Uploaded image for project: 'Spring Web Services'
  1. Spring Web Services
  2. SWS-700

Bug with UsernameToken and Wss4jSecurityInterceptor

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Invalid
    • Affects Version/s: 2.0 GA
    • Fix Version/s: None
    • Component/s: Security
    • Labels:
      None

      Description

      Here's a part of my spring-ws-servlet.xml

      <sws:interceptors>
      		<bean id="securityInterceptor" 
      			 class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
      			<property name="validationActions" value="UsernameToken"/>			
      			<property name="validationCallbackHandler">
      				<ref bean="authenticationHandler" />
      			</property>			
      		</bean>		
      	</sws:interceptors>
      	
      	<bean id="authenticationHandler"
      		class="org.springframework.ws.soap.security.wss4j.callback.SimplePasswordValidationCallbackHandler">
      		<property name="users">
      			<props>
      				<prop key="${auth.user}">${auth.password}</prop>
      			</props>
      		</property>
      	</bean>
      

      When I send the following SOAP message using SOAPUi, it works, I get the result :

      <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="http://deltabank.com/webservices">
         <soapenv:Header>
            
         </soapenv:Header>
         <soapenv:Body>
            <web:versionRequest/>
         </soapenv:Body>
      </soapenv:Envelope>
      

      But if I add UsernameToken informations like this :

      <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="http://deltabank.com/webservices">
         <soapenv:Header>
            <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
               <wsse:UsernameToken wsu:Id="UsernameToken-38" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
                  <wsse:Username>tomcat</wsse:Username>
                  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">XXXXXX</wsse:Password>
                  <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">kD6o77T+cO3QbE1gd4/9lA==</wsse:Nonce>
                  <wsu:Created>2011-03-30T15:31:33.906Z</wsu:Created>
               </wsse:UsernameToken>
            </wsse:Security>
         </soapenv:Header>
         <soapenv:Body>
            <web:versionRequest/>
         </soapenv:Body>
      </soapenv:Envelope>
      

      I get the following exception :
      Security processing failed (actions mismatch)

      Could you help me please because where I did something's wrong...

        Attachments

          Activity

            People

            • Assignee:
              arjen.poutsma Arjen Poutsma
              Reporter:
              abarre Arnaud BARRE
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: