Uploaded image for project: 'WSS4J'
  1. WSS4J
  2. WSS-631

issue with wss4j message resource bundle.

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Not A Problem
    • None
    • None
    • WSS4J Core
    • None

    Description

      Hi,

      I get an exception org.apache.wss4j.common.ext.WSSecurityException: No message with ID "INVALID_SECURITY_TOKEN" found in resource bundle "org/apache/xml/security/resource/xmlsecurity" related to WSS4J security after upgrading CXF to 3.1.5.

      Exception stack trace

      -------------------------

      org.apache.cxf.binding.soap.SoapFault: A security error was encountered when verifying the message
      at org.apache.cxf.ws.security.wss4j.WSS4JUtils.createSoapFault(WSS4JUtils.java:220)
      at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:329)
      at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:184)
      at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:79)
      at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:66)
      at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
      at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
      at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:253)
      at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
      at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
      at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
      at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:180)
      at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:298)
      at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:217)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:595)
      at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:273)
      at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:652)
      at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:447)
      at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1038)
      at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:374)
      at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:972)
      at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
      at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
      at org.eclipse.jetty.server.Server.handle(Server.java:363)
      at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:483)
      at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:931)
      at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:992)
      at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:948)
      at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
      at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
      at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:628)
      at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
      at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
      at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
      at java.lang.Thread.run(Thread.java:748)
      Caused by: org.apache.wss4j.common.ext.WSSecurityException: No message with ID "INVALID_SECURITY_TOKEN" found in resource bundle "org/apache/xml/security/resource/xmlsecurity"
      at com.emc.healthcare.xua.validator.XuaValidator.validate(XuaValidator.java:86)
      at org.apache.wss4j.dom.processor.SAMLTokenProcessor.handleSAMLToken(SAMLTokenProcessor.java:162)
      at org.apache.wss4j.dom.processor.SAMLTokenProcessor.handleToken(SAMLTokenProcessor.java:89)
      at org.apache.wss4j.dom.engine.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:344)
      at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:280)

      After some googling I found out that there is a solution has been discussed in https://issues.apache.org/jira/browse/WSS-576, my problem is we've not initialized explicitly anywhere in our application XMLSec or WSSec, so in this scenario how exactly we should resolve this issue, Any suggestion will be greatly helpful.

      Thanks,
      Yagnya

      Attachments

        Activity

          People

            coheigea Colm O hEigeartaigh
            yagnya yagnya dutta dhal
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: