'[jira] [Commented] (WSS-631) issue with wss4j message resource bundle.'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       xmlrpc-user
Subject:    [jira] [Commented] (WSS-631) issue with wss4j  message resource bundle.
From:       "yagnya dutta dhal (JIRA)" <jira () apache ! org>
Date:       2018-07-11 8:44:00
Message-ID: JIRA.13170239.1530788084000.20801.1531298640045 () Atlassian ! JIRA
[Download RAW message or body]


    [ https://issues.apache.org/jira/browse/WSS-631?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16539733#comment-16539733 \
] 

yagnya dutta dhal commented on WSS-631:
---------------------------------------

Thanks, Colm!

Indeed this trick works, wondering I could do something like this at the time of \
deployment  in tomcat.

> issue with wss4j  message resource bundle.
> ------------------------------------------
> 
> Key: WSS-631
> URL: https://issues.apache.org/jira/browse/WSS-631
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Reporter: yagnya dutta dhal
> Assignee: Colm O hEigeartaigh
> Priority: Major
> 
> Hi,
> I get an exception org.apache.wss4j.common.ext.WSSecurityException: No message with \
> ID *"INVALID_SECURITY_TOKEN" found in resource bundle \
> "org/apache/xml/security/resource/xmlsecurity"* related to WSS4J security after \
> upgrading CXF to 3.1.5. Exception stack trace
> -------------------------
> org.apache.cxf.binding.soap.SoapFault: A security error was encountered when \
> verifying the message at \
> org.apache.cxf.ws.security.wss4j.WSS4JUtils.createSoapFault(WSS4JUtils.java:220) at \
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:329)
>  at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:184)
>  at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:79)
>  at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:66)
>  at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
>  at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
>  at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:253)
>  at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
>  at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
>  at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
>  at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:180)
>  at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:298)
>  at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:217)
>  at javax.servlet.http.HttpServlet.service(HttpServlet.java:595)
> at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:273)
>  at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:652)
> at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:447)
> at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1038)
>  at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:374)
> at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:972)
> at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
> at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
> at org.eclipse.jetty.server.Server.handle(Server.java:363)
> at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:483)
>  at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:931)
>  at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:992)
>  at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:948)
> at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
> at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
> at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:628)
>  at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
>  at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
>  at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
> at java.lang.Thread.run(Thread.java:748)
> Caused by: org.apache.wss4j.common.ext.WSSecurityException: No message with ID \
> *"INVALID_SECURITY_TOKEN" found in resource bundle \
> "org/apache/xml/security/resource/xmlsecurity"* at \
> com.emc.healthcare.xua.validator.XuaValidator.validate(XuaValidator.java:86) at \
> org.apache.wss4j.dom.processor.SAMLTokenProcessor.handleSAMLToken(SAMLTokenProcessor.java:162)
>  at org.apache.wss4j.dom.processor.SAMLTokenProcessor.handleToken(SAMLTokenProcessor.java:89)
>  at org.apache.wss4j.dom.engine.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:344)
>  at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:280)
>  _After some googling I found out that there is a solution has been discussed in \
> https://issues.apache.org/jira/browse/WSS-576, my problem is we've not initialized \
> explicitly anywhere in our application XMLSec or WSSec, so in this scenario how \
> exactly we should resolve this issue, Any suggestion will be greatly helpful._ \
> Thanks, Yagnya



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic