You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Richard Gregory <ri...@gsf.de> on 2006/02/17 09:51:20 UTC
order of actions
Hi,
I have a service with the Timestamp, UsernameToken and Encrypt defined
as actions for the WSDoAllReceiver handler in the requestFlow of the
service:
<handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="passwordCallbackClass" value="de.biomax.biors.ws.advancedquery.ServicePWCallback"/>
<parameter name="action" value="Timestamp UsernameToken Encrypt"/>
<parameter name="decryptionPropFile" value="crypto.properties4" />
</handler>
A .Net client sends the following SOAP message, which also has the same
3 actions in the same order in the security header, but I get a
"WSDoAllReceiver: security processing failed (actions mismatch)" message
returned.
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soap:Header>
<wsa:Action>getBiorsEntry</wsa:Action>
<wsa:MessageID>uuid:e755b5ce-b02a-42ed-b321-0632ba635f9e</wsa:MessageID>
<wsa:ReplyTo>
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:To>http://146.107.217.111:8081/biorsWSS4J/services/BiorsAdvancedQuery</wsa:To>
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp
wsu:Id="Timestamp-7a80d432-3325-4f6f-bc6c-4957981d8d37">
<wsu:Created>2006-02-16T16:25:22Z</wsu:Created>
<wsu:Expires>2006-02-16T16:30:22Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="SecurityToken-f755a5d8-7fb8-441e-b8ab-014fa0f54f2b">
<wsse:Username>wss4j</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">LoayOaGBKwfPBdtSWIjfgEwJvqs=</wsse:Password>
<wsse:Nonce>pKFrLuJH12YOlEhUfzicHA==</wsse:Nonce>
<wsu:Created>2006-02-16T16:25:22Z</wsu:Created>
</wsse:UsernameToken>
<xenc:EncryptedKey
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">l8oWQGPoXKiTy6QBZ1j0uLDFw9w=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>S8nN6qFC0psXwfAc6TqRuyv7sURb/Z4VtE8tng3vDGOFEQcJ7/3D440bdmpVAhnFaUAQSuAvxdXQkFt+jecedE0oiBw/6Ag6khIcT4oltKmrEd/pCwQOBJCQeUk1/p767guSMzDx85e9l4+lnGhfybm3IGgEpZU3wL16zCL39Ro=</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference
URI="#EncryptedContent-691448b3-c25a-4059-a1a7-f249538a323a" />
</xenc:ReferenceList>
</xenc:EncryptedKey>
</wsse:Security>
</soap:Header>
<soap:Body>
<xenc:EncryptedData
Id="EncryptedContent-691448b3-c25a-4059-a1a7-f249538a323a"
Type="http://www.w3.org/2001/04/xmlenc#Content"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<xenc:CipherData>
<xenc:CipherValue>5ZpTdhcOx8UDMtS6d7rLTPWkX+zup1gemrSpJwC/rgTBJMJhcGDK5B+cfi17oe5h+N7or9N+uE5XMVPh5xduxpqKAblwKtYKfxe78NPmSZLW5mxK9Dsoz34C8Vvte7mgSt4UbGjcl8l9yeUrhq0LMoSI7b9KcQz6DyDrTzlcny39TCMTf0NSEg5JSnt0Wun5dGdoBU5GubOUxx+xhczOwtEeyA46jf5NmIKmGpFgfDkAIxIpeZLBH9XttOL5Ex7pNsUGoyvy86AqG2kjRvEzFZopogp+SDcHiGJCsbm5aBny10JL6XRSQHBPifnDSQRGH3FmDTtepGHLNbhE04m/F/2q0c0Z6j88HyxGxHIt9EigRMyeg+Em5LZj3X5OcK2PmYrmnwzfrlU7y06IFBPkYYzGISAea4nwyDPtH7X1kM9iHtqitkRunrgdH5oj159GMYHbX8xJnF+R7cV++fa6u0mTENzIvYXKXHnmc/v7v+eRnFPd2SzIFWYuqMwdXxiOQAq/HJSMuRFuVx5SHiOrEQ==</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soap:Body>
</soap:Envelope>
I edited the WSDoAllReciever to print out the number constants relating
to these actions as it does this check, and it's getting the actions
from the SOAP message in the order Encrypt, UsernameToken, Timestamp,
but expecting UsernameToken, Timestamp, Encrypt. I did the same with a
SOAP message from an axis client (which had the actions in the order
Encrypt Timestamp, UsernameToken in the actual message), and the headers
were processed in the order UsernameToken, Timestamp, Encrypt, which is
what the handler expects. If I change the deployment descriptor so the
actions are listed in the order Encrypt, UsernameToken, Timestamp, the
.Net client will work, but the axis client now gives the "actions
mismatch" error.
If anyone could help me figure out what is going on here, I'd be very
grateful.
Thanks,
Richard.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org