WSS4JOutInterceptor - DerivedKeyToken not generated
Issue
- We are working on a migration from an old ESB to Jboss Fuse 6.1.0. For this we have created a Camel route that is client to a webservice that is hosted with WSSE. We have to sign the body, some header elements and a timestamp. Furthermore the body is encrypted.
For this we use the WSS4JOutInterceptor, this allows us to specify that all needs to be signed and or encrypted.
-
The configuration results in a message that is signed and encrypted. However we receive an error when we call the actual SOAP webservice stating that the security header is incorrect. When we compare the message that fuse sends out to the old situation we see that we are missing a
DerivedKeyTokenelement in the message. This is part of the policy as specified in the contract.- We have added the property
useDerivedKeyand set it totrue. As found in the config page, https://ws.apache.org/wss4j/config.html. However this does not result in the creation of theDerivedKeyTokenelement.
- We have added the property
-
We have tried several other properties and or solutions but without any results.
Received Error:
org.apache.cxf.binding.soap.SoapFault: Invalid Security Header
at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:84)[167:org.apache.cxf.cxf-rt-bindings-soap:2.7.0.redhat-611429]
at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:51)[167:org.apache.cxf.cxf-rt-bindings-soap:2.7.0.redhat-611429]
at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:40)[167:org.apache.cxf.cxf-rt-bindings-soap:2.7.0.redhat-611429]
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)[164:org.apache.cxf.cxf-api:2.7.0.redhat-611431]
at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:113)[164:org.apache.cxf.cxf-api:2.7.0.redhat-611431]
at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)[167:org.apache.cxf.cxf-rt-bindings-soap:2.7.0.redhat-611429]
at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)[167:org.apache.cxf.cxf-rt-bindings-soap:2.7.0.redhat-611429]
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)[164:org.apache.cxf.cxf-api:2.7.0.redhat-611431]
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:817)[164:org.apache.cxf.cxf-api:2.7.0.redhat-611431]
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1614)[170:org.apache.cxf.cxf-rt-transports-http:2.7.0.redhat-611433]
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream$1.run(HTTPConduit.java:1129)[170:org.apache.cxf.cxf-rt-transports-http:2.7.0.redhat-611433]
at org.apache.cxf.workqueue.AutomaticWorkQueueImpl$3.run(AutomaticWorkQueueImpl.java:428)[164:org.apache.cxf.cxf-api:2.7.0.redhat-611431]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1157)[:1.7.0]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:627)[:1.7.0]
at org.apache.cxf.workqueue.AutomaticWorkQueueImpl$AWQThreadFactory$1.run(AutomaticWorkQueueImpl.java:353)[164:org.apache.cxf.cxf-api:2.7.0.redhat-611431]
at java.lang.Thread.run(Thread.java:809)[:1.7.0]
Environment
- Red Hat JBoss Fuse
- 6.x
- Apache CXF
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
