You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "varun singhal (JIRA)" <ji...@apache.org> on 2018/11/19 14:16:00 UTC

[jira] [Comment Edited] (CXF-7902) Migrating to CXF 3.2.7 -> How to solve the password related security error during SOAP RQ processing ?

    [ https://issues.apache.org/jira/browse/CXF-7902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16691746#comment-16691746 ] 

varun singhal edited comment on CXF-7902 at 11/19/18 2:15 PM:
--------------------------------------------------------------

 Hello @[~coheigea],

Thanks for the advise !

Its working


was (Author: varunsinghal65):
 Hello @[~coheigea],

Thanks for the advise !

> Migrating to CXF 3.2.7 -> How to solve the password related security error during SOAP RQ processing ?
> ------------------------------------------------------------------------------------------------------
>
>                 Key: CXF-7902
>                 URL: https://issues.apache.org/jira/browse/CXF-7902
>             Project: CXF
>          Issue Type: Bug
>    Affects Versions: 3.2.7
>            Reporter: varun singhal
>            Priority: Major
>
> Hello ALL,
>   
>  Greetings !
>   
>  We are trying to migrate a webservice from CXF 2.2.2 to CXF 3.2.7
>   
>  Post migration all my previous HTTP SOAP requests that were fired by the client against the web service are failing 🙁
>   
>  *SOAP RQ :*
>   
>  {{<SOAP-ENV:Header> <wsse:Security SOAP-ENV:mustUnderstand="1"> <wsse:UsernameToken wsu:Id=""> <wsse:Username>sampleUser</wsse:Username> <wsse:Password>12345</wsse:Password> <wsse:PartnerID>samplePartner</wsse:PartnerID></wsse:UsernameToken></wsse:Security> <wsa:To>[http://localhost:8080/sampleWs]</wsa:To> <wsa:Action>[http://localhost:8080/sampleWs/sampleAction]</wsa:Action> <wsa:From> <wsa:Address>[http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous]</wsa:Address></wsa:From></SOAP-ENV:Header>}}
>   
>  The SOAP rq fails with the following exception : *"Any PASSWORD MUST specify a Type attribute"*
>   
>  {{Caused by: org.apache.wss4j.common.ext.WSSecurityException: BSP:R4201: Any PASSWORD MUST specify a Type attribute at org.apache.wss4j.common.bsp.BSPEnforcer.handleBSPRule(BSPEnforcer.java:57) [wss4j-ws-security-common-2.2.2.jar:2.2.2]}}
>   
>  Now when i see [OASIS ws security specs|http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd], i dont find "TYPE" bieng mandatory, can you guys please advise if there is a way through which we can prevent CXF from dropping the above request ?
> {color:#ff0000}*Note : The same request works perfectly fine in CXF 2.2.2* {color}
> I have also posted a SO question on the same : [https://stackoverflow.com/questions/53338727/migrating-to-cxf-3-2-7-how-to-solve-the-password-related-security-error-durin]
>   
>  Many thanks for helping me out !



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)