Uploaded image for project: 'WSS4J'
  1. WSS4J
  2. WSS-631

issue with wss4j message resource bundle.

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Not A Problem
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: WSS4J Core
    • Labels:
      None

      Description

      Hi,

      I get an exception org.apache.wss4j.common.ext.WSSecurityException: No message with ID "INVALID_SECURITY_TOKEN" found in resource bundle "org/apache/xml/security/resource/xmlsecurity" related to WSS4J security after upgrading CXF to 3.1.5.

      Exception stack trace

      -------------------------

      org.apache.cxf.binding.soap.SoapFault: A security error was encountered when verifying the message
      at org.apache.cxf.ws.security.wss4j.WSS4JUtils.createSoapFault(WSS4JUtils.java:220)
      at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:329)
      at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:184)
      at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:79)
      at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:66)
      at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
      at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
      at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:253)
      at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
      at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
      at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
      at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:180)
      at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:298)
      at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:217)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:595)
      at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:273)
      at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:652)
      at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:447)
      at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1038)
      at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:374)
      at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:972)
      at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
      at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
      at org.eclipse.jetty.server.Server.handle(Server.java:363)
      at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:483)
      at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:931)
      at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:992)
      at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:948)
      at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
      at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
      at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:628)
      at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
      at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
      at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
      at java.lang.Thread.run(Thread.java:748)
      Caused by: org.apache.wss4j.common.ext.WSSecurityException: No message with ID "INVALID_SECURITY_TOKEN" found in resource bundle "org/apache/xml/security/resource/xmlsecurity"
      at com.emc.healthcare.xua.validator.XuaValidator.validate(XuaValidator.java:86)
      at org.apache.wss4j.dom.processor.SAMLTokenProcessor.handleSAMLToken(SAMLTokenProcessor.java:162)
      at org.apache.wss4j.dom.processor.SAMLTokenProcessor.handleToken(SAMLTokenProcessor.java:89)
      at org.apache.wss4j.dom.engine.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:344)
      at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:280)

      After some googling I found out that there is a solution has been discussed in https://issues.apache.org/jira/browse/WSS-576, my problem is we've not initialized explicitly anywhere in our application XMLSec or WSSec, so in this scenario how exactly we should resolve this issue, Any suggestion will be greatly helpful.

      Thanks,
      Yagnya

        Attachments

          Activity

            People

            • Assignee:
              coheigea Colm O hEigeartaigh
              Reporter:
              yagnya yagnya dutta dhal
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: