All geek questions in one place

Web Services - username token - Error checking message against security policy Error code: 1000

I am trying to call a web service that has a username token configured in wsdl:

<sp:SupportingTokens><wsp:Policy><sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"> <wsp:Policy> <sp:HashPassword/> <sp:WssUsernameToken10/> </wsp:Policy> </sp:UsernameToken> </wsp:Policy> </sp:SupportingTokens>

The soap request contains the following authentication information:

 <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsse:Username>user</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password> </wsse:UsernameToken> </wsse:Security>

and I get the following error:

 <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"> <env:Header/> <env:Body> <env:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <faultcode>wsse:InvalidSecurity</faultcode> <faultstring>Error on verifying message against security policy Error code:1000</faultstring> </env:Fault> </env:Body> </env:Envelope>

Can someone tell me what I'm doing wrong?

Thanks.

+4
source share
2 answers

Did you provide a username and password during a web service call? It looks like either it is not specified, or the username / password is incorrect.

+1
source

We had the same problem when calling a web service from a servlet deployed to Weblogic using weblogic.jws.jaxws.ClientPolicyFeature and weblogic.wsee.security.unt.ClientUNTCredentialProvider to set the policy, for example:

 import weblogic.jws.jaxws.ClientPolicyFeature; import weblogic.jws.jaxws.policy.InputStreamPolicySource; import weblogic.wsee.security.unt.ClientUNTCredentialProvider; ClientPolicyFeature cpf = new ClientPolicyFeature(); InputStream inputStream = ChangeLogBean.class.getClassLoader().getResourceAsStream("usernametoken.xml"); cpf.setEffectivePolicy(new InputStreamPolicySource(new InputStream[]{inputStream})); MyServiceWSPortImplService service = new MyServiceWSPortImplService(new URL(myEndpoint.getUrl()), new QName("http://myhost/myservice/V1", "MyServiceWSPortImplService")); MyService port = service.getMyServicePort(new WebServiceFeature[]{cpf}); ArrayList credentialProviders = new ArrayList(); ClientUNTCredentialProvider untCredentialProvider = new ClientUNTCredentialProvider(myEndpoint.getUser().getBytes(), myEndpoint.getPassword().getBytes()); credentialProviders.add(untCredentialProvider); Map context = ((BindingProvider)port).getRequestContext(); context.put(WSSecurityContext.CREDENTIAL_PROVIDER_LIST, credentialProviders);

But the WebServices stack used by our application is actually Apache CXF, which has a different way of specifying policies (using org.apache.neethi.Policy), as stated here:

http://cxf.apache.org/docs/how-to-define-policies.html#HowtoDefinePolicies-Dynamicallyviamessageproperty

So, the CXF stack basically ignored WSSecurityContext.CREDENTIAL_PROVIDER_LIST, and we got an error: Error checking message against security policy Error code: 1000

In this case, the correct solution would be to use the steps described in the CXF documentation:

  • Get the policy from an external location and build it for the current message.
  • Parse WS-Policy XML using the Neethi library.
  • Save the result of the Policy object to the policy content property Constants.POLICY_OVERRIDE.

I just mention it here if someone else makes the mistake of mixing CXF with Weblogic. :)

+1
source

Source: https://habr.com/ru/post/1397981/

More articles:


All Articles