Unable to call WSS Web Service

Hi,

I am trying to call a WSS enabled web service in soap ui.
Service is deployed on jboss and created with jboss runtime.

The jboss WSS configuration for this service is as below::

  
<key-store-file>WEB-INF/my.keystore</key-store-file>
<key-store-password>mykeystorepass</key-store-password>
<trust-store-file>WEB-INF/my.truststore</trust-store-file>
<trust-store-password>mytruststorepass</trust-store-password> 
<config>
     <sign  type="x509v3" alias="myalias" /> 
      <requires>
        <signature/> 
       </requires>
</config>

Now when I call this service from soapui, I get below mentioned response:


 <env:Body>
      <env:Fault>
         <faultcode>env:Server</faultcode>
         <faultstring>NOT_FOUND_ERR: An attempt is made to reference a node in a context where it does not exist.</faultstring>
      </env:Fault>
   </env:Body>

On the jboss server following log is printed:

2014-01-12 17:44:23,192 ERROR [org.jboss.ws.core.jaxws.handler.HandlerChainExecutor] (http-8003-7) Exception during handler processing
org.w3c.dom.DOMException: NOT_FOUND_ERR: An attempt is made to reference a node in a context where it does not exist.
 at org.apache.xerces.dom.ElementImpl.setIdAttributeNode(Unknown Source)
 at org.jboss.ws.core.soap.SOAPElementImpl.setIdAttributeNode(SOAPElementImpl.java:841)
 at org.apache.xml.security.keys.KeyInfo.(KeyInfo.java:141)
 at org.apache.xml.security.signature.XMLSignature.(XMLSignature.java:379)
 at org.apache.xml.security.signature.XMLSignature.(XMLSignature.java:326)
 at org.jboss.ws.extensions.security.element.Signature.(Signature.java:57)
 at org.jboss.ws.extensions.security.element.SecurityHeader.(SecurityHeader.java:85)
 at org.jboss.ws.extensions.security.SecurityDecoder.decode(SecurityDecoder.java:192)
 at org.jboss.ws.extensions.security.WSSecurityDispatcher.decodeHeader(WSSecurityDispatcher.java:131)
 at org.jboss.ws.extensions.security.WSSecurityDispatcher.decodeMessage(WSSecurityDispatcher.java:100)
 at org.jboss.ws.extensions.security.jaxws.WSSecurityHandler.handleInboundSecurity(WSSecurityHandler.java:90)
 at org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer.handleInbound(WSSecurityHandlerServer.java:41)

I have configured keystores and truststores in WSS Configurations and have imported the required certificates.
I have added signature in the soapui outgoing WSS configurations and tried various combinations with all the drop downs there.
But no success.

Please guide.

15 Replies

MarcusJ
Staff
12 years ago
Hi,

Can give more information on what kind of security and encryption setup you are expecting to use such as algorithm, key identifier type, etc.?
ishangajera
Occasional Contributor
12 years ago
I have attached the Server Error Log, SOAP Request generated when calling the Web Service, Signature configuration snapshot in SOAPUI and jboss-wsse-server.xml.

Please let me know in case you need more.
Related+Files.zip40 KB
MarcusJ
Staff
12 years ago
I saw in the screen shot that the username and password was not set in the "outgoing" configuration. I'm not sure if that will make a difference or not for the error message you are getting. The error message does not look like a typical security error message, so security could be could configured correctly from the client side but something is missing on the server or your web service.
ishangajera
Occasional Contributor
12 years ago
What username and password need to be set there in outgoing configuration?

Also We are able to call the Web Service properly using JBossWS client. But while calling it from SOAPUi gives this error.
ishangajera
Occasional Contributor
12 years ago
Hi,

I am still stuck with this. Anybody please help.
I tried to sign only the body part of elements with various names spaced discussed in the forum but not working.

I am not even sure what parts do I need to sign?

Please guide.
ishangajera
Occasional Contributor
12 years ago
Hi,

I was refering to the below url:
https://community.jboss.org/wiki/WSSecuritySignExample
Refer section: Client Request After Signing

I compared the Soap Request mentioned in that section with the one generated with my soap ui client. The difference I found was:

- In the mentioned example there were two ds:reference elements as below
<ds:Reference URI='#element-1-1129691905375-12082199'
and
<ds:Reference URI='#timestamp'

-While in soapui request even if I have added Timestamp configuration only one ds:reference element is there as below
<ds:Reference URI="#element-1-1272320911598-1522000">

Please guide.
ishangajera
Occasional Contributor
12 years ago
Hi,

I have got this from red hat jboss team.
Please have a look at this and help me solve this.

They Said:
I've determined that the most likely cause of this error is the "Id" attribute on the <ds:KeyInfo> element in your SOAP request. Looking at the error's stack trace:

2014-01-13 11:05:21,901 ERROR [org.jboss.ws.core.jaxws.handler.HandlerChainExecutor] (http-8003-4) Exception during handler processing
org.w3c.dom.DOMException: NOT_FOUND_ERR: An attempt is made to reference a node in a context where it does not exist.
at org.apache.xerces.dom.ElementImpl.setIdAttributeNode(Unknown Source)
at org.jboss.ws.core.soap.SOAPElementImpl.setIdAttributeNode(SOAPElementImpl.java:841)
at org.apache.xml.security.keys.KeyInfo.(KeyInfo.java:141)
at org.apache.xml.security.signature.XMLSignature.(XMLSignature.java:379)
at org.apache.xml.security.signature.XMLSignature.(XMLSignature.java:326)
at org.jboss.ws.extensions.security.element.Signature.(Signature.java:57)
at org.jboss.ws.extensions.security.element.SecurityHeader.(SecurityHeader.java:85)
at org.jboss.ws.extensions.security.SecurityDecoder.decode(SecurityDecoder.java:192)
at org.jboss.ws.extensions.security.WSSecurityDispatcher.decodeHeader(WSSecurityDispatcher.java:131)
at org.jboss.ws.extensions.security.WSSecurityDispatcher.decodeMessage(WSSecurityDispatcher.java:100)

We can see that JBossWS is processing the WS-Security header, specifically the signature. As it processes the signature, it appears it tries to set an ID attribute on a node (the top two stack frames), and this causes the error.

In addition, I ran an example with a similar WSS configuration, and I did not receive an error. Compare your request's KeyInfo:

<ds:KeyInfo Id="KI-DC79C9B83C2630465B138961511708968">
<wsse:SecurityTokenReference wsu:Id="STR-DC79C9B83C2630465B138961511708969">
<wsse:Reference URI="#X509-DC79C9B83C2630465B138961511708967" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>

With my request:

<ds:KeyInfo>
<wsse:SecurityTokenReference wsu:Id='reference-12-1389829949906-1909374930'>
<wsse:Reference URI='#token-11-1389829949906-178868269' ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3'/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
MarcusJ
Staff
12 years ago
Hi,

What version of SoapUI are you using? I invoked a request to a service that is WSS secured in SoapUI, and my KeyInfo did not have an ID attribute.

<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference><wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier">2X67d0G1SQjcce53SzpZKR0s2n4=</wsse:KeyIdentifier></wsse:SecurityTokenReference></ds:KeyInfo>
ishangajera
Occasional Contributor
12 years ago
Hi I am using 4.6.0. Will try with latest version and update you
ishangajera
Occasional Contributor
12 years ago
Hi I tried with soapui 4.6.3 and 4.6.4 and it also had Id attribute in Keyinfo element.