January 2013 - esb-issues - Jboss List Archives

[JBoss JIRA] (JBESB-3899) CamelMessageComposer coerces all classes coming back to String.class

by Tom Cunningham (JIRA)

[ https://issues.jboss.org/browse/JBESB-3899?page=com.atlassian.jira.plugin... ] Tom Cunningham updated JBESB-3899: ---------------------------------- Component/s: Rosetta > CamelMessageComposer coerces all classes coming back to String.class > -------------------------------------------------------------------- > > Key: JBESB-3899 > URL: https://issues.jboss.org/browse/JBESB-3899 > Project: JBoss ESB > Issue Type: Bug > Security Level: Public(Everyone can see) > Components: Rosetta > Reporter: Tom Cunningham > > See https://community.jboss.org/thread/220120?tstart=0 > CamelMessageComposer is coercing all classes that come back into String.class - need to test whether we can do no coercion and leave the classes the same from the Camel message. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 3 months

1
0
0 / 0

[JBoss JIRA] (JBESB-3899) CamelMessageComposer coerces all classes coming back to String.class

by Tom Cunningham (JIRA)

[ https://issues.jboss.org/browse/JBESB-3899?page=com.atlassian.jira.plugin... ] Tom Cunningham updated JBESB-3899: ---------------------------------- Fix Version/s: 4.12 > CamelMessageComposer coerces all classes coming back to String.class > -------------------------------------------------------------------- > > Key: JBESB-3899 > URL: https://issues.jboss.org/browse/JBESB-3899 > Project: JBoss ESB > Issue Type: Bug > Security Level: Public(Everyone can see) > Components: Rosetta > Affects Versions: 4.11 > Reporter: Tom Cunningham > Fix For: 4.12 > > > See https://community.jboss.org/thread/220120?tstart=0 > CamelMessageComposer is coercing all classes that come back into String.class - need to test whether we can do no coercion and leave the classes the same from the Camel message. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 3 months

1
0
0 / 0

[JBoss JIRA] (JBESB-3899) CamelMessageComposer coerces all classes coming back to String.class

by Tom Cunningham (JIRA)

[ https://issues.jboss.org/browse/JBESB-3899?page=com.atlassian.jira.plugin... ] Tom Cunningham updated JBESB-3899: ---------------------------------- Affects Version/s: 4.11 > CamelMessageComposer coerces all classes coming back to String.class > -------------------------------------------------------------------- > > Key: JBESB-3899 > URL: https://issues.jboss.org/browse/JBESB-3899 > Project: JBoss ESB > Issue Type: Bug > Security Level: Public(Everyone can see) > Components: Rosetta > Affects Versions: 4.11 > Reporter: Tom Cunningham > > See https://community.jboss.org/thread/220120?tstart=0 > CamelMessageComposer is coercing all classes that come back into String.class - need to test whether we can do no coercion and leave the classes the same from the Camel message. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 3 months

1
0
0 / 0

[JBoss JIRA] (JBESB-3899) CamelMessageComposer coerces all classes coming back to String.class

by Tom Cunningham (JIRA)

Tom Cunningham created JBESB-3899: ------------------------------------- Summary: CamelMessageComposer coerces all classes coming back to String.class Key: JBESB-3899 URL: https://issues.jboss.org/browse/JBESB-3899 Project: JBoss ESB Issue Type: Bug Security Level: Public (Everyone can see) Reporter: Tom Cunningham -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 3 months

1
0
0 / 0

[JBoss JIRA] (JBESB-3899) CamelMessageComposer coerces all classes coming back to String.class

by Tom Cunningham (JIRA)

