java - SoapFault: Failed to assert identity with UsernameToken -

java - SoapFault: Failed to assert identity with UsernameToken -

i'm trying send request web service has "wssp1.2-2007-https-usernametoken-digest.xml" policy.

below code, i'm using apache cxf library on eclipse:

public static void main(string[]args){ carddetails_service cds = new carddetails_service(); carddetails cdsport = cds.getcarddetailsport(); //end_init_load //retrieve client object port client client = clientproxy.getclient(cdsport); endpoint cxfendpoint = client.getendpoint(); map<string, object> ctx = ((bindingprovider) cdsport).getrequestcontext(); ctx.put("ws-security.username", "weblogicdev"); ctx.put("ws-security.password", "weblogic123"); client.getininterceptors().add(new loggingininterceptor()); client.getoutinterceptors().add(new loggingoutinterceptor()); customerrequestparam crp = new customerrequestparam(); crp.setcustomerid("dasd"); crp.setdatalevel("adsa"); crp.setinstitution("11"); customerresponseparam crpresponse = cdsport.getcarddetailbycustomeroperation(crp); system.out.println(crpresponse.getresponsedetails().getresponsecode()+"]["+crpresponse.getresponsedetails().getresponsedescription()); }

when alter policy of web service wssp1.2-2007-https-usernametoken-plain.xml, code above works, , response.

but when switch digest, doesn't work.

below output of generated request of requests in both policies: usernametoken-digest:

<soap:envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap-env:header xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/"> <wsse:security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustunderstand="1"> <wsu:timestamp wsu:id="ts-9cec2846-7695-4c8b-b7c3-4c8cf6887b9e"> <wsu:created>2014-06-26t12:55:32.262z </wsu:created> <wsu:expires>2014-06-26t13:00:32.262z </wsu:expires> </wsu:timestamp> <wsse:usernametoken wsu:id="usernametoken-36511701-a842-4ba5-8e29-dc8841fb3a61"> <wsse:username>weblogicdev </wsse:username> <wsse:password type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#passworddigest">m5nhnfd+lt9e9sk8caclhdfntdq= </wsse:password> <wsse:nonce encodingtype="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#base64binary">mklsvklpcqykoosbgnszvg== </wsse:nonce> <wsu:created>2014-06-26t12:55:32.270z </wsu:created> </wsse:usernametoken> </wsse:security> </soap-env:header> <soap:body> <customerrequest xmlns="www.mdsl.eft.cms.com"> <institution>11 </institution> <customer_id>dasd </customer_id> <data_level>adsa </data_level> </customerrequest> </soap:body> </soap:envelope>

usernametoken-plain:

<soap:envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap-env:header xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/"> <wsse:security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustunderstand="1"> <wsu:timestamp wsu:id="ts-9140d6d2-ce36-4efd-aedd-bfc338480993"> <wsu:created>2014-06-26t12:45:49.342z </wsu:created> <wsu:expires>2014-06-26t12:50:49.342z </wsu:expires> </wsu:timestamp> <wsse:usernametoken wsu:id="usernametoken-a16f2785-c64d-44df-87e8-b8b840612192"> <wsse:username>weblogicdev </wsse:username> <wsse:password type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#passwordtext">weblogic123 </wsse:password> </wsse:usernametoken> </wsse:security> </soap-env:header> <soap:body> <customerrequest xmlns="www.mdsl.eft.cms.com"> <institution>11 </institution> <customer_id>dasd </customer_id> <data_level>adsa </data_level> </customerrequest> </soap:body> </soap:envelope>

the requests changing suit switch of policies don't understand why i'm getting "failed assert identity usernametoken".

for more info, below total trace:

jun 26, 2014 5:32:18 pm io.netty.util.internal.logging.slf4jlogger info info: platform not provide finish low-level api accessing direct buffers reliably. unless explicitly requested, heap buffer preferred avoid potential scheme unstability. jun 26, 2014 5:32:19 pm org.apache.cxf.wsdl.service.factory.reflectionservicefactorybean buildservicefromwsdl info: creating service {http://test/}carddetails wsdl: https://localhost:7002/testwebservice/carddetailsport?wsdl jun 26, 2014 5:32:19 pm org.apache.cxf.services.carddetails.carddetailsport.carddetails info: outbound message --------------------------- id: 1 address: https://localhost:7002/testwebservice/carddetailsport encoding: utf-8 http-method: post content-type: text/xml headers: {accept=[*/], soapaction=["urn:test/getcarddetailbycustomeroperation"]} payload: <soap:envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap-env:header xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/"><wsse:security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustunderstand="1"><wsu:timestamp wsu:id="ts-2f3ad257-f56f-4658-8553-2867143f2188"><wsu:created>2014-06-26t14:32:19.664z</wsu:created><wsu:expires>2014-06-26t14:37:19.664z</wsu:expires></wsu:timestamp><wsse:usernametoken wsu:id="usernametoken-bcb0d1b1-3ee3-4182-bdc6-476f86006153"><wsse:username>weblogicdev</wsse:username><wsse:password type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#passworddigest">iqb9xe1/gqwfpw0cu1noo96eh2i=</wsse:password><wsse:nonce encodingtype="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#base64binary">3bkqp6r7mpjrs5aiohrweq==</wsse:nonce><wsu:created>2014-06-26t14:32:19.671z</wsu:created></wsse:usernametoken></wsse:security></soap-env:header><soap:body><customerrequest xmlns="www.mdsl.eft.cms.com"><institution>11</institution><customer_id>dasd</customer_id><data_level>adsa</data_level></customerrequest></soap:body></soap:envelope> -------------------------------------- jun 26, 2014 5:32:19 pm org.apache.cxf.services.carddetails.carddetailsport.carddetails info: inbound message ---------------------------- id: 1 response-code: 500 encoding: utf-8 content-type: text/xml;charset="utf-8" headers: {content-length=[380], content-type=[text/xml;charset="utf-8"], date=[thu, 26 jun 2014 14:32:19 gmt], x-oracle-dms-ecid=[37cb61f8f3397d86:62376f09:146d4fa0d76:-8000-0000000000000c23], x-powered-by=[servlet/2.5 jsp/2.1]} payload: <?xml version='1.0' encoding='utf-8'?><env:envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:body><env:fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><faultcode>wsse:failedauthentication</faultcode><faultstring>failed assert identity usernametoken.</faultstring></env:fault></env:body></env:envelope> -------------------------------------- jun 26, 2014 5:32:19 pm org.apache.cxf.ws.security.wss4j.wss4jininterceptor handlemessage warning: request not contain security header, it's fault. exception in thread "main" javax.xml.ws.soap.soapfaultexception: failed assert identity usernametoken. @ org.apache.cxf.jaxws.jaxwsclientproxy.invoke(jaxwsclientproxy.java:159) @ $proxy35.getcarddetailbycustomeroperation(unknown source) @ test.tester.main(tester.java:83) caused by: org.apache.cxf.binding.soap.soapfault: failed assert identity usernametoken. @ org.apache.cxf.binding.soap.interceptor.soap11faultininterceptor.unmarshalfault(soap11faultininterceptor.java:84) @ org.apache.cxf.binding.soap.interceptor.soap11faultininterceptor.handlemessage(soap11faultininterceptor.java:51) @ org.apache.cxf.binding.soap.interceptor.soap11faultininterceptor.handlemessage(soap11faultininterceptor.java:40) @ org.apache.cxf.phase.phaseinterceptorchain.dointercept(phaseinterceptorchain.java:307) @ org.apache.cxf.interceptor.abstractfaultchaininitiatorobserver.onmessage(abstractfaultchaininitiatorobserver.java:113) @ org.apache.cxf.binding.soap.interceptor.checkfaultinterceptor.handlemessage(checkfaultinterceptor.java:69) @ org.apache.cxf.binding.soap.interceptor.checkfaultinterceptor.handlemessage(checkfaultinterceptor.java:34) @ org.apache.cxf.phase.phaseinterceptorchain.dointercept(phaseinterceptorchain.java:307) @ org.apache.cxf.endpoint.clientimpl.onmessage(clientimpl.java:798) @ org.apache.cxf.transport.http.httpconduit$wrappedoutputstream.handleresponseinternal(httpconduit.java:1636) @ org.apache.cxf.transport.http.httpconduit$wrappedoutputstream.handleresponse(httpconduit.java:1525) @ org.apache.cxf.transport.http.httpconduit$wrappedoutputstream.close(httpconduit.java:1330) @ org.apache.cxf.transport.http.netty.client.nettyhttpconduit$nettywrappedoutputstream.close(nettyhttpconduit.java:153) @ org.apache.cxf.io.cacheandwriteoutputstream.postclose(cacheandwriteoutputstream.java:56) @ org.apache.cxf.io.cachedoutputstream.close(cachedoutputstream.java:215) @ org.apache.cxf.transport.abstractconduit.close(abstractconduit.java:56) @ org.apache.cxf.transport.http.httpconduit.close(httpconduit.java:638) @ org.apache.cxf.interceptor.messagesenderinterceptor$messagesenderendinginterceptor.handlemessage(messagesenderinterceptor.java:62) @ org.apache.cxf.phase.phaseinterceptorchain.dointercept(phaseinterceptorchain.java:307) @ org.apache.cxf.endpoint.clientimpl.doinvoke(clientimpl.java:514) @ org.apache.cxf.endpoint.clientimpl.invoke(clientimpl.java:423) @ org.apache.cxf.endpoint.clientimpl.invoke(clientimpl.java:326) @ org.apache.cxf.endpoint.clientimpl.invoke(clientimpl.java:279) @ org.apache.cxf.frontend.clientproxy.invokesync(clientproxy.java:96) @ org.apache.cxf.jaxws.jaxwsclientproxy.invoke(jaxwsclientproxy.java:137) ... 2 more

from page 6 of this document

password_digest = base64 ( sha-1 ( nonce + created + password ) )

can verify digest correctly next formula?

the actual code performs validation on server side can found here

java web-services client cxf ws-security