<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<body link="#355491" alink="#4262a1" vlink="#355491" style="background: #e2e2e2; margin: 0; padding: 20px;">

<div>
        <table cellpadding="0" bgcolor="#FFFFFF" border="0" cellspacing="0" style="border: 1px solid #dadada; margin-bottom: 30px; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
                <tbody>
                        <tr>

                                <td>

                                        <table border="0" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF" style="border: solid 2px #ccc; background: #dadada; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
                                                <tbody>
                                                        <tr>
                                                                <td bgcolor="#000000" valign="middle" height="58px" style="border-bottom: 1px solid #ccc; padding: 20px; -moz-border-radius-topleft: 3px; -moz-border-radius-topright: 3px; -webkit-border-top-right-radius: 5px; -webkit-border-top-left-radius: 5px;">
                                                                        <h1 style="color: #333333; font: bold 22px Arial, Helvetica, sans-serif; margin: 0; display: block !important;">
                                                                        <!-- To have a header image/logo replace the name below with your img tag -->
                                                                        <!-- Email clients will render the images when the message is read so any image -->
                                                                        <!-- must be made available on a public server, so that all recipients can load the image. -->
                                                                        <a href="http://community.jboss.org/index.jspa" style="text-decoration: none; color: #E1E1E1">Community</a></h1>
                                                                </td>

                                                        </tr>
                                                        <tr>
                                                                <td bgcolor="#FFFFFF" style="font: normal 12px Arial, Helvetica, sans-serif; color:#333333; padding: 20px;  -moz-border-radius-bottomleft: 4px; -moz-border-radius-bottomright: 4px; -webkit-border-bottom-right-radius: 5px; -webkit-border-bottom-left-radius: 5px;"><h3 style="margin: 10px 0 5px; font-size: 17px; font-weight: normal;">
    Debugging WS-Security decryption
</h3>
<span style="margin-bottom: 10px;">
    created by <a href="http://community.jboss.org/people/zurchman1">Sidney Zurch</a> in <i>JBoss Web Services</i> - <a href="http://community.jboss.org/message/539899#539899">View the full discussion</a>
</span>
<hr style="margin: 20px 0; border: none; background-color: #dadada; height: 1px;">