[ https://issues.jboss.org/browse/JBESB-3899?page=com.atlassian.jira.plugin... ] Tom Cunningham updated JBESB-3899: ---------------------------------- Description: See https://community.jboss.org/thread/220120?tstart=0 CamelMessageComposer is coercing all classes that come back into String.class - need to test whether we can do no coercion and leave the classes the same from the Camel message. > CamelMessageComposer coerces all classes coming back to String.class > -------------------------------------------------------------------- > > Key: JBESB-3899 > URL: https://issues.jboss.org/browse/JBESB-3899 > Project: JBoss ESB > Issue Type: Bug > Security Level: Public(Everyone can see) > Reporter: Tom Cunningham > > See https://community.jboss.org/thread/220120?tstart=0 > CamelMessageComposer is coercing all classes that come back into String.class - need to test whether we can do no coercion and leave the classes the same from the Camel message. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 3 months

1
0
0 / 0

[JBoss JIRA] (JBESB-3895) Need to increase the size of j3_key_data_value.key_data_value to 2048

by RH Bugzilla Integration (JIRA)

[ https://issues.jboss.org/browse/JBESB-3895?page=com.atlassian.jira.plugin... ] RH Bugzilla Integration commented on JBESB-3895: ------------------------------------------------ Julian Coleman <jcoleman(a)redhat.com> made a comment on [bug 894323|https://bugzilla.redhat.com/show_bug.cgi?id=894323] Revision 11674 of: soa-p/src/main/resources/soa-p/add-juddi-tables.db2.txt Commit log: BZ-894323 Increase size of key_data_value in the j3_key_data_value table to 2048 in the DB2 upgrade script. Mirrors change in the ESB create table script. > Need to increase the size of j3_key_data_value.key_data_value to 2048 > --------------------------------------------------------------------- > > Key: JBESB-3895 > URL: https://issues.jboss.org/browse/JBESB-3895 > Project: JBoss ESB > Issue Type: Bug > Security Level: Public(Everyone can see) > Components: Registry and Repository > Affects Versions: 4.11 CP2 > Reporter: Tom Cunningham > Assignee: Tom Cunningham > Fix For: 4.11 CP2 > > > Need to increase the size of j3_key_data_value to 2048 - see https://bugzilla.redhat.com/show_bug.cgi?id=894323 -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 3 months

1
0
0 / 0

[JBoss JIRA] (JBESB-3898) EBWS on CXF fails to handle WS-Security header with soap:mustUnderstand="1"

by RH Bugzilla Integration (JIRA)

[ https://issues.jboss.org/browse/JBESB-3898?page=com.atlassian.jira.plugin... ] RH Bugzilla Integration commented on JBESB-3898: ------------------------------------------------ Tadayoshi Sato <tasato(a)redhat.com> made a comment on [bug 902156|https://bugzilla.redhat.com/show_bug.cgi?id=902156] Description of problem: Platform BZ for https://issues.jboss.org/browse/JBESB-3898 On JBoss WS CXF, EBWS (ESB-based web service) throws SOAP Faults when handling SOAP requests with the WS-Security UsernameToken header which is declared with soap:mustUnderstand="1", even though <security moduleName="..."/> (I believe this enables WS-Security for EBWS) is set up for the EBWS in jboss-esb.xml. Note that I confirmed JBoss WS CXF itself can handle WS-Security with soap:mustUnderstand="1" if jbossws-cxf.xml is properly set up. So, I suspect the problem would be in EBWS. I used the following SOAP request: -------------------------------------------------- <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:say="http://www.jboss.org/sayHi" xmlns:cust="http://www.jboss.org/custom-request" xmlns:sub="http://www.jboss.org/custom-subtype" xmlns:t="http://www.jboss.org/type2"> <soap:Header> <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"> <wsse:UsernameToken> <wsse:Username>kermit</wsse:Username> <wsse:Password>thefrog</wsse:Password> </wsse:UsernameToken> </wsse:Security> </soap:Header> <soap:Body> ... </soap:Body> </soap:Envelope> And got the following SOAP Fault: -------------------------------------------------- <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Header> <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"/> </soap:Header> <soap:Body> <soap:Fault> <faultcode>soap:MustUnderstand</faultcode> <faultstring>MustUnderstand headers: [{http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd}Security] are not understood.</faultstring> </soap:Fault> </soap:Body> </soap:Envelope> I also got the following error stacktrace: -------------------------------------------------- 17:04:09,572 WARNING [PhaseInterceptorChain] Interceptor for {http://soa.jboss.org/ESBServiceSample}HelloWorldPubServiceService#{http://soa.jboss.org/ESBServiceSample}HelloWorldPubServiceOp has thrown exception, unwinding now org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers: [{http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd}Security] are not understood. at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$UltimateReceiverMustUnderstandInterceptor.handleMessage(MustUnderstandInterceptor.java:225) at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$UltimateReceiverMustUnderstandInterceptor.handleMessage(MustUnderstandInterceptor.java:199) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243) at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:111) at org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:99) at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:431) at org.jboss.wsf.stack.cxf.ServletControllerExt.invoke(ServletControllerExt.java:173) at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:61) at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:185) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:179) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:103) at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:159) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:183) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:95) at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126) at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.internalProcess(ActiveRequestResponseCacheValve.java:74) at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:47) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:599) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:451) How reproducible: Easily by using a quickstart. Steps to Reproduce: 1. Pick up the "publish_as_webservice" quickstart. 2. Add soap:mustUnderstand="1" to the wsse:Security SOAP Header in soap-userpass-message.xml. 3. Send this message as a request to the "ESBServiceSample:HelloWorldPubService" service using soapUI. Actual results: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Header> <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"/> </soap:Header> <soap:Body> <soap:Fault> <faultcode>soap:MustUnderstand</faultcode> <faultstring>MustUnderstand headers: [{http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd}Security] are not understood.</faultstring> </soap:Fault> </soap:Body> </soap:Envelope> Expected results: <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Header/> <SOAP-ENV:Body> <say:sayHiResponse xmlns:say="http://www.jboss.org/sayHi"> <say:arg0>Response from ESB Service</say:arg0> </say:sayHiResponse> </SOAP-ENV:Body> </SOAP-ENV:Envelope> > EBWS on CXF fails to handle WS-Security header with soap:mustUnderstand="1" > --------------------------------------------------------------------------- > > Key: JBESB-3898 > URL: https://issues.jboss.org/browse/JBESB-3898 > Project: JBoss ESB > Issue Type: Bug > Security Level: Public(Everyone can see) > Components: Web Services > Affects Versions: 4.11 > Environment: SOA-P installed with JBoss WS CXF stack > Reporter: Tadayoshi Sato > > On JBoss WS CXF, EBWS (ESB-based web service) throws SOAP Faults when handling SOAP requests with the WS-Security UsernameToken header which is declared with {{soap:mustUnderstand="1"}}, even though {{<security moduleName="..."/>}} (I believe this enables WS-Security for EBWS) is set up for the EBWS in {{jboss-esb.xml}}. > Note that I confirmed JBoss WS CXF itself can handle WS-Security with {{soap:mustUnderstand="1"}} if {{jbossws-cxf.xml}} is properly set up. So, I suspect the problem would be in EBWS. > I used the following SOAP request: > {code} > <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:say="http://www.jboss.org/sayHi" xmlns:cust="http://www.jboss.org/custom-request" xmlns:sub="http://www.jboss.org/custom-subtype" xmlns:t="http://www.jboss.org/type2"> > <soap:Header> > <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"> > <wsse:UsernameToken> > <wsse:Username>kermit</wsse:Username> > <wsse:Password>thefrog</wsse:Password> > </wsse:UsernameToken> > </wsse:Security> > </soap:Header> > <soap:Body> > ... > </soap:Body> > </soap:Envelope> > {code} > And got the following SOAP Fault: > {code} > <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> > <soap:Header> > <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"/> > </soap:Header> > <soap:Body> > <soap:Fault> > <faultcode>soap:MustUnderstand</faultcode> > <faultstring>MustUnderstand headers: [{http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd}Security] are not understood.</faultstring> > </soap:Fault> > </soap:Body> > </soap:Envelope> > {code} > I also got the following error stacktrace: > {code} > 17:04:09,572 WARNING [PhaseInterceptorChain] Interceptor for {http://soa.jboss.org/ESBServiceSample}HelloWorldPubServiceService#{http://soa.jboss.org/ESBServiceSample}HelloWorldPubServiceOp has thrown exception, unwinding now > org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers: [{http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd}Security] are not understood. > at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$UltimateReceiverMustUnderstandInterceptor.handleMessage(MustUnderstandInterceptor.java:225) > at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$UltimateReceiverMustUnderstandInterceptor.handleMessage(MustUnderstandInterceptor.java:199) > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243) > at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:111) > at org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:99) > at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:431) > at org.jboss.wsf.stack.cxf.ServletControllerExt.invoke(ServletControllerExt.java:173) > at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:61) > at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:185) > at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:179) > at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:103) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) > at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:159) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235) > at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) > at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:183) > at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:95) > at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126) > at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70) > at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) > at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) > at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) > at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.internalProcess(ActiveRequestResponseCacheValve.java:74) > at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:47) > at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330) > at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829) > at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:599) > at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:451) > {code} -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 3 months

