You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "varun singhal (JIRA)" <ji...@apache.org> on 2018/11/16 14:13:00 UTC
[jira] [Updated] (CXF-7902) Migrating to CXF 3.2.7 -> How to solve
the password related security error during SOAP RQ processing ?
[ https://issues.apache.org/jira/browse/CXF-7902?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
varun singhal updated CXF-7902:
-------------------------------
Description:
Hello ALL,
Greetings !
We are trying to migrate a webservice from CXF 2.2.2 to CXF 3.2.7
Post migration all my previous HTTP SOAP requests that were fired by the client against the web service are failing 🙁
*SOAP RQ :*
{{<SOAP-ENV:Header> <wsse:Security SOAP-ENV:mustUnderstand="1"> <wsse:UsernameToken wsu:Id=""> <wsse:Username>sampleUser</wsse:Username> <wsse:Password>12345</wsse:Password> <wsse:PartnerID>samplePartner</wsse:PartnerID></wsse:UsernameToken></wsse:Security> <wsa:To>[http://localhost:8080/sampleWs]</wsa:To> <wsa:Action>[http://localhost:8080/sampleWs/sampleAction]</wsa:Action> <wsa:From> <wsa:Address>[http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous]</wsa:Address></wsa:From></SOAP-ENV:Header>}}
The SOAP rq fails with the following exception : *"Any PASSWORD MUST specify a Type attribute"*
{{Caused by: org.apache.wss4j.common.ext.WSSecurityException: BSP:R4201: Any PASSWORD MUST specify a Type attribute at org.apache.wss4j.common.bsp.BSPEnforcer.handleBSPRule(BSPEnforcer.java:57) [wss4j-ws-security-common-2.2.2.jar:2.2.2]}}
Now when i see [OASIS ws security specs|http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd], i dont find "TYPE" bieng mandatory, can you guys please advise if there is a way through which we can prevent CXF from dropping the above request ?
{color:#FF0000}*Note : The smae request works perfectly fine in CXF 2.2.2* {color}
I have also posted a SO question on the same : [https://stackoverflow.com/questions/53338727/migrating-to-cxf-3-2-7-how-to-solve-the-password-related-security-error-durin]
Many thanks for helping me out !
was:
Hello ALL,
Greetings !
We are trying to migrate a webservice from CXF 2.2.2 to CXF 3.2.7
Post migration all my previous HTTP SOAP requests that were fired by the client against the web service are failing 🙁
*SOAP RQ :*
{{<SOAP-ENV:Header> <wsse:Security SOAP-ENV:mustUnderstand="1"> <wsse:UsernameToken wsu:Id=""> <wsse:Username>sampleUser</wsse:Username> <wsse:Password>12345</wsse:Password> <wsse:PartnerID>samplePartner</wsse:PartnerID></wsse:UsernameToken></wsse:Security> <wsa:To>http://localhost:8080/sampleWs</wsa:To> <wsa:Action>http://localhost:8080/sampleWs/sampleAction</wsa:Action> <wsa:From> <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address></wsa:From></SOAP-ENV:Header>}}
The SOAP rq fails with the following exception : *"Any PASSWORD MUST specify a Type attribute"*
{{Caused by: org.apache.wss4j.common.ext.WSSecurityException: BSP:R4201: Any PASSWORD MUST specify a Type attribute at org.apache.wss4j.common.bsp.BSPEnforcer.handleBSPRule(BSPEnforcer.java:57) [wss4j-ws-security-common-2.2.2.jar:2.2.2]}}
Now when i see [OASIS ws security specs|http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd], i dont find "TYPE" bieng mandatory, can you guys please advise if there is a way through which we can prevent CXF from dropping the above request ?
I have also posted a SO question on the same : [https://stackoverflow.com/questions/53338727/migrating-to-cxf-3-2-7-how-to-solve-the-password-related-security-error-durin]
Many thanks for helping me out !
> Migrating to CXF 3.2.7 -> How to solve the password related security error during SOAP RQ processing ?
> ------------------------------------------------------------------------------------------------------
>
> Key: CXF-7902
> URL: https://issues.apache.org/jira/browse/CXF-7902
> Project: CXF
> Issue Type: Bug
> Affects Versions: 3.2.7
> Reporter: varun singhal
> Priority: Major
>
> Hello ALL,
>
> Greetings !
>
> We are trying to migrate a webservice from CXF 2.2.2 to CXF 3.2.7
>
> Post migration all my previous HTTP SOAP requests that were fired by the client against the web service are failing 🙁
>
> *SOAP RQ :*
>
> {{<SOAP-ENV:Header> <wsse:Security SOAP-ENV:mustUnderstand="1"> <wsse:UsernameToken wsu:Id=""> <wsse:Username>sampleUser</wsse:Username> <wsse:Password>12345</wsse:Password> <wsse:PartnerID>samplePartner</wsse:PartnerID></wsse:UsernameToken></wsse:Security> <wsa:To>[http://localhost:8080/sampleWs]</wsa:To> <wsa:Action>[http://localhost:8080/sampleWs/sampleAction]</wsa:Action> <wsa:From> <wsa:Address>[http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous]</wsa:Address></wsa:From></SOAP-ENV:Header>}}
>
> The SOAP rq fails with the following exception : *"Any PASSWORD MUST specify a Type attribute"*
>
> {{Caused by: org.apache.wss4j.common.ext.WSSecurityException: BSP:R4201: Any PASSWORD MUST specify a Type attribute at org.apache.wss4j.common.bsp.BSPEnforcer.handleBSPRule(BSPEnforcer.java:57) [wss4j-ws-security-common-2.2.2.jar:2.2.2]}}
>
> Now when i see [OASIS ws security specs|http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd], i dont find "TYPE" bieng mandatory, can you guys please advise if there is a way through which we can prevent CXF from dropping the above request ?
> {color:#FF0000}*Note : The smae request works perfectly fine in CXF 2.2.2* {color}
> I have also posted a SO question on the same : [https://stackoverflow.com/questions/53338727/migrating-to-cxf-3-2-7-how-to-solve-the-password-related-security-error-durin]
>
> Many thanks for helping me out !
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)