Problem encrypting or signing WS-Security header elements
tscates Feb 16, 2010 4:17 PMVersion:
We are using jbossws-native-3.2.2
Scenario:
Web service requires an encrypted Username/password text token (Security element in SOAP Header).
Issue:
We can successfully encrypt and sign SOAP Body and SOAP Body elements but when we try to encrypt or sign a SOAP Header element (or content of an element) we get the following exception:
{code}
[java] Exception in thread "main" javax.xml.ws.WebServiceException: java.lang.RuntimeException: Could not find element
[java] at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.processHandlerFailure(HandlerChainExecutor.java:286)
[java] at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.java:157)
[java] at org.jboss.ws.core.jaxws.client.ClientImpl.callRequestHandlerChain(ClientImpl.java:177)
[java] at org.jboss.ws.core.CommonClient.invoke(CommonClient.java:298)
[java] at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:290)
[java] at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:170)
[java] at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:150)
[java] at $Proxy12.echoUserType(Unknown Source)
[java] at org.jboss.test.ws.jaxws.samples.wssecurity.client.WSSClient.main(WSSClient.java:56)
[java] Caused by: java.lang.RuntimeException: Could not find element
[java] at org.jboss.ws.extensions.security.operation.EncryptionOperation.processTarget(EncryptionOperation.java:108)
[java] at org.jboss.ws.extensions.security.operation.EncryptionOperation.process(EncryptionOperation.java:172)
[java] at org.jboss.ws.extensions.security.SecurityEncoder.encode(SecurityEncoder.java:72)
[java] at org.jboss.ws.extensions.security.WSSecurityDispatcher.encodeMessage(WSSecurityDispatcher.java:217)
[java] at org.jboss.ws.extensions.security.jaxws.WSSecurityHandler.handleOutboundSecurity(WSSecurityHandler.java:104)
[java] at org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerClient.handleOutbound(WSSecurityHandlerClient.java:43)
[java] at org.jboss.wsf.common.handler.GenericHandler.handleMessage(GenericHandler.java:53)
[java] at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.java:305)
[java] at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.java:142)
[java] ... 7 more
{code}
Solution we tried:
This is the xml that is in jboss-wsse-client.xml.
{code:xml}
<?xml version="1.0" encoding="UTF-8"?>
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
<config>
<username/>
<encrypt type="x509v3" alias="wsse">
<targets>
<target type="qname" contentOnly="true">{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd/}UsernameToken</target>
<target type="qname" contentOnly="true">{http://schemas.xmlsoap.org/soap/envelope/}Body</target>
</targets>
</encrypt>
<sign type="x509v3" alias="wsse"/>
<requires>
<encryption/>
<signature/>
</requires>
</config>
</jboss-ws-security>{code}
Message:
This is the message that we want to encrypt.
{code:xml}
<env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'>
<env:Header>
<wsse:Security env:mustUnderstand='1'xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'><wsse:UsernameToken wsu:Id='token-1-1266272328381-32739270'>
<wsse:Username>test</wsse:Username>
<wsse:Password Type='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText'>password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</env:Header>
<env:Body>
<ns1:echoUserType xmlns:ns1='http://org.jboss.ws/samples/wssecurity'>
<user><msg>Request message sent at Mon Feb 15 17:18:47 EST 2010</msg></user>
</ns1:echoUserType>
</env:Body>
</env:Envelope>{code}