0 Replies Latest reply: Mar 21, 2011 1:37 PM by 849093 RSS

    security procesing failed(actions mismatch) while invkng secure web-service

    849093
      Hi,

      This mail is to seek help from our Java community in a issue that we are currently facing with web service we have written in the application
      that I am currently working on. An early response in this is highly appreciated.

      I have implemented Java client to invoke the secure web-service(Signing and Encryption of SOAP Request). I am using the classes WSSecEncrypt & WSSecSignature for signing and encrypt the request.

      I did the signing and encryption for the SOAP request, invoked the Web-service. The server side received the request and sent the encrypted response. But I am getting an error in the client side while receiving the encrypted response.


      Client side :
      1) sign the SOAP reuqest with client private key
      2) Encrypt the request with server side public key
      3) invoke the web-service ( request sent to server and server sent the response) but getting error while reading the encrypted the response.

      Server side :
      1) receive the request
      2) decrypt the request, process the request
      3) encrypth the response and send to client

      I am getting the below exception exactly at below line (while getting encrypted response) and I have pasted the java client code below
      SOAPEnvelope resEnvelope = call.invoke(msg);


      Exception message :
      AxisFault
      faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
      faultSubcode:
      faultString: security processing failed (actions mismatch)
      faultActor:
      faultNode:
      faultDetail:
      {http://xml.apache.org/axis/}hostname:apsp9097

      security processing failed (actions mismatch)
      at org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:222)
      at org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:129)
      at org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087)
      at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.endElement(AbstractSAXParser.java:601)
      at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanEndElement(XMLDocumentFragmentScannerImpl.java:1774)
      at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2930)
      at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:648)
      at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(XMLNSDocumentScannerImpl.java:140)
      at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:510)
      at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:807)
      at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737)
      at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:107)
      at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1205)
      at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:522)
      at javax.xml.parsers.SAXParser.parse(SAXParser.java:395)
      at org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)
      at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
      at org.apache.axis.Message.getSOAPEnvelope(Message.java:435)
      at org.apache.axis.transport.http.HTTPSender.readFromSocket(HTTPSender.java:796)
      at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:144)
      at org.apache.axis.transport.http.HTTPSender.readFromSocket(HTTPSender.java:727)
      at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:144)
      at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
      at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
      at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
      at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
      at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
      at org.apache.axis.client.Call.invoke(Call.java:2767)
      at org.apache.axis.client.Call.invoke(Call.java:1870)
      at CallSecWS.main(CallSecWS.java:118)


      Java Code :

      Properties clinetProps = new Properties();               
                MessageContext msgContext = null;          
                System.setProperty("javax.xml.soap.MessageFactory", "org.apache.axis.soap.MessageFactoryImpl");          
                FileInputStream fis = new FileInputStream("C:\\crypto.properties");          
                clinetProps.load(fis);
                Crypto ClientCrypto = CryptoFactory.getInstance(clinetProps);
                //Creating Messaging Object

                InputStream inStream = new ByteArrayInputStream(soapMsg.getBytes());
                Message axisMsg = new Message(inStream);
                axisMsg.setMessageContext(msgContext);

      //creating envelople based on Message
                SOAPEnvelope envelope = axisMsg.getSOAPEnvelope();
                
      // Encrypting an signing the SOAP request
                WSSecEncrypt encrypt = new WSSecEncrypt();
                WSSecSignature sign = new WSSecSignature();
                
      // Set the encryption and signging details
                encrypt.setUserInfo("serverpublickey");     
                String strProvateKey = clinetProps.getProperty("org.apache.ws.security.crypto.merlin.keystore.alias");
                String password = clinetProps.getProperty("org.apache.ws.security.crypto.merlin.keystore.password");
                sign.setUserInfo(strProvateKey,password);     

      // Creating the header
                Document doc = envelope.getAsDocument();     
                WSSecHeader secHeader = new WSSecHeader();
                secHeader.insertSecurityHeader(doc);


           // Dcoument ment signed and encrypted
                Document encryptedDoc = encrypt.build(doc, ClientCrypto, secHeader);
                System.out.println("After Encryption....");
                Document encryptedSignedDoc = sign.build(encryptedDoc, ClientCrypto, secHeader);
           Message msg = (Message) toSOAPMessage(encryptedSignedDoc);
           System.out.println(msg.getSOAPPartAsString() );
                
      // Encryption and signing done and invoking the secure web-service
                String endpoint = "http://sys.ws.com/services/SecureService";
                Service service = new Service();
                Call call = (Call) service.createCall();
                call.setTargetEndpointAddress( new java.net.URL(endpoint) );
                call.setOperationStyle(org.apache.axis.constants.Style.MESSAGE);
                
      // Sender handler
                WSDoAllSender send = new WSDoAllSender();     
                send.setOption( WSHandlerConstants.SIG_PROP_FILE , "crypto.properties" );
                send.setOption( WSHandlerConstants.SIG_KEY_ID, "DirectReference" );
                send.setOption( WSHandlerConstants.ACTION, WSHandlerConstants.ENCRYPT +" " + WSHandlerConstants.SIGNATURE );
                send.setOption( WSHandlerConstants.USER, "PrivateKey" );     
                send.setOption( WSHandlerConstants.ENCRYPTION_USER, "serverpublickey");     
                send.setOption( WSHandlerConstants.PW_CALLBACK_CLASS,com.client.B2BCallBack.class.getName() );     
                

      // Receiver handler
                WSDoAllReceiver recv = new WSDoAllReceiver();
                recv.setOption( WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE+ " " + WSHandlerConstants.ENCRYPT );
                recv.setOption( WSHandlerConstants.SIG_PROP_FILE, "crypto.properties" );
                recv.setOption( WSHandlerConstants.SIG_KEY_ID, "DirectReference" );
                recv.setOption( WSHandlerConstants.PW_CALLBACK_CLASS,com.client.B2BCallBack.class.getName() );          
                recv.setOption( WSHandlerConstants.ENCRYPTION_USER ,"serverpublickey");

                // Setting the handlers          
      call.setClientHandlers(send, recv);
                System.out.println("Set the all parameters");

      // Invoking the web-service.
                SOAPEnvelope resEnvelope = call.invoke(msg);



      public static SOAPMessage toSOAPMessage(Document doc) throws Exception
      {
           Canonicalizer c14n = Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
           byte[] canonicalMessage = c14n.canonicalizeSubtree(doc);
           ByteArrayInputStream in = new ByteArrayInputStream(canonicalMessage);
           MessageFactory factory = MessageFactory.newInstance();
           return factory.createMessage(null, in);
      }


      Thanks
      J Ashok

      Edited by: 846090 on Mar 21, 2011 11:34 AM