Forum Discussion

Anonymous's avatar
Anonymous
9 years ago

An error was discovered processing the <wsse:Security> header in SoapUI

I try to intercept encrypted soap message in wildfly 10 with soapUI. Deployment is successful.

 

First below pics are outgoing ws-security configuration which includes signature and encryption.

* Signature
Keystore - client keystore
Alias - alias of client's private key
Password - password of client's private key
Key Identifier Type - X.509
Parts - arg0 (Name), Body (Encode)

 

* Encryption
Keystore - client keystore
Alias - alias of server's public key
Password - Empty (no password required for public key)
Key Identifier Type - X.509
Parts - arg0 (Name), Body (Content)

 

The final pic shows incoming WS-Security Configuration.

 

Decrypt Keystore - client keystore
Signature Keystore - client keystore
Password - password of client's private key

 

But the returned response is soap-fault like following

 

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<soap:Fault>
<faultcode xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ns1:InvalidSecurity</faultcode>
<faultstring>An error was discovered processing the <wsse:Security> header</faultstring>
</soap:Fault>
</soap:Body>
</soap:Envelope>

Any idea? If there is some process which I missed, pls inform me.

Your help will be deeply appreciated! Thanks in advanced.

 

 

  • Anonymous's avatar
    Anonymous
    9 years ago

    This is my original SOAP message

    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soap="http://soap.aaa.com/">
   <soapenv:Header/>
   <soapenv:Body>
      <soap:sayHello>
         <!--Optional:-->
         <arg0>Jina</arg0>
      </soap:sayHello>
   </soapenv:Body>
</soapenv:Envelope>

    And Belows are my modified WSS configuration

    • Signature

      Keystore : client keystore jks file

      Alias : client key alias

      Password : client private key password

      Key Identifier Type : X.509

      Parts : sayHello(Name), http://soap.aaa.com/ (Namespace), Element (Encode)

    • Encryption

      Keystore : client keystore jks file

      Alias : service key alias

      Password : empty

      Key Identifier Type : X.509

      Parts : sayHello (Name), http://soap.aaa.com/ (Namespace), Content (Encode)

    *Ingoing WS-Security Configuration

    Decrypt Keystore : client keystore jks file
Signature Keystore : client keystore jks file
Password - password of client's private key

    This configuration throws no soap exception in SoapUI side. In SoapUI log only this message is shown

    Sun Jul 24 08:59:51 KST 2016:DEBUG:Attempt 1 to execute request
Sun Jul 24 08:59:51 KST 2016:DEBUG:Sending request: POST /SOAPSecurityWeb/HelloWorld HTTP/1.1
Sun Jul 24 08:59:52 KST 2016:DEBUG:Receiving response: HTTP/1.1 500 Internal Server Error
Sun Jul 24 08:59:52 KST 2016:DEBUG:Connection can be kept alive indefinitely
Sun Jul 24 08:59:52 KST 2016:INFO:Got response for [HelloWorldServiceSoapBinding.sayHello:Request 1] in 326ms (361 bytes)

     

    The soap error response from SOAP service is like below

    <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
   <soap:Body>
      <soap:Fault>
         <faultcode xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ns1:InvalidSecurity</faultcode>
         <faultstring>An error was discovered processing the &lt;wsse:Security> header</faultstring>
      </soap:Fault>
   </soap:Body>
</soap:Envelope>

     

     

    But in WS service side this exception is diplayed

    09:37:54,340 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (default task-2) Interceptor for {http://soap.aaa.com/}HelloWorldService has thrown exception, unwinding now: org.apache.cxf.binding.soap.SoapFault: An error was discovered processing the <wsse:Security> header
    at org.apache.cxf.ws.security.wss4j.WSS4JUtils.createSoapFault(WSS4JUtils.java:216)
    at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:329)
    at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:184)
    at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:79)
    at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:66)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
    at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
    at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:251)
    at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:108)
    at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:134)
    at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:88)
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:293)
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:212)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
    at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:136)
    at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
    at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
    at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
    at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
    at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
    at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
    at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
    at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
    at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
    at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
    at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
    at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
    at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
    at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
    at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
    at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.wss4j.common.ext.WSSecurityException: An error was discovered processing the <wsse:Security> header
    at org.apache.wss4j.common.crypto.AlgorithmSuiteValidator.checkSymmetricEncryptionAlgorithm(AlgorithmSuiteValidator.java:149)
    at org.apache.wss4j.dom.processor.EncryptedKeyProcessor.decryptDataRef(EncryptedKeyProcessor.java:550)
    at org.apache.wss4j.dom.processor.EncryptedKeyProcessor.decryptDataRefs(EncryptedKeyProcessor.java:481)
    at org.apache.wss4j.dom.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:199)
    at org.apache.wss4j.dom.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:76)
    at org.apache.wss4j.dom.engine.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:344)
    at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:280)
    ... 42 more

    And more the following exception are thrown when the SoapUI 5.2.1 starting, Do you think these exceptions are related with this issues?

    Sun Jul 24 09:34:33 KST 2016:ERROR:An error occurred [com.eviware.soapui.plugins.auto.factories.AutoDiscoveryMethodFactory], see error log for details
Sun Jul 24 09:34:33 KST 2016:ERROR:An error occurred [com.eviware.soapui.plugins.auto.factories.AutoImportMethodFactory], see error log for details
Sun Jul 24 09:34:33 KST 2016:ERROR:An error occurred [com.eviware.soapui.plugins.auto.factories.AutoDiscoveryMethodFactory], see error log for details
Sun Jul 24 09:34:33 KST 2016:ERROR:An error occurred [com.eviware.soapui.plugins.auto.factories.AutoImportMethodFactory], see error log for details

    Your any help will be deeply appreciated! Thanks in advance.