You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Daniel Kulp (JIRA)" <ji...@apache.org> on 2011/02/07 21:28:58 UTC
[jira] Updated: (CXF-3309) javax.xml.ws.soap.SOAPFaultException:
com.ibm.wsspi.wssecurity.SoapSecurityException: WSEC5043E: One
"{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Reference"
element is required.
[ https://issues.apache.org/jira/browse/CXF-3309?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Daniel Kulp updated CXF-3309:
-----------------------------
Fix Version/s: NeedMoreInfo
How are you signing the request? Are you using the WS-SecurityPolicy support or configuring the WSS4J interceptors directly? If using the policy support, can you paste the policy in here? If using the WSS4J interceptors directly, can you include the actions you are configuring in?
It looks like however you have it configured, it's putting the key directly in the wsse:SecurityTokenReference as an ds:X509Data element whereas the service is expecting a wsse:BinarySecurityToken and a wsse:Reference child.
> javax.xml.ws.soap.SOAPFaultException: com.ibm.wsspi.wssecurity.SoapSecurityException: WSEC5043E: One "{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Reference" element is required.
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: CXF-3309
> URL: https://issues.apache.org/jira/browse/CXF-3309
> Project: CXF
> Issue Type: Bug
> Components: WS-* Components
> Affects Versions: 2.2.9
> Environment: JDK 1.6, Windows XP Professional
> Reporter: Asif Ali Mohammed
> Priority: Critical
> Labels: security
> Fix For: NeedMoreInfo
>
> Original Estimate: 840h
> Remaining Estimate: 840h
>
> Hi,
> I'm trying to invoke a webservice with security. In this attempt I'm signing the request with the JKS file and posting the request, but I'm getting the following exception :
> javax.xml.ws.soap.SOAPFaultException: com.ibm.wsspi.wssecurity.SoapSecurityException: WSEC5043E: One "{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Reference" element is required.
> Below is the following trace :
> INFO: Creating Service {http://service.ofm.ameriprise.com}OFMServiceImplService from class com.ameriprise.ofm.service.OFMServiceImpl
> Invoking documentList...
> log4j:WARN No appenders could be found for logger (org.apache.xml.security.Init).
> log4j:WARN Please initialize the log4j system properly.
> Feb 4, 2011 1:01:18 PM org.apache.cxf.interceptor.LoggingOutInterceptor$LoggingCallback onClose
> INFO: Outbound Message
> ---------------------------
> ID: 1
> Address: http://159.202.149.94/OFMGenericService/services/OFMServiceImpl
> Encoding: UTF-8
> Content-Type: text/xml
> Headers: {SOAPAction=[""], Accept=[*/*]}
> Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-1">
> <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:CanonicalizationMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
> <ds:SignatureMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
> <ds:Reference xmlns:ds="http://www.w3.org/2000/09/xmldsig#" URI="#id-2">
> <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:Transform xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
> <ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">7gfxq0nIHVkq++bLSer/rVlXtao=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> ln57zrUweYMuHDM+0ROIyMXZpehnh86jI/PhKBb1w8J81Z4e6anqqSNozB1CQfvii1zbc6m4OlC9
> ffGw34GEsFPL/kaTQDdbBmVuyi0PyRocXbcY0eZ9e2a24hNregM2ppJ1bRdwmHCYnl7ZVhhW/8tb
> ouw+TRPCeAe6J1GPn6o=
> </ds:SignatureValue>
> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="KeyId-E9BD058757E546EB9512968244784812">
> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-E9BD058757E546EB9512968244784833"><ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:X509IssuerSerial xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:X509IssuerName xmlns:ds="http://www.w3.org/2000/09/xmldsig#">CN=VeriSign Class 3 International Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US</ds:X509IssuerName>
> <ds:X509SerialNumber xmlns:ds="http://www.w3.org/2000/09/xmldsig#">139599931415386803972390598321435572148</ds:X509SerialNumber>
> </ds:X509IssuerSerial>
> </ds:X509Data></wsse:SecurityTokenReference>
> </ds:KeyInfo>
> </ds:Signature></wsse:Security></soap:Header><soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-2"><ns2:DocumentList xmlns:ns2="http://service.ofm.ameriprise.com"><consumer_application>FA</consumer_application><response_document_properties><property_name>client_id</property_name><property_name>group_id</property_name></response_document_properties><search_parameters><document_category>STMTS</document_category><document_type>CONSOLIDATED STATEMENTS</document_type></search_parameters></ns2:DocumentList></soap:Body></soap:Envelope>
> --------------------------------------
> Feb 4, 2011 1:01:19 PM org.apache.cxf.interceptor.LoggingInInterceptor logging
> INFO: Inbound Message
> ----------------------------
> ID: 1
> Response-Code: 500
> Encoding: UTF-8
> Content-Type: text/xml; charset=utf-8
> Headers: {content-type=[text/xml; charset=utf-8], connection=[close], Content-Language=[en], Date=[Fri, 04 Feb 2011 13:01:18 GMT], Content-Length=[625], Server=[IBM_HTTP_Server]}
> Payload: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Header/><soapenv:Body><soapenv:Fault><faultcode>soapenv:Server.securityException</faultcode><faultstring>com.ibm.wsspi.wssecurity.SoapSecurityException: WSEC5043E: One "{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Reference" element is required.</faultstring><detail encodingStyle=""/></soapenv:Fault></soapenv:Body></soapenv:Envelope>
> --------------------------------------
> Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: com.ibm.wsspi.wssecurity.SoapSecurityException: WSEC5043E: One "{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Reference" element is required.
> at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:146)
> at $Proxy49.documentList(Unknown Source)
> at OFMServiceImpl_Client.main(OFMServiceImpl_Client.java:57)
> Caused by: org.apache.cxf.binding.soap.SoapFault: com.ibm.wsspi.wssecurity.SoapSecurityException: WSEC5043E: One "{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Reference" element is required.
> at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75)
> at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46)
> at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35)
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
> at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:99)
> at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
> at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
> at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:700)
> at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2261)
> at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2134)
> at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1988)
> at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:47)
> at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:188)
> at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
> at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:639)
> at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:487)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
> at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
> ... 2 more
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira