AnsweredAssumed Answered

CMIS authentication issues

Question asked by safroe on Jul 9, 2010
Latest reply on Jul 9, 2010 by safroe
Hi there,

I am trying to authenticate with the CMIS web services, but I always get this SOAPFaultException "An error was discovered processing the <wsse:Security> header". I compared my soap messages with other, working soap messages, but I don't get the problem. I am adding the security headers by implementing the SOAPHandler<SOAPMessageContext> interface with the following code:

   @Override
   public boolean handleMessage(SOAPMessageContext context) {
      Boolean outbound = (Boolean) context
            .get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);

      SOAPEnvelope envelope = null;
      SOAPHeader h = null;
      
      try {
         envelope = context.getMessage().getSOAPPart().getEnvelope();
         h = envelope.addHeader();

      } catch (SOAPException e1) {
         e1.printStackTrace();
      }
   
      WSSecHeader securityHeader = new WSSecHeader();
      securityHeader.setMustUnderstand(true);
      securityHeader.insertSecurityHeader(envelope.getOwnerDocument());
      
      UsernameToken usernameToken = new UsernameToken(Boolean.TRUE, envelope.getOwnerDocument(), WSConstants.PASSWORD_TEXT);
      usernameToken.setName("admin");
      usernameToken.setPassword("admin");
      
      Timestamp timestamp = new Timestamp(Boolean.TRUE, envelope.getOwnerDocument(), 500);
      
      securityHeader.getSecurityHeader().appendChild(usernameToken.getElement());
      securityHeader.getSecurityHeader().appendChild(timestamp.getElement());
      h.appendChild(securityHeader.getSecurityHeader());
      
      try {
         context.getMessage().saveChanges();
      } catch (SOAPException e1) {
         e1.printStackTrace();
      }
      
      if (outbound) {
         System.out.println("Outgoing message:");
         try {
            context.getMessage().writeTo(System.out);
            System.out.println();
         } catch (SOAPException e) {
            e.printStackTrace();
         } catch (IOException e) {
            e.printStackTrace();
         }
      }
      else {
         System.out.println("Incoming message");
         try {
            context.getMessage().writeTo(System.out);
            System.out.println();
         } catch (SOAPException e) {
            e.printStackTrace();
         } catch (IOException e) {
            e.printStackTrace();
         }
      }
      return true;
   }

The SOAP message looks like this:


<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
   <S:Header>
      <wsse:Security
         xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
         S:mustUnderstand="1">
         <wsse:UsernameToken>
            <wsse:Username>admin</wsse:Username>
            <wsse:Password
               Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">admin</wsse:Password>
         </wsse:UsernameToken>
         <wsu:Timestamp
            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsu:Created>2010-07-09T08:44:16.221Z</wsu:Created>
            <wsu:Expires>2010-07-09T08:52:36.221Z</wsu:Expires>
         </wsu:Timestamp>
      </wsse:Security>
   </S:Header>
   <S:Body>
      <ns3:getRepositories xmlns="http://www.alfresco.org"
         xmlns:ns2="http://docs.oasis-open.org/ns/cmis/core/200908/"
         xmlns:ns3="http://docs.oasis-open.org/ns/cmis/messaging/200908/">
         <ns3:extension />
      </ns3:getRepositories>
   </S:Body>
</S:Envelope>

I am using wss4j-1.5.8… does anyone see the problem?

Thanks and greetings,
Sascha Fröhlich

Outcomes