John Ament
2013-01-03 18:33:30 UTC
John Ament [https://community.jboss.org/people/meetoblivion] created the discussion
"MustUnderstand error with security"
To view the discussion, visit: https://community.jboss.org/message/787399#787399
--------------------------------------------------------------
Hi All
I am trying to build out a Security based web service, based on this example:
https://docs.jboss.org/author/display/JBWS/WS-Security#WS-Security-Authenticationandauthorization https://docs.jboss.org/author/display/JBWS/WS-Security#WS-Security-Authenticationandauthorization
When I follow this example, I try to post a document to the deployed service. Here is that document:
Headers: {accept-encoding=[gzip,deflate], Authorization=[Basic am9obi5kLmFtZW50QGdtYWlsLmNvbTphYmMxMjM=], connection=[Keep-Alive], Content-Length=[1059], content-type=[text/xm
l;charset=UTF-8], host=[SSI11021:8082], SOAPAction=[""], user-agent=[Apache-HttpClient/4.1.1 (java 1.5)]}
Payload: <soapenv:Envelope xmlns:sec=" http://secure.mycompany.com/ http://secure.mycompany.com/" xmlns:soapenv=" http://schemas.xmlsoap.org/soap/envelope/ http://schemas.xmlsoap.org/soap/envelope/">
  <soapenv:Header><wsse:Security soapenv:mustUnderstand="1" xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
  xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsse:UsernameToken wsu:Id="UsernameToken-6">
         <wsse:Username>myusername</wsse:Username>
         <wsse:Password Type=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">aCuq2iVcyJ5AvUBw/FLrBkjNpgM=</wsse:Password>
         <wsse:NonceEncodingType=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">rm4xHQrLQiO+9Zdf2nIA2Q==</wsse:Nonce>
         <wsu:Created>2013-01-03T17:40:43.245Z</wsu:Created>
  </wsse:UsernameToken>
  </wsse:Security>
  </soapenv:Header>
  <soapenv:Body>
     <sec:sayHello>
        <!--Optional:-->
        <arg0>Bob</arg0>
     </sec:sayHello>
  </soapenv:Body>
</soapenv:Envelope>
12:40:43,493 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (http--0.0.0.0-8082-2) Interceptor for { http://secure.mycompany.com/ http://secure.mycompany.com/}ServiceImplService#{ http://secure.mycompany.com/ http://secure.mycompany.com/}sayHello has thrown exception, unwinding now: org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers: [{ http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] are not understood.
This results in no credentials being passed to the webservice.
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/787399#787399]
Start a new discussion in JBoss Web Services at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]
"MustUnderstand error with security"
To view the discussion, visit: https://community.jboss.org/message/787399#787399
--------------------------------------------------------------
Hi All
I am trying to build out a Security based web service, based on this example:
https://docs.jboss.org/author/display/JBWS/WS-Security#WS-Security-Authenticationandauthorization https://docs.jboss.org/author/display/JBWS/WS-Security#WS-Security-Authenticationandauthorization
When I follow this example, I try to post a document to the deployed service. Here is that document:
Headers: {accept-encoding=[gzip,deflate], Authorization=[Basic am9obi5kLmFtZW50QGdtYWlsLmNvbTphYmMxMjM=], connection=[Keep-Alive], Content-Length=[1059], content-type=[text/xm
l;charset=UTF-8], host=[SSI11021:8082], SOAPAction=[""], user-agent=[Apache-HttpClient/4.1.1 (java 1.5)]}
Payload: <soapenv:Envelope xmlns:sec=" http://secure.mycompany.com/ http://secure.mycompany.com/" xmlns:soapenv=" http://schemas.xmlsoap.org/soap/envelope/ http://schemas.xmlsoap.org/soap/envelope/">
  <soapenv:Header><wsse:Security soapenv:mustUnderstand="1" xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
  xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsse:UsernameToken wsu:Id="UsernameToken-6">
         <wsse:Username>myusername</wsse:Username>
         <wsse:Password Type=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">aCuq2iVcyJ5AvUBw/FLrBkjNpgM=</wsse:Password>
         <wsse:NonceEncodingType=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">rm4xHQrLQiO+9Zdf2nIA2Q==</wsse:Nonce>
         <wsu:Created>2013-01-03T17:40:43.245Z</wsu:Created>
  </wsse:UsernameToken>
  </wsse:Security>
  </soapenv:Header>
  <soapenv:Body>
     <sec:sayHello>
        <!--Optional:-->
        <arg0>Bob</arg0>
     </sec:sayHello>
  </soapenv:Body>
</soapenv:Envelope>
12:40:43,493 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (http--0.0.0.0-8082-2) Interceptor for { http://secure.mycompany.com/ http://secure.mycompany.com/}ServiceImplService#{ http://secure.mycompany.com/ http://secure.mycompany.com/}sayHello has thrown exception, unwinding now: org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers: [{ http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] are not understood.
This results in no credentials being passed to the webservice.
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/787399#787399]
Start a new discussion in JBoss Web Services at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]