<div class="jive-rendered-content"><p>Is there any way to "get under the hood" and get some clues as to why WS-Security certificate decryption is failing?</p><p style="min-height: 8pt; height: 8pt; padding: 0px;">&#160;</p><p>I'm trying to get the example in Section 9.5 of the "JBoss In Action" book working (jboss-4.2.3.GA/jbossws-native-3.1.1.GA).</p><p style="min-height: 8pt; height: 8pt; padding: 0px;">&#160;</p><p>I've been through all the "classpath", "endorsed.dirs", and "TRACE" discussions and am relatively convinced that all the keystores are in the right place, but I'm getting some cryptic message from the service, followed by a wsse:FailedCheck SOAP fault.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;">&#160;</p><p>I've taken some liberties with the Client but this code seems to work.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;">&#160;</p><p>&#160;&#160;&#160; URL securityURL = new File("resources/security/jboss-wsse-client.xml").toURL();</p><p style="min-height: 8pt; height: 8pt; padding: 0px;">&#160;</p><p>&#160;&#160;&#160; ((StubExt)default_webservice).setSecurityConfig(securityURL.toExternalForm());<br/>&#160;&#160;&#160; ((StubExt)default_webservice).setConfigName("Standard WSSecurity Client");</p><p style="min-height: 8pt; height: 8pt; padding: 0px;">&#160;</p><p>As opposed as I am to posting long stack traces...</p><p style="min-height: 8pt; height: 8pt; padding: 0px;">&#160;</p><p>2010-04-27 17:18:10,245 DEBUG [org.jboss.ws.core.jaxws.handler.HandlerDelegateJAXWS] callRequestHandlerChain: POST<br/>2010-04-27 17:18:10,245 DEBUG ...<br/>2010-04-27 17:18:10,245 DEBUG [org.jboss.ws.core.jaxws.handler.HandlerChainExecutor] Create a handler executor: [WSSecurity Handler, Recording Handler]<br/>2010-04-27 17:18:10,245 DEBUG [org.jboss.ws.core.jaxws.handler.HandlerChainExecutor] Enter: handleIn BoundMessage<br/>2010-04-27 17:18:10,246 DEBUG [org.jboss.ws.core.soap.SOAPMessageDispatcher] getDispatchDestination: null<br/>2010-04-27 17:18:10,246 DEBUG [org.jboss.ws.extensions.security.SecurityStore] loadStore: real_directory/server.keystore<br/>2010-04-27 17:18:10,246 TRACE [org.jboss.ws.extensions.security.SecurityStore] decrypt password: jboss<br/>2010-04-27 17:18:10,246 TRACE [org.jboss.ws.extensions.security.SecurityStore] decrypted password: jboss<br/>2010-04-27 17:18:10,317 DEBUG [org.jboss.ws.extensions.security.SecurityStore] loadStore: real_directory/serrver.truststore</p><p>2010-04-27 17:18:10,320 TRACE [org.jboss.ws.extensions.security.SecurityStore] decrypt password: jboss<br/>2010-04-27 17:18:10,320 TRACE [org.jboss.ws.extensions.security.SecurityStore] decrypted password: jboss<br/>2010-04-27 17:18:10,322 DEBUG [org.jboss.ws.core.soap.SOAPContentElement] -----------------------------------<br/>2010-04-27 17:18:10,322 DEBUG [org.jboss.ws.core.soap.SOAPContentElement] Transitioning from XML_VALID to DOM_VALID<br/>2010-04-27 17:18:10,324 DEBUG [org.jboss.ws.core.soap.SOAPContentElement] -----------------------------------<br/>2010-04-27 17:18:10,326 TRACE [org.jboss.ws.extensions.security.SecurityStore] decrypt password: jboss<br/>2010-04-27 17:18:10,326 TRACE [org.jboss.ws.extensions.security.SecurityStore] decrypted password: jboss<br/>2010-04-27 17:18:10,328 DEBUG [org.jboss.ws.core.soap.SOAPContentElement] -----------------------------------<br/>2010-04-27 17:18:10,328 DEBUG [org.jboss.ws.core.soap.SOAPContentElement] Transitioning from XML_VALID to DOM_VALID<br/>2010-04-27 17:18:10,329 DEBUG [org.jboss.ws.core.soap.SOAPContentElement] -----------------------------------<br/>2010-04-27 17:18:10,487 ERROR [STDERR] [<strong>Fatal Error</strong>] :1:437: The prefix "ns2" for element "ns2:MyDocument" is not bound.<br/>2010-04-27 17:18:10,488 ERROR [org.jboss.ws.extensions.security.WSSecurityDispatcher] Internal error occured handling inbound message:<br/>org.jboss.ws.extensions.security.exception.FailedCheckException: <strong>Decryption was invalid.</strong><br/>&#160;&#160;&#160; at org.jboss.ws.extensions.security.operation.DecryptionOperation.decryptElement(DecryptionOperation.java:110)<br/>&#160;&#160;&#160; at org.jboss.ws.extensions.security.operation.DecryptionOperation.process(DecryptionOperation.java:146)<br/>&#160;&#160;&#160; at org.jboss.ws.extensions.security.SecurityDecoder.decode(SecurityDecoder.java:156)<br/>&#160;&#160;&#160; at org.jboss.ws.extensions.security.SecurityDecoder.decode(SecurityDecoder.java:195)<br/>&#160;&#160;&#160; at org.jboss.ws.extensions.security.WSSecurityDispatcher.decodeHeader(WSSecurityDispatcher.java:133)<br/>&#160;&#160;&#160; at org.jboss.ws.extensions.security.WSSecurityDispatcher.decodeMessage(WSSecurityDispatcher.java:101)<br/>&#160;&#160;&#160; at org.jboss.ws.extensions.security.jaxws.WSSecurityHandler.handleInboundSecurity(WSSecurityHandler.java:81)<br/>&#160;&#160;&#160; at org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer.handleInbound(WSSecurityHandlerServer.java:39)<br/>&#160;&#160;&#160; at org.jboss.wsf.common.handler.GenericHandler.handleMessage(GenericHandler.java:53)<br/>&#160;&#160;&#160; at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.java:305)<br/>&#160;&#160;&#160; at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.java:142)<br/>&#160;&#160;&#160; at org.jboss.ws.core.jaxws.handler.HandlerDelegateJAXWS.callRequestHandlerChain(HandlerDelegateJAXWS.java:97)<br/>&#160;&#160;&#160; at org.jboss.ws.core.server.ServiceEndpointInvoker.callRequestHandlerChain(ServiceEndpointInvoker.java:125)<br/>&#160;&#160;&#160; at org.jboss.ws.core.server.ServiceEndpointInvoker.invoke(ServiceEndpointInvoker.java:172)<br/>&#160;&#160;&#160; at org.jboss.wsf.stack.jbws.RequestHandlerImpl.processRequest(RequestHandlerImpl.java:474)<br/>&#160;&#160;&#160; at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:295)<br/>&#160;&#160;&#160; at org.jboss.wsf.stack.jbws.RequestHandlerImpl.doPost(RequestHandlerImpl.java:205)<br/>&#160;&#160;&#160; at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:131)<br/>&#160;&#160;&#160; at org.jboss.wsf.common.servlet.AbstractEndpointServlet.service(AbstractEndpointServlet.java:85)<br/>&#160;&#160;&#160; at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)<br/>&#160;&#160;&#160; at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)<br/>&#160;&#160;&#160; at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)<br/>&#160;&#160;&#160; at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)<br/>&#160;&#160;&#160; at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)<br/>&#160;&#160;&#160; at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)<br/>&#160;&#160;&#160; at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)<br/>&#160;&#160;&#160; at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)<br/>&#160;&#160;&#160; at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)<br/>&#160;&#160;&#160; at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)<br/>&#160;&#160;&#160; at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)<br/>&#160;&#160;&#160; at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)<br/>&#160;&#160;&#160; at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)<br/>&#160;&#160;&#160; at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)<br/>&#160;&#160;&#160; at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)<br/>&#160;&#160;&#160; at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)<br/>&#160;&#160;&#160; at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)<br/>&#160;&#160;&#160; at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)<br/>&#160;&#160;&#160; at java.lang.Thread.run(Thread.java:613)<br/>2010-04-27 17:18:10,489 ERROR [org.jboss.ws.core.jaxws.handler.HandlerChainExecutor] Exception during handler processing<br/>org.jboss.ws.core.CommonSOAPFaultException: Decryption was invalid.<br/>&#160;&#160;&#160; at org.jboss.ws.extensions.security.WSSecurityDispatcher.convertToFault(WSSecurityDispatcher.java:264)<br/>&#160;&#160;&#160; at org.jboss.ws.extensions.security.WSSecurityDispatcher.decodeMessage(WSSecurityDispatcher.java:113)<br/>&#160;&#160;&#160; at org.jboss.ws.extensions.security.jaxws.WSSecurityHandler.handleInboundSecurity(WSSecurityHandler.java:81)<br/>&#160;&#160;&#160; at org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer.handleInbound(WSSecurityHandlerServer.java:39)<br/>&#160;&#160;&#160; at org.jboss.wsf.common.handler.GenericHandler.handleMessage(GenericHandler.java:53)<br/>&#160;&#160;&#160; at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.java:305)<br/>&#160;&#160;&#160; at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.java:142)<br/>&#160;&#160;&#160; at org.jboss.ws.core.jaxws.handler.HandlerDelegateJAXWS.callRequestHandlerChain(HandlerDelegateJAXWS.java:97)<br/>&#160;&#160;&#160; at...</p><p style="min-height: 8pt; height: 8pt; padding: 0px;">&#160;</p><p><span>&lt;env:Envelope xmlns:env='</span><a class="jive-link-external-small" href="http://schemas.xmlsoap.org/soap/envelope/" target="_blank">http://schemas.xmlsoap.org/soap/envelope/</a><span>'&gt;</span><br/> &lt;env:Header/&gt;<br/> &lt;env:Body&gt;<br/><span>&#160; &lt;env:Fault xmlns:env='</span><a class="jive-link-external-small" href="http://schemas.xmlsoap.org/soap/envelope/" target="_blank">http://schemas.xmlsoap.org/soap/envelope/</a><span>'&gt;</span><br/><span>&#160;&#160; &lt;faultcode xmlns:wsse='</span><a class="jive-link-external-small" href="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" target="_blank">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd</a><span>'&gt;</span><strong>wsse:FailedCheck</strong>&lt;/faultcode&gt;<br/>&#160;&#160; &lt;faultstring&gt;Decryption was invalid.&lt;/faultstring&gt;<br/>&#160; &lt;/env:Fault&gt;<br/> &lt;/env:Body&gt;<br/>&lt;/env:Envelope&gt;</p></div>

<div style="background-color: #f4f4f4; padding: 10px; margin-top: 20px;">
    <p style="margin: 0;">Reply to this message by <a href="http://community.jboss.org/message/539899#539899">going to Community</a></p>
        <p style="margin: 0;">Start a new discussion in JBoss Web Services at <a href="http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044">Community</a></p>
</div></td>
                        </tr>
                    </tbody>
                </table>


                </td>
            </tr>
        </tbody>
    </table>

</div>

</body>
</html>