search

javaee / metro-wsit

https://javaee.github.io/metro-wsit/
Other
9 stars 24 forks source link

Client call fails to invoke Username Token Scenario throws soap fault Invalid Security Header #1573

Open glassfishrobot opened 13 years ago

glassfishrobot commented 13 years ago

Client call fails to invoke Username Token Scenario with Current state not START_ELEMENT, END_ELEMENT or ENTITY_REFERENCE server side message

server log

Server log

<?xml version='1.0' encoding='UTF-8'?> ; 2011-06-27T15:20:14Z</wsu:Created>2011-06-27T15:25:14Z</wsu:Expires></wsu:Timestamp>TzX5OGaS9Ftsw1t+eGyfBmJblWc=</wsse:KeyIdentifier></wsse:SecurityTokenReference></dsig:KeyInfo>JIWow18Xega0Tlq+VOEmKnNT110JLgS5atlA6PPg4l6Z4pwieReilVD1+eaGomrBcVxlHyd1uNwchEMpDsj/FtiBqxUaLJHhV1CySgp9WSrvPM4lnwGwCHZwr+At13h4IUcUMHbqs11RrpWV/rVia2ZdQMwXuZIbrxf9t0glnow=</xenc:CipherValue></xenc:CipherData></xenc:ReferenceList></xenc:EncryptedKey>8XlGRps3EpMMHAEBApHAHQaC0XJfc4jTkAI1G5NvyTZlrH1IPu6Qb/nDJqU2uwK398fSUZl4djiZe5U5JYDSAtrMNiz+QLuG7zzRCKqYViReS6KL6iI+xCTXuO2CmA4ydPFTDX+ytG5ueC4FLCWuIErzw+HFJZFFJD9H4EHFkCiVy84Fwbwb0wTF201bZhgfsWOzRuI/LUYoJu3ghyUIxsQK02e96OyHUTdQDJpyiAk5FSMAVoJoad1EdQC3EZdSPpbalnXcakgezaG3kCYnqWad039GAe9XtwNLlFqUbS70VGG71hEJiGkl1PmW5bhPbPR5XCKaF/pgZQM7VFvr9YVCXyaxhdtxn19hAK4UKscNIFuTji1s3RDemYCSIxp4SwVO+U/NzHVvTKL4ZJnKW2y3DfhLQtYfRP0V6tK0LWZafp85nu9nOzfj2z3UXq3npKW/hq0kpHb4pJil0GoVDLExZXNl5zxJbyUqmSJPiue5duUxoEE78t7Xq9OuuxWsqqXK7JF+w/KCQYpoo6vNQrGilfHl6N92rr1ZGjgZi0mQSF7aJyKAmirXdXzIB8tQ0vTimJirdJLNdksUlrvKT4eOJ4Fydw+t6E65nsaZjaoN8+aDN1axfRJIXsUCOx4+IahO6WXwNn5BzknMfvQ9DQ==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></dsig:Transforms>aVTS+HmYgZqFOEokfNSx80R+qI4=</dsig:DigestValue></dsig:Reference></dsig:Transforms>yPp76dLa47BsAIn0uyo2N6XISz4=</dsig:DigestValue></dsig:Reference></dsig:Transforms>9iqyKSHRU9UUzFnFqq51Ut+Yt88=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo>EspKgdwx8w+LqqFLpFo/4dBFaj8=</dsig:SignatureValue></wsse:SecurityTokenReference></dsig:KeyInfo></dsig:Signature></wsse:Security></S:Header>Gfx6Kaeyq/oQebVX+UWrl|#]

[#|2011-06-27T20:50:21.982+0530|INFO|glassfish3.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=25;_ThreadName=Thread-1;|a61ciT7TyjgEX2F2sNWxFW2bPppbA2Pytf0QA2eIdJTAN2EfeGQ1z2Ng01juUvLrFYafhlsbez9R/V1gsFbjhSQxzbpUhGP10G+MqS8pk/z4T70VlwbvPpUNa3T6sdIV1gLLmlwL6rFt5iX8vnb5ChtLZmNsHbCSyrQoG9Q06EWScVUA9JUUpA7IEc4N28X4txFMGJfFmb9MGd+xncnd0j+PpFwYPGDScOtrtTTCwddNfsyVQ9SudufxDsj34eH1yZPE5BAzro9pXLr0IQar+pOmNm44lgbdTr/Sve3NHV7gOisWd5mX2Q1okO8cKWg0N2NB/KURTNmxDXWmr0kWeg6ymA26vb7ua5d6c6ZQuq7pnTWZ0zAqcy9t81iSnYXTw==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></S:Body> </S:Envelope>|#] &nbs p;

[#|2011-06-27T20:50:21.982+0530|INFO|glassfish3.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=25;_ThreadName=Thread-1;|--------------------|#]

[#|2011-06-27T20:50:24.448+0530|SEVERE|glassfish3.1|com.sun.xml.wss.provider.wsit|_ThreadID=25;_ThreadName=Thread-1;|WSITPVD0035: Error in Verifying Security in Inbound Message. com.sun.xml.wss.impl.XWSSecurityRuntimeException: java.lang.IllegalStateException: Current state not START_ELEMENT, END_ELEMENT or ENTITY_REFERENCE at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:250) at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.verifyInboundMessage(WSITServerAuthContext.java:586) at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.validateRequest(WSITServerAuthContext.java:360) at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.validateRequest(WSITServerAuthContext.java:263) at com.sun.enterprise.security.webservices.CommonServerSecurityPipe.processRequest(CommonServerSecurityPipe.java:173) at com.sun.enterprise.security.webservices.CommonServerSecurityPipe.process(CommonServerSecurityPipe.java:144) at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:119) at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:641) at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:600) at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:585) at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:482) at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:314) at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:608) at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:259) at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:162) at org.glassfish.webservices.JAXWSServlet.doPost(JAXWSServlet.java:145) at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1539) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:281) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:655) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:595) at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:98) at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:91) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:162) at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:330) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:231) at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:174) at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:822) at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:719) at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1013) at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:225) at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137) at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104) at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90) at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79) at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54) at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59) at com.sun.grizzly.ContextTask.run(ContextTask.java:71) at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532) at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513) at java.lang.Thread.run(Thread.java:619) Caused by: java.lang.IllegalStateException: Current state not START_ELEMENT, END_ELEMENT or ENTITY_REFERENCE at com.ctc.wstx.sr.BasicStreamReader.getLocalName(BasicStreamReader.java:732) at com.sun.xml.ws.security.opt.impl.util.FilteredXMLStreamReader.getLocalName(FilteredXMLStreamReader.java:181) at javax.xml.stream.util.StreamReaderDelegate.getLocalName(StreamReaderDelegate.java:217) at javax.xml.stream.util.StreamReaderDelegate.getLocalName(StreamReaderDelegate.java:217) at com.sun.xml.ws.security.opt.impl.util.VerifiedMessageXMLStreamReader.getLocalName(VerifiedMessageXMLStreamReader.java:158) at com.sun.xml.ws.security.opt.impl.incoming.VerifiedStreamMessage.(VerifiedStreamMessage.java:171) at com.sun.xml.ws.security.opt.impl.incoming.VerifiedStreamMessage.(VerifiedStreamMessage.java:202) at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.createMessage(SecurityRecipient.java:869) at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:232) ... 42 more

| #] |

[#|2011-06-27T20:50:24.580+0530|INFO|glassfish3.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=25;_ThreadName=Thread-1;|--[HTTP response 500]--|#]

[#|2011-06-27T20:50:24.581+0530|INFO|glassfish3.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=25;_ThreadName=Thread-1;|<?xml version='1.0' encoding='UTF-8'?>wsse:InvalidSecurityInvalid Security Header</S:Fault></S:Body></S:Envelope>|#]

[#|2011-06-27T20:50:24.581+0530|INFO|glassfish3.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=25;_ThreadName=Thread-1;|--------------------|#]

======================================================================================

Affected Versions

[2.2]

glassfishrobot commented 13 years ago

Reported by anand_mishra

glassfishrobot commented 13 years ago

anand_mishra said: Service Jar

glassfishrobot commented 12 years ago

@vbkumarjayanti said: fix after 2.2

glassfishrobot commented 11 years ago

symonchang said: This issue may no longer exist in the current release. The filer of this issue should verify the test case on this issue, to see if the problem still exist first.

glassfishrobot commented 11 years ago

snajper said: What makes you think the issue is not present in current release? As I see the testcase is attached so reproduction should be fairly simple - would you please verify?

glassfishrobot commented 10 years ago

spayasam said: Are there any updates on this issue? I'm faced with a similar issue when I try to invoke a metro web service (asymmetric binding) from SOAP UI.

I've create a metro based web service client for this web service and it works fine.

