4 Replies Latest reply on Jun 6, 2014 6:24 AM by Alessio Soldano

    [8.1.0.CR1][8.1.0.CR2] WS-Security incoming XML(request)signature validation problem

    Michal Kopeć Newbie

      I'm developing and application(web services) with enabled WS-Security  (request/response signature ). Client implementation file are generated as CXF artifacts from WSDL.

      When application in run on Wildfly 8.0.0  everythink is ok. But on 8.1.0.CR1 8.1.0.CR2  signature validation fails on server side with message (The signature or decryption was invalid).  Keystore/trust store are the same and are loaded properly.

      As a client I use (for tests) SOUPUI 4.6.2 with configured outgoing  WSS. There where any changes in WS-Security module in 8.1.0 ?

      Below an exception from server.log

       

      2014-05-13 15:44:06,290 DEBUG [org.apache.jcp.xml.dsig.internal.dom.DOMReference] (default task-1) Expected digest: vtU+R6sx2DPgvIbyOwg7QBszFMrhAdvhCvyT1e4B+JQ=
          2014-05-13 15:44:06,290 DEBUG [org.apache.jcp.xml.dsig.internal.dom.DOMReference] (default task-1) Actual digest: Ob3MjaGZysaxRf6LyLKLR6madutOpH8nFxkzPvbABUA=
          2014-05-13 15:44:06,290 DEBUG [org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature] (default task-1) Reference[#id-55] is valid: false
          2014-05-13 15:44:06,291 DEBUG [org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature] (default task-1) Couldn't validate the References
          2014-05-13 15:44:06,291 DEBUG [org.apache.ws.security.processor.SignatureProcessor] (default task-1) XML Signature verification has failed
          2014-05-13 15:44:06,291 DEBUG [org.apache.ws.security.processor.SignatureProcessor] (default task-1) Signature Validation check: true
          2014-05-13 15:44:06,291 DEBUG [org.apache.ws.security.processor.SignatureProcessor] (default task-1) Reference #id-55 check: false
          2014-05-13 15:44:06,293 WARNING [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor] (default task-1) : org.apache.ws.security.WSSecurityException: The signature or decryption was invalid
              at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:451) [wss4j-1.6.14.jar:1.6.14]
              at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:231) [wss4j-1.6.14.jar:1.6.14]
              at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396) [wss4j-1.6.14.jar:1.6.14]
              at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270)
              at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:120)
              at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:105)
              at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
              at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
              at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:239)
              at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:93)
              at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:133)
              at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:88)
              at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286)
              at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
              at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:136)
              at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) [jbossws-spi-2.2.2.Final.jar:2.2.2.Final]
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
              at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
              at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61)
              at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
              at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
              at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
              at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:113)
              at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:56)
              at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45)
              at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61)
              at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
              at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70)
              at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
              at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
              at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
              at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
              at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
              at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:240)
              at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227)
              at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73)
              at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146)
              at io.undertow.server.Connectors.executeRootHandler(Connectors.java:168)
              at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:727)
              at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_45]
              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_45]
              at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_45]
      
      
      
      
      
      
      

       

      I think problem may be in xml Canonicalization method because soupui request is little bit different than XML found in servel log

      On client side looks like

       

         <soapenv:Body wsu:Id="id-55" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      
      
      

      Server side log

       

      2014-05-13 15:44:06,287 DEBUG [org.apache.jcp.xml.dsig.internal.DigesterOutputStream] (default task-1) Pre-digested input:
      2014-05-13 15:44:06,287 DEBUG [org.apache.jcp.xml.dsig.internal.DigesterOutputStream] (default task-1) <soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:v1r3="http://www.hp.com/mobicore/services/iss/v1r3" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-55">
      
      
      (rest of an XML looks same as client sied)
      
      
      
      
      

       

       

      Used WS-Policies in attachemt(policy.txt)

       

       

      Server log

       

      2014-05-13 15:44:06,263 DEBUG [org.apache.xml.security.transforms.Transform] (default task-1) Create URI "http://www.w3.org/2001/10/xml-exc-c14n#" class "class org.apache.xml.security.transforms.implementations.TransformC14NExclusive"
      2014-05-13 15:44:06,263 DEBUG [org.apache.xml.security.transforms.Transform] (default task-1) The NodeList is [ds:CanonicalizationMethod: null]
      2014-05-13 15:44:06,264 DEBUG [org.apache.xml.security.utils.ElementProxy] (default task-1) setElement(ds:CanonicalizationMethod, "null"
      2014-05-13 15:44:06,264 DEBUG [org.apache.jcp.xml.dsig.internal.dom.ApacheCanonicalizer] (default task-1) Created transform for algorithm: http://www.w3.org/2001/10/xml-exc-c14n#
      2014-05-13 15:44:06,264 DEBUG [org.apache.jcp.xml.dsig.internal.dom.ApacheCanonicalizer] (default task-1) isNodeSet() = true
      2014-05-13 15:44:06,267 DEBUG [org.apache.xml.security.utils.ElementProxy] (default task-1) setElement("ec:InclusiveNamespaces", "null")
      2014-05-13 15:44:06,276 DEBUG [org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo] (default task-1) Canonicalized SignedInfo:
      2014-05-13 15:44:06,276 DEBUG [org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo] (default task-1) (removed)
      2014-05-13 15:44:06,277 DEBUG [org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo] (default task-1) Data to be signed/verified:(removed)
      2014-05-13 15:44:06,283 DEBUG [org.apache.jcp.xml.dsig.internal.dom.DOMReference] (default task-1) URIDereferencer class name: org.apache.jcp.xml.dsig.internal.dom.DOMURIDereferencer
      2014-05-13 15:44:06,283 DEBUG [org.apache.jcp.xml.dsig.internal.dom.DOMReference] (default task-1) Data class name: org.apache.jcp.xml.dsig.internal.dom.ApacheNodeSetData
      2014-05-13 15:44:06,285 DEBUG [org.apache.xml.security.transforms.Transform] (default task-1) Create URI "http://www.w3.org/2001/10/xml-exc-c14n#" class "class org.apache.xml.security.transforms.implementations.TransformC14NExclusive"
      2014-05-13 15:44:06,285 DEBUG [org.apache.xml.security.transforms.Transform] (default task-1) The NodeList is [ds:Transform: null]
      2014-05-13 15:44:06,286 DEBUG [org.apache.xml.security.utils.ElementProxy] (default task-1) setElement(ds:Transform, "null"
      2014-05-13 15:44:06,286 DEBUG [org.apache.jcp.xml.dsig.internal.dom.ApacheCanonicalizer] (default task-1) Created transform for algorithm: http://www.w3.org/2001/10/xml-exc-c14n#
      2014-05-13 15:44:06,286 DEBUG [org.apache.jcp.xml.dsig.internal.dom.ApacheCanonicalizer] (default task-1) ApacheData = true
      2014-05-13 15:44:06,286 DEBUG [org.apache.xml.security.utils.ElementProxy] (default task-1) setElement("ec:InclusiveNamespaces", "null")
      2014-05-13 15:44:06,287 DEBUG [org.apache.jcp.xml.dsig.internal.DigesterOutputStream] (default task-1) Pre-digested input:
      2014-05-13 15:44:06,287 DEBUG [org.apache.jcp.xml.dsig.internal.DigesterOutputStream] (default task-1) <soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:v1r3="http://www.hp.com/mobicore/services/iss/v1r3" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-55">
      (rest of an XML)
      2014-05-13 15:44:06,290 DEBUG [org.apache.jcp.xml.dsig.internal.dom.DOMReference] (default task-1) Expected digest: vtU+R6sx2DPgvIbyOwg7QBszFMrhAdvhCvyT1e4B+JQ=
      2014-05-13 15:44:06,290 DEBUG [org.apache.jcp.xml.dsig.internal.dom.DOMReference] (default task-1) Actual digest: Ob3MjaGZysaxRf6LyLKLR6madutOpH8nFxkzPvbABUA=
      2014-05-13 15:44:06,290 DEBUG [org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature] (default task-1) Reference[#id-55] is valid: false
      2014-05-13 15:44:06,291 DEBUG [org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature] (default task-1) Couldn't validate the References
      2014-05-13 15:44:06,291 DEBUG [org.apache.ws.security.processor.SignatureProcessor] (default task-1) XML Signature verification has failed
      2014-05-13 15:44:06,291 DEBUG [org.apache.ws.security.processor.SignatureProcessor] (default task-1) Signature Validation check: true
      2014-05-13 15:44:06,291 DEBUG [org.apache.ws.security.processor.SignatureProcessor] (default task-1) Reference #id-55 check: false
      2014-05-13 15:44:06,293 WARNING [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor] (default task-1) : org.apache.ws.security.WSSecurityException: The signature or decryption was invalid
          at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:451) [wss4j-1.6.14.jar:1.6.14]
          at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:231) [wss4j-1.6.14.jar:1.6.14]
          at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396) [wss4j-1.6.14.jar:1.6.14]
          at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270)
          at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:120)
          at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:105)
          at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
          at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
          at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:239)
          at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:93)
          at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:133)
          at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:88)
          at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286)
          at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
          at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:136)
          at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) [jbossws-spi-2.2.2.Final.jar:2.2.2.Final]
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
          at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
          at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61)
          at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
          at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
          at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
          at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:113)
          at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:56)
          at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45)
          at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61)
          at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
          at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70)
          at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
          at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
          at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
          at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
          at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
          at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:240)
          at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227)
          at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73)
          at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146)
          at io.undertow.server.Connectors.executeRootHandler(Connectors.java:168)
          at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:727)
          at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_45]
          at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_45]
          at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_45]
      
      2014-05-13 15:44:06,317 FINE  [org.apache.cxf.phase.PhaseInterceptorChain] (default task-1) Invoking handleFault on interceptor org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor@3ff23b51
      2014-05-13 15:44:06,317 FINE  [org.apache.cxf.phase.PhaseInterceptorChain] (default task-1) Invoking handleFault on interceptor org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor@e3f7d41
      2014-05-13 15:44:06,317 FINE  [org.apache.cxf.phase.PhaseInterceptorChain] (default task-1) Invoking handleFault on interceptor org.apache.cxf.ws.mex.MEXInInterceptor@37910cd5
      2014-05-13 15:44:06,317 FINE  [org.apache.cxf.phase.PhaseInterceptorChain] (default task-1) Invoking handleFault on interceptor org.jboss.wsf.stack.cxf.interceptor.EnableDecoupledFaultInterceptor@5af25a7
      2014-05-13 15:44:06,318 FINE  [org.apache.cxf.phase.PhaseInterceptorChain] (default task-1) Invoking handleFault on interceptor org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor@18472fff
      2014-05-13 15:44:06,318 FINE  [org.apache.cxf.phase.PhaseInterceptorChain] (default task-1) Invoking handleFault on interceptor org.apache.cxf.binding.soap.interceptor.SoapActionInInterceptor@44d28296
      2014-05-13 15:44:06,318 FINE  [org.apache.cxf.phase.PhaseInterceptorChain] (default task-1) Invoking handleFault on interceptor org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor@13681cfd
      2014-05-13 15:44:06,318 FINE  [org.apache.cxf.phase.PhaseInterceptorChain] (default task-1) Invoking handleFault on interceptor org.apache.cxf.binding.soap.saaj.SAAJInInterceptor$SAAJPreInInterceptor@544e4733
      2014-05-13 15:44:06,318 FINE  [org.apache.cxf.phase.PhaseInterceptorChain] (default task-1) Invoking handleFault on interceptor org.apache.cxf.frontend.WSDLGetInterceptor@21fd9c
      2014-05-13 15:44:06,318 FINE  [org.apache.cxf.phase.PhaseInterceptorChain] (default task-1) Invoking handleFault on interceptor org.apache.cxf.interceptor.StaxInInterceptor@3dd27837
      2014-05-13 15:44:06,318 FINE  [org.apache.cxf.phase.PhaseInterceptorChain] (default task-1) Invoking handleFault on interceptor org.apache.cxf.transport.https.CertConstraintsInterceptor@4936b658
      2014-05-13 15:44:06,318 FINE  [org.apache.cxf.phase.PhaseInterceptorChain] (default task-1) Invoking handleFault on interceptor org.apache.cxf.interceptor.AttachmentInInterceptor@13e19073
      2014-05-13 15:44:06,318 FINE  [org.apache.cxf.phase.PhaseInterceptorChain] (default task-1) Invoking handleFault on interceptor org.jboss.wsf.stack.cxf.interceptor.EndpointAssociationInterceptor@3a71ce8b
      2014-05-13 15:44:06,318 FINE  [org.apache.cxf.phase.PhaseInterceptorChain] (default task-1) Invoking handleFault on interceptor org.apache.cxf.ws.policy.PolicyInInterceptor@34b87697
      2014-05-13 15:44:06,319 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (default task-1) Interceptor for {http://www.hp.com/mobicore/services/iss/v1r3}IssAuthService has thrown exception, unwinding now: org.apache.cxf.binding.soap.SoapFault: The signature or decryption was invalid
          at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:844)
          at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:327)
          at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:120)
          at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:105)
          at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
          at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
          at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:239)
          at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:93)
          at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:133)
          at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:88)
          at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286)
          at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
          at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:136)
          at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) [jbossws-spi-2.2.2.Final.jar:2.2.2.Final]
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
          at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
          at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61)
          at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
          at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
          at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
          at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:113)
          at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:56)
          at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45)
          at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61)
          at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
          at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70)
          at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
          at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
          at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
          at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
          at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
          at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:240)
          at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227)
          at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73)
          at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146)
          at io.undertow.server.Connectors.executeRootHandler(Connectors.java:168)
          at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:727)
          at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_45]
          at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_45]
          at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_45]
      Caused by: org.apache.ws.security.WSSecurityException: The signature or decryption was invalid
          at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:451) [wss4j-1.6.14.jar:1.6.14]
          at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:231) [wss4j-1.6.14.jar:1.6.14]
          at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396) [wss4j-1.6.14.jar:1.6.14]
          at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270)
          ... 39 more