order of actions

[Richard Gregory <ri...@gsf.de>]

Hi,

I have a service with the Timestamp, UsernameToken and Encrypt defined 
as actions for the WSDoAllReceiver handler in the requestFlow of the 
service:

<handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
    	<parameter name="passwordCallbackClass" value="de.biomax.biors.ws.advancedquery.ServicePWCallback"/>
    	<parameter name="action" value="Timestamp UsernameToken Encrypt"/>
 	<parameter name="decryptionPropFile" value="crypto.properties4" />
</handler>

A .Net client sends the following SOAP message, which also has the same 
3 actions in the same order in the security header, but I get a 
"WSDoAllReceiver: security processing failed (actions mismatch)" message 
returned.

<?xml version="1.0" encoding="utf-8"?>
   <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing" 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <soap:Header>
         <wsa:Action>getBiorsEntry</wsa:Action>
         
<wsa:MessageID>uuid:e755b5ce-b02a-42ed-b321-0632ba635f9e</wsa:MessageID>
         <wsa:ReplyTo>
            
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous</wsa:Address>
         </wsa:ReplyTo>
         
<wsa:To>http://146.107.217.111:8081/biorsWSS4J/services/BiorsAdvancedQuery</wsa:To>
         <wsse:Security soap:mustUnderstand="1">
            <wsu:Timestamp 
wsu:Id="Timestamp-7a80d432-3325-4f6f-bc6c-4957981d8d37">
               <wsu:Created>2006-02-16T16:25:22Z</wsu:Created>
               <wsu:Expires>2006-02-16T16:30:22Z</wsu:Expires>
            </wsu:Timestamp>
            <wsse:UsernameToken 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
wsu:Id="SecurityToken-f755a5d8-7fb8-441e-b8ab-014fa0f54f2b">
               <wsse:Username>wss4j</wsse:Username>
               <wsse:Password 
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">LoayOaGBKwfPBdtSWIjfgEwJvqs=</wsse:Password>
               <wsse:Nonce>pKFrLuJH12YOlEhUfzicHA==</wsse:Nonce>
               <wsu:Created>2006-02-16T16:25:22Z</wsu:Created>
            </wsse:UsernameToken>
            <xenc:EncryptedKey 
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
               <xenc:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
               <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                  <wsse:SecurityTokenReference>
                     <wsse:KeyIdentifier 
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier" 
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">l8oWQGPoXKiTy6QBZ1j0uLDFw9w=</wsse:KeyIdentifier>
                  </wsse:SecurityTokenReference>
               </KeyInfo>
               <xenc:CipherData>
                  
<xenc:CipherValue>S8nN6qFC0psXwfAc6TqRuyv7sURb/Z4VtE8tng3vDGOFEQcJ7/3D440bdmpVAhnFaUAQSuAvxdXQkFt+jecedE0oiBw/6Ag6khIcT4oltKmrEd/pCwQOBJCQeUk1/p767guSMzDx85e9l4+lnGhfybm3IGgEpZU3wL16zCL39Ro=</xenc:CipherValue>
               </xenc:CipherData>
               <xenc:ReferenceList>
                  <xenc:DataReference 
URI="#EncryptedContent-691448b3-c25a-4059-a1a7-f249538a323a" />
               </xenc:ReferenceList>
            </xenc:EncryptedKey>
         </wsse:Security>
      </soap:Header>
      <soap:Body>
         <xenc:EncryptedData 
Id="EncryptedContent-691448b3-c25a-4059-a1a7-f249538a323a" 
Type="http://www.w3.org/2001/04/xmlenc#Content" 
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
            <xenc:CipherData>
               
<xenc:CipherValue>5ZpTdhcOx8UDMtS6d7rLTPWkX+zup1gemrSpJwC/rgTBJMJhcGDK5B+cfi17oe5h+N7or9N+uE5XMVPh5xduxpqKAblwKtYKfxe78NPmSZLW5mxK9Dsoz34C8Vvte7mgSt4UbGjcl8l9yeUrhq0LMoSI7b9KcQz6DyDrTzlcny39TCMTf0NSEg5JSnt0Wun5dGdoBU5GubOUxx+xhczOwtEeyA46jf5NmIKmGpFgfDkAIxIpeZLBH9XttOL5Ex7pNsUGoyvy86AqG2kjRvEzFZopogp+SDcHiGJCsbm5aBny10JL6XRSQHBPifnDSQRGH3FmDTtepGHLNbhE04m/F/2q0c0Z6j88HyxGxHIt9EigRMyeg+Em5LZj3X5OcK2PmYrmnwzfrlU7y06IFBPkYYzGISAea4nwyDPtH7X1kM9iHtqitkRunrgdH5oj159GMYHbX8xJnF+R7cV++fa6u0mTENzIvYXKXHnmc/v7v+eRnFPd2SzIFWYuqMwdXxiOQAq/HJSMuRFuVx5SHiOrEQ==</xenc:CipherValue>
            </xenc:CipherData>
         </xenc:EncryptedData>
      </soap:Body>
   </soap:Envelope>

I edited the WSDoAllReciever to print out the number constants relating 
to these actions as it does this check, and it's getting the actions 
from the SOAP message in the order Encrypt, UsernameToken, Timestamp, 
but expecting UsernameToken, Timestamp, Encrypt. I did the same with a 
SOAP message from an axis client (which had the actions in the order 
Encrypt Timestamp, UsernameToken in the actual message), and the headers 
were processed in the order UsernameToken, Timestamp, Encrypt, which is 
what the handler expects. If I change the deployment descriptor so the 
actions are listed in the order Encrypt, UsernameToken, Timestamp, the 
.Net client will work, but the axis client now gives the "actions 
mismatch" error.

If anyone could help me figure out what is going on here, I'd be very 
grateful.

Thanks,

Richard.

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org