You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "varun singhal (JIRA)" <ji...@apache.org> on 2018/11/16 13:35:00 UTC

[jira] [Created] (CXF-7902) Migrating to CXF 3.2.7 -> How to solve the password related security error during SOAP RQ processing ?

varun singhal created CXF-7902:
----------------------------------

             Summary: Migrating to CXF 3.2.7 -> How to solve the password related security error during SOAP RQ processing ?
                 Key: CXF-7902
                 URL: https://issues.apache.org/jira/browse/CXF-7902
             Project: CXF
          Issue Type: Bug
    Affects Versions: 3.2.7
            Reporter: varun singhal


Hello ALL,
 
Greetings !
 
We are trying to migrate a webservice from CXF 2.2.2 to CXF 3.2.7
 
Post migration all my previous HTTP SOAP requests that were fired by the client against the web service are failing 🙁
 
*SOAP RQ :*
 
{{<SOAP-ENV:Header> <wsse:Security SOAP-ENV:mustUnderstand="1"> <wsse:UsernameToken wsu:Id=""> <wsse:Username>sampleUser</wsse:Username> <wsse:Password>12345</wsse:Password> <wsse:PartnerID>samplePartner</wsse:PartnerID></wsse:UsernameToken></wsse:Security> <wsa:To>http://localhost:8080/sampleWs</wsa:To> <wsa:Action>http://localhost:8080/sampleWs/sampleAction</wsa:Action> <wsa:From> <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address></wsa:From></SOAP-ENV:Header>}}
 
The SOAP rq fails with the following exception : *"Any PASSWORD MUST specify a Type attribute"*
 
{{Caused by: org.apache.wss4j.common.ext.WSSecurityException: BSP:R4201: Any PASSWORD MUST specify a Type attribute at org.apache.wss4j.common.bsp.BSPEnforcer.handleBSPRule(BSPEnforcer.java:57) [wss4j-ws-security-common-2.2.2.jar:2.2.2]}}
 
Now when i see [OASIS ws security specs|http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd], i dont find "TYPE" bieng mandatory, can you guys please advise if there is a way through which we can prevent CXF from dropping the above request ?
 
I have also posted a SO question on the same : [https://stackoverflow.com/questions/53338727/migrating-to-cxf-3-2-7-how-to-solve-the-password-related-security-error-durin]
 
Many thanks for helping me out !



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)