Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-5464

An error was discovered processing the <wsse:Security> header

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Not A Problem
    • Affects Version/s: 2.7.9
    • Fix Version/s: 2.7.9
    • Component/s: WS-* Components
    • Environment:

      1.Apache CXF 2.7.8
      2.Jboss EAP 6
      3.SoapUI for testing client Side
      4. Windows 7

    • Estimated Complexity:
      Advanced
    • CXF Fields:
      Blocked on External

      Description

      I tried to implement for simple authentication i.e with password simple text type, it is working but when i tried to implement for password digest type ,then giving me exception:
      An error was discovered processing the <wsse:Security> header (An error happened processing a Username Token "A replay attack has been detected")

      WSS4JInInterceptor Bean class defination:

      <jaxws:inInterceptors>
      <bean
      class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
      <constructor-arg>
      <!-- <map>
      <entry key="action" value="UsernameToken"/>
      <entry key="passwordType" value="PasswordText"/>
      <entry key="passwordCallbackRef" value-ref="myPasswordCallback"/>
      </map> -->
      <map>
      <entry key="action" value="UsernameToken"/>
      <entry key="passwordType" value="PasswordDigest"/>
      <entry key="passwordCallbackRef" value-ref="myPasswordCallback"/>
      </map>
      </constructor-arg>
      </bean>
      </jaxws:inInterceptors>

      Client xml request Code:

      <soapenv:Header>
      <wsse:Security soapenv:mustUnderstand="true">
      <wsse:UsernameToken>
      <wsu:Created>2013-12-17T13:47:15Z</wsu:Created>
      <wsse:Username>joe</wsse:Username>
      <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">rePSkfHXTM6NWODD1Cdsbw==</wsse:Nonce>
      <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">PE7F51/oyWFVMsiZURuUwjoZVPY=</wsse:Password>
      </wsse:UsernameToken>

      </wsse:Security>
      </soapenv:Header>

      Exception:

      <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
      <soap:Body>
      <soap:Fault>
      <faultcode xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ns1:InvalidSecurity</faultcode>
      <faultstring>An error was discovered processing the <wsse:Security> header (An error happened processing a Username Token "A replay attack has been detected")</faultstring>
      </soap:Fault>
      </soap:Body>
      </soap:Envelope>

      What am i missing?

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              maheshnarke Mahesh Narke
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 10h
                10h
                Remaining:
                Remaining Estimate - 10h
                10h
                Logged:
                Time Spent - Not Specified
                Not Specified