[Metro] WSS1925: No CipherValue found in CipherData

Bitte aktiviere JavaScript!
Hi Leute,

ich versuche schon seit längerem das Beispiel im Metro Guide "Example: Username Authentication with Symmetric Key (UA)" (https://metro.java.net/guide/ch12.html#ahiej) zu implementieren bekomme es aber einfach nicht zum laufen. Ich bekomme den Fehler "SEVERE: WSS1925: No CipherValue found in CipherData". Ohne das Security Zeug läuft die Sache.

OS: Windows 7 Pro (x64)

Was ich gemacht hab
- JDK7 installiert (hatte es zuvor mit JDK 8 probiert und da ging es auch nicht)
- Netbeans 8.0 + GlassFish Server 4.0 installiert
- UnlimitedJCEPolicy installiert
- Keystore und Truststore manuell upgedated (https://metro.java.net/guide/ch12.html#ahidm)
- wsitUser in GlassFish erstellt
- Service und Clientanwendung wie im Beispiel erstellt und development default ausgewählt.

CalculatorWS.xml (Service):
[XML]
<?xml version="1.0" encoding="UTF-8"?>
<definitions
xmlns="http://schemas.xmlsoap.org/wsdl/"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" name="CalculatorWS" targetNamespace="http://service.de/" xmlns:tns="http://service.de/" xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:fi="http://java.sun.com/xml/ns/wsit/2006/09/policy/fastinfoset/service" xmlns:tcp="http://java.sun.com/xml/ns/wsit/2006/09/policy/soaptcp/service" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" xmlns:sc="http://schemas.sun.com/2006/03/wss/server" xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy"
>
<message name="hello"/>
<message name="helloResponse"/>
<message name="add"/>
<message name="addResponse"/>
<portType name="CalculatorWS">
<operation name="hello">
<input message="tns:hello"/>
<output message="tns:helloResponse"/>
</operation>
<operation name="add">
<input message="tns:add"/>
<output message="tns:addResponse"/>
</operation>
</portType>
<binding name="CalculatorWSPortBinding" type="tns:CalculatorWS">
<wsp:policyReference URI="#CalculatorWSPortBindingPolicy"/>
<operation name="hello">
<input>
<wsp:policyReference URI="#CalculatorWSPortBinding_hello_Input_Policy"/>
</input>
<output>
<wsp:policyReference URI="#CalculatorWSPortBinding_hello_Output_Policy"/>
</output>
</operation>
<operation name="add">
<input>
<wsp:policyReference URI="#CalculatorWSPortBinding_hello_Input_Policy"/>
</input>
<output>
<wsp:policyReference URI="#CalculatorWSPortBinding_hello_Output_Policy"/>
</output>
</operation>
</binding>
<service name="CalculatorWS">
<port name="CalculatorWSPort" binding="tns:CalculatorWSPortBinding"/>
</service>
<wsp:policy wsu:Id="CalculatorWSPortBindingPolicy">
<wsp:ExactlyOne>
<wsp:All>
<wsam:Addressing wsp:Optional="false"/>
<sp:SymmetricBinding>
<wsp:policy>
<sp:protectionToken>
<wsp:policy>
<sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
<wsp:policy>
<sp:WssX509V3Token10/>
<sp:RequireIssuerSerialReference/>
</wsp:policy>
</sp:X509Token>
</wsp:policy>
</sp:protectionToken>
<sp:Layout>
<wsp:policy>
<sp:Strict/>
</wsp:policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:OnlySignEntireHeadersAndBody/>
<sp:AlgorithmSuite>
<wsp:policy>
<sp:Basic128/>
</wsp:policy>
</sp:AlgorithmSuite>
</wsp:policy>
</sp:SymmetricBinding>
<sp:Wss11>
<wsp:policy>
<sp:MustSupportRefIssuerSerial/>
<sp:MustSupportRefThumbprint/>
<sp:MustSupportRefEncryptedKey/>
</wsp:policy>
</sp:Wss11>
<sp:SignedEncryptedSupportingTokens>
<wsp:policy>
<sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:policy>
<sp:WssUsernameToken10/>
</wsp:policy>
</sp:UsernameToken>
</wsp:policy>
</sp:SignedEncryptedSupportingTokens>
<sc:KeyStore wspp:visibility="private" location="C:\glassfish-4.0\glassfish\domains\domain1\config\keystore.jks" type="JKS" storepass="changeit" alias="xws-security-server"/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:policy>
<wsp:policy wsu:Id="CalculatorWSPortBinding_hello_Input_Policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:EncryptedParts>
<sp:Body/>
</sp:EncryptedParts>
<sp:SignedParts>
<sp:Body/>
<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="AckRequested" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
<sp:Header Name="SequenceAcknowledgement" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
<sp:Header Name="Sequence" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
<sp:Header Name="CreateSequence" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
</sp:SignedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:policy>
<wsp:policy wsu:Id="CalculatorWSPortBinding_hello_Output_Policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:EncryptedParts>
<sp:Body/>
</sp:EncryptedParts>
<sp:SignedParts>
<sp:Body/>
<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="AckRequested" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
<sp:Header Name="SequenceAcknowledgement" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
<sp:Header Name="Sequence" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
<sp:Header Name="CreateSequence" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
</sp:SignedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:policy>
</definitions>
[/XML]

CalculatorWS.xml (Client):
[XML]
<?xml version='1.0' encoding='UTF-8'?><!-- Published by JAX-WS RI at http://jax-ws.dev.java.net. RI's version is Metro/2.3 (tags/2.3-7528; 2013-04-29T19:34:10+0000) JAXWS-RI/2.2.8 JAXWS/2.2 svn-revision#unknown. --><!-- Generated by JAX-WS RI at http://jax-ws.dev.java.net. RI's version is Metro/2.3 (tags/2.3-7528; 2013-04-29T19:34:10+0000) JAXWS-RI/2.2.8 JAXWS/2.2 svn-revision#unknown. --><definitions xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsp1_2="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="http://service.de/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.xmlsoap.org/wsdl/" targetNamespace="http://service.de/" name="CalculatorWS" xmlns:sc="http://schemas.sun.com/2006/03/wss/client" xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy">
<types>
<xsd:schema>
<xsd:import namespace="http://service.de/" schemaLocation="http://localhost:8080/CalculatorServer/CalculatorWS?xsd=1"/>
</xsd:schema>
</types>
<message name="add">
<part name="parameters" element="tns:add"/>
</message>
<message name="addResponse">
<part name="parameters" element="tns:addResponse"/>
</message>
<message name="hello">
<part name="parameters" element="tns:hello"/>
</message>
<message name="helloResponse">
<part name="parameters" element="tns:helloResponse"/>
</message>
<portType name="CalculatorWS">
<operation name="add">
<input wsam:Action="http://service.de/CalculatorWS/addRequest" message="tns:add"/>
<output wsam:Action="http://service.de/CalculatorWS/addResponse" message="tns:addResponse"/>
</operation>
<operation name="hello">
<input wsam:Action="http://service.de/CalculatorWS/helloRequest" message="tns:hello"/>
<output wsam:Action="http://service.de/CalculatorWS/helloResponse" message="tns:helloResponse"/>
</operation>
</portType>
<binding name="CalculatorWSPortBinding" type="tns:CalculatorWS">
<wsp:policyReference URI="#CalculatorWSPortBindingPolicy"/>
<soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document"/>
<operation name="add">
<soap:eek:peration soapAction=""/>
<input>
<soap:body use="literal"/>
</input>
<output>
<soap:body use="literal"/>
</output>
</operation>
<operation name="hello">
<soap:eek:peration soapAction=""/>
<input>
<soap:body use="literal"/>
</input>
<output>
<soap:body use="literal"/>
</output>
</operation>
</binding>
<service name="CalculatorWS">
<port name="CalculatorWSPort" binding="tns:CalculatorWSPortBinding">
<soap:address location="http://localhost:8080/CalculatorServer/CalculatorWS"/>
</port>
</service>
<wsp:policy wsu:Id="CalculatorWSPortBindingPolicy">
<wsp:ExactlyOne>
<wsp:All>
<sc:CallbackHandlerConfiguration wspp:visibility="private">
<sc:CallbackHandler default="wsitUser" name="usernameHandler"/>
<sc:CallbackHandler default="changeit" name="passwordHandler"/>
</sc:CallbackHandlerConfiguration>
<sc:TrustStore wspp:visibility="private" location="C:\glassfish-4.0\glassfish\domains\domain1\config\cacerts.jks" type="JKS" storepass="changeit" peeralias="xws-security-server"/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:policy>
</definitions>
[/XML]

GlassFish Server 4 Log (beim Ausführen des Clients):
[XML]
SEVERE: WSS1925: No CipherValue found in CipherData
WARNING: StandardWrapperValve[ClientServlet]: Servlet.service() for servlet ClientServlet threw exception
javax.xml.ws.WebServiceException: Cannot validate response for {http://service.de/}CalculatorWSPort
at com.sun.enterprise.security.webservices.ClientSecurityPipe.processSecureRequest(ClientSecurityPipe.java:218)
at com.sun.enterprise.security.webservices.ClientSecurityPipe.process(ClientSecurityPipe.java:187)
at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:119)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1136)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:1050)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:1019)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:877)
at com.sun.xml.ws.client.Stub.process(Stub.java:464)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:174)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:108)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:91)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:154)
at com.sun.proxy.$Proxy380.add(Unknown Source)
at de.client.servlet.ClientServlet.add(ClientServlet.java:100)
at de.client.servlet.ClientServlet.processRequest(ClientServlet.java:50)
at de.client.servlet.ClientServlet.doGet(ClientServlet.java:69)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1682)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:318)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:160)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:734)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:673)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:99)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:174)
at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:357)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:260)
at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:188)
at org.glassfish.grizzly.http.server.HttpHandler.runService(HttpHandler.java:191)
at org.glassfish.grizzly.http.server.HttpHandler.doHandle(HttpHandler.java:168)
at org.glassfish.grizzly.http.server.HttpServerFilter.handleRead(HttpServerFilter.java:189)
at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:288)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:206)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:136)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:114)
at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:838)
at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:113)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:115)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:55)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:135)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:564)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:544)
at java.lang.Thread.run(Thread.java:745)
Caused by: com.sun.xml.wss.impl.WssSoapFaultException: Invalid Security Header
at com.sun.xml.ws.security.opt.impl.util.SOAPUtil.newSOAPFaultException(SOAPUtil.java:159)
at com.sun.xml.ws.security.opt.impl.incoming.processor.CipherDataProcessor.readAsStream(CipherDataProcessor.java:188)
at com.sun.xml.ws.security.opt.impl.incoming.EncryptedData.getCipherInputStream(EncryptedData.java:224)
at com.sun.xml.ws.security.opt.impl.incoming.EncryptedData.getDecryptedData(EncryptedData.java:240)
at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.handlePayLoadED(SecurityRecipient.java:1354)
at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.createMessage(SecurityRecipient.java:844)
at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:252)
at com.sun.xml.wss.provider.wsit.WSITClientAuthContext.verifyInboundMessage(WSITClientAuthContext.java:596)
at com.sun.xml.wss.provider.wsit.WSITClientAuthContext.validateResponse(WSITClientAuthContext.java:476)
at com.sun.xml.wss.provider.wsit.WSITClientAuthContext.validateResponse(WSITClientAuthContext.java:415)
at com.sun.enterprise.security.webservices.ClientSecurityPipe.processSecureRequest(ClientSecurityPipe.java:214)
... 44 more
[/XML]

Woran könnt der Fehler kommen? Braucht ihr mehr Infos.

Schon mal vielen Dank
Peter
 
Passende Stellenanzeigen aus deiner Region:

Neue Themen

Oben