Friday, 2 March 2012

soapUI request exception - An error was discovered processing the <wsse:Security> header

You've created a soapUI project which connects and fire request to Spring based CXF web service endpoint. Let me make it clear at this stage that, you will have to have access to the endpoint source and Spring context beans to be able to resolve this issue. In your Spring context bean, you have defined WSS4JInInterceptor security interceptor to your endpoint, which requires that, all SOAP requests hold a header with security credentials accepted for access grant. Below shows a typical security interceptor defintion for CXF endpoint:

  
    
      
        
          
            
            
            
              
            
          
        
      
    
  
You decided to test your endpoint calls with soapUI, and so you fired a typical call like:

   
   
   
      
         echo hello world
      
   

..then to your surprise the response message:

   
      
         ns1:InvalidSecurity
         An error was discovered processing the <wsse:Security> header
      
   

And so you became curious, started digging for clues, tailed your server logs. And there it was:
org.apache.cxf.phase.PhaseInterceptorChain Interceptor for {http://mypackage/}Service 
has thrown exception, unwinding noworg.apache.cxf.binding.soap.SoapFault: An error was 
discovered processing the

...

Caused by: org.apache.ws.security.WSSecurityException: 
An error was discovered processing the  header at 
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions
(WSS4JInInterceptor.java:331) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
.handleMessage(WSS4JInInterceptor.java:287)
 ... 23 more
SOLUTION:
Add wsse:Security header data required by the interceptor to resolve your call. Your request should now look something like this:

   
    
      
      admin
      culprit
     
    
   

   
      
         echo hello world
      
   

Hope this helps!

1 comment:

  1. In soapui, you can configure security without having to add soapenv manually.
    Check out this link
    http://www.soapui.org/SOAP-and-WSDL/applying-ws-security.html

    ReplyDelete