You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Glen Mazza (JIRA)" <ji...@apache.org> on 2010/11/29 21:29:11 UTC
[jira] Created: (CXF-3156) Have web service client cache SAML
tokens used in SOAP calls
Have web service client cache SAML tokens used in SOAP calls
------------------------------------------------------------
Key: CXF-3156
URL: https://issues.apache.org/jira/browse/CXF-3156
Project: CXF
Issue Type: Wish
Reporter: Glen Mazza
Metro web service providers (and perhaps others) return references to SAML Tokens provided by the client during the SOAP call, but do not return the tokens themselves (nor is apparent that they should.) Presently Metro clients but not CXF clients can process these responses. A CXF client attempting to process a Metro response (sample one here[1]) returns this error, saying it cannot find the token:
[INFO] Nov 29, 2010 3:14:33 PM org.apache.cxf.service.factory.ReflectionServiceFactoryBean buildServiceFromWSDL
[INFO] INFO: Creating Service {http://www.example.org/contract/DoubleIt}DoubleItService from WSDL: file:/media/NewDriveExt3/soperawork/DoubleItMetroWSTrust/client-cxf/src/main/resources/DoubleItService.wsdl
[INFO] Nov 29, 2010 3:14:34 PM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl build
[INFO] WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RequireInternalReference registered.
[INFO] Nov 29, 2010 3:14:35 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage
[INFO] WARNING:
[INFO] org.apache.ws.security.WSSecurityException: Referenced security token could not be retrieved (Reference "#uuid-88b8189f-9616-48f4-9ea8-ac2b7703baed")
[INFO] at org.apache.ws.security.message.token.SecurityTokenReference.getKeyIdentifierTokenElement(SecurityTokenReference.java:200)
[INFO] at org.apache.ws.security.processor.ReferenceListProcessor.getKeyFromSecurityTokenReference(ReferenceListProcessor.java:356)
[INFO] at org.apache.ws.security.processor.ReferenceListProcessor.decryptDataRefEmbedded(ReferenceListProcessor.java:162)
[INFO] at org.apache.ws.security.processor.ReferenceListProcessor.handleReferenceList(ReferenceListProcessor.java:113)
[INFO] at org.apache.ws.security.processor.ReferenceListProcessor.handleToken(ReferenceListProcessor.java:76)
[INFO] at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:328)
[INFO] at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245)
[INFO] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:208)
[INFO] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:78)
[INFO] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
[INFO] at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:733)
[INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2201)
[INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2071)
[INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1925)
[INFO] at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
[INFO] at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:662)
[INFO] at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
[INFO] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
[INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
[INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
[INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
[INFO] at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
[INFO] at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
[INFO] at $Proxy24.doubleIt(Unknown Source)
[INFO] at client.WSClient.doubleIt(WSClient.java:17)
[INFO] at client.WSClient.main(WSClient.java:11)
[INFO] Nov 29, 2010 3:14:35 PM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
[INFO] WARNING: Interceptor for {http://www.example.org/contract/DoubleIt}DoubleItService#{http://www.example.org/contract/DoubleIt}DoubleIt has thrown exception, unwinding now
[INFO] org.apache.cxf.binding.soap.SoapFault: Referenced security token could not be retrieved (Reference "#uuid-88b8189f-9616-48f4-9ea8-ac2b7703baed")
[INFO] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:597)
[INFO] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:268)
[INFO] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:78)
[INFO] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
[INFO] at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:733)
[INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2201)
[INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2071)
[INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1925)
[INFO] at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
[INFO] at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:662)
[INFO] at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
[INFO] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
[INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
[INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
[INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
[INFO] at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
[INFO] at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
[INFO] at $Proxy24.doubleIt(Unknown Source)
[INFO] at client.WSClient.doubleIt(WSClient.java:17)
[INFO] at client.WSClient.main(WSClient.java:11)
Part of the problem MAY be that Metro prefixes the Assertion key with a "#" indicating the token is within the message body. A bug report has been sent to them on this issue[2], however I believe CXF would presently fail even if the "#" was not there, as the client-side storage/retrieval of SAML tokens is not yet in place.
[1] https://issues.apache.org/jira/secure/attachment/12460040/WSS238Results.txt
[2] http://java.net/jira/browse/WSIT-1490
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (CXF-3156) Have web service client cache SAML
tokens used in SOAP calls
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-3156?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12974129#action_12974129 ]
Colm O hEigeartaigh commented on CXF-3156:
------------------------------------------
Hi Glen,
Can this issue be closed?
Colm.
> Have web service client cache SAML tokens used in SOAP calls
> ------------------------------------------------------------
>
> Key: CXF-3156
> URL: https://issues.apache.org/jira/browse/CXF-3156
> Project: CXF
> Issue Type: Wish
> Reporter: Glen Mazza
> Assignee: Colm O hEigeartaigh
> Attachments: 20101129DoubleItMetroWSTrust.zip
>
>
> Metro web service providers (and perhaps others) return references to SAML Tokens provided by the client during the SOAP call, but do not return the tokens themselves (nor is apparent that they should.) Presently Metro clients but not CXF clients can process these responses. A CXF client attempting to process a Metro response (sample one here[1]) returns this error, saying it cannot find the token:
> [INFO] Nov 29, 2010 3:14:33 PM org.apache.cxf.service.factory.ReflectionServiceFactoryBean buildServiceFromWSDL
> [INFO] INFO: Creating Service {http://www.example.org/contract/DoubleIt}DoubleItService from WSDL: file:/media/NewDriveExt3/soperawork/DoubleItMetroWSTrust/client-cxf/src/main/resources/DoubleItService.wsdl
> [INFO] Nov 29, 2010 3:14:34 PM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl build
> [INFO] WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RequireInternalReference registered.
> [INFO] Nov 29, 2010 3:14:35 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage
> [INFO] WARNING:
> [INFO] org.apache.ws.security.WSSecurityException: Referenced security token could not be retrieved (Reference "#uuid-88b8189f-9616-48f4-9ea8-ac2b7703baed")
> [INFO] at org.apache.ws.security.message.token.SecurityTokenReference.getKeyIdentifierTokenElement(SecurityTokenReference.java:200)
> [INFO] at org.apache.ws.security.processor.ReferenceListProcessor.getKeyFromSecurityTokenReference(ReferenceListProcessor.java:356)
> [INFO] at org.apache.ws.security.processor.ReferenceListProcessor.decryptDataRefEmbedded(ReferenceListProcessor.java:162)
> [INFO] at org.apache.ws.security.processor.ReferenceListProcessor.handleReferenceList(ReferenceListProcessor.java:113)
> [INFO] at org.apache.ws.security.processor.ReferenceListProcessor.handleToken(ReferenceListProcessor.java:76)
> [INFO] at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:328)
> [INFO] at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245)
> [INFO] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:208)
> [INFO] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:78)
> [INFO] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:733)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2201)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2071)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1925)
> [INFO] at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:662)
> [INFO] at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
> [INFO] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
> [INFO] at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
> [INFO] at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
> [INFO] at $Proxy24.doubleIt(Unknown Source)
> [INFO] at client.WSClient.doubleIt(WSClient.java:17)
> [INFO] at client.WSClient.main(WSClient.java:11)
> [INFO] Nov 29, 2010 3:14:35 PM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
> [INFO] WARNING: Interceptor for {http://www.example.org/contract/DoubleIt}DoubleItService#{http://www.example.org/contract/DoubleIt}DoubleIt has thrown exception, unwinding now
> [INFO] org.apache.cxf.binding.soap.SoapFault: Referenced security token could not be retrieved (Reference "#uuid-88b8189f-9616-48f4-9ea8-ac2b7703baed")
> [INFO] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:597)
> [INFO] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:268)
> [INFO] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:78)
> [INFO] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:733)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2201)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2071)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1925)
> [INFO] at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:662)
> [INFO] at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
> [INFO] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
> [INFO] at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
> [INFO] at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
> [INFO] at $Proxy24.doubleIt(Unknown Source)
> [INFO] at client.WSClient.doubleIt(WSClient.java:17)
> [INFO] at client.WSClient.main(WSClient.java:11)
> Part of the problem MAY be that Metro prefixes the Assertion key with a "#" indicating the token is within the message body. A bug report has been sent to them on this issue[2], however I believe CXF would presently fail even if the "#" was not there, as the client-side storage/retrieval of SAML tokens is not yet in place.
> [1] https://issues.apache.org/jira/secure/attachment/12460040/WSS238Results.txt
> [2] http://java.net/jira/browse/WSIT-1490
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (CXF-3156) Have web service client cache SAML
tokens used in SOAP calls
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-3156?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12965677#action_12965677 ]
Colm O hEigeartaigh commented on CXF-3156:
------------------------------------------
It might be worth looking at whether CXF can process references to SecurityContextTokens that are not in the SOAP request. From looking at the code in WSS4J, I don't believe it can, although I could be mistaken. This could be tested via a Secure Conversation scenario, where the policy is on the SCT is "AlwaysToRecipient".
Colm.
> Have web service client cache SAML tokens used in SOAP calls
> ------------------------------------------------------------
>
> Key: CXF-3156
> URL: https://issues.apache.org/jira/browse/CXF-3156
> Project: CXF
> Issue Type: Wish
> Reporter: Glen Mazza
> Attachments: 20101129DoubleItMetroWSTrust.zip
>
>
> Metro web service providers (and perhaps others) return references to SAML Tokens provided by the client during the SOAP call, but do not return the tokens themselves (nor is apparent that they should.) Presently Metro clients but not CXF clients can process these responses. A CXF client attempting to process a Metro response (sample one here[1]) returns this error, saying it cannot find the token:
> [INFO] Nov 29, 2010 3:14:33 PM org.apache.cxf.service.factory.ReflectionServiceFactoryBean buildServiceFromWSDL
> [INFO] INFO: Creating Service {http://www.example.org/contract/DoubleIt}DoubleItService from WSDL: file:/media/NewDriveExt3/soperawork/DoubleItMetroWSTrust/client-cxf/src/main/resources/DoubleItService.wsdl
> [INFO] Nov 29, 2010 3:14:34 PM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl build
> [INFO] WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RequireInternalReference registered.
> [INFO] Nov 29, 2010 3:14:35 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage
> [INFO] WARNING:
> [INFO] org.apache.ws.security.WSSecurityException: Referenced security token could not be retrieved (Reference "#uuid-88b8189f-9616-48f4-9ea8-ac2b7703baed")
> [INFO] at org.apache.ws.security.message.token.SecurityTokenReference.getKeyIdentifierTokenElement(SecurityTokenReference.java:200)
> [INFO] at org.apache.ws.security.processor.ReferenceListProcessor.getKeyFromSecurityTokenReference(ReferenceListProcessor.java:356)
> [INFO] at org.apache.ws.security.processor.ReferenceListProcessor.decryptDataRefEmbedded(ReferenceListProcessor.java:162)
> [INFO] at org.apache.ws.security.processor.ReferenceListProcessor.handleReferenceList(ReferenceListProcessor.java:113)
> [INFO] at org.apache.ws.security.processor.ReferenceListProcessor.handleToken(ReferenceListProcessor.java:76)
> [INFO] at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:328)
> [INFO] at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245)
> [INFO] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:208)
> [INFO] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:78)
> [INFO] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:733)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2201)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2071)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1925)
> [INFO] at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:662)
> [INFO] at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
> [INFO] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
> [INFO] at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
> [INFO] at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
> [INFO] at $Proxy24.doubleIt(Unknown Source)
> [INFO] at client.WSClient.doubleIt(WSClient.java:17)
> [INFO] at client.WSClient.main(WSClient.java:11)
> [INFO] Nov 29, 2010 3:14:35 PM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
> [INFO] WARNING: Interceptor for {http://www.example.org/contract/DoubleIt}DoubleItService#{http://www.example.org/contract/DoubleIt}DoubleIt has thrown exception, unwinding now
> [INFO] org.apache.cxf.binding.soap.SoapFault: Referenced security token could not be retrieved (Reference "#uuid-88b8189f-9616-48f4-9ea8-ac2b7703baed")
> [INFO] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:597)
> [INFO] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:268)
> [INFO] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:78)
> [INFO] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:733)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2201)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2071)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1925)
> [INFO] at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:662)
> [INFO] at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
> [INFO] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
> [INFO] at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
> [INFO] at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
> [INFO] at $Proxy24.doubleIt(Unknown Source)
> [INFO] at client.WSClient.doubleIt(WSClient.java:17)
> [INFO] at client.WSClient.main(WSClient.java:11)
> Part of the problem MAY be that Metro prefixes the Assertion key with a "#" indicating the token is within the message body. A bug report has been sent to them on this issue[2], however I believe CXF would presently fail even if the "#" was not there, as the client-side storage/retrieval of SAML tokens is not yet in place.
> [1] https://issues.apache.org/jira/secure/attachment/12460040/WSS238Results.txt
> [2] http://java.net/jira/browse/WSIT-1490
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (CXF-3156) Have web service client cache SAML
tokens used in SOAP calls
Posted by "Glen Mazza (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-3156?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Glen Mazza resolved CXF-3156.
-----------------------------
Resolution: Fixed
Fix Version/s: 2.3.2
Fix made by Colm to WSS4J 1.5.11 which will be in CXF 2.3.2.
> Have web service client cache SAML tokens used in SOAP calls
> ------------------------------------------------------------
>
> Key: CXF-3156
> URL: https://issues.apache.org/jira/browse/CXF-3156
> Project: CXF
> Issue Type: Wish
> Reporter: Glen Mazza
> Assignee: Colm O hEigeartaigh
> Fix For: 2.3.2
>
> Attachments: 20101129DoubleItMetroWSTrust.zip
>
>
> Metro web service providers (and perhaps others) return references to SAML Tokens provided by the client during the SOAP call, but do not return the tokens themselves (nor is apparent that they should.) Presently Metro clients but not CXF clients can process these responses. A CXF client attempting to process a Metro response (sample one here[1]) returns this error, saying it cannot find the token:
> [INFO] Nov 29, 2010 3:14:33 PM org.apache.cxf.service.factory.ReflectionServiceFactoryBean buildServiceFromWSDL
> [INFO] INFO: Creating Service {http://www.example.org/contract/DoubleIt}DoubleItService from WSDL: file:/media/NewDriveExt3/soperawork/DoubleItMetroWSTrust/client-cxf/src/main/resources/DoubleItService.wsdl
> [INFO] Nov 29, 2010 3:14:34 PM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl build
> [INFO] WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RequireInternalReference registered.
> [INFO] Nov 29, 2010 3:14:35 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage
> [INFO] WARNING:
> [INFO] org.apache.ws.security.WSSecurityException: Referenced security token could not be retrieved (Reference "#uuid-88b8189f-9616-48f4-9ea8-ac2b7703baed")
> [INFO] at org.apache.ws.security.message.token.SecurityTokenReference.getKeyIdentifierTokenElement(SecurityTokenReference.java:200)
> [INFO] at org.apache.ws.security.processor.ReferenceListProcessor.getKeyFromSecurityTokenReference(ReferenceListProcessor.java:356)
> [INFO] at org.apache.ws.security.processor.ReferenceListProcessor.decryptDataRefEmbedded(ReferenceListProcessor.java:162)
> [INFO] at org.apache.ws.security.processor.ReferenceListProcessor.handleReferenceList(ReferenceListProcessor.java:113)
> [INFO] at org.apache.ws.security.processor.ReferenceListProcessor.handleToken(ReferenceListProcessor.java:76)
> [INFO] at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:328)
> [INFO] at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245)
> [INFO] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:208)
> [INFO] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:78)
> [INFO] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:733)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2201)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2071)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1925)
> [INFO] at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:662)
> [INFO] at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
> [INFO] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
> [INFO] at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
> [INFO] at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
> [INFO] at $Proxy24.doubleIt(Unknown Source)
> [INFO] at client.WSClient.doubleIt(WSClient.java:17)
> [INFO] at client.WSClient.main(WSClient.java:11)
> [INFO] Nov 29, 2010 3:14:35 PM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
> [INFO] WARNING: Interceptor for {http://www.example.org/contract/DoubleIt}DoubleItService#{http://www.example.org/contract/DoubleIt}DoubleIt has thrown exception, unwinding now
> [INFO] org.apache.cxf.binding.soap.SoapFault: Referenced security token could not be retrieved (Reference "#uuid-88b8189f-9616-48f4-9ea8-ac2b7703baed")
> [INFO] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:597)
> [INFO] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:268)
> [INFO] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:78)
> [INFO] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:733)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2201)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2071)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1925)
> [INFO] at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:662)
> [INFO] at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
> [INFO] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
> [INFO] at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
> [INFO] at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
> [INFO] at $Proxy24.doubleIt(Unknown Source)
> [INFO] at client.WSClient.doubleIt(WSClient.java:17)
> [INFO] at client.WSClient.main(WSClient.java:11)
> Part of the problem MAY be that Metro prefixes the Assertion key with a "#" indicating the token is within the message body. A bug report has been sent to them on this issue[2], however I believe CXF would presently fail even if the "#" was not there, as the client-side storage/retrieval of SAML tokens is not yet in place.
> [1] https://issues.apache.org/jira/secure/attachment/12460040/WSS238Results.txt
> [2] http://java.net/jira/browse/WSIT-1490
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (CXF-3156) Have web service client cache SAML
tokens used in SOAP calls
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-3156?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh reassigned CXF-3156:
----------------------------------------
Assignee: Colm O hEigeartaigh
> Have web service client cache SAML tokens used in SOAP calls
> ------------------------------------------------------------
>
> Key: CXF-3156
> URL: https://issues.apache.org/jira/browse/CXF-3156
> Project: CXF
> Issue Type: Wish
> Reporter: Glen Mazza
> Assignee: Colm O hEigeartaigh
> Attachments: 20101129DoubleItMetroWSTrust.zip
>
>
> Metro web service providers (and perhaps others) return references to SAML Tokens provided by the client during the SOAP call, but do not return the tokens themselves (nor is apparent that they should.) Presently Metro clients but not CXF clients can process these responses. A CXF client attempting to process a Metro response (sample one here[1]) returns this error, saying it cannot find the token:
> [INFO] Nov 29, 2010 3:14:33 PM org.apache.cxf.service.factory.ReflectionServiceFactoryBean buildServiceFromWSDL
> [INFO] INFO: Creating Service {http://www.example.org/contract/DoubleIt}DoubleItService from WSDL: file:/media/NewDriveExt3/soperawork/DoubleItMetroWSTrust/client-cxf/src/main/resources/DoubleItService.wsdl
> [INFO] Nov 29, 2010 3:14:34 PM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl build
> [INFO] WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RequireInternalReference registered.
> [INFO] Nov 29, 2010 3:14:35 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage
> [INFO] WARNING:
> [INFO] org.apache.ws.security.WSSecurityException: Referenced security token could not be retrieved (Reference "#uuid-88b8189f-9616-48f4-9ea8-ac2b7703baed")
> [INFO] at org.apache.ws.security.message.token.SecurityTokenReference.getKeyIdentifierTokenElement(SecurityTokenReference.java:200)
> [INFO] at org.apache.ws.security.processor.ReferenceListProcessor.getKeyFromSecurityTokenReference(ReferenceListProcessor.java:356)
> [INFO] at org.apache.ws.security.processor.ReferenceListProcessor.decryptDataRefEmbedded(ReferenceListProcessor.java:162)
> [INFO] at org.apache.ws.security.processor.ReferenceListProcessor.handleReferenceList(ReferenceListProcessor.java:113)
> [INFO] at org.apache.ws.security.processor.ReferenceListProcessor.handleToken(ReferenceListProcessor.java:76)
> [INFO] at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:328)
> [INFO] at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245)
> [INFO] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:208)
> [INFO] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:78)
> [INFO] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:733)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2201)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2071)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1925)
> [INFO] at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:662)
> [INFO] at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
> [INFO] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
> [INFO] at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
> [INFO] at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
> [INFO] at $Proxy24.doubleIt(Unknown Source)
> [INFO] at client.WSClient.doubleIt(WSClient.java:17)
> [INFO] at client.WSClient.main(WSClient.java:11)
> [INFO] Nov 29, 2010 3:14:35 PM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
> [INFO] WARNING: Interceptor for {http://www.example.org/contract/DoubleIt}DoubleItService#{http://www.example.org/contract/DoubleIt}DoubleIt has thrown exception, unwinding now
> [INFO] org.apache.cxf.binding.soap.SoapFault: Referenced security token could not be retrieved (Reference "#uuid-88b8189f-9616-48f4-9ea8-ac2b7703baed")
> [INFO] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:597)
> [INFO] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:268)
> [INFO] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:78)
> [INFO] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:733)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2201)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2071)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1925)
> [INFO] at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:662)
> [INFO] at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
> [INFO] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
> [INFO] at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
> [INFO] at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
> [INFO] at $Proxy24.doubleIt(Unknown Source)
> [INFO] at client.WSClient.doubleIt(WSClient.java:17)
> [INFO] at client.WSClient.main(WSClient.java:11)
> Part of the problem MAY be that Metro prefixes the Assertion key with a "#" indicating the token is within the message body. A bug report has been sent to them on this issue[2], however I believe CXF would presently fail even if the "#" was not there, as the client-side storage/retrieval of SAML tokens is not yet in place.
> [1] https://issues.apache.org/jira/secure/attachment/12460040/WSS238Results.txt
> [2] http://java.net/jira/browse/WSIT-1490
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (CXF-3156) Have web service client cache SAML
tokens used in SOAP calls
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-3156?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12973273#action_12973273 ]
Colm O hEigeartaigh commented on CXF-3156:
------------------------------------------
I have fixed this problem in WSS4J:
https://issues.apache.org/jira/browse/WSS-260
Colm.
> Have web service client cache SAML tokens used in SOAP calls
> ------------------------------------------------------------
>
> Key: CXF-3156
> URL: https://issues.apache.org/jira/browse/CXF-3156
> Project: CXF
> Issue Type: Wish
> Reporter: Glen Mazza
> Attachments: 20101129DoubleItMetroWSTrust.zip
>
>
> Metro web service providers (and perhaps others) return references to SAML Tokens provided by the client during the SOAP call, but do not return the tokens themselves (nor is apparent that they should.) Presently Metro clients but not CXF clients can process these responses. A CXF client attempting to process a Metro response (sample one here[1]) returns this error, saying it cannot find the token:
> [INFO] Nov 29, 2010 3:14:33 PM org.apache.cxf.service.factory.ReflectionServiceFactoryBean buildServiceFromWSDL
> [INFO] INFO: Creating Service {http://www.example.org/contract/DoubleIt}DoubleItService from WSDL: file:/media/NewDriveExt3/soperawork/DoubleItMetroWSTrust/client-cxf/src/main/resources/DoubleItService.wsdl
> [INFO] Nov 29, 2010 3:14:34 PM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl build
> [INFO] WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RequireInternalReference registered.
> [INFO] Nov 29, 2010 3:14:35 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage
> [INFO] WARNING:
> [INFO] org.apache.ws.security.WSSecurityException: Referenced security token could not be retrieved (Reference "#uuid-88b8189f-9616-48f4-9ea8-ac2b7703baed")
> [INFO] at org.apache.ws.security.message.token.SecurityTokenReference.getKeyIdentifierTokenElement(SecurityTokenReference.java:200)
> [INFO] at org.apache.ws.security.processor.ReferenceListProcessor.getKeyFromSecurityTokenReference(ReferenceListProcessor.java:356)
> [INFO] at org.apache.ws.security.processor.ReferenceListProcessor.decryptDataRefEmbedded(ReferenceListProcessor.java:162)
> [INFO] at org.apache.ws.security.processor.ReferenceListProcessor.handleReferenceList(ReferenceListProcessor.java:113)
> [INFO] at org.apache.ws.security.processor.ReferenceListProcessor.handleToken(ReferenceListProcessor.java:76)
> [INFO] at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:328)
> [INFO] at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245)
> [INFO] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:208)
> [INFO] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:78)
> [INFO] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:733)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2201)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2071)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1925)
> [INFO] at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:662)
> [INFO] at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
> [INFO] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
> [INFO] at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
> [INFO] at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
> [INFO] at $Proxy24.doubleIt(Unknown Source)
> [INFO] at client.WSClient.doubleIt(WSClient.java:17)
> [INFO] at client.WSClient.main(WSClient.java:11)
> [INFO] Nov 29, 2010 3:14:35 PM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
> [INFO] WARNING: Interceptor for {http://www.example.org/contract/DoubleIt}DoubleItService#{http://www.example.org/contract/DoubleIt}DoubleIt has thrown exception, unwinding now
> [INFO] org.apache.cxf.binding.soap.SoapFault: Referenced security token could not be retrieved (Reference "#uuid-88b8189f-9616-48f4-9ea8-ac2b7703baed")
> [INFO] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:597)
> [INFO] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:268)
> [INFO] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:78)
> [INFO] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:733)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2201)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2071)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1925)
> [INFO] at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:662)
> [INFO] at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
> [INFO] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
> [INFO] at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
> [INFO] at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
> [INFO] at $Proxy24.doubleIt(Unknown Source)
> [INFO] at client.WSClient.doubleIt(WSClient.java:17)
> [INFO] at client.WSClient.main(WSClient.java:11)
> Part of the problem MAY be that Metro prefixes the Assertion key with a "#" indicating the token is within the message body. A bug report has been sent to them on this issue[2], however I believe CXF would presently fail even if the "#" was not there, as the client-side storage/retrieval of SAML tokens is not yet in place.
> [1] https://issues.apache.org/jira/secure/attachment/12460040/WSS238Results.txt
> [2] http://java.net/jira/browse/WSIT-1490
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (CXF-3156) Have web service client cache SAML
tokens used in SOAP calls
Posted by "Glen Mazza (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-3156?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Glen Mazza updated CXF-3156:
----------------------------
Attachment: 20101129DoubleItMetroWSTrust.zip
Process to run the sample:
1.) Expand
2.) Make the following file modifications:
sts-war module:
Need to update DoubleItSTSService.wsdl:
Keystore and Truststore need updating to your directory structure where you expanded the project (search on *.jks)
service-war:
Need to update DoubleIt.wsdl:
Same as above, search on *.jks and update 2 references to your directory structure.
client-metro:
Need to update both DoubleIt.wsdl and DoubleItSTSService.wsdl files:
Same as above, search on *.jks and update 2 references in each file to your directory structure.
3.) from root folder, run mvn clean install
4.) from sts-war, run tomcat:deploy(*) and make sure can see STS WSDL at:
http://localhost:8080/DoubleItSTS/DoubleItSTSService
5.) from service-war run tomcat:deploy and make sure you can see WSDL at:
http://localhost:8080/doubleit/services/doubleit?wsdl
6.) from client-metro, run mvn exec:exec and make sure you see successful response (doubled number).
7.) from client-cxf, run mvn exec:exec, error will occur.
(*) for standalone Tomcat, make sure your Maven settings.xml file is properly configured:
http://www.jroller.com/gmazza/entry/web_service_tutorial#maventomcat
> Have web service client cache SAML tokens used in SOAP calls
> ------------------------------------------------------------
>
> Key: CXF-3156
> URL: https://issues.apache.org/jira/browse/CXF-3156
> Project: CXF
> Issue Type: Wish
> Reporter: Glen Mazza
> Attachments: 20101129DoubleItMetroWSTrust.zip
>
>
> Metro web service providers (and perhaps others) return references to SAML Tokens provided by the client during the SOAP call, but do not return the tokens themselves (nor is apparent that they should.) Presently Metro clients but not CXF clients can process these responses. A CXF client attempting to process a Metro response (sample one here[1]) returns this error, saying it cannot find the token:
> [INFO] Nov 29, 2010 3:14:33 PM org.apache.cxf.service.factory.ReflectionServiceFactoryBean buildServiceFromWSDL
> [INFO] INFO: Creating Service {http://www.example.org/contract/DoubleIt}DoubleItService from WSDL: file:/media/NewDriveExt3/soperawork/DoubleItMetroWSTrust/client-cxf/src/main/resources/DoubleItService.wsdl
> [INFO] Nov 29, 2010 3:14:34 PM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl build
> [INFO] WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RequireInternalReference registered.
> [INFO] Nov 29, 2010 3:14:35 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage
> [INFO] WARNING:
> [INFO] org.apache.ws.security.WSSecurityException: Referenced security token could not be retrieved (Reference "#uuid-88b8189f-9616-48f4-9ea8-ac2b7703baed")
> [INFO] at org.apache.ws.security.message.token.SecurityTokenReference.getKeyIdentifierTokenElement(SecurityTokenReference.java:200)
> [INFO] at org.apache.ws.security.processor.ReferenceListProcessor.getKeyFromSecurityTokenReference(ReferenceListProcessor.java:356)
> [INFO] at org.apache.ws.security.processor.ReferenceListProcessor.decryptDataRefEmbedded(ReferenceListProcessor.java:162)
> [INFO] at org.apache.ws.security.processor.ReferenceListProcessor.handleReferenceList(ReferenceListProcessor.java:113)
> [INFO] at org.apache.ws.security.processor.ReferenceListProcessor.handleToken(ReferenceListProcessor.java:76)
> [INFO] at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:328)
> [INFO] at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245)
> [INFO] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:208)
> [INFO] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:78)
> [INFO] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:733)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2201)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2071)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1925)
> [INFO] at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:662)
> [INFO] at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
> [INFO] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
> [INFO] at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
> [INFO] at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
> [INFO] at $Proxy24.doubleIt(Unknown Source)
> [INFO] at client.WSClient.doubleIt(WSClient.java:17)
> [INFO] at client.WSClient.main(WSClient.java:11)
> [INFO] Nov 29, 2010 3:14:35 PM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
> [INFO] WARNING: Interceptor for {http://www.example.org/contract/DoubleIt}DoubleItService#{http://www.example.org/contract/DoubleIt}DoubleIt has thrown exception, unwinding now
> [INFO] org.apache.cxf.binding.soap.SoapFault: Referenced security token could not be retrieved (Reference "#uuid-88b8189f-9616-48f4-9ea8-ac2b7703baed")
> [INFO] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:597)
> [INFO] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:268)
> [INFO] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:78)
> [INFO] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:733)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2201)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2071)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1925)
> [INFO] at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
> [INFO] at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:662)
> [INFO] at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
> [INFO] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
> [INFO] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
> [INFO] at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
> [INFO] at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
> [INFO] at $Proxy24.doubleIt(Unknown Source)
> [INFO] at client.WSClient.doubleIt(WSClient.java:17)
> [INFO] at client.WSClient.main(WSClient.java:11)
> Part of the problem MAY be that Metro prefixes the Assertion key with a "#" indicating the token is within the message body. A bug report has been sent to them on this issue[2], however I believe CXF would presently fail even if the "#" was not there, as the client-side storage/retrieval of SAML tokens is not yet in place.
> [1] https://issues.apache.org/jira/secure/attachment/12460040/WSS238Results.txt
> [2] http://java.net/jira/browse/WSIT-1490
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.