1 Reply Latest reply on Aug 6, 2016 7:46 AM by Joseph Hwang

    Caused by: org.apache.wss4j.common.ext.WSSecurityException: An error was discovered processing the <wsse:Security> header

    Joseph Hwang Novice

      This is my WS-Security configuration with SoapUI

       

      1. Server Keystore - contains server's private key + server's public key + Client's public key

                  Client Keystore - contains client's private key + client's public key + server's public key

       

              2. WS-Security Configuration – Keystore

                        Source: path to client keystore , Password - client keystore password

                        Source: path to server keystore, Password - server keystore password

      wsse_1.jpg

             3. Outgoing WS-Security Configuration

                  * Name : outgoing-to-server

                  * Encryption  :  keystore - server keystore

                                          Alias - alias of server's public key

                                          Password - Empty (no password required for public key)

                                          Key Identifier Type - Binary Security Token

                                          Parts - Name:Body, Namespace:http://schemas.xmlsoap.org/soap/envelope/,  Encode:Content

      wsse_2.jpg

                  * Signature  :  keystore - cilent keystore

                                         Alias - alias of client's private key

                                          Password - password of client's private key

                                          Key Identifier Type - Binary Security Token

                                          Parts - Name:Body, Namespace:http://schemas.xmlsoap.org/soap/envelope/,  Encode:Element

      wsse_3.jpg

       

      3. Incoming WS-Security Configuration :

              * Name : Incoming-from-server

              * Decrypt Keystore - client keystore

              * Signature Keystore - server keystore

              * Password - password of client's private key

      wsse_4.jpg

       

      4. Applying the ws-security to SOAP message

      wsse_5.jpg

      5. But this WS-security configuration throws the folowing exception :

      07:39:55,664 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (default task-16) Interceptor for {http://soap.aaa.com/}HelloWorldService has thrown exception, unwinding now: org.apache.cxf.binding.soap.SoapFault: A security error was encountered when verifying the message

      at org.apache.cxf.ws.security.wss4j.WSS4JUtils.createSoapFault(WSS4JUtils.java:216)

      at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:329)

      at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:184)

      at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:79)

      at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:66)

      at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)

      at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)

      at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:251)

      at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:108)

      at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:134)

      at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:88)

      at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:293)

      at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:212)

      at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)

      at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:136)

      at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140)

      at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)

      at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)

      at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)

      at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)

      at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)

      at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

      at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)

      at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)

      at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

      at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)

      at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)

      at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)

      at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)

      at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)

      at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)

      at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

      at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)

      at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

      at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

      at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)

      at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)

      at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)

      at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)

      at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)

      at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)

      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

      at java.lang.Thread.run(Thread.java:745)

      Caused by: org.apache.wss4j.common.ext.WSSecurityException: An error was discovered processing the <wsse:Security> header

      at org.apache.wss4j.common.crypto.AlgorithmSuiteValidator.checkSymmetricEncryptionAlgorithm(AlgorithmSuiteValidator.java:149)

      at org.apache.wss4j.dom.processor.EncryptedKeyProcessor.decryptDataRef(EncryptedKeyProcessor.java:550)

      at org.apache.wss4j.dom.processor.EncryptedKeyProcessor.decryptDataRefs(EncryptedKeyProcessor.java:481)

      at org.apache.wss4j.dom.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:199)

      at org.apache.wss4j.dom.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:76)

      at org.apache.wss4j.dom.engine.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:344)

      at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:280)

      ... 42 more

       

      Any idea? Your advice will be deeply appreciated. Thanks