Announcement Announcement Module
Collapse
No announcement yet.
Spring WS Security issue using Wss4jSecurityInterceptor with SimplePasswordValidation Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring WS Security issue using Wss4jSecurityInterceptor with SimplePasswordValidation

    Hi,

    I am trying to use Spring WebService security using Wss4jSecurityInterceptor with SimplePasswordValidationCallbackHandler. When I send the request through Soap UI, I am getting the below response. Please help me to resolve the issue.

    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soapenv:Body>
    <soapenv:Fault>
    <faultcode>soapenv:Client</faultcode>
    <faultstring xml:lang="en">The security token could not be authenticated or authorized; nested exception is org.apache.ws.security.WSSecurityException: The security token could not be authenticated or authorized</faultstring>
    </soapenv:Fault>
    </soapenv:Body>
    </soapenv:Envelope>

    Here is my Soap UI request

    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:mes="http://rewardsnetwork.com/service/merchant/integration/messages">
    <soapenv:Header>
    <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    <wsse:UsernameToken wsu:Id="UsernameToken-26993204" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsse:Username>Temp</wsse:Username>
    <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">User</wsse:Password>
    <wsse:Nonce>MW7JmYsaQIrM8DD63cdN3Q==</wsse:Nonce>
    <wsu:Created>2011-11-05T19:34:47Z</wsu:Created>
    </wsse:UsernameToken>
    </wsse:Security>
    </soapenv:Header>
    <soapenv:Body>
    <mes:GetBonusMerchantsByChildMupRequest>
    <mes:childMup>z</mes:childMup>
    <mesrofile>WEB</mesrofile>
    </mes:GetBonusMerchantsByChildMupRequest>
    </soapenv:Body>
    </soapenv:Envelope>

    Here is server configuration for Interceptor and callback handler

    <!-- Interceptors -->

    <bean id="callbackHandler" class="org.springframework.ws.soap.security.wss4j. callback.SimplePasswordValidationCallbackHandler">
    <property name="users">
    <props>
    <prop key="Temp">User</prop>
    <prop key="Temp2">User2</prop>
    </props>
    </property>
    </bean>


    <!-- Endpoint -->
    <bean id="annotationPayloadRootEndpointMapping"
    class="org.springframework.ws.server.endpoint.mapp ing.PayloadRootAnnotationMethodEndpointMapping">
    <description>Detects @PayloadRoot annotations on @Endpoint bean methods.</description>
    <property name="interceptors">
    <list>
    <bean class="org.springframework.ws.server.endpoint.inte rceptor.PayloadLoggingInterceptor"/>
    <bean class="org.springframework.ws.soap.server.endpoint .interceptor.PayloadValidatingInterceptor">
    <property name="xsdSchemaCollection" ref="schemaCollection"/>
    <property name="validateRequest" value="true"/>
    <property name="validateResponse" value="true"/>
    </bean>
    <bean class="org.springframework.ws.soap.security.wss4j. Wss4jSecurityInterceptor">
    <property name="validateRequest" value="true"/>
    <property name="secureResponse" value="false"/>
    <property name="securementActions" value="NoSecurity"/>

    <property name="validationActions" value="UsernameToken" />
    <property name="validationCallbackHandler" ref="callbackHandler" />
    </bean>
    </list>
    </property>
    <property name="order" value="1"/>
    </bean>

    I could see the error in tomcat server console as below:

    2011-11-03 11:28:24,004 WARN [org.springframework.ws.soap.security.wss4j.Wss4jSe curityInterceptor] - Could not validate request: The security token could not be authenticated or authorized; nested exception is org.apache.ws.security.WSSecurityException: The security token could not be authenticated or authorized


    Thanks
    Satya
Working...
X