Fabrizio Boco [http://community.jboss.org/people/FabBoco] created the discussion "Securing a Web Service" To view the discussion, visit: http://community.jboss.org/message/575363#575363 -------------------------------------------------------------- Hi, I am getting crazy trying to secure a Web Service using WS-Security. I am following this tutorial (which is the only I have found that is almost complete !!!): http://www.developer.com//java/other/article.php/3802631/Securing-Web-Ser... http://www.developer.com//java/other/article.php/3802631/Securing-Web-Ser... When I try to call the secured web service from the client using the following command: wsclient.sh -jar myjar.jar ...Client I get the error: Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: This service requires <wsse:Security>, which is missing.         at org.jboss.ws.core.jaxws.SOAPFaultHelperJAXWS.getSOAPFaultException(SOAPFaultHelperJAXWS.java:84)         at org.jboss.ws.core.jaxws.binding.SOAP11BindingJAXWS.throwFaultException(SOAP11BindingJAXWS.java:107)         at org.jboss.ws.core.CommonSOAPBinding.unbindResponseMessage(CommonSOAPBinding.java:579)         at org.jboss.ws.core.CommonClient.invoke(CommonClient.java:381)         at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:290)         at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:170)         at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:150)         at $Proxy8.sayHello(Unknown Source) and this appears on the jboss console: 10:50:53,318 ERROR [HandlerChainExecutor] Exception during handler processing org.jboss.ws.core.CommonSOAPFaultException: This service requires <wsse:Security>, which is missing.         at org.jboss.ws.extensions.security.WSSecurityDispatcher.convertToFault(WSSecurityDispatcher.java:264)         at org.jboss.ws.extensions.security.WSSecurityDispatcher.decodeMessage(WSSecurityDispatcher.java:94)          at org.jboss.ws.extensions.security.jaxws.WSSecurityHandler.handleInboundSecurity(WSSecurityHandler.java:81)         at org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer.handleInbound(WSSecurityHandlerServer.java:39)         at org.jboss.wsf.common.handler.GenericHandler.handleMessage(GenericHandler.java:53)                                    at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.java:305)                    at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.java:142)                    at org.jboss.ws.core.jaxws.handler.HandlerDelegateJAXWS.callRequestHandlerChain(HandlerDelegateJAXWS.java:97)           at org.jboss.ws.core.server.ServiceEndpointInvoker.callRequestHandlerChain(ServiceEndpointInvoker.java:125)             at org.jboss.ws.core.server.ServiceEndpointInvoker.invoke(ServiceEndpointInvoker.java:172)                              at org.jboss.wsf.stack.jbws.RequestHandlerImpl.processRequest(RequestHandlerImpl.java:474)                              at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:295)                               at org.jboss.wsf.stack.jbws.RequestHandlerImpl.doPost(RequestHandlerImpl.java:205)                                      at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:131)                           at org.jboss.wsf.common.servlet.AbstractEndpointServlet.service(AbstractEndpointServlet.java:85)                        at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)                                                         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)                    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)                            at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)                                   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)                    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)                            at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)                                  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)                                  at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)                     at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)                                      at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)         at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)                                              at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)                                              at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)                              at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)                                          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)                                                at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)                                                 at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)                           at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)                                                    at java.lang.Thread.run(Thread.java:619)                                                                              10:50:53,319 ERROR [SOAPFaultHelperJAXWS] SOAP request exception                                                              org.jboss.ws.core.CommonSOAPFaultException: This service requires <wsse:Security>, which is missing.                                  at org.jboss.ws.extensions.security.WSSecurityDispatcher.convertToFault(WSSecurityDispatcher.java:264)                        at org.jboss.ws.extensions.security.WSSecurityDispatcher.decodeMessage(WSSecurityDispatcher.java:94)                          at org.jboss.ws.extensions.security.jaxws.WSSecurityHandler.handleInboundSecurity(WSSecurityHandler.java:81)                  at org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer.handleInbound(WSSecurityHandlerServer.java:39)              at org.jboss.wsf.common.handler.GenericHandler.handleMessage(GenericHandler.java:53)                                          at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.java:305)                          at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.java:142)                          at org.jboss.ws.core.jaxws.handler.HandlerDelegateJAXWS.callRequestHandlerChain(HandlerDelegateJAXWS.java:97)                 at org.jboss.ws.core.server.ServiceEndpointInvoker.callRequestHandlerChain(ServiceEndpointInvoker.java:125)                   at org.jboss.ws.core.server.ServiceEndpointInvoker.invoke(ServiceEndpointInvoker.java:172)                                    at org.jboss.wsf.stack.jbws.RequestHandlerImpl.processRequest(RequestHandlerImpl.java:474)                                    at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:295)                                     at org.jboss.wsf.stack.jbws.RequestHandlerImpl.doPost(RequestHandlerImpl.java:205)                                            at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:131)                                 at org.jboss.wsf.common.servlet.AbstractEndpointServlet.service(AbstractEndpointServlet.java:85)                              at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)                                                               at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)                          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)                                  at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)                                         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)                          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)                                  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)                                        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)                                        at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)         at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)         at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)         at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)         at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)         at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)         at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)         at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)         at java.lang.Thread.run(Thread.java:619) 10:50:53,322 ERROR [SOAPFaultHelperJAXRPC] SOAP request exception javax.xml.rpc.soap.SOAPFaultException: This service requires <wsse:Security>, which is missing.         at org.jboss.ws.core.jaxrpc.SOAPFaultHelperJAXRPC.exceptionToFaultMessage(SOAPFaultHelperJAXRPC.java:189)         at org.jboss.ws.core.jaxws.SOAPFaultHelperJAXWS.exceptionToFaultMessage(SOAPFaultHelperJAXWS.java:183)         at org.jboss.ws.core.jaxws.binding.SOAP11BindingJAXWS.createFaultMessageFromException(SOAP11BindingJAXWS.java:102)         at org.jboss.ws.core.CommonSOAPBinding.bindFaultMessage(CommonSOAPBinding.java:671)         at org.jboss.ws.core.server.ServiceEndpointInvoker.invoke(ServiceEndpointInvoker.java:285)         at org.jboss.wsf.stack.jbws.RequestHandlerImpl.processRequest(RequestHandlerImpl.java:474)         at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:295)         at org.jboss.wsf.stack.jbws.RequestHandlerImpl.doPost(RequestHandlerImpl.java:205)         at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:131)         at org.jboss.wsf.common.servlet.AbstractEndpointServlet.service(AbstractEndpointServlet.java:85)         at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)         at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)         at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)         at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)         at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)         at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)         at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)         at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)         at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)         at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)         at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)         at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)         at java.lang.Thread.run(Thread.java:619) It looks like that the client is not properly configured. Can anyone help me to understand what is going wrong ? Can anyone point me to a working tutorial or better to a working sample code ? My environment is: 1) Jboss-5.1.0.GA 2) JDK 1.6.0_12-b04 Thank you. Regards Fab. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/575363#575363] Start a new discussion in JBoss Web Services at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&...]