1
0
0 / 0

[JBoss JIRA] (JBESB-3898) EBWS on CXF fails to handle WS-Security header with soap:mustUnderstand="1"

by RH Bugzilla Integration (JIRA)

[ https://issues.jboss.org/browse/JBESB-3898?page=com.atlassian.jira.plugin... ] RH Bugzilla Integration updated JBESB-3898: ------------------------------------------- Bugzilla Update: Perform Bugzilla References: https://bugzilla.redhat.com/show_bug.cgi?id=902156 > EBWS on CXF fails to handle WS-Security header with soap:mustUnderstand="1" > --------------------------------------------------------------------------- > > Key: JBESB-3898 > URL: https://issues.jboss.org/browse/JBESB-3898 > Project: JBoss ESB > Issue Type: Bug > Security Level: Public(Everyone can see) > Components: Web Services > Affects Versions: 4.11 > Environment: SOA-P installed with JBoss WS CXF stack > Reporter: Tadayoshi Sato > > On JBoss WS CXF, EBWS (ESB-based web service) throws SOAP Faults when handling SOAP requests with the WS-Security UsernameToken header which is declared with {{soap:mustUnderstand="1"}}, even though {{<security moduleName="..."/>}} (I believe this enables WS-Security for EBWS) is set up for the EBWS in {{jboss-esb.xml}}. > Note that I confirmed JBoss WS CXF itself can handle WS-Security with {{soap:mustUnderstand="1"}} if {{jbossws-cxf.xml}} is properly set up. So, I suspect the problem would be in EBWS. > I used the following SOAP request: > {code} > <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:say="http://www.jboss.org/sayHi" xmlns:cust="http://www.jboss.org/custom-request" xmlns:sub="http://www.jboss.org/custom-subtype" xmlns:t="http://www.jboss.org/type2"> > <soap:Header> > <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"> > <wsse:UsernameToken> > <wsse:Username>kermit</wsse:Username> > <wsse:Password>thefrog</wsse:Password> > </wsse:UsernameToken> > </wsse:Security> > </soap:Header> > <soap:Body> > ... > </soap:Body> > </soap:Envelope> > {code} > And got the following SOAP Fault: > {code} > <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> > <soap:Header> > <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"/> > </soap:Header> > <soap:Body> > <soap:Fault> > <faultcode>soap:MustUnderstand</faultcode> > <faultstring>MustUnderstand headers: [{http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd}Security] are not understood.</faultstring> > </soap:Fault> > </soap:Body> > </soap:Envelope> > {code} > I also got the following error stacktrace: > {code} > 17:04:09,572 WARNING [PhaseInterceptorChain] Interceptor for {http://soa.jboss.org/ESBServiceSample}HelloWorldPubServiceService#{http://soa.jboss.org/ESBServiceSample}HelloWorldPubServiceOp has thrown exception, unwinding now > org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers: [{http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd}Security] are not understood. > at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$UltimateReceiverMustUnderstandInterceptor.handleMessage(MustUnderstandInterceptor.java:225) > at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$UltimateReceiverMustUnderstandInterceptor.handleMessage(MustUnderstandInterceptor.java:199) > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243) > at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:111) > at org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:99) > at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:431) > at org.jboss.wsf.stack.cxf.ServletControllerExt.invoke(ServletControllerExt.java:173) > at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:61) > at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:185) > at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:179) > at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:103) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) > at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:159) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235) > at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) > at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:183) > at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:95) > at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126) > at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70) > at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) > at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) > at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) > at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.internalProcess(ActiveRequestResponseCacheValve.java:74) > at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:47) > at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330) > at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829) > at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:599) > at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:451) > {code} -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 3 months

1
0
0 / 0

[JBoss JIRA] (JBESB-3898) EBWS on CXF fails to handle WS-Security header with soap:mustUnderstand="1"

by Tadayoshi Sato (JIRA)

[ https://issues.jboss.org/browse/JBESB-3898?page=com.atlassian.jira.plugin... ] Tadayoshi Sato updated JBESB-3898: ---------------------------------- Description: On JBoss WS CXF, EBWS (ESB-based web service) throws SOAP Faults when handling SOAP requests with the WS-Security UsernameToken header which is declared with {{soap:mustUnderstand="1"}}, even though {{<security moduleName="..."/>}} (I believe this enables WS-Security for EBWS) is set up for the EBWS in {{jboss-esb.xml}}. Note that I confirmed JBoss WS CXF itself can handle WS-Security with {{soap:mustUnderstand="1"}} if {{jbossws-cxf.xml}} is properly set up. So, I suspect the problem would be in EBWS. I used the following SOAP request: {code} <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:say="http://www.jboss.org/sayHi" xmlns:cust="http://www.jboss.org/custom-request" xmlns:sub="http://www.jboss.org/custom-subtype" xmlns:t="http://www.jboss.org/type2"> <soap:Header> <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"> <wsse:UsernameToken> <wsse:Username>kermit</wsse:Username> <wsse:Password>thefrog</wsse:Password> </wsse:UsernameToken> </wsse:Security> </soap:Header> <soap:Body> ... </soap:Body> </soap:Envelope> {code} And got the following SOAP Fault: {code} <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Header> <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"/> </soap:Header> <soap:Body> <soap:Fault> <faultcode>soap:MustUnderstand</faultcode> <faultstring>MustUnderstand headers: [{http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd}Security] are not understood.</faultstring> </soap:Fault> </soap:Body> </soap:Envelope> {code} I also got the following error stacktrace: {code} 17:04:09,572 WARNING [PhaseInterceptorChain] Interceptor for {http://soa.jboss.org/ESBServiceSample}HelloWorldPubServiceService#{http://soa.jboss.org/ESBServiceSample}HelloWorldPubServiceOp has thrown exception, unwinding now org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers: [{http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd}Security] are not understood. at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$UltimateReceiverMustUnderstandInterceptor.handleMessage(MustUnderstandInterceptor.java:225) at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$UltimateReceiverMustUnderstandInterceptor.handleMessage(MustUnderstandInterceptor.java:199) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243) at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:111) at org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:99) at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:431) at org.jboss.wsf.stack.cxf.ServletControllerExt.invoke(ServletControllerExt.java:173) at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:61) at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:185) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:179) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:103) at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:159) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:183) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:95) at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126) at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.internalProcess(ActiveRequestResponseCacheValve.java:74) at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:47) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:599) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:451) {code} was: On JBoss WS CXF, EBWS (ESB-based web service) throws SOAP Faults when handling SOAP requests with the WS-Security UsernameToken header which is declared with {{soap:mustUnderstand="1"}}, even though {{<security moduleName="..."/>}} (I believe this enables WS-Security for EBWS) is set up for the EBWS in {{jboss-esb.xml}}. I used the following SOAP request: {code} <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:say="http://www.jboss.org/sayHi" xmlns:cust="http://www.jboss.org/custom-request" xmlns:sub="http://www.jboss.org/custom-subtype" xmlns:t="http://www.jboss.org/type2"> <soap:Header> <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"> <wsse:UsernameToken> <wsse:Username>kermit</wsse:Username> <wsse:Password>thefrog</wsse:Password> </wsse:UsernameToken> </wsse:Security> </soap:Header> <soap:Body> ... </soap:Body> </soap:Envelope> {code} And got the following SOAP Fault: {code} <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Header> <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"/> </soap:Header> <soap:Body> <soap:Fault> <faultcode>soap:MustUnderstand</faultcode> <faultstring>MustUnderstand headers: [{http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd}Security] are not understood.</faultstring> </soap:Fault> </soap:Body> </soap:Envelope> {code} I also got the following error stacktrace: {code} 17:04:09,572 WARNING [PhaseInterceptorChain] Interceptor for {http://soa.jboss.org/ESBServiceSample}HelloWorldPubServiceService#{http://soa.jboss.org/ESBServiceSample}HelloWorldPubServiceOp has thrown exception, unwinding now org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers: [{http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd}Security] are not understood. at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$UltimateReceiverMustUnderstandInterceptor.handleMessage(MustUnderstandInterceptor.java:225) at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$UltimateReceiverMustUnderstandInterceptor.handleMessage(MustUnderstandInterceptor.java:199) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243) at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:111) at org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:99) at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:431) at org.jboss.wsf.stack.cxf.ServletControllerExt.invoke(ServletControllerExt.java:173) at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:61) at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:185) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:179) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:103) at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:159) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:183) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:95) at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126) at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.internalProcess(ActiveRequestResponseCacheValve.java:74) at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:47) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:599) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:451) {code} > EBWS on CXF fails to handle WS-Security header with soap:mustUnderstand="1" > --------------------------------------------------------------------------- > > Key: JBESB-3898 > URL: https://issues.jboss.org/browse/JBESB-3898 > Project: JBoss ESB > Issue Type: Bug > Security Level: Public(Everyone can see) > Components: Web Services > Affects Versions: 4.11 > Environment: SOA-P installed with JBoss WS CXF stack > Reporter: Tadayoshi Sato > > On JBoss WS CXF, EBWS (ESB-based web service) throws SOAP Faults when handling SOAP requests with the WS-Security UsernameToken header which is declared with {{soap:mustUnderstand="1"}}, even though {{<security moduleName="..."/>}} (I believe this enables WS-Security for EBWS) is set up for the EBWS in {{jboss-esb.xml}}. > Note that I confirmed JBoss WS CXF itself can handle WS-Security with {{soap:mustUnderstand="1"}} if {{jbossws-cxf.xml}} is properly set up. So, I suspect the problem would be in EBWS. > I used the following SOAP request: > {code} > <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:say="http://www.jboss.org/sayHi" xmlns:cust="http://www.jboss.org/custom-request" xmlns:sub="http://www.jboss.org/custom-subtype" xmlns:t="http://www.jboss.org/type2"> > <soap:Header> > <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"> > <wsse:UsernameToken> > <wsse:Username>kermit</wsse:Username> > <wsse:Password>thefrog</wsse:Password> > </wsse:UsernameToken> > </wsse:Security> > </soap:Header> > <soap:Body> > ... > </soap:Body> > </soap:Envelope> > {code} > And got the following SOAP Fault: > {code} > <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> > <soap:Header> > <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"/> > </soap:Header> > <soap:Body> > <soap:Fault> > <faultcode>soap:MustUnderstand</faultcode> > <faultstring>MustUnderstand headers: [{http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd}Security] are not understood.</faultstring> > </soap:Fault> > </soap:Body> > </soap:Envelope> > {code} > I also got the following error stacktrace: > {code} > 17:04:09,572 WARNING [PhaseInterceptorChain] Interceptor for {http://soa.jboss.org/ESBServiceSample}HelloWorldPubServiceService#{http://soa.jboss.org/ESBServiceSample}HelloWorldPubServiceOp has thrown exception, unwinding now > org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers: [{http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd}Security] are not understood. > at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$UltimateReceiverMustUnderstandInterceptor.handleMessage(MustUnderstandInterceptor.java:225) > at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$UltimateReceiverMustUnderstandInterceptor.handleMessage(MustUnderstandInterceptor.java:199) > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243) > at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:111) > at org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:99) > at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:431) > at org.jboss.wsf.stack.cxf.ServletControllerExt.invoke(ServletControllerExt.java:173) > at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:61) > at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:185) > at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:179) > at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:103) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) > at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:159) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235) > at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) > at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:183) > at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:95) > at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126) > at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70) > at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) > at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) > at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) > at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.internalProcess(ActiveRequestResponseCacheValve.java:74) > at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:47) > at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330) > at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829) > at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:599) > at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:451) > {code} -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 3 months

1
0
0 / 0

[JBoss JIRA] (JBESB-3898) EBWS on CXF fails to handle WS-Security header with soap:mustUnderstand="1"

by Tadayoshi Sato (JIRA)

Tadayoshi Sato created JBESB-3898: ------------------------------------- Summary: EBWS on CXF fails to handle WS-Security header with soap:mustUnderstand="1" Key: JBESB-3898 URL: https://issues.jboss.org/browse/JBESB-3898 Project: JBoss ESB Issue Type: Bug Security Level: Public (Everyone can see) Components: Web Services Affects Versions: 4.11 Environment: SOA-P installed with JBoss WS CXF stack Reporter: Tadayoshi Sato On JBoss WS CXF, EBWS (ESB-based web service) throws SOAP Faults when handling SOAP requests with the WS-Security UsernameToken header which is declared with {{soap:mustUnderstand="1"}}, even though {{<security moduleName="..."/>}} (I believe this enables WS-Security for EBWS) is set up for the EBWS in {{jboss-esb.xml}}. I used the following SOAP request: {code} <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:say="http://www.jboss.org/sayHi" xmlns:cust="http://www.jboss.org/custom-request" xmlns:sub="http://www.jboss.org/custom-subtype" xmlns:t="http://www.jboss.org/type2"> <soap:Header> <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"> <wsse:UsernameToken> <wsse:Username>kermit</wsse:Username> <wsse:Password>thefrog</wsse:Password> </wsse:UsernameToken> </wsse:Security> </soap:Header> <soap:Body> ... </soap:Body> </soap:Envelope> {code} And got the following SOAP Fault: {code} <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Header> <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"/> </soap:Header> <soap:Body> <soap:Fault> <faultcode>soap:MustUnderstand</faultcode> <faultstring>MustUnderstand headers: [{http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd}Security] are not understood.</faultstring> </soap:Fault> </soap:Body> </soap:Envelope> {code} I also got the following error stacktrace: {code} 17:04:09,572 WARNING [PhaseInterceptorChain] Interceptor for {http://soa.jboss.org/ESBServiceSample}HelloWorldPubServiceService#{http://soa.jboss.org/ESBServiceSample}HelloWorldPubServiceOp has thrown exception, unwinding now org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers: [{http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd}Security] are not understood. at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$UltimateReceiverMustUnderstandInterceptor.handleMessage(MustUnderstandInterceptor.java:225) at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$UltimateReceiverMustUnderstandInterceptor.handleMessage(MustUnderstandInterceptor.java:199) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243) at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:111) at org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:99) at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:431) at org.jboss.wsf.stack.cxf.ServletControllerExt.invoke(ServletControllerExt.java:173) at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:61) at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:185) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:179) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:103) at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:159) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:183) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:95) at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126) at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.internalProcess(ActiveRequestResponseCacheValve.java:74) at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:47) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:599) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:451) {code} -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 3 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

esb-issues January 2013