encoding='UTF-8'?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing"> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-4"> <wsu:Created>2010-05-28T08:25:05.072Z</wsu:Created> <wsu:Expires>2010-05-28T08:30:05.072Z</wsu:Expires> </wsu:Timestamp> <wsc:DerivedKeyToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="derivedKeyId-5"> <wsse:SecurityTokenReference> <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1">3jHnkINI9gbCrYe5aQKh7zqowiY=</wsse:KeyIdentifier> </wsse:SecurityTokenReference> <wsc:Offset>0</wsc:Offset> <wsc:Length>24</wsc:Length> <wsc:Nonce>TBv+wL9NbtLHJDhhYt+Mkw==</wsc:Nonce> </wsc:DerivedKeyToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-6"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" /> <ds:Reference URI="#Id-8713829"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>jZ4ztbeK2KSnWBCkO2U6j6wcHwU=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#Timestamp-4"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>ZvSm746bKP59fxDIB+Gtz0SrPeM=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>HlKwOeUX6IJm4MDwcrStfBnlSho=</ds:SignatureValue> <ds:KeyInfo Id="KeyId-F37B34F8F458473FF412750351050723"> <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-F37B34F8F458473FF412750351050724"> <wsse:Reference URI="#derivedKeyId-5" /> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> <wsa:Action>http://ws7x4.kohlpharma.com/WS7X4NewAccount/getLetterOfAgreementResponse</wsa:Action> <wsa:RelatesTo>urn:uuid:32CBE5CDB1DA839B471275035103729</wsa:RelatesTo> </soapenv:Header> <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-8713829"> <ns1:getLetterOfAgreementResponse xmlns:ns1="http://ws7x4.kohlpharma.com/"> <ns1:return> <ns1:data> <ns1:generalInformation> <ns1:text>Dies ist der Informationstext der 7x4 Pharma.</ns1:text> </ns1:generalInformation> <ns1:agreement> <ns1:text>Dies ist die Einverst�ndniserkl�rung der 7x4 Pharma.===20100528102504791===</ns1:text> <ns1:timeStamp>20100528102504822</ns1:timeStamp> </ns1:agreement> </ns1:data> <ns1:status> <ns1:msgSet> <ns1:count>1</ns1:count> <ns1:msg> <ns1:msgCode>0</ns1:msgCode> <ns1:msgText>Okay</ns1:msgText> <ns1:msgType>S</ns1:msgType> <ns1:no>1</ns1:no> </ns1:msg> </ns1:msgSet> <ns1:statusType>S</ns1:statusType> </ns1:status> </ns1:return> </ns1:getLetterOfAgreementResponse> </soapenv:Body> </soapenv:Envelope>
    via by Herwig David,
  • I run a web service under axis2 on tomcat and an axis2 java client . The scenario is as follows: The server (server6) is known by the client. The client is not known by the server. Therefore I use a symmetric binding here. In a 1st step I only want to sign the message, later I also want to encrypt the message. The call of the web service is working perfectly. When processing the response from the web service the client gets the following runtime error. I assume I do something wrong in the configuration of the symmetric binding scenario. Thanks in advance, Herwig --------------------------------- org.apache.axis2.AxisFault: WSDoAllReceiver: security processing failed at org.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.java:214) at org.apache.rampart.handler.WSDoAllReceiver.processMessage(WSDoAllReceiver.java:86) at org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:72) at org.apache.axis2.engine.Phase.invoke(Phase.java:318) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160) at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:364) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:417) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165) at com.kohlpharma.ws7x4.WS7X4NewAccountStub.getLetterOfAgreement(WS7X4NewAccountStub.java:203) at client.TestClient.getLetterOfAgreement(TestClient.java:171) at client.TestClient.main(TestClient.java:93) Caused by: org.apache.ws.security.WSSecurityException: General security error (WSSecurityEngine: No password callback supplied) at org.apache.ws.security.processor.DerivedKeyTokenProcessor.getSecret(DerivedKeyTokenProcessor.java:220) at org.apache.ws.security.processor.DerivedKeyTokenProcessor.extractSecret(DerivedKeyTokenProcessor.java:161) at org.apache.ws.security.processor.DerivedKeyTokenProcessor.handleToken(DerivedKeyTokenProcessor.java:74) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:326) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:243) at org.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.java:211) ... 12 more Service Configuration ================= ramp:user and ramp:userCertAlias are set to server alias (server6) service.xml ---------------- <?xml version="1.0" encoding="UTF-8"?> <service name="WS7X4NewAccount" scope="application"> <Description> Web Service 7x4 - New Account </Description> <messageReceivers> <messageReceiver mep="http://www.w3.org/ns/wsdl/in-out" class="com.kohlpharma.ws7x4gen.WS7X4NewAccountMessageReceiverInOut"/> </messageReceivers> <parameter name="ServiceClass" locked="false"> com.kohlpharma.ws7x4.WS7X4NewAccount </parameter> <parameter name="useOriginalwsdl">true</parameter> <parameter name="modifyUserWSDLPortAddress">true</parameter> <parameter name="allowedMethods" value="getLetterOfAgreement" /> <operation name="getLetterOfAgreement" mep="http://www.w3.org/ns/wsdl/in-out" namespace="http://ws7x4.kohlpharma.com/"> <actionMapping>urn:getLetterOfAgreement</actionMapping> <outputActionMapping>http://ws7x4.kohlpharma.com/WS7X4NewAccount/getLetterOfAgreementResponse</outputActionMapping> <faultActionMapping faultName="WebServiceException">http://ws7x4.kohlpharma.com/WS7X4NewAccount/getLetterOfAgreement/Fault/WebServiceException</faultActionMapping> </operation> <service targetNamespace="http://ws7x4.kohlpharma.com"> </service> <module ref="rampart" /> <module ref="addressing" /> <wsp:Policy Name="http://edv156-wskome.medical-intern.com/policies/P1" wsu:Id="SymmetricBindingPolicy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> <wsp:ExactlyOne> <wsp:All> <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:ProtectionToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> <wsp:Policy> <sp:RequireDerivedKeys/> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:ProtectionToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:TripleDesRsa15/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> <!-- Timestamp --> <sp:IncludeTimestamp wsp:Optional="false" /> <!-- Sign --> <sp:OnlySignEntireHeadersAndBody/> </wsp:Policy> </sp:SymmetricBinding> <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <sp:Body/> </sp:SignedParts> <!-- <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <sp:Body/> </sp:EncryptedParts> --> <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:MustSupportRefKeyIdentifier/> <sp:MustSupportRefIssuerSerial/> </wsp:Policy> </sp:Wss10> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> <ramp:user>server6</ramp:user> <ramp:userCertAlias>server6</ramp:userCertAlias> <ramp:passwordCallbackClass>com.kohlpharma.common.PWCBServerHandler</ramp:passwordCallbackClass> <ramp:signatureCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">keystore.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">changeit</ramp:property> </ramp:crypto> </ramp:signatureCrypto> <ramp:encryptionCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">keystore.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">changeit</ramp:property> </ramp:crypto> <ramp:decryptionCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">keystore.