Fórum Root.cz
Hlavní témata => Vývoj => Téma založeno: Radim Kindl 18. 08. 2015, 12:54:26
-
Hi,
I try to implement the "Example: Username Authentication with Symmetric Key (UA)" from NetBeans 8.0.2 with GlassFish 4.1 and I get the error "SEVERE: WSS1925: No CipherValue found in CipherData". The example works properly without the security stuff.
OS: Windows 7 Pro (x64)
What I have done:
- installed JDK 1.8.0_45
- installed Netbeans 8.0.2 + GlassFish Server 4.1
- Checked keystore and trustore for default certs (xws-security-server, xws-security-client)
- Checked user "wsitUser" on GlassFish
- created service + client like in the example and added security with development defaults
glassFish log error:
Timestamp Aug 18, 2015 10:55:23.020
Log Level SEVERE
Logger com.sun.xml.wss.provider.wsit
Name-Value Pairs{levelValue=1000, timeMillis=1439888123020}
Record Number 2163
Message ID Complete Message
WSITPVD0035: Error in Verifying Security in Inbound Message. com.sun.xml.wss.impl.PolicyViolationException: ERROR: No security header found in the message at com.sun.xml.wss.impl.policy.verifier.MessagePolicyVerifier.verifyPolicy(MessagePolicyVerifier.java:138) at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.createMessage(SecurityRecipient.java:1021) at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:256) at com.sun.xml.wss.provider.wsit.WSITClientAuthContext.verifyInboundMessage(WSITClientAuthContext.java:597) at com.sun.xml.wss.provider.wsit.WSITClientAuthContext.validateResponse(WSITClientAuthContext.java:477) at com.sun.xml.wss.provider.wsit.WSITClientAuthContext.validateResponse(WSITClientAuthContext.java:416) at com.sun.enterprise.security.webservices.ClientSecurityPipe.processSecureRequest(ClientSecurityPipe.java:213) at com.sun.enterprise.security.webservices.ClientSecurityPipe.process(ClientSecurityPipe.java:186) at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:119) at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1136) at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:1050) at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:1019) at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:877) at com.sun.xml.ws.client.Stub.process(Stub.java:463) at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:191) at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:108) at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:92) at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:161) at com.sun.proxy.$Proxy345.add(Unknown Source) at org.me.calculator.client.ClientServlet.processRequest(ClientServlet.java:75) at org.me.calculator.client.ClientServlet.doGet(ClientServlet.java:104) at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1682) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:318) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:160) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:734) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:673) at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:99) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:174) at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:415) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:282) at com.sun.enterprise.v3.services.impl.ContainerMapper$HttpHandlerCallable.call(ContainerMapper.java:459) at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:167) at org.glassfish.grizzly.http.server.HttpHandler.runService(HttpHandler.java:201) at org.glassfish.grizzly.http.server.HttpHandler.doHandle(HttpHandler.java:175) at org.glassfish.grizzly.http.server.HttpServerFilter.handleRead(HttpServerFilter.java:235) at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119) at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:283) at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:200) at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:132) at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:111) at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77) at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:561) at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:112) at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:117) at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:56) at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:137) at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:565) at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:545) at java.lang.Thread.run(Thread.java:745)
Timestamp Aug 18, 2015 10:55:23.011
Log Level SEVERE
Logger com.sun.xml.wss.provider.wsit
Name-Value Pairs{levelValue=1000, timeMillis=1439888123011}
Record Number 2162
Message ID Complete Message
WSITPVD0035: Error in Verifying Security in Inbound Message. com.sun.xml.wss.impl.WssSoapFaultException: Invalid Security Header at com.sun.xml.ws.security.opt.impl.util.SOAPUtil.newSOAPFaultException(SOAPUtil.java:159) at com.sun.xml.ws.security.opt.impl.incoming.processor.CipherDataProcessor.readAsBytes(CipherDataProcessor.java:205) at com.sun.xml.ws.security.opt.impl.incoming.EncryptedKey.process(EncryptedKey.java:228) at com.sun.xml.ws.security.opt.impl.incoming.EncryptedKey.<init>(EncryptedKey.java:124) at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.handleSecurityHeader(SecurityRecipient.java:453) at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.cacheHeaders(SecurityRecipient.java:300) at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:249) at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.verifyInboundMessage(WSITServerAuthContext.java:594) at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.validateRequest(WSITServerAuthContext.java:364) at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.validateRequest(WSITServerAuthContext.java:267) at com.sun.enterprise.security.webservices.CommonServerSecurityPipe.processRequest(CommonServerSecurityPipe.java:170) at com.sun.enterprise.security.webservices.CommonServerSecurityPipe.process(CommonServerSecurityPipe.java:141) at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:119) at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1136) at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:1050) at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:1019) at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:877) at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:419) at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:868) at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:422) at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:169) at org.glassfish.webservices.JAXWSServlet.doPost(JAXWSServlet.java:169) at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1682) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:318) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:160) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:734) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:673) at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:99) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:174) at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:415) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:282) at com.sun.enterprise.v3.services.impl.ContainerMapper$HttpHandlerCallable.call(ContainerMapper.java:459) at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:167) at org.glassfish.grizzly.http.server.HttpHandler.runService(HttpHandler.java:201) at org.glassfish.grizzly.http.server.HttpHandler.doHandle(HttpHandler.java:175) at org.glassfish.grizzly.http.server.HttpServerFilter.handleRead(HttpServerFilter.java:235) at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119) at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:283) at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:200) at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:132) at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:111) at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77) at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:561) at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:112) at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:117) at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:56) at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:137) at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:565) at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:545) at java.lang.Thread.run(Thread.java:745)
Timestamp Aug 18, 2015 10:55:23.010
Log Level SEVERE
Logger com.sun.xml.wss.logging.impl.opt.crypto
Name-Value Pairs{levelValue=1000, timeMillis=1439888123010}
Record Number 2161
Message ID Complete Message
WSS1925: No CipherValue found in CipherData
WSDL:
<!--
Published by JAX-WS RI (http://jax-ws.java.net). RI's version is Metro/2.3.1-b419 (branches/2.3.1.x-7937; 2014-08-04T08:11:03+0000) JAXWS-RI/2.2.10-b140803.1500 JAXWS-API/2.2.11 JAXB-RI/2.2.10-b140802.1033 JAXB-API/2.2.12-b140109.1041 svn-revision#unknown.
-->
<!--
Generated by JAX-WS RI (http://jax-ws.java.net). RI's version is Metro/2.3.1-b419 (branches/2.3.1.x-7937; 2014-08-04T08:11:03+0000) JAXWS-RI/2.2.10-b140803.1500 JAXWS-API/2.2.11 JAXB-RI/2.2.10-b140802.1033 JAXB-API/2.2.12-b140109.1041 svn-revision#unknown.
-->
<definitions xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsp1_2="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="http://calculator.me.org/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.xmlsoap.org/wsdl/" targetNamespace="http://calculator.me.org/" name="CalculatorWSService">
<wsp1_2:Policy xmlns:sunwsp="http://java.sun.com/xml/ns/wsit/policy" xmlns:wsapw3c="http://www.w3.org/2006/05/addressing/wsdl" xmlns:ssp="http://schemas.sun.com/2006/03/wss/server" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" wsu:Id="CalculatorWSPortBindingPolicy">
<sp:SignedSupportingTokens>
<wsp1_2:Policy>
<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp1_2:Policy>
<sp:WssUsernameToken10/>
</wsp1_2:Policy>
</sp:UsernameToken>
</wsp1_2:Policy>
</sp:SignedSupportingTokens>
<sp:SymmetricBinding>
<wsp1_2:Policy>
<sp:AlgorithmSuite>
<wsp1_2:Policy>
<sp:Basic128/>
</wsp1_2:Policy>
</sp:AlgorithmSuite>
<sp:IncludeTimestamp/>
<sp:Layout>
<wsp1_2:Policy>
<sp:Strict/>
</wsp1_2:Policy>
</sp:Layout>
<sp:OnlySignEntireHeadersAndBody/>
<sp:ProtectionToken>
<wsp1_2:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp1_2:Policy>
<sp:WssX509V3Token10/>
</wsp1_2:Policy>
</sp:X509Token>
</wsp1_2:Policy>
</sp:ProtectionToken>
</wsp1_2:Policy>
</sp:SymmetricBinding>
<sp:Wss11>
<wsp1_2:Policy>
<sp:MustSupportRefEncryptedKey/>
<sp:MustSupportRefIssuerSerial/>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefThumbprint/>
</wsp1_2:Policy>
</sp:Wss11>
<wsapw3c:UsingAddressing/>
</wsp1_2:Policy>
<wsp1_2:Policy xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" wsu:Id="CalculatorWSPortBinding_add_Input_Policy">
<sp:EncryptedParts>
<sp:Body/>
</sp:EncryptedParts>
<sp:SignedParts>
<sp:Body/>
<sp:Header Namespace="http://www.w3.org/2005/08/addressing" Name="ReplyTo"/>
<sp:Header Name="AckRequested" Namespace="http://schemas.xmlsoap.org/ws/2005/02/rm"/>
<sp:Header Name="Sequence" Namespace="http://schemas.xmlsoap.org/ws/2005/02/rm"/>
<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Namespace="http://www.w3.org/2005/08/addressing" Name="FaultTo"/>
<sp:Header Name="SequenceAcknowledgement" Namespace="http://schemas.xmlsoap.org/ws/2005/02/rm"/>
<sp:Header Namespace="http://www.w3.org/2005/08/addressing" Name="Action"/>
<sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
</wsp1_2:Policy>
<wsp1_2:Policy xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" wsu:Id="CalculatorWSPortBinding_add_Output_Policy">
<sp:EncryptedParts>
<sp:Body/>
</sp:EncryptedParts>
<sp:SignedParts>
<sp:Body/>
<sp:Header Namespace="http://www.w3.org/2005/08/addressing" Name="ReplyTo"/>
<sp:Header Name="AckRequested" Namespace="http://schemas.xmlsoap.org/ws/2005/02/rm"/>
<sp:Header Name="Sequence" Namespace="http://schemas.xmlsoap.org/ws/2005/02/rm"/>
<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Namespace="http://www.w3.org/2005/08/addressing" Name="FaultTo"/>
<sp:Header Name="SequenceAcknowledgement" Namespace="http://schemas.xmlsoap.org/ws/2005/02/rm"/>
<sp:Header Namespace="http://www.w3.org/2005/08/addressing" Name="Action"/>
<sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
</wsp1_2:Policy>
<types>
<xsd:schema>
<xsd:import namespace="http://calculator.me.org/" schemaLocation="http://localhost:8080/SecureCalculatorApp/CalculatorWSService?xsd=1"/>
</xsd:schema>
</types>
<message name="add">
<part name="parameters" element="tns:add"/>
</message>
<message name="addResponse">
<part name="parameters" element="tns:addResponse"/>
</message>
<portType name="CalculatorWS">
<operation name="add">
<input wsam:Action="add" message="tns:add"/>
<output wsam:Action="http://calculator.me.org/CalculatorWS/addResponse" message="tns:addResponse"/>
</operation>
</portType>
<binding name="CalculatorWSPortBinding" type="tns:CalculatorWS">
<wsp1_2:PolicyReference URI="#CalculatorWSPortBindingPolicy"/>
<soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document"/>
<operation name="add">
<soap:operation soapAction="add"/>
<input>
<wsp1_2:PolicyReference URI="#CalculatorWSPortBinding_add_Input_Policy"/>
<soap:body use="literal"/>
</input>
<output>
<wsp1_2:PolicyReference URI="#CalculatorWSPortBinding_add_Output_Policy"/>
<soap:body use="literal"/>
</output>
</operation>
</binding>
<service name="CalculatorWSService">
<port name="CalculatorWSPort" binding="tns:CalculatorWSPortBinding">
<soap:address location="http://localhost:8080/SecureCalculatorApp/CalculatorWSService"/>
</port>
</service>
</definitions>
plase can someone advise?
Kind regards
Radim