10 Replies Latest reply on Jun 12, 2007 6:38 AM by vinod purohit

    ws-security: Problem using encryption

    Kristof Taveirne Newbie

      Hi,

      I'm having a problem encrypting the messages in my webservice.
      Here is what I did:

      I added in the jboss-wsse-server.xml file.

      And I configured the client also to encrypt the entire message using JWSDP's xws-security package.

      I created my web service using the contract first approach. So my wsdl describes the Web service messages as they would be without using encryption.

      The soap-body the client now generates contains only a EncryptedData block, and I would assume that jbossws understands that when it receives an EncryptedData xml-message what to do with it.
      But instead I get the following error:

      Endpoint {BlehBleh}BlahBlah does not contain operation meta data for: {http://www.w3.org/2001/04/xmlenc#}EncryptedData

      What I'm thinking here is that jbossws tries to map the incomming xml message to an operation which ofcourse doesn't exist.

      I would think that decryption would happen before trying to map the incomming XML to an operation, but apparently it doesnt know that it should Decrypt. For all it knows, maybe I've written an doc/lit style Web service that takes xml ....

      I've noticed one thing that could have something to do with it and that is the <wsdl-override> in jboss-client.xml. But then again that's only when the client is deployed on jboss, which in my case, it is not.

      Can somebody help me with this?

      Thanks alot,

      Kristof.

        • 1. Re: ws-security: Problem using encryption
          Kristof Taveirne Newbie

          My first post may have been a bit confusing....

          So the problem is when the client encrypts its message.
          The XML that is being send over the wire has in the soap-body a EncryptedData element.

          The server only accepts element that are in the schema of the wsdl.
          for example.

          I configured the server so that it requires encrypted data to be send, but instead of accepting the element and decrypt it, it tries to find an in my wsdl to map it the proper operation. Which ofcourse doesn't exist.

          Does anyone know how I can fix this?

          Greets,
          Kristof.Taveirne

          • 2. Re: ws-security: Problem using encryption
            Brian Shields Newbie

            Anyone have solution to this yet. My example runs fine with signature, therefore ws-security is working. I had a work around of only encrypting the contents of the method call......following is a snippet from the jboss-wsse-client.xml file

            <encrypt type="x509v3" alias="wsse">
             <targets>
             <target contentOnly="true" type="qname">{http://iwise.nuigalway.ie/hello}hello</target>
             </targets>
            </encrypt>
            

            but i get the error
            javax.xml.rpc.soap.SOAPFaultException: javax.xml.rpc.JAXRPCException: Cannot find child element: String_1

            as the parameter needed is encrypted.
            Any further ideas???

            • 3. Re: ws-security: Problem using encryption
              Brian Shields Newbie

              no reply to this yet!

              Why would the org.jboss.ws.wsse.WSSecurityHandlerInbound class verify a signature but fail to decrypt the message, with no errors being shown with regards decryption?

              Brian.

              • 4. Re: ws-security: Problem using encryption
                Jason Greene Master

                Security is probably not enabled. Did you add the following to your web.xml?

                 <context-param>
                 <param-name>jbossws-config-name</param-name>>
                 <param-value>Standard Secure Endpoint</param-value>
                 </context-param>
                


                • 5. Re: ws-security: Problem using encryption
                  Brian Shields Newbie

                  no i didnt, but i did add the following to my webservices.xml

                  <handler>
                   <handler-name>WSSecurityHandlerInbound</handler-name>
                   <handler-class>org.jboss.ws.wsse.WSSecurityHandlerInbound</handler-class>
                  </handler>

                  Does this not do the same. The signature the message is signed with is verified in the server before the message is processed. I have tested this by resending an altered message with TCPMON and it throws a security exception when i do. Does this not mean that security is enabled?
                  Brian

                  • 6. Re: ws-security: Problem using encryption
                    Jason Greene Master

                    That should also work, but using this you won't be able to send secured messages outbound.

                    What encryption options did you use with the sun stack?

                    Also, can you post a copy of the message the client is sending?

                    Thanks
                    -Jason

                    • 7. Re: ws-security: Problem using encryption
                      Brian Shields Newbie

                      Apologies for the delay in responding to this,

                      That should also work, but using this you won't be able to send secured messages outbound.

                      At the moment I am only concerned with securing the client to server messages.

                      What encryption options did you use with the sun stack?

                      I am using the example from the JBossWS documentation. X.509 certificates.
                      Also, can you post a copy of the message the client is sending?

                      I am going to include the message without any security, then the message with signature, which works, and finally the message with encryption, which does not work.

                      Original message without any security
                      <env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'>
                       <env:Header/>
                       <env:Body>
                       <ns1:hello xmlns:ns1='http://iwise.nuigalway.ie/hello'>
                       <String_1>john</String_1>
                       </ns1:hello>
                       </env:Body>
                      </env:Envelope>
                      

                      Message when signature is used
                      <env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'>
                       <env:Header>
                       <wsse:Security env:mustUnderstand='1' xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'>
                       <wsu:Timestamp wsu:Id='timestamp'>
                       <wsu:Created>2006-11-04T12:34:51.546Z</wsu:Created>
                       </wsu:Timestamp>
                       <wsse:BinarySecurityToken EncodingType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary' ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3' wsu:Id='token-2-1162643691953-5313146'>
                      MIIEQTCCA6qgAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgT
                      Cldhc2hpbmd0b24xGDAWBgNVBAcTD1Nub3F1YWxtaWUgUGFzczETMBEGA1UEChMKSkJvc3MgSW5j
                      LjELMAkGA1UECxMCUUExEjAQBgNVBAMTCWpib3NzLmNvbTEeMBwGCSqGSIb3DQEJARYPYWRtaW5A
                      amJvc3MuY29tMB4XDTA1MDkxNTAwMDk0MVoXDTE1MDkxMzAwMDk0MVowgYsxCzAJBgNVBAYTAlVT
                      MRMwEQYDVQQIEwpXYXNoaW5ndG9uMRMwEQYDVQQKEwpKQm9zcyBJbmMuMRQwEgYDVQQLEwtEZXZl
                      bG9wbWVudDEVMBMGA1UEAxMMSmFzb24gR3JlZW5lMSUwIwYJKoZIhvcNAQkBFhZqYXNvbi5ncmVl
                      bmVAamJvc3MuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzzj+VomXdEuHTg4g
                      N9mN865eulLiAPITiZMLfz2ODuzF0pj39iTKhHM8IS6YQYbkPGRXMTmnCy0NFfMsVKTXs/9rZBMP
                      1ko3kZopaN+XrUT8yxIiydL76QYcRpDGgxG9G4kc+mHdt0rZtARWVwoVPhO4Irx09AONpSYqdSq0
                      8jMXscA+yXwvhDHGV+J4CCSmQgYVa95OdDaAMnWp5csAfg4eL/GTLI36Up4tjsFnMq5NFKsCnZ1q
                      qxA1OO3CbhsK/IlEZw13alGJPJ1FgvaTZTZNh+h2YIKl//P5iQOtfURrzWsVwGcEa6S+lC72BJHj
                      JBOw4byI/FTi1HCe6wd3iQIDAQABo4IBJjCCASIwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYd
                      T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFKzdWmBd7MDzEemEN6HMXIeq
                      St86MIHHBgNVHSMEgb8wgbyAFEuV2BcIYuw61dmN9JIrAvNK+hZ+oYGYpIGVMIGSMQswCQYDVQQG
                      EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEYMBYGA1UEBxMPU25vcXVhbG1pZSBQYXNzMRMwEQYD
                      VQQKEwpKQm9zcyBJbmMuMQswCQYDVQQLEwJRQTESMBAGA1UEAxMJamJvc3MuY29tMR4wHAYJKoZI
                      hvcNAQkBFg9hZG1pbkBqYm9zcy5jb22CCQCr9VL/ZBpN7zANBgkqhkiG9w0BAQUFAAOBgQDEU/Bs
                      M2Pqcr8j8/NdYlgSYXX1R7u2wjYkRnW6jeHlxNm5XeuY0t4nr8fq5S05YOAlU4LTJuGNMB8kZUit
                      hAU2QxkMLmKKsb+B1zIdzP756xC6x+5g0dXLIt0ItVjPv5GQIw1SRmQKBkfliwV5jOrkCzJ5/v04
                      Hb1iUP9iqcdN2w==
                       </wsse:BinarySecurityToken>
                       <ds:Signature xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
                       <ds:SignedInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
                       <ds:CanonicalizationMethod Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>
                       <ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>
                       <ds:Reference URI='#element-1-1162643691578-16749745' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
                       <ds:Transforms xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
                       <ds:Transform Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>
                       </ds:Transforms>
                       <ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>
                       <ds:DigestValue xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>x4eijpcBjBPlOeFy85O7ATVlBL0=</ds:DigestValue>
                       </ds:Reference>
                       <ds:Reference URI='#timestamp' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
                       <ds:Transforms xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
                       <ds:Transform Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>
                       </ds:Transforms>
                       <ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>
                       <ds:DigestValue xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>A4XlynInTQ1C6gnc+BSY27uEf0Q=</ds:DigestValue>
                       </ds:Reference>
                       </ds:SignedInfo>
                       <ds:SignatureValue xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
                      S6K1pB4uNST52cUDEVucTYSC2534m5YgWp/E/lB4KdzYzlx9xa98V7wp+lAZlG1fN+mJn1UUkCiH
                      NNwkfxYbJmiwE+a3kUiBZayuregcq2uGugVSyUJnFTga+QoVn6Zl50kccJpqmrU1jb4WN7VrOVgw
                      Q2z/LB2KpvZx6vOKwEUsLoYHg7AS9LZsTQTdK7b3AJmvH+GAhb3iOQz4jRRjDD38N9CCTvRgXcwQ
                      zMPujTaLk7INMHIrds+rDGO7p7sjk7dteRQX9PXMo0z7c+OAAywCfg7HWZWMnfAiusGti5Oess42
                      BtUVRnx8mD99rf98O5y5wgZfJZb1nldKT5xVVA==
                       </ds:SignatureValue>
                       <ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
                       <wsse:SecurityTokenReference wsu:Id='reference-3-1162643691953-9708927'>
                       <wsse:Reference URI='#token-2-1162643691953-5313146' ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3'/>
                       </wsse:SecurityTokenReference>
                       </ds:KeyInfo>
                       </ds:Signature>
                       </wsse:Security>
                       </env:Header>
                       <env:Body xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' wsu:Id='element-1-1162643691578-16749745'>
                       <ns1:hello xmlns:ns1='http://iwise.nuigalway.ie/hello'>
                       <String_1>john</String_1>
                       </ns1:hello>
                       </env:Body>
                      </env:Envelope>
                      

