You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@ws.apache.org by James Yu <cy...@gmail.com> on 2013/03/18 02:51:57 UTC
Need help on -- General security error (No certificates for user
client were found for signature)
Hi all,
I created a test web service with Eclipse and CXF and I referenced the
tutorial provided on the following URL for setting security:
https://sites.google.com/site/ddmwsst/ws-security-impl?pli=1#TOC-Client-Certificates-and-KeyStore
The server seems to work all right, when I send out a request without wss
header in soapui, I the "InvalidSecurity" faultcode.
Test Request:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ws="http://ws.aaa.com/">
<soapenv:Header/>
<soapenv:Body>
<ws:echo>
<!--Optional:-->
<arg0>aaa</arg0>
</ws:echo>
</soapenv:Body>
</soapenv:Envelope>
Test Response:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<soap:Fault>
<faultcode xmlns:ns1="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
">ns1:InvalidSecurity</faultcode>
<faultstring>An error was discovered processing the
<wsse:Security> header</faultstring>
</soap:Fault>
</soap:Body>
</soap:Envelope>
However, when I tried to test the server with client, I got the following
exception:
2013/3/18 上午 07:46:53 org.apache.cxf.phase.PhaseInterceptorChain
doDefaultLogging
WARNING: Interceptor for {
http://ws.aaa.com/}HelloWorldService#{http://ws.aaa.com/}echo has thrown
exception, unwinding now
Throwable occurred: org.apache.cxf.binding.soap.SoapFault: Security
processing failed.
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:272)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:134)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
at $Proxy48.echo(Unknown Source)
at com.aaa.ws.client.Main.main(Main.java:12)
Caused by: org.apache.ws.security.WSSecurityException: Error during
Signature: ; nested exception is:
org.apache.ws.security.WSSecurityException: General security error (No
certificates for user client were found for signature)
at
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:68)
at
org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:206)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:50)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:257)
... 9 more
Caused by: org.apache.ws.security.WSSecurityException: General security
error (No certificates for user client were found for signature)
at
org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:316)
at
org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:760)
at
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:65)
... 12 more
Exception in thread "main" javax.xml.ws.WebServiceException: Security
processing failed.
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135)
at $Proxy48.echo(Unknown Source)
at com.aaa.ws.client.Main.main(Main.java:12)
Caused by: org.apache.ws.security.WSSecurityException: Error during
Signature: ; nested exception is:
org.apache.ws.security.WSSecurityException: General security error (No
certificates for user client were found for signature)
at
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:68)
at
org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:206)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:50)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:257)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:134)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
... 2 more
Caused by: org.apache.ws.security.WSSecurityException: General security
error (No certificates for user client were found for signature)
at
org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:316)
at
org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:760)
at
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:65)
... 12 more
My test package and war files can be accessed through the following URL:
https://www.dropbox.com/sh/9vc9lzx45t2i4hs/gFcJ2S7JWo
I cross referenced with many other tutorials provided on Internet and still
don't have a clue.
Any help is very much appreciated.
This is a UTF-8 formatted mail
-----------------------------------------------
James C.-C.Yu
Re: Need help on -- General security error (No certificates for user
client were found for signature)
Posted by Colm O hEigeartaigh <co...@apache.org>.
I can't access that file you linked to. It looks like the error is on the
client side:
"No certificates for user client were found for signature"
Generally this means that there is some mistake in your crypto.properties
file, or else your CallbackHandler is not supplying the correct password to
access the private key in the keystore for signature.
Colm.
On Mon, Mar 18, 2013 at 1:51 AM, James Yu <cy...@gmail.com> wrote:
> Hi all,
>
> I created a test web service with Eclipse and CXF and I referenced the
> tutorial provided on the following URL for setting security:
>
> https://sites.google.com/site/ddmwsst/ws-security-impl?pli=1#TOC-Client-Certificates-and-KeyStore
>
> The server seems to work all right, when I send out a request without wss
> header in soapui, I the "InvalidSecurity" faultcode.
>
> Test Request:
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:ws="http://ws.aaa.com/">
> <soapenv:Header/>
> <soapenv:Body>
> <ws:echo>
> <!--Optional:-->
> <arg0>aaa</arg0>
> </ws:echo>
> </soapenv:Body>
> </soapenv:Envelope>
>
> Test Response:
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
> <soap:Body>
> <soap:Fault>
> <faultcode xmlns:ns1="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> ">ns1:InvalidSecurity</faultcode>
> <faultstring>An error was discovered processing the
> <wsse:Security> header</faultstring>
> </soap:Fault>
> </soap:Body>
> </soap:Envelope>
>
> However, when I tried to test the server with client, I got the following
> exception:
> 2013/3/18 上午 07:46:53 org.apache.cxf.phase.PhaseInterceptorChain
> doDefaultLogging
> WARNING: Interceptor for {
> http://ws.aaa.com/}HelloWorldService#{http://ws.aaa.com/}echo has thrown
> exception, unwinding now
> Throwable occurred: org.apache.cxf.binding.soap.SoapFault: Security
> processing failed.
> at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:272)
> at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:134)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
> at $Proxy48.echo(Unknown Source)
> at com.aaa.ws.client.Main.main(Main.java:12)
> Caused by: org.apache.ws.security.WSSecurityException: Error during
> Signature: ; nested exception is:
> org.apache.ws.security.WSSecurityException: General security error (No
> certificates for user client were found for signature)
> at
> org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:68)
> at
> org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:206)
> at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:50)
> at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:257)
> ... 9 more
> Caused by: org.apache.ws.security.WSSecurityException: General security
> error (No certificates for user client were found for signature)
> at
> org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:316)
> at
> org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:760)
> at
> org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:65)
> ... 12 more
> Exception in thread "main" javax.xml.ws.WebServiceException: Security
> processing failed.
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135)
> at $Proxy48.echo(Unknown Source)
> at com.aaa.ws.client.Main.main(Main.java:12)
> Caused by: org.apache.ws.security.WSSecurityException: Error during
> Signature: ; nested exception is:
> org.apache.ws.security.WSSecurityException: General security error (No
> certificates for user client were found for signature)
> at
> org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:68)
> at
> org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:206)
> at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:50)
> at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:257)
> at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:134)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
> ... 2 more
> Caused by: org.apache.ws.security.WSSecurityException: General security
> error (No certificates for user client were found for signature)
> at
> org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:316)
> at
> org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:760)
> at
> org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:65)
> ... 12 more
>
> My test package and war files can be accessed through the following URL:
> https://www.dropbox.com/sh/9vc9lzx45t2i4hs/gFcJ2S7JWo
>
> I cross referenced with many other tutorials provided on Internet and
> still don't have a clue.
> Any help is very much appreciated.
>
>
> This is a UTF-8 formatted mail
> -----------------------------------------------
> James C.-C.Yu
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com