But when I invoke the web service from SOAP UI(note that this request and metro client's request are both identical) and I still see this issue

glassfishrobot commented 10 years ago

spayasam said: And here's the server console

<?xml version='1.0' encoding='UTF-8'?>

CN=HANNA SERVER,OU=PSG,O=HANNA CORP,L=AMERICA,ST=TX,C=US 651886932 TUapJEojxjhhhg4KYTCBGcmxO7E49pQ2D1O5s6nuuDQaHgPBUqJxxjtSn37JJzM+De869vNGDVPDXM57xWa8Rfn+KWsFTQxGbiWVcBtJU9lpx18oxOPA0Za9z0iSWYzI1SUG2SJev53gTtZN/TPtAcwlu1dXBkl3fD8mBfEqzGYJxda+/GdcxQpcyZnO7g0gZCOqiAFAEQeC5PWMz05Rto/9wRNJWz3kNQErENSDhP/TGzb0a/nlQUvImw+NMCQBz4woxHtXLmb4n3KH5cLyhklY0SQd+L7K2SH5EZNNjo0hH/ZoMcyi2ZcIGgPjZZorCutlblbJKZCPw3ibh4YoyA== MIIDaTCCAlGgAwIBAgIEBH38uTANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVFgxDzANBgNVBAcTBkFVU1RJTjETMBEGA1UEChMKWEVST1ggQ09SUDEMMAoGA1UECxMDUFNHMRUwEwYDVQQDEwxYRVJPWCBDTElFTlQwHhcNMTQwMTMxMDY1NzA4WhcNMTUwMTI2MDY1NzA4WjBlMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVFgxDzANBgNVBAcTBkFVU1RJTjETMBEGA1UEChMKWEVST1ggQ09SUDEMMAoGA1UECxMDUFNHMRUwEwYDVQQDEwxYRVJPWCBDTElFTlQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4DEqpDO3ZUJSrCwfmPplA6GcFZ1iErAVTnMNOQD0QPGStMaJ5rgFb2gAGvUrZqS7BqL52mglKhIwgn9NYsgEBIhUlzvOhDCDkvCBgK9hjpXj5ZnkVQU5f/Pd+M+YyKm1b6lbRqgZM64w/pTn83ztvCso5xEU+mfOhCpgIJ14P9+cD/NGg3Sjh9O6Ooc3JMP00rzN8FU8IXqatiH+UpKpAE3lx5se1Sjd7/caJo1dsBrZQ3Ucv0k7tKhV8WUDOAMRkLgyblUX9YEiGJJ05C1NXEKStPjx7doV6nHFQ0LTQtGC0le3WPk6Ww+ZRMK/v45hFd8TUjsZ5S+VkY3MMYcfHAgMBAAGjITAfMB0GA1UdDgQWBBS1cQmQeHrBVsSdjzgw64ujlL5HXTANBgkqhkiG9w0BAQUFAAOCAQEAXCWi7Rrl0MLUbswoZB0ZGPDbdtR6wZgYgO4/g+XU7OelFo9ZHsgTa52sLsrEZqta+oXScWrT3edbo1S+T2W4j3x8zGCXBWyJnvmbBAHCwGxNemV9sdnTpkNy8hr58NEB0tlDWc6cUorKH4+k2nR9v4KWdDm+2XB2yQkb+MplfkjNEgV9rfjp7wg/L7Z/XVPcza6H+znWS0FSDb73Cirwp8U3r6Jt2ay/zsEr2OPR6yv7Kllni0F08Fc7HS11512MlLegMae8mzEvOTrdXiQ+QOaOZWP1PJh1WARdKGgHe+7TNSiSUXP3Bpt0SHO0S/PFMeojJRupjdfCKa/70AcFPQ== 7DEz1kh8yOQ9UFoJI4q6zm/hngcZ6z+nSYYR5MrSQes= REZGQrHzUztvgw5Rr89r4quu+pABvCC1pF/T0/aldw3/vyzRPdkAwwTsgR+5Bh5uS6ajHnIAjIB1 ei76HP535WgwR5DvIVouhxiHhBoIljQ95GjA1R8SZpyLtqIKceqemiEkd9qpaBRd9R0QFKQpjvIG Oxrx8rW10l3MXlIV84vG4GOUc8YcxoPFczIi/kgvlfli0y4y1DNs3q0Rvnr1WcTmnfdG1sLK0d+z KViVHm1IlRvNmyqlIzQ/mw74LwVqc6IolQtFc3QcbczSCBbLetfdiOA09Bp7+G0XdeJYxTl4sJFH 6cWbs4t2nlCGUf7MKntJgoBh85xbnnm6I+sYWg== 2014-02-11T16:00:20Z 2014-02-11T16:01:20Z nuv0n4l+BTXiryFv1eTo7ZbgpYFf+rKXIBnifh082+YJsSGa7NyoTYlpfiWm+agyl5ayC6ghl0zEvWtmDiEzvqhDCDCeFpHJoHv8tbhmV+5onmSfiN27swL9bsw9UcJGbcw3AycFJpwnr7M7+Ea4GCamOxZgSBmxpjyypI9UafPhXh6Dcb3KjEYbcVb3OckfW7SzpgYRbVvKETCGN1L1tbRtb93kW4uelZ2/MSumVcogGV5E6ruEELeHHyiYIm3Qhi7sF7VpAu2BJvmlU7RkzgVlUr8anVUCi7zLsb3AI5uNIebI+rwQOxM9IuyPY7w6AF/p0DVItZNLSCrQ5RRG6RD3i16ZS8kX3hnZD1rETCdWFMncxAIj+lRJes5ckLirB/BpqAVeBpBWU9rcuSIem7tuBdLh12KG9PHgiPztsKga+GK1aYU/m11F355sYOOh/Lm7YrFcDQFzkrqQkrYVvKYuLaN1Rsjl2hB2norb/8UFCpaj7Ot8GxzbuV24A7Lhw7Q1QMOnnA8oRlj1ZHOaJptUJiA9rU0caDg6yZRPtH9KHgk3lXJMrEefqmgPH0wwgIf05hEWUV+URK059wRjUCifm0FfxQlgA6gQ9GSSl8JalS9Z5LOAbz4txq2Y+KfkhNkkkI6BDtOYdiceyCvg0CTOGbLzMrUrob/ysuU8gcXBC5ngMV+rRYL2c3wJ23kHSNBNkydAavJt7+BNazSA1MO/EW+pKop/suxIxqhUberIHnp7AZHP6BBS/u8qBhtL6+0hDjd46bT2ZoyUGerCK3iK7dyK0G3xu5PKaIE/NugqNZmrX0IK3g== Feb 11, 2014 10:00:22 AM com.sun.xml.wss.jaxws.impl.SecurityServerTube processRequest SEVERE: WSSTUBE0025: Error in Verifying Security in the Inbound Message. com.sun.xml.wss.impl.XWSSecurityRuntimeException: java.lang.IllegalStateException: Current state not START_ELEMENT, END_ELEMENT or ENTITY_REFERENCE at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:270) at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.verifyInboundMessage(SecurityTubeBase.java:455) at com.sun.xml.wss.jaxws.impl.SecurityServerTube.processRequest(SecurityServerTube.java:295) at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1136) at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:1050) at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:1019) at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:877) at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:420) at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:687) at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:266) at com.sun.xml.ws.transport.http.servlet.ServletAdapter.invokeAsync(ServletAdapter.java:225) at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doGet(WSServletDelegate.java:161) at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doPost(WSServletDelegate.java:197) at com.sun.xml.ws.transport.http.servlet.WSServlet.doPost(WSServlet.java:81) at javax.servlet.http.HttpServlet.service(HttpServlet.java:641) at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1001) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) at java.lang.Thread.run(Thread.java:722) Caused by: java.lang.IllegalStateException: Current state not START_ELEMENT, END_ELEMENT or ENTITY_REFERENCE at com.ctc.wstx.sr.BasicStreamReader.getLocalName(BasicStreamReader.java:744) at com.sun.xml.ws.security.opt.impl.util.FilteredXMLStreamReader.getLocalName(FilteredXMLStreamReader.java:181) at javax.xml.stream.util.StreamReaderDelegate.getLocalName(StreamReaderDelegate.java:245) at javax.xml.stream.util.StreamReaderDelegate.getLocalName(StreamReaderDelegate.java:245) at com.sun.xml.ws.security.opt.impl.util.VerifiedMessageXMLStreamReader.getLocalName(VerifiedMessageXMLStreamReader.java:158) at com.sun.xml.ws.security.opt.impl.incoming.VerifiedStreamMessage.(VerifiedStreamMessage.java:172) at com.sun.xml.ws.security.opt.impl.incoming.VerifiedStreamMessage.(VerifiedStreamMessage.java:203) at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.createMessage(SecurityRecipient.java:902) at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:252) ... 31 more
glassfishrobot commented 10 years ago

spayasam said: And I'm using the metro version 2.3. So it seems like it is not fixed in 2.2

glassfishrobot commented 13 years ago

File: UsernameService.war Attached By: anand_mishra

glassfishrobot commented 13 years ago

Was assigned to symonchang

glassfishrobot commented 7 years ago

This issue was imported from java.net JIRA WSIT-1573