                      Message when encryption is used
                      <env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'>
                       <env:Header>
                       <wsse:Security env:mustUnderstand='1' xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'>
                       <wsu:Timestamp wsu:Id='timestamp'>
                       <wsu:Created>2006-11-04T12:32:07.500Z</wsu:Created>
                       </wsu:Timestamp>
                       <wsse:BinarySecurityToken EncodingType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary' ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3' wsu:Id='token-2-1162643527953-19658898'>
                      MIIEQTCCA6qgAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgT
                      Cldhc2hpbmd0b24xGDAWBgNVBAcTD1Nub3F1YWxtaWUgUGFzczETMBEGA1UEChMKSkJvc3MgSW5j
                      LjELMAkGA1UECxMCUUExEjAQBgNVBAMTCWpib3NzLmNvbTEeMBwGCSqGSIb3DQEJARYPYWRtaW5A
                      amJvc3MuY29tMB4XDTA1MDkxNTAwMDk0MVoXDTE1MDkxMzAwMDk0MVowgYsxCzAJBgNVBAYTAlVT
                      MRMwEQYDVQQIEwpXYXNoaW5ndG9uMRMwEQYDVQQKEwpKQm9zcyBJbmMuMRQwEgYDVQQLEwtEZXZl
                      bG9wbWVudDEVMBMGA1UEAxMMSmFzb24gR3JlZW5lMSUwIwYJKoZIhvcNAQkBFhZqYXNvbi5ncmVl
                      bmVAamJvc3MuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzzj+VomXdEuHTg4g
                      N9mN865eulLiAPITiZMLfz2ODuzF0pj39iTKhHM8IS6YQYbkPGRXMTmnCy0NFfMsVKTXs/9rZBMP
                      1ko3kZopaN+XrUT8yxIiydL76QYcRpDGgxG9G4kc+mHdt0rZtARWVwoVPhO4Irx09AONpSYqdSq0
                      8jMXscA+yXwvhDHGV+J4CCSmQgYVa95OdDaAMnWp5csAfg4eL/GTLI36Up4tjsFnMq5NFKsCnZ1q
                      qxA1OO3CbhsK/IlEZw13alGJPJ1FgvaTZTZNh+h2YIKl//P5iQOtfURrzWsVwGcEa6S+lC72BJHj
                      JBOw4byI/FTi1HCe6wd3iQIDAQABo4IBJjCCASIwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYd
                      T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFKzdWmBd7MDzEemEN6HMXIeq
                      St86MIHHBgNVHSMEgb8wgbyAFEuV2BcIYuw61dmN9JIrAvNK+hZ+oYGYpIGVMIGSMQswCQYDVQQG
                      EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEYMBYGA1UEBxMPU25vcXVhbG1pZSBQYXNzMRMwEQYD
                      VQQKEwpKQm9zcyBJbmMuMQswCQYDVQQLEwJRQTESMBAGA1UEAxMJamJvc3MuY29tMR4wHAYJKoZI
                      hvcNAQkBFg9hZG1pbkBqYm9zcy5jb22CCQCr9VL/ZBpN7zANBgkqhkiG9w0BAQUFAAOBgQDEU/Bs
                      M2Pqcr8j8/NdYlgSYXX1R7u2wjYkRnW6jeHlxNm5XeuY0t4nr8fq5S05YOAlU4LTJuGNMB8kZUit
                      hAU2QxkMLmKKsb+B1zIdzP756xC6x+5g0dXLIt0ItVjPv5GQIw1SRmQKBkfliwV5jOrkCzJ5/v04
                      Hb1iUP9iqcdN2w==
                       </wsse:BinarySecurityToken>
                       <xenc:EncryptedKey xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'>
                       <xenc:EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-1_5' xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'/>
                       <ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
                       <wsse:SecurityTokenReference wsu:Id='reference-6-1162643528796-29247351'>
                       <wsse:Reference URI='#token-2-1162643527953-19658898' ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3'/>
                       </wsse:SecurityTokenReference>
                       </ds:KeyInfo>
                       <xenc:CipherData xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'>
                       <xenc:CipherValue xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'>
                      K8nIvL9BkXrik4+lOwNrueanacrp8cC/WwV3PW8ch4T3ilvEP4GGoMgrzddZvwgOW8AiUHD6BVOd
                      Mui723FZYSatEim0/hpTdRBd2rKtSiEy1bbXZEJeGDo1MMyJaY73zaJcDVCNLn34x2MvTDCdgOw1
                      +oN2XxjCa49/7jmqMWPZcgIBofr+JKxtcob25TDxHr+NARNl24Khap3yEp3CxC48fZXwtN/fNWaG
                      jE1pgAz4UD5/0oe8lsUgeDPolQ/3JvZYmT0kVDf1ldK3B6oAzoOIy+8AnEc9D4Ohp6XlFZA+MPwV
                      QktRYaABzTdq8r5Nk7a7lnOgDEOYaC8Z5WJz2g==
                       </xenc:CipherValue>
                       </xenc:CipherData>
                       <xenc:ReferenceList xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'>
                       <xenc:DataReference URI='#encrypted-5-1162643528328-14137305' xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'/>
                       </xenc:ReferenceList>
                       </xenc:EncryptedKey>
                       <ds:Signature xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
                       <ds:SignedInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
                       <ds:CanonicalizationMethod Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>
                       <ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>
                       <ds:Reference URI='#element-1-1162643527531-8703610' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
                       <ds:Transforms xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
                       <ds:Transform Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>
                       </ds:Transforms>
                       <ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>
                       <ds:DigestValue xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>f3PVDTNNDozFWI59ANWwaG4SK3E=</ds:DigestValue>
                       </ds:Reference>
                       <ds:Reference URI='#timestamp' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
                       <ds:Transforms xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
                       <ds:Transform Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>
                       </ds:Transforms>
                       <ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>
                       <ds:DigestValue xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>ueejBXsOigMMxCc43KcWHUmfhlM=</ds:DigestValue>
                       </ds:Reference>
                       </ds:SignedInfo>
                       <ds:SignatureValue xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
                      r27Gy2CfU86hwFL+P9tNZ+gzj5cmJ0zdIcV/jqAx9FVloJZRoFcwXLI3+JlbsdXaDOoR04gBrbyc
                      WJI9Enx2zlMuo1mnIUvFJ6wQ5x4ak6uFsj5C56+uQUB7nEXEDDPejKhbOwiDHooz6KCdh+gTGKkU
                      StvXiR3ZDsc9SqaQ3uj3xdmlhNCe4KxSAX2DOGcZfT1CWIVYyq4Rt+oMnmhN6kJMQLQbTwOrxhXc
                      qMzLN750UgKoN27Dd/KtUpnKkagl3zzqHmvGqIiLjQ/ED4PC7aS+2Ymp8DdBx/Ya9zlIpEjN03mA
                      5PXxoyVNxYtydWYU0Rq0cE7AqM61HNUGjN69Wg==
                       </ds:SignatureValue>
                       <ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
                       <wsse:SecurityTokenReference wsu:Id='reference-3-1162643527953-30167145'>
                       <wsse:Reference URI='#token-2-1162643527953-19658898' ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3'/>
                       </wsse:SecurityTokenReference>
                       </ds:KeyInfo>
                       </ds:Signature>
                       </wsse:Security>
                       </env:Header>
                       <env:Body xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' wsu:Id='element-1-1162643527531-8703610'>
                       <ns1:hello xmlns:ns1='http://iwise.nuigalway.ie/hello' xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' wsu:Id='element-4-1162643528328-17689439'>
                       <xenc:EncryptedData Id='encrypted-5-1162643528328-14137305' Type='http://www.w3.org/2001/04/xmlenc#Content' xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'>
                       <xenc:EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#aes128-cbc' xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'/>
                       <xenc:CipherData xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'>
                       <xenc:CipherValue xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'>
                      l0waYKIwD4YR5UcXV0QpS3O4NTYaI5fYQBYDWao7GnlwAs4oddUc3/y+qIk0k1yo1ukRIhtIfStH
                      bfs5XXP/ABpRu7L2pV2FgT28gBcRyDLiCbUcIQwkrQMXpXwS9SoTCh7uCTFlYdNmB681YgrzNqv9
                      pTOluti2/ZimKAdcR7sCNTVRDvNKFOpFgddjrwzg4lqYXst1ITTjEl8oH7IDsKkU/gWT4urLJeNg
                      5tStMTHQXkvHTCREQITFJN0+W4Wp/1BJm3kGrYabpwEBTXOhvWijJdGQMlIEeXbjtiXarGoXTFbM
                      KaBg1br02RadiR6s
                       </xenc:CipherValue>
                       </xenc:CipherData>
                       </xenc:EncryptedData>
                       </ns1:hello>
                       </env:Body>
                      </env:Envelope>
                      


