I am receiving a response from a server which has the following actions: Timestamp Encrypt Signature.
However when the response hits the inbound interceptor (WSS4JInInterceptor) it is throwing the following exception:
Sep 01, 2014 2:07:49 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor checkActions
WARNING: Security processing failed (actions mismatch)
Sep 01, 2014 2:07:49 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage
org.apache.ws.security.WSSecurityException: An error was discovered processing the <wsse:Security> header
The inbound configuration aspects are as follows:
//Inbound Policy Rules
inProps.put("action", "Timestamp Encrypt Signature");
inProps.put("decryptionPropFile", EmvsProperties.val(propPrefix + "resp.propFile"));
inProps.put("signaturePropFile", EmvsProperties.val(propPrefix + "enc.propFile"));
I have debugged the code in Netbeans and the issue stems from CXF erroneously misreading the actions on the incoming message. The WSS4JInInterceptor (or rather the classes/methods it calls) determines that the message has the following actions (see WSConstants.java):
hex constant/tag value
It can be seen that the security engine determines that ENCR occurs twice. This causes WSHandler.java - checkReceiverResultsAnyOrder() to throw the mismatch error. I have managed a temporary work around by creating my own version of this code and ignoring the first/erroneous ENCR action. This lets the code execute without error and all parts are decrypted perfectly. As such I don't believe that the response message is at fault.
I have attached MismatchResponse.xml which is the data which is causing the error