ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WSS-631) issue with wss4j message resource bundle.
Date Thu, 05 Jul 2018 11:27:00 GMT

    [ https://issues.apache.org/jira/browse/WSS-631?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16533544#comment-16533544
] 

Colm O hEigeartaigh commented on WSS-631:
-----------------------------------------

Check to see if any of your code is calling "XMLSec.init()". WSSec.init() must be called first.
"INVALID_SECURITY_TOKEN" is in ws-security-common/src/main/resources/messages/wss4j_errors.properties,
but if XMLSec.init() is called first then it won't get picked up.

Normally with CXF, WSSec.init() is called by WSSConfig.init() (and in turn from WSSConfig.getNewInstance()),
so you don't need to explicitly call WSSec.init() in your application (unless you are calling
XMLSec.init() somewhere first).

Could you be deploying your application in a container where another application has already
called XMLSec.init()?

> issue with wss4j  message resource bundle.
> ------------------------------------------
>
>                 Key: WSS-631
>                 URL: https://issues.apache.org/jira/browse/WSS-631
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>            Reporter: yagnya dutta dhal
>            Assignee: Colm O hEigeartaigh
>            Priority: Major
>
> Hi,
> I get an exception org.apache.wss4j.common.ext.WSSecurityException: No message with ID
*"INVALID_SECURITY_TOKEN" found in resource bundle "org/apache/xml/security/resource/xmlsecurity"*
related to WSS4J security after upgrading CXF to 3.1.5.
> Exception stack trace
> -------------------------
> org.apache.cxf.binding.soap.SoapFault: A security error was encountered when verifying
the message
>  at org.apache.cxf.ws.security.wss4j.WSS4JUtils.createSoapFault(WSS4JUtils.java:220)
>  at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:329)
>  at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:184)
>  at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:79)
>  at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:66)
>  at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
>  at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
>  at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:253)
>  at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
>  at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
>  at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
>  at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:180)
>  at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:298)
>  at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:217)
>  at javax.servlet.http.HttpServlet.service(HttpServlet.java:595)
>  at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:273)
>  at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:652)
>  at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:447)
>  at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1038)
>  at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:374)
>  at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:972)
>  at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
>  at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
>  at org.eclipse.jetty.server.Server.handle(Server.java:363)
>  at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:483)
>  at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:931)
>  at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:992)
>  at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:948)
>  at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
>  at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
>  at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:628)
>  at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
>  at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
>  at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
>  at java.lang.Thread.run(Thread.java:748)
>  Caused by: org.apache.wss4j.common.ext.WSSecurityException: No message with ID *"INVALID_SECURITY_TOKEN"
found in resource bundle "org/apache/xml/security/resource/xmlsecurity"*
>  at com.emc.healthcare.xua.validator.XuaValidator.validate(XuaValidator.java:86)
>  at org.apache.wss4j.dom.processor.SAMLTokenProcessor.handleSAMLToken(SAMLTokenProcessor.java:162)
>  at org.apache.wss4j.dom.processor.SAMLTokenProcessor.handleToken(SAMLTokenProcessor.java:89)
>  at org.apache.wss4j.dom.engine.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:344)
>  at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:280)
> _After some googling I found out that there is a solution has been discussed in https://issues.apache.org/jira/browse/WSS-576,
my problem is we've not initialized explicitly anywhere in our application XMLSec or WSSec,
so in this scenario how exactly we should resolve this issue, Any suggestion will be greatly
helpful._
> Thanks,
>  Yagnya



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message