I have deployed a cxf-jaxws-javafirst maven project with its default method: HelloWorld.sayHi(String text).
http://localhost:8080/prueba/HelloWorld?wsdl
On the other hand, I have a soap client implemented on Nodejs with soap module.
var express = require('express')
var app = express()
//soap module
var soap = require('soap');
//url of the wsdl
var url = 'http://localhost:8080/prueba/HelloWorld?wsdl';
//variable
var args = {arg0: 'friend'};
app.get('/', function (req, res) {
soap.createClient(url, function(err, client) {
client.sayHi(args, function(err, result) {
res.send(result);
});
});
})
var server = app.listen(3000, function () {
var host = server.address().address
var port = server.address().port
console.log('Example app listening at http://%s:%s', host, port)
})
I have try to send soap message to other WebService, e.g. http://wsf.cdyne.com/WeatherWS/Weather.asmx?wsdl and my client code works, so I think I have some error in my WebService.
In my maven project I have just added this line of code just above the declaration of the interface for debugging messages into and out of my web service :
#org.apache.cxf.feature.Features(features = "org.apache.cxf.feature.LoggingFeature")
In this way I got the input message(soap client) and output message(WebService response):
Input Message:
mar 05, 2015 1:33:08 PM org.apache.cxf.services.HelloWorldImplService.HelloWorldImplPort.HelloWorld
INFORMACIÓN: Inbound Message
----------------------------
ID: 17
Address: http://localhost:8080/prueba/HelloWorld
Encoding: UTF-8
Http-Method: POST
Content-Type: text/xml; charset=utf-8
Headers: {Accept=[text/html,application/xhtml+xml,application/xml,text/xml;q=0.9,*/*;q=0.8], accept-charset=[utf-8], accept-encoding=[none], connection=[close], Content-Length=[230], content-type=[text/xml; charset=utf-8], host=[localhost:8080], SOAPAction=[""], user-agent=[node-soap/0.8.0]}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tns="http://prueba.prueba/"><soap:Body><sayHi><arg0>Hola</arg0></sayHi></soap:Body></soap:Envelope>
Output Message:
mar 05, 2015 1:33:08 PM org.apache.cxf.services.HelloWorldImplService.HelloWorldImplPort.HelloWorld
INFORMACIÓN: Outbound Message
---------------------------
ID: 17
Response-Code: 500
Encoding: UTF-8
Content-Type: text/xml
Headers: {}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><soap:Fault><faultcode>soap:Client</faultcode><faultstring>Unexpected wrapper element sayHi found. Expected {http://prueba.prueba/}sayHi.</faultstring></soap:Fault></soap:Body></soap:Envelope>
And Java error:
mar 05, 2015 1:33:08 PM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
ADVERTENCIA: Interceptor for {http://prueba.prueba/}HelloWorldImplService#{http://prueba.prueba/}sayHi has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Unexpected wrapper element sayHi found. Expected {http://prueba.prueba/}sayHi.
at org.apache.cxf.wsdl.interceptors.DocLiteralInInterceptor.handleMessage(DocLiteralInInterceptor.java:106)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:251)
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:293)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:212)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:268)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1041)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:603)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Whit SoapUI, I achieve send the string:
This is the InputMessage (Client: SoapUI).
ID: 18
Address: http://localhost:8080/prueba/HelloWorld
Encoding: UTF-8
Http-Method: POST
Content-Type: text/xml;charset=UTF-8
Headers: {accept-encoding=[gzip,deflate], connection=[Keep-Alive],
Content-Length=[285], content-type=[text/xml;charset=UTF-8], host=[localhost:8080],
SOAPAction=[""], user-agent=[Apache-HttpClient/4.1.1 (java 1.5)]}
Payload: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:pru="http://prueba.prueba/">
<soapenv:Header/>
<soapenv:Body>
<pru:sayHi>
<!--Optional:-->
<arg0>"?"</arg0>
</pru:sayHi>
</soapenv:Body>
</soapenv:Envelope>
I do not know I'm doing wrong, I hope someone can help me.
Thank you in advance.
I have tried to remove the namespace pru from SoapUI and I have got the same error so this is my error, I have to get add the namespace. Pru refers to namespace tns of my wsdl.
I read the issues of github of node-soap and one refers to the namespace tns.
https://github.com/vpulim/node-soap/issues/537
I have changed these line of wsdl.js file:
this.ignoredNamespaces= [ 'tns', 'targetNamespace', 'typedNamespace']
WSDL.prototype._ignoredSchemaNamespaces = ['tns', 'xs', 'xsd'];
by
this.ignoredNamespaces= [ 'targetNamespace', 'typedNamespace']
WSDL.prototype._ignoredSchemaNamespaces = ['xs', 'xsd'];
and my code works.
Thank you herom
I'm one of the maintainers/collaborators over at node-soap.
I don't know cxf-jaxws-javafirst but looking at your image of the wsdl I can't find the pru: prefix defined anywhere, so I don't know where SoapUI is assuming that the <sayHI> element should have this prefix attached...
To me the produced SOAP Body of node-soap:
<soap:Body>
<sayHi>
<arg0>
Hola
</arg0>
</sayHi>
</soap:Body>
seems valid, based on the input wsdl.
Related
I have added a new action to the Document Library. My java class extends
ActionExecuterAbstractBase
. Inside code I make an HttpsURLConnection and read response like this :
URL url = new URL("https://...................................Get?username="+Name+"&password="+Password);
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
if (conn.getResponseCode() != 200) {
throw new RuntimeException("Failed : HTTP error code : "
+ conn.getResponseCode());
}
BufferedReader br = new BufferedReader(new InputStreamReader(
(conn.getInputStream())));
Outside Alfresco the java script works perfectly but inside it throws the following error :
Web Script Status 405 - Method Not Allowed
The Web Script /alfresco/s/api/action/cosign/formprocessor has responded with a status of 405 - Method Not Allowed.
405 Description: The method specified in the Request-Line is not allowed for the resource identified by the Request-URI.
Message: 08060002 Script url /api/action/cosign/formprocessor does not support the method GET
Exception: org.springframework.extensions.webscripts.WebScriptException - 08060002 Script url /api/action/cosign/formprocessor does not support the method GET
org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:179)
org.springframework.extensions.webscripts.servlet.WebScriptServlet.service(WebScriptServlet.java:132)
javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:61)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1041)
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:603)
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
java.lang.Thread.run(Thread.java:745)
Server: Community v5.0.0 (d r99759-b2) schema 8.022
Time: 6 Σεπ 2016 11:25:36 πμ
How can I resolve this ?
Finally the problem came from SSL certificate. Alfresco in order to make https url connection should trust the ssl certificate. You can add an SSL in Alfresco/java folder with the following command:
keytool -import -alias test.com -file ../test.cer -keystore ../lib/security/cacerts
I have a client which sends request to my cxf jax-ws web service as "GET" instead of "POST"
According to this answer link Webservice having "No such operation: HTTP GET PATH_INFO", it should be "POST". I have searched for how to set the HTTP-Method as "POST" in cxf but couldn't get much help. I found there is a constant string HTTP_REQUEST_METHOD in Message class but couldn't find any information on how to use it. Please help.
Here is the stack trace:
ID: 4
Address: http://localhost/ws/services/NTServiceHttpSoapEndpoint
Http-Method: GET
Content-Type:
Headers: {Accept=[text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2], cache-control=[no-cache], connection=[keep-alive], Content-Type=[null], host=[10.19.9.80:8080], pragma=[no-cache], user-agent=[Java/1.7.0_10]}
--------------------------------------
> Jul 22, 2016 9:15:58 PM org.apache.cxf.phase.PhaseInterceptorChain
> doDefaultLogging WARNING: Interceptor for
> {http://example.com/wsdl/service/nm/triggering/v3_0}NTriggeringService
> has thrown exception, unwinding now org.apache.cxf.interceptor.Fault:
> No such operation: (HTTP GET PATH_INFO:
> /ws/services/NotificationManagerTriggeringServiceHttpSoapEndpoint) at
> org.apache.cxf.interceptor.URIMappingInterceptor.handleMessage(URIMappingInterceptor.java:93)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
> at
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
> at
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:237)
> at
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:239)
> at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:213)
> at
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:131)
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:266)
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:191)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:621) at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:242)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164)
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
> at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:395)
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:250)
> at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:188)
> at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:166)
> at
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at java.lang.Thread.run(Thread.java:745)
Jul 22, 2016 9:15:58 PM org.apache.cxf.services.NotificationManagerTriggeringService.NotificationManagerTriggeringServiceHttpSoapEndpoint.NotificationManagerTriggeringServicePortType
INFO: Outbound Message
---------------------------
ID: 4
Response-Code: 500
Encoding: UTF-8
Content-Type: text/xml
Headers: {}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>No such operation: (HTTP GET PATH_INFO: /ws/services/NTHttpSoapEndpoint)</faultstring></soap:Fault></soap:Body></soap:Envelope>
--------------------------------------
Recently I encountered the very same issue. Encountered error was:
Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing 'http://172.22.2.7/enmac/SOAP'.: java.io.IOException: Server returned HTTP response code: 405 for URL: http://172.22.2.7/enmac/SOAP
It also showed error like "Get method not allowed"
Reason for the issue:
SOAP always work with HTTP/S over POST request. When we send SOAP request from SOAP UI it automatically binds request to Post request. Hence somehow the application code was binding request to Get. So, there was a problem in the way Web Service Client was created.
Resolution:
Initially, I called client Web Service using given below code:
Incident ss = new Incident(wsdlURL, SERVICE_NAME);
IncidentSoap port = ss.getIncidentSoap()
This was creating problem. The resolution is creating Web Service instance using org.apache.cxf.jaxws.JaxWsProxyFactoryBean. Apache CXF also generated a client beans xml with given below content:
Hence, I used this spring managed client object and BINGO, it worked. I believe when we create web service instance in this manner, then it takes care of HTTP binding and all.
Best Regards
Hitesh
I have built Spring WS application (based on Spring WS 2.2.3) that exposes a small web service with couple of Operations. Each Operation receives input parameters to search a backend database and return response. Some of the parameters are mandatory (e.g. Street Name) and the Client have requested that if a request to the service is missing some of these mandatory parameters (e.g. empty Street Name) then my service should return proper SOAP Fault with HTTP status of 400.
My exception handling is working fine and I am able to return the correct SOAP Fault to the client if some a required parameter was missing form the request message and Spring WS takes care of the rest by wrapping a SOAP Fault and sends it back to the client with status code of 500 like the following:
HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Accept: text/xml, text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
SOAPAction: ""
Content-Type: text/xml;charset=utf-8
Content-Length: 503
Date: Thu, 10 Dec 2015 22:28:02 GMT
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header/>
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>SOAP-ENV:Client</faultcode>
<faultstring xml:lang="en">Street Name is required</faultstring>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
Which is good except that I really want the HTTP status code to be '400 Bad Request' instead of the '500 Internal Server Error' I can't figure out how to change the status code from 500 to 400 and get similar response like the following:
HTTP/1.1 400 Bad Request
Server: Apache-Coyote/1.1
Accept: text/xml, text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
SOAPAction: ""
Content-Type: text/xml;charset=utf-8
Content-Length: 503
Date: Thu, 10 Dec 2015 22:28:02 GMT
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header/>
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>SOAP-ENV:Client</faultcode>
<faultstring xml:lang="en">Street Name is required</faultstring>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
Any ideas?
I'm trying to send a request to a web service that has "Wssp1.2-2007-Https-UsernameToken-Digest.xml" as policy.
below is my code, I'm using apache cxf library on eclipse:
public static void main(String[]args){
CardDetails_Service cds = new CardDetails_Service();
CardDetails cdsPort = cds.getCardDetailsPort();
//End_Init_load
//Retrieve the client object from the port
Client client = ClientProxy.getClient(cdsPort);
Endpoint cxfEndpoint = client.getEndpoint();
Map<String, Object> ctx = ((BindingProvider) cdsPort).getRequestContext();
ctx.put("ws-security.username", "weblogicdev");
ctx.put("ws-security.password", "weblogic123");
client.getInInterceptors().add(new LoggingInInterceptor());
client.getOutInterceptors().add(new LoggingOutInterceptor());
CustomerRequestParam crp = new CustomerRequestParam();
crp.setCustomerID("dasd");
crp.setDataLevel("adsa");
crp.setInstitution("11");
CustomerResponseParam crpResponse = cdsPort.getCardDetailByCustomerOperation(crp);
System.out.println(crpResponse.getResponseDetails().getResponseCode()+"]["+crpResponse.getResponseDetails().getResponseDescription());
}
When I change the policy of the web service to Wssp1.2-2007-Https-UsernameToken-Plain.xml, the code above works, and I get a response.
But when I switch it back to digest, it doesn't work.
Below is an output of the generated request of the requests in both policies:
UsernameToken-Digest:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1">
<wsu:Timestamp wsu:Id="TS-9cec2846-7695-4c8b-b7c3-4c8cf6887b9e">
<wsu:Created>2014-06-26T12:55:32.262Z
</wsu:Created>
<wsu:Expires>2014-06-26T13:00:32.262Z
</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-36511701-a842-4ba5-8e29-dc8841fb3a61">
<wsse:Username>weblogicdev
</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">m5nhNFD+LT9e9sk8CAClHdFNTdQ=
</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">MKlsVkLpcQykOosbGnszvg==
</wsse:Nonce>
<wsu:Created>2014-06-26T12:55:32.270Z
</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</SOAP-ENV:Header>
<soap:Body>
<CustomerRequest xmlns="www.mdsl.eft.cms.com">
<Institution>11
</Institution>
<Customer_ID>dasd
</Customer_ID>
<Data_Level>adsa
</Data_Level>
</CustomerRequest>
</soap:Body>
</soap:Envelope>
UsernameToken-Plain:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1">
<wsu:Timestamp wsu:Id="TS-9140d6d2-ce36-4efd-aedd-bfc338480993">
<wsu:Created>2014-06-26T12:45:49.342Z
</wsu:Created>
<wsu:Expires>2014-06-26T12:50:49.342Z
</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-a16f2785-c64d-44df-87e8-b8b840612192">
<wsse:Username>weblogicdev
</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">weblogic123
</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</SOAP-ENV:Header>
<soap:Body>
<CustomerRequest xmlns="www.mdsl.eft.cms.com">
<Institution>11
</Institution>
<Customer_ID>dasd
</Customer_ID>
<Data_Level>adsa
</Data_Level>
</CustomerRequest>
</soap:Body>
</soap:Envelope>
The requests are changing to suit the switch of policies but I don't understand why I'm getting a "Failed to assert identity with UsernameToken".
For more info, below is the full trace:
Jun 26, 2014 5:32:18 PM io.netty.util.internal.logging.Slf4JLogger info
INFO: Your platform does not provide complete low-level API for accessing direct buffers reliably. Unless explicitly requested, heap buffer will always be preferred to avoid potential system unstability.
Jun 26, 2014 5:32:19 PM org.apache.cxf.wsdl.service.factory.ReflectionServiceFactoryBean buildServiceFromWSDL
INFO: Creating Service {http://test/}CardDetails from WSDL: https://localhost:7002/testWebService/CardDetailsPort?wsdl
Jun 26, 2014 5:32:19 PM org.apache.cxf.services.CardDetails.CardDetailsPort.CardDetails
INFO: Outbound Message
---------------------------
ID: 1
Address: https://localhost:7002/TestWebService/CardDetailsPort
Encoding: UTF-8
Http-Method: POST
Content-Type: text/xml
Headers: {Accept=[*/], SOAPAction=["urn:Test/getCardDetailByCustomerOperation"]}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1"><wsu:Timestamp wsu:Id="TS-2f3ad257-f56f-4658-8553-2867143f2188"><wsu:Created>2014-06-26T14:32:19.664Z</wsu:Created><wsu:Expires>2014-06-26T14:37:19.664Z</wsu:Expires></wsu:Timestamp><wsse:UsernameToken wsu:Id="UsernameToken-bcb0d1b1-3ee3-4182-bdc6-476f86006153"><wsse:Username>weblogicdev</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">iqb9Xe1/GqwfPW0CU1NOO96eH2I=</wsse:Password><wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">3BkQP6r7MPJrs5AIohRwEQ==</wsse:Nonce><wsu:Created>2014-06-26T14:32:19.671Z</wsu:Created></wsse:UsernameToken></wsse:Security></SOAP-ENV:Header><soap:Body><CustomerRequest xmlns="www.mdsl.eft.cms.com"><Institution>11</Institution><Customer_ID>dasd</Customer_ID><Data_Level>adsa</Data_Level></CustomerRequest></soap:Body></soap:Envelope>
--------------------------------------
Jun 26, 2014 5:32:19 PM org.apache.cxf.services.CardDetails.CardDetailsPort.CardDetails
INFO: Inbound Message
----------------------------
ID: 1
Response-Code: 500
Encoding: UTF-8
Content-Type: text/xml;charset="utf-8"
Headers: {Content-Length=[380], Content-Type=[text/xml;charset="utf-8"], Date=[Thu, 26 Jun 2014 14:32:19 GMT], X-ORACLE-DMS-ECID=[37cb61f8f3397d86:62376f09:146d4fa0d76:-8000-0000000000000c23], X-Powered-By=[Servlet/2.5 JSP/2.1]}
Payload: <?xml version='1.0' encoding='UTF-8'?><env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Body><env:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><faultcode>wsse:FailedAuthentication</faultcode><faultstring>Failed to assert identity with UsernameToken.</faultstring></env:Fault></env:Body></env:Envelope>
--------------------------------------
Jun 26, 2014 5:32:19 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage
WARNING: Request does not contain Security header, but it's a fault.
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: Failed to assert identity with UsernameToken.
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:159)
at $Proxy35.getCardDetailByCustomerOperation(Unknown Source)
at Test.Tester.main(Tester.java:83)
Caused by: org.apache.cxf.binding.soap.SoapFault: Failed to assert identity with UsernameToken.
at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:84)
at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:51)
at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:40)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:113)
at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:798)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1636)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1525)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1330)
at org.apache.cxf.transport.http.netty.client.NettyHttpConduit$NettyWrappedOutputStream.close(NettyHttpConduit.java:153)
at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:56)
at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:215)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:638)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:137)
... 2 more
By default, WebLogic doesn't store the password in a retrievable manner, necessary for the digest method to work.
To fix it, in the admin console, go to providers configuration of your security realms setting (by default: Security Realm -> myrealm -> Providers) and for the DefaultAuthenticator, under the Provider Specific tab, make sure Enable Password Digests is enabled.
Also make sure that wsse:PasswordDigest is active in the DefaultIdentityAsserter settings.
NOTE: After you turn on Enable Password Digests, you have to reset the password of any user(s) you want to participate in the authentication for you web service.
From page 6 of this Document
Password_Digest = Base64 ( SHA-1 ( nonce + created + password ) )
Can you verify that your digest is correctly following this formula?
The actual code that performs the validation on the server side can be found here
I'm trying to learn CXF and want to implement ws security with a simple hello world example.
I followed bottom up approach to create a cxf service which is runing and I tested with soap ui. I wrote a spring client and it is working fine too.
Then I tried to add the timestamp. I added
the WSS4J and saaj interceptors in both server and clent spring bean config files. I followed this blog.
cxf-spring-and-ws-security-putting-it
I exactly followed the same steps and I added timestamp action. When I run the client I get this
I get this exception
org.apache.ws.security.WSSecurityException: An error was discovered processing the
<wsse:Security> header
My wsdl does not have any entries concerning the security or the interceptors I added.
The SOAP request is the same as the one before interceptors were added. I figured out that the header is missing from the request. How can I add header in the request in this scenario?
Please check below for stack trace.
ID: 4
Address: http://localhost:8080/HelloWorldWithSecurity/services/HelloWorldImplPort
Encoding: UTF-8
Http-Method: POST
Content-Type: text/xml;charset=UTF-8
Headers: {accept-encoding=[gzip,deflate], connection=[Keep-Alive], Content-Length=[294], content-type=[text/xml;charset=UTF-8], host=[localhost:8080], SOAPAction=[""], user-agent=[Apache-HttpClient/4.1.1 (java 1.5)]}
Payload: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://service.spring.demo/">
<soapenv:Header/>
<soapenv:Body>
<ser:sayHi>
<!--Optional:-->
<arg0>Yamini</arg0>
</ser:sayHi>
</soapenv:Body>
</soapenv:Envelope>
--------------------------------------
Sep 21, 2012 10:53:51 AM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor checkActions
WARNING: Security processing failed (actions mismatch)
Sep 21, 2012 10:53:51 AM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage
WARNING:
org.apache.ws.security.WSSecurityException: An error was discovered processing the <wsse:Security> header
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4JInInterceptor.java:359)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:312)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:89)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:207)
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:209)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:191)
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:114)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:185)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:164)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1001)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Sep 21, 2012 10:53:51 AM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
WARNING: Interceptor for {http://service.spring.demo/}HelloWorldImplService has thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: An error was discovered processing the <wsse:Security> header
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:733)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:333)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:89)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:207)
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:209)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:191)
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:114)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:185)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:164)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1001)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Caused by: org.apache.ws.security.WSSecurityException: An error was discovered processing the <wsse:Security> header
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4JInInterceptor.java:359)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:312)
... 27 more
Sep 21, 2012 10:53:51 AM org.apache.cxf.interceptor.AbstractLoggingInterceptor log
INFO: Outbound Message
---------------------------
ID: 4
Response-Code: 500
Encoding: UTF-8
Content-Type: text/xml
Headers: {}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><soap:Fault><faultcode xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ns1:InvalidSecurity</faultcode><faultstring>An error was discovered processing the <wsse:Security> header</faultstring></soap:Fault></soap:Body></soap:Envelope>
--------------------------------------
Sep 21, 2012 11:31:29 AM org.apache.cxf.interceptor.AbstractLoggingInterceptor log
INFO: Inbound Message
----------------------------
ID: 5
Address: http://localhost:8080/HelloWorldWithSecurity/services/HelloWorldImplPort
Encoding: UTF-8
Http-Method: POST
Content-Type: text/xml; charset=UTF-8
Headers: {Accept=[*/*], cache-control=[no-cache], connection=[keep-alive], Content-Length=[610], content-type=[text/xml; charset=UTF-8], host=[localhost:8080], pragma=[no-cache], SOAPAction=[""], user-agent=[Apache CXF 2.4.9]}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1"><wsu:Timestamp wsu:Id="TS-1"><wsu:Created>2012-09-21T16:31:29.958Z</wsu:Created><wsu:Expires>2012-09-21T16:36:29.958Z</wsu:Expires></wsu:Timestamp></wsse:Security></soap:Header><soap:Body><ns2:sayHi xmlns:ns2="http://service.spring.demo/"><arg0>Yamini</arg0></ns2:sayHi></soap:Body></soap:Envelope>
--------------------------------------
sayHi called
Sep 21, 2012 11:31:29 AM org.apache.cxf.interceptor.AbstractLoggingInterceptor log
INFO: Outbound Message
---------------------------
ID: 5
Encoding: UTF-8
Content-Type: text/xml
Headers: {}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><ns2:sayHiResponse xmlns:ns2="http://service.spring.demo/"><return>Hello Yamini</return></ns2:sayHiResponse></soap:Body></soap:Envelope>
--------------------------------------
I do not see any security headers in the request. So I'm getting the exception when the response is getting processed for them. What I want to get an idea is how to add security headers in the case when the web service is developed in java first approach.
Thank you so much.
Your header should look like this...
<soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1">
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-2">
<wsse:Username>admin</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
You would need to add wsse:Security header in your SOAP request
<soapenv:envelope ...
<soapenv:header>
<wsse:security soapenv:mustunderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:usernametoken wsu:id="UsernameToken-27777511" xmlns:wsu="http://Pdocs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:username>admin</wsse:username>
<wsse:password type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pass</wsse:password>
</wsse:usernametoken>
</wsse:security>
</soapenv:header>
<soapenv:body>
--
</soapenv:body>
</soapenv:envelope>