This discussion is archived
0 Replies Latest reply: Mar 21, 2011 11:37 AM by 849093 RSS

security procesing failed(actions mismatch) while invkng secure web-service

849093 Newbie
Currently Being Moderated

This mail is to seek help from our Java community in a issue that we are currently facing with web service we have written in the application
that I am currently working on. An early response in this is highly appreciated.

I have implemented Java client to invoke the secure web-service(Signing and Encryption of SOAP Request). I am using the classes WSSecEncrypt & WSSecSignature for signing and encrypt the request.

I did the signing and encryption for the SOAP request, invoked the Web-service. The server side received the request and sent the encrypted response. But I am getting an error in the client side while receiving the encrypted response.

Client side :
1) sign the SOAP reuqest with client private key
2) Encrypt the request with server side public key
3) invoke the web-service ( request sent to server and server sent the response) but getting error while reading the encrypted the response.

Server side :
1) receive the request
2) decrypt the request, process the request
3) encrypth the response and send to client

I am getting the below exception exactly at below line (while getting encrypted response) and I have pasted the java client code below
SOAPEnvelope resEnvelope = call.invoke(msg);

Exception message :
faultCode: {}Server.generalException
faultString: security processing failed (actions mismatch)

security processing failed (actions mismatch)
at org.apache.axis.message.SOAPFaultBuilder.createFault(
at org.apache.axis.message.SOAPFaultBuilder.endElement(
at org.apache.axis.encoding.DeserializationContext.endElement(
at javax.xml.parsers.SAXParser.parse(
at org.apache.axis.encoding.DeserializationContext.parse(
at org.apache.axis.SOAPPart.getAsSOAPEnvelope(
at org.apache.axis.Message.getSOAPEnvelope(
at org.apache.axis.transport.http.HTTPSender.readFromSocket(
at org.apache.axis.transport.http.HTTPSender.invoke(
at org.apache.axis.transport.http.HTTPSender.readFromSocket(
at org.apache.axis.transport.http.HTTPSender.invoke(
at org.apache.axis.strategies.InvocationStrategy.visit(
at org.apache.axis.SimpleChain.doVisiting(
at org.apache.axis.SimpleChain.invoke(
at org.apache.axis.client.AxisClient.invoke(
at org.apache.axis.client.Call.invokeEngine(
at org.apache.axis.client.Call.invoke(
at org.apache.axis.client.Call.invoke(
at CallSecWS.main(

Java Code :

Properties clinetProps = new Properties();               
          MessageContext msgContext = null;          
          System.setProperty("javax.xml.soap.MessageFactory", "org.apache.axis.soap.MessageFactoryImpl");          
          FileInputStream fis = new FileInputStream("C:\\");          
          Crypto ClientCrypto = CryptoFactory.getInstance(clinetProps);
          //Creating Messaging Object

          InputStream inStream = new ByteArrayInputStream(soapMsg.getBytes());
          Message axisMsg = new Message(inStream);

//creating envelople based on Message
          SOAPEnvelope envelope = axisMsg.getSOAPEnvelope();
// Encrypting an signing the SOAP request
          WSSecEncrypt encrypt = new WSSecEncrypt();
          WSSecSignature sign = new WSSecSignature();
// Set the encryption and signging details
          String strProvateKey = clinetProps.getProperty("");
          String password = clinetProps.getProperty("");

// Creating the header
          Document doc = envelope.getAsDocument();     
          WSSecHeader secHeader = new WSSecHeader();

     // Dcoument ment signed and encrypted
          Document encryptedDoc =, ClientCrypto, secHeader);
          System.out.println("After Encryption....");
          Document encryptedSignedDoc =, ClientCrypto, secHeader);
     Message msg = (Message) toSOAPMessage(encryptedSignedDoc);
     System.out.println(msg.getSOAPPartAsString() );
// Encryption and signing done and invoking the secure web-service
          String endpoint = "";
          Service service = new Service();
          Call call = (Call) service.createCall();
          call.setTargetEndpointAddress( new );
// Sender handler
          WSDoAllSender send = new WSDoAllSender();     
          send.setOption( WSHandlerConstants.SIG_PROP_FILE , "" );
          send.setOption( WSHandlerConstants.SIG_KEY_ID, "DirectReference" );
          send.setOption( WSHandlerConstants.ACTION, WSHandlerConstants.ENCRYPT +" " + WSHandlerConstants.SIGNATURE );
          send.setOption( WSHandlerConstants.USER, "PrivateKey" );     
          send.setOption( WSHandlerConstants.ENCRYPTION_USER, "serverpublickey");     
          send.setOption( WSHandlerConstants.PW_CALLBACK_CLASS,com.client.B2BCallBack.class.getName() );     

// Receiver handler
          WSDoAllReceiver recv = new WSDoAllReceiver();
          recv.setOption( WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE+ " " + WSHandlerConstants.ENCRYPT );
          recv.setOption( WSHandlerConstants.SIG_PROP_FILE, "" );
          recv.setOption( WSHandlerConstants.SIG_KEY_ID, "DirectReference" );
          recv.setOption( WSHandlerConstants.PW_CALLBACK_CLASS,com.client.B2BCallBack.class.getName() );          
          recv.setOption( WSHandlerConstants.ENCRYPTION_USER ,"serverpublickey");

          // Setting the handlers          
call.setClientHandlers(send, recv);
          System.out.println("Set the all parameters");

// Invoking the web-service.
          SOAPEnvelope resEnvelope = call.invoke(msg);

public static SOAPMessage toSOAPMessage(Document doc) throws Exception
     Canonicalizer c14n = Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
     byte[] canonicalMessage = c14n.canonicalizeSubtree(doc);
     ByteArrayInputStream in = new ByteArrayInputStream(canonicalMessage);
     MessageFactory factory = MessageFactory.newInstance();
     return factory.createMessage(null, in);

J Ashok

Edited by: 846090 on Mar 21, 2011 11:34 AM


  • Correct Answers - 10 points
  • Helpful Answers - 5 points