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.alias">server6</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">changeit</ramp:property> </ramp:crypto> </ramp:decryptionCrypto> </ramp:encryptionCrypto> </ramp:RampartConfig> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> </service> Client Configuration ================= callback classes are defined in client.axis2.xml, policy.xml and set additionally in the code. I've tried everything :-) client.axis2.xml --------------------- <axisconfig name="AxisJava2.0"> <module ref="rampart" /> <parameter name="OutflowSecurity"> <action> <items>Timestamp Signature</items> <!-- Username Token --> <passwordCallbackClass>client.PWCBClientHandler</passwordCallbackClass> <!-- Signature - Keystore read--> <signaturePropFile>client/conf/keystore.properties</signaturePropFile> <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier> <signatureKeyTransportAlgorithm>http://www.w3.org/2000/09/xmlenc#rsa-sha1</signatureKeyTransportAlgorithm> <signatureParts>{}{}Body</signatureParts> <!-- Encryption - Truststore lesen --> <encryptionKeyTransportAlgorithm>http://www.w3.org/2001/04/xmlenc#rsa-1_5</encryptionKeyTransportAlgorithm> <!-- Disable Signature Confirmation --> <enableSignatureConfirmation>false</enableSignatureConfirmation> </action> </parameter> <parameter name="InflowSecurity"> <action> <items>Timestamp Signature</items> <!-- Timestamp Token --> <timestampStrict>false</timestampStrict> <!-- UserName Token --> <passwordCallbackClass>client.PWCBClientHandler</passwordCallbackClass> <!-- Signature - Truststore lesen --> <signaturePropFile>client/conf/keystore.properties</signaturePropFile> <!-- Encryption - Keystore lesen --> <decryptionPropFile>client/conf/keystore.properties</decryptionPropFile> <!-- Disable Signature Confirmation --> <enableSignatureConfirmation>false</enableSignatureConfirmation> </action> </parameter> clients policy.xml ----------------------- ramp:encryptionUser is set to server alias (server6) <wsp:Policy Name="http://edv156-wskome.medical-intern.com/policies/P1" wsu:Id="SymmetricBindingPolicy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> <wsp:ExactlyOne> <wsp:All> <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:ProtectionToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> <wsp:Policy> <sp:RequireDerivedKeys/> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:ProtectionToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:TripleDesRsa15/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> <!-- Timestamp --> <sp:IncludeTimestamp wsp:Optional="false" /> <!-- Sign --> <sp:OnlySignEntireHeadersAndBody/> </wsp:Policy> </sp:SymmetricBinding> <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <sp:Body/> </sp:SignedParts> <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:MustSupportRefKeyIdentifier/> <sp:MustSupportRefIssuerSerial/> </wsp:Policy> </sp:Wss10> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> <ramp:encryptionUser>server6</ramp:encryptionUser> <ramp:passwordCallbackClass>client.PWCBClientHandler</ramp:passwordCallbackClass> <ramp:signatureCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">client_keystore.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">clientclient</ramp:property> </ramp:crypto> </ramp:signatureCrypto> <ramp:encryptionCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">client_keystore.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">clientclient</ramp:property> </ramp:crypto> <ramp:decryptionCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">client_keystore.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.alias">server6</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">clientclient</ramp:property> </ramp:crypto> </ramp:decryptionCrypto> </ramp:encryptionCrypto> </ramp:RampartConfig> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> Coding client ------------------- As the callback class was not found simply using the policy.xml file, I have tried to set the rampart configuration manuelly here ... ServiceClient client = stub._getServiceClient(); client.engageModule("addressing"); client.engageModule("rampart"); // get option object Options options = client.getOptions(); // EndpointReference targetEprRef = new EndpointReference(targetEpr); // set username / password options.setUserName("testapojava1"); options.setProperty("user", "testapojava1"); // set rampart config RampartConfig rc = new RampartConfig(); Properties merlinProp = new Properties(); merlinProp.put("org.apache.ws.security.crypto.merlin.file", "client_keystore.jks"); merlinProp.put("org.apache.ws.security.crypto.merlin.keystore.type", "jks"); merlinProp.put("org.apache.ws.security.crypto.merlin.keystore.password", "clientclient"); CryptoConfig cryptoConfig = new CryptoConfig(); cryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merlin"); cryptoConfig.setProp(merlinProp); rc.setEncrCryptoConfig(cryptoConfig); rc.setSigCryptoConfig(cryptoConfig); rc.setDecCryptoConfig(cryptoConfig); rc.setUser("testapojava1"); // necessary rc.setEncryptionUser("server6"); rc.setPwCbClass("client.PWCBClientHandler"); // set policy Policy policy = loadPolicy("C:/usr/workspace/WSTestClient_NewAccount/build/client/conf/policy.xml"); policy.addAssertion(rc); options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy); ... Request send by client -------------------------------- POST /axis2/services/WS7X4NewAccount HTTP/1.1 Content-Type: text/xml; charset=UTF-8 SOAPAction: "urn:getLetterOfAgreement" User-Agent: Axis2 Host: 127.0.0.1:8081 Transfer-Encoding: chunked 800 <?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing"> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-4"> <wsu:Created>2010-05-28T08:25:04.322Z</wsu:Created> <wsu:Expires>2010-05-28T08:30:04.322Z</wsu:Expires> </wsu:Timestamp> <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-E6FAF9654A5312632512750351039631">MIIEBjCCAu6gAwIBAgIJAJAykBkpRUN4MA0GCSqGSIb3DQEBBQUAMIGJMQswCQYDVQQGEwJERTEPMA0GA1UEBxMGTWVyemlnMRMwEQYDVQQKEwprb2hscGhhcm1hMRcwFQYDVQQLEw5rb2hscGhhcm1hIEVEVjEVMBMGA1UEAxMMVGVzdEFwb0phdmExMSQwIgYJKoZIhvcNAQkBFhVoZGF2aWRAa29obHBoYXJtYS5jb20wHhcNMTAwMzExMTQxNDE0WhcNMjAwMzA4MTQxNDE0WjCBiTELMAkGA1UEBhMCREUxDzANBgNVBAcTBk1lcnppZzETMBEGA1UEChMKa29obHBoYXJtYTEXMBUGA1UECxMOa29obHBoYXJtYSBFRFYxFTATBgNVBAMTDFRlc3RBcG9KYXZhMTEkMCIGCSqGSIb3DQEJARYVaGRhdmlkQGtvaGxwaGFybWEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyjYi6q6jJ3InLY9dkuzxw5hU5bh7yoNhmtxmrDqpkG8wkn5fPSV+5Zn/cGfLJLrQssPNK1pgjq4Uh56oa78/Ifs9hgdtNxbF6ypUfqMS/sRkZBqNUUcZKfApfY+tuCJD/G+2j3Y0lGU39R2dg3/wh9kWbbRuBaP87Xq5uJThRkMUAmruDXltHLcacFIjJT5QJsn3WpYyRzyKzeyrLJbJoMYZ3Io01KgmQVEHdWAHY1M6dUt4TpQAm2PcOCHb62ZCmZHKzZXislb69FCkqVGV5tSPJb+JKSHl+Q7wtUpW25JVAZElqZIyhBHUDb7Z3C2QRGvkHhezq2Kik7Mbgks4cQIDAQABo28wbTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIE8DA0BgNVHSUELTArBggrBgEFBQcDAgYIKwYBBQUHAwgGCisGAQQBgjcKAwMGCWCGSAGG+EIEATAdBgNVHQ4EFgQUfhb9hJQXiiDwSOc/dYqA8O9ZbGgwDQYJKoZIhvcNAQEFBQADggEBAFvYWTlviZ0SeKAXINMpBB800mq2YqTaxeIrx0sEdAHhE3XnTQWucP+aSNernTPYfPMMtM9naPqniCzx8xyMq9M4wbQVUiiQrCFz+d0tQ25nLrMJbXo8HLFfSJKNgpgcgwGfgi7gXTvA4PfbCxKZegXSzw1wm412uC5Jt8b5AXgK3Cdv5u7fRd6ERB/Rw2iWvF4sP1hR4t4+cL/6hGWQlpmrZrzKG07mnwbqBoNlXnZTIUfF18Il9SvYAv0gnKD8MdVpcWDMBRZxBvALkm4buUjQ13FzAe2f5fGVxHyuVpfaF5EYYa3aIsu+t5vfMyf/R3/v6YOkAbjVyWK0V9K7pFsVlo=</wsse:BinarySecurityToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-2"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod> <ds:Reference URI="#id-3"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod> <ds:DigestValue>UB0Rrb4Io4e+rgGYBuaM8Pba5xk=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>ReDl748A91jo2Bd469f4NUjx7HDIJOS4DgnzlVTa4Tcvuzr04H+XkAaBwutjPwzAa8TmZVUcBSIgT+3tbwBSxnKUPAk6fUe+HA4H0RZBLvrkqIgOUFkghzMGjsv4xIK69H64bJsoVhaTTrw1HWv2AeVMWkMNhHqzI467wTcqoejEu3v/PpCVIQ/1wBtsz77XwW6Gp2T7YQRVBzbyTbVJPfpkLy2fvl1HGgEa++ClXIWasCnW+xWaJodAVnpufWr/cLwhu3O523pa3QE/mXiYY8ja4iBJN4BdvnLSnxxvw8vCnJ8KItrtKKya5yhO4u+MjDHTI4aVcdk5IFFKBfDNkw==</ds:SignatureValue> <ds:KeyInfo Id="KeyId-E6FAF9654A5312632512750351039632"> <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-E6FAF9654A5312632512750351039633"> <wsse:Reference URI="#CertId-E6FAF9654A5312632512750351039631" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"></wsse:Reference> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-1"> <wsu:Created>2010-05-28T08:25:03.948Z</wsu:Created> <wsu:Expires>2010-05-28T08:30:03.948Z800</wsu:Expires> </wsu:Timestamp> <xenc:EncryptedKey Id="EncKeyId-E6FAF9654A5312632512750351044795"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"></xenc:EncryptionMethod> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <wsse:SecurityTokenReference> <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier">nPB7TM1rFUDwQgAoIrs/e8cYGx8=</wsse:KeyIdentifier> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue>spTfVbRN0t62NqVDKmO0i0nUhSOeSE+kIcorYnL+dsT7aDpdHZGMLZ+xG6C54AE21Rzzojvn1KMwn5K7BzTZ1/uHBpgqEcBv7tNgkYg2VGW0MbIs3K3GRdvmYSMD6cqJWvfTp9ZPFkA/sSSOC47b85Hmfhhajp9QFM9n+LPC72s=</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedKey> <wsc:DerivedKeyToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="derivedKeyId-5"> <wsse:SecurityTokenReference> <wsse:Reference URI="#EncKeyId-E6FAF9654A5312632512750351044795" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"></wsse:Reference> </wsse:SecurityTokenReference> <wsc:Offset>0</wsc:Offset> <wsc:Length>24</wsc:Length> <wsc:Nonce>N793yAlM668s1AQm6gvg3w==</wsc:Nonce> </wsc:DerivedKeyToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-6"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"></ds:SignatureMethod> <ds:Reference URI="#id-3"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod> <ds:DigestValue>UB0Rrb4Io4e+rgGYBuaM8Pba5xk=</ds:DigestValue> </ds:Reference> <ds:Re54aference URI="#Timestamp-4"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod> <ds:DigestValue>gK2kN707ebfkex+bBeNeFgSOZ/Y=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>HuaF/3PQEJ/gJHPJ6fPf2S9mdHs=</ds:SignatureValue> <ds:KeyInfo Id="KeyId-E6FAF9654A5312632512750351045106"> <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-E6FAF9654A5312632512750351045107"> <wsse:Reference URI="#derivedKeyId-5"></wsse:Reference> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> <wsa:To>http://edv156-wskome.medical-intern.com:8081/axis2/services/WS7X4NewAccount</wsa:To> <wsa:MessageID>urn:uuid:32CBE5CDB1DA839B471275035103729</wsa:MessageID> <wsa:Action>urn:getLetterOfAgreement</wsa:Action> </soapenv:Header> <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-3"> <ns1:getLetterOfAgreement xmlns:ns1="http://ws7x4.kohlpharma.com/"> <ns1:LetterOfAgreementRequest> <ns1:customer> <ns1:custId>100584</ns1:custId> </ns1:customer> </ns1:LetterOfAgreementRequest> </ns1:getLetterOfAgreement> </soapenv:Body> </soapenv:Envelope> Response send by server ------------------------------------ HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: text/xml;charset=UTF-8 Transfer-Encoding: chunked Date: Fri, 28 May 2010 08:25:05 GMT dac <?xml version='1.0' encoding='UTF-8'?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing"> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-4"> <wsu:Created>2010-05-28T08:25:05.072Z</wsu:Created> <wsu:Expires>2010-05-28T08:30:05.072Z</wsu:Expires> </wsu:Timestamp> <wsc:DerivedKeyToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="derivedKeyId-5"> <wsse:SecurityTokenReference> <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1">3jHnkINI9gbCrYe5aQKh7zqowiY=</wsse:KeyIdentifier> </wsse:SecurityTokenReference> <wsc:Offset>0</wsc:Offset> <wsc:Length>24</wsc:Length> <wsc:Nonce>TBv+wL9NbtLHJDhhYt+Mkw==</wsc:Nonce> </wsc:DerivedKeyToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-6"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" /> <ds:Reference URI="#Id-8713829"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>jZ4ztbeK2KSnWBCkO2U6j6wcHwU=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#Timestamp-4"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>ZvSm746bKP59fxDIB+Gtz0SrPeM=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>HlKwOeUX6IJm4MDwcrStfBnlSho=</ds:SignatureValue> <ds:KeyInfo Id="KeyId-F37B34F8F458473FF412750351050723"> <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-F37B34F8F458473FF412750351050724"> <wsse:Reference URI="#derivedKeyId-5" /> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> <wsa:Action>http://ws7x4.kohlpharma.com/WS7X4NewAccount/getLetterOfAgreementResponse</wsa:Action> <wsa:RelatesTo>urn:uuid:32CBE5CDB1DA839B471275035103729</wsa:RelatesTo> </soapenv:Header> <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-8713829"> <ns1:getLetterOfAgreementResponse xmlns:ns1="http://ws7x4.kohlpharma.com/"> <ns1:return> <ns1:data> <ns1:generalInformation> <ns1:text>Dies ist der Informationstext der 7x4 Pharma.</ns1:text> </ns1:generalInformation> <ns1:agreement> <ns1:text>Dies ist die Einverst�ndniserkl�rung der 7x4 Pharma.===20100528102504791===</ns1:text> <ns1:timeStamp>20100528102504822</ns1:timeStamp> </ns1:agreement> </ns1:data> <ns1:status> <ns1:msgSet> <ns1:count>1</ns1:count> <ns1:msg> <ns1:msgCode>0</ns1:msgCode> <ns1:msgText>Okay</ns1:msgText> <ns1:msgType>S</ns1:msgType> <ns1:no>1</ns1:no> </ns1:msg> </ns1:msgSet> <ns1:statusType>S</ns1:statusType> </ns1:status> </ns1:return> </ns1:getLetterOfAgreementResponse> </soapenv:Body> </soapenv:Envelope>
    via by Herwig David,
  • XFire SOAP Framework User List
    via by Unknown author,
    • org.apache.cxf.binding.soap.SoapFault: General security error (WSSecurityEngine: No password callback supplied) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:767) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:334) at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:120) at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:105) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:237) at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:214) at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:194) at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:130) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:225) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:145) at javax.servlet.http.HttpServlet.service(HttpServlet.java:641) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:201) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:576) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:395) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:250) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:188) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:166) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662) Caused by: org.apache.ws.security.WSSecurityException: General security error (WSSecurityEngine: No password callback supplied) at org.apache.ws.security.validate.UsernameTokenValidator.verifyDigestPassword(UsernameTokenValidator.java:155) at org.apache.ws.security.validate.UsernameTokenValidator.verifyPlaintextPassword(UsernameTokenValidator.java:142) at org.apache.ws.security.validate.UsernameTokenValidator.validate(UsernameTokenValidator.java:100) at org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:172) at org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:67) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:277) ... 29 more

    Users with the same issue

    Unknown visitor1 times, last one,
    Unknown visitor1 times, last one,
    Unknown visitor1 times, last one,
    Unknown visitor1 times, last one,
    Unknown visitor1 times, last one,
    2 more bugmates