                      Apologies for how verbose the messages are. The error i am getting in return to the last message is
                      [java] Contacting webservice at http://whitehaven:8088/hello-ejb/HelloBean?wsdl
                      [java] hello.hello(john)
                      [java] - Call invocation failed with SOAPFaultException
                      [java] javax.xml.rpc.soap.SOAPFaultException: javax.xml.rpc.JAXRPCException: Cannot find child element: String_1
                      [java] at org.jboss.ws.jaxrpc.SOAPFaultExceptionHelper.getSOAPFaultException(SOAPFaultExceptionHelper.java:100)
                      [java] at org.jboss.ws.binding.soap.SOAPBindingProvider.unbindResponseMessage(SOAPBindingProvider.java:486)
                      [java] at org.jboss.ws.jaxrpc.CallImpl.invokeInternal(CallImpl.java:702)
                      [java] Exception in thread "main" java.rmi.RemoteException: Call invocation failed with code [Client] because of: javax.xml.rpc.JAXRPCException:Cannot find child element: String_1; nested exception is:
                      [java] javax.xml.rpc.soap.SOAPFaultException: javax.xml.rpc.JAXRPCException: Cannot find child element: String_1
                      [java] at org.jboss.ws.jaxrpc.CallImpl.invokeInternal(CallImpl.java:713)
                      [java] at org.jboss.ws.jaxrpc.CallImpl.invoke(CallImpl.java:404)
                      [java] at helloClient.Client.main(Client.java:50)
                      [java] Caused by: javax.xml.rpc.soap.SOAPFaultException: javax.xml.rpc.JAXRPCException: Cannot find child element: String_1
                      [java] at org.jboss.ws.jaxrpc.SOAPFaultExceptionHelper.getSOAPFaultException(SOAPFaultExceptionHelper.java:100)
                      [java] at org.jboss.ws.jaxrpc.CallImpl.invoke(CallImpl.java:404)
                      [java] at helloClient.Client.main(Client.java:50)
                      [java] at org.jboss.ws.binding.soap.SOAPBindingProvider.unbindResponseMessage(SOAPBindingProvider.java:486)
                      [java] at org.jboss.ws.jaxrpc.CallImpl.invokeInternal(CallImpl.java:702)
                      

                      Any ideas? Doesn't make any sense that signatures work and encryption wont.

                      Thanks,
                      Brian.

                      • 8. Re: ws-security: Problem using encryption
                        Brian Shields Newbie

                        Quick addition to the above post...the error posted was the SOAPException as it was received in the client. The following is the server error

                        13:26:55,687 ERROR [SOAPFaultExceptionHelper] SOAP request exception
                        javax.xml.rpc.JAXRPCException: Cannot find child element: String_1
                         at org.jboss.ws.binding.soap.SOAPBindingProvider.getParameterFromMessage(SOAPBindingProvider.java:809)
                         at org.jboss.ws.binding.soap.SOAPBindingProvider.unbindRequestMessage(SOAPBindingProvider.java:266)
                         at org.jboss.ws.server.ServiceEndpointInvoker.invoke(ServiceEndpointInvoker.java:115)
                         at org.jboss.ws.server.ServiceEndpoint.handleRequest(ServiceEndpoint.java:234)
                         at org.jboss.ws.server.ServiceEndpointServlet.doPost(ServiceEndpointServlet.java:120)
                         at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
                         at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
                         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
                         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
                         at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
                         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
                         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
                         at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
                         at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
                         at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
                         at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
                         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
                         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
                         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
                         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
                         at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
                         at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
                         at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
                         at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
                         at java.lang.Thread.run(Thread.java:595)
                        


                        Brian

                        • 9. Re: ws-security: Problem using encryption
                          ron cook Newbie

                          I'm getting the same error as Kristoff and Brian:

                          javax.xml.ws.soap.SOAPFaultException: Endpoint {http://org.jboss.ws/xabraws}WebServiceImplPort does not contain
                          operation meta data for: {http://www.w3.org/2001/04/xmlenc#}EncryptedData
                          at org.jboss.ws.core.jaxws.SOAPFaultHelperJAXWS.getSOAPFaultException(SOAPFaultHelperJAXWS.java:70)
                          at org.jboss.ws.core.jaxws.binding.SOAP12BindingJAXWS.throwFaultException(SOAP12BindingJAXWS.java:120)
                          at org.jboss.ws.core.CommonSOAPBinding.unbindResponseMessage(CommonSOAPBinding.java:531)
                          ...


                          The server log SOAPMessage trace shows the client request is encrypted,
                          but the server gets the exception above, and does not decrypt the message.

                          Has anyone solved this problem?

                          Thanks,
                          Ron C

                          • 10. Re: ws-security: Problem using encryption
                            vinod purohit Newbie

                            Me too facing the same problem with the encryption in JbossWS 1.0.4 with JBoss 4.0.5 app server

                            But i observed one thing, i,e. Encryption and Signature both work fine with JSR-181 types in JBossWS 1.2.x.

                            Any clues on how to make this work for JSR-109 EJBs?