I am getting the below exception when I’m trying to add security headers to a SOAP envelope right before the request is sent out.
The exception is thrown upon trying to retrieve the message (so context.getMessage() is throwing the exception).
When I use SoapUI, everything works as planned. I’m using JAXB2 for marshalling on the client side, as well as the web service side.
I’m out of ideas already…Any help would be appreciated!
Thanks!!
P.S. When I take out the security check on the web service side, the exception is still thrown (and caught), but the request goes through, and the response is received without any issues.
Here is my code:
public class SoapSecurityHandler implements SOAPHandler {
private static Logger logger = Logger.getLogger(SoapSecurityHandler.class);
private final String clntUserName = "my_username";
private final String clntPassword = "my_password";
public boolean handleMessage(SOAPMessageContext context) {
logger.info("Enter handleMessage()");
Boolean outboundProperty = (Boolean) context.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
if (outboundProperty.booleanValue()) {
try {
logger.info("Getting the message");
SOAPMessage message = context.getMessage();
logger.info("Getting the soappart");
SOAPPart soapPart = message.getSOAPPart();
logger.info("Getting the envelope");
SOAPEnvelope envelope = soapPart.getEnvelope();
logger.info("Getting the factory");
SOAPFactory factory = SOAPFactory.newInstance();
logger.info("Got the factory");
QName name = new QName(
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd",
"Security", "wsse");
SOAPElement securityHeader = factory.createElement(name);
SOAPElement usernameTokenElement = securityHeader.addChildElement("UsernameToken");
SOAPElement usernameElement = usernameTokenElement.addChildElement("Username");
usernameElement.addTextNode(clntUserName);
SOAPElement pwdElement = usernameTokenElement.addChildElement("Password");
pwdElement.addTextNode(clntPassword);
logger.info("Added the username and password to the usernameToken element");
SOAPHeader header = envelope.addHeader();
logger.info("Added the header to the envelope");
header.addChildElement(securityHeader);
logger.info("Added the security header to the header");
} catch (Exception e) {
logger.error("Exception in handler: " + e);
e.printStackTrace();
}
} else {
logger.info("This is an inbound message");
}
logger.info("Exit handleMessage()");
return true;
}
public boolean handleFault(SOAPMessageContext context) {
return false;
}
public void close(MessageContext context) {
//
}
public Set getHeaders() {
return new HashSet();
}
}
org.w3c.dom.DOMException: HIERARCHY_REQUEST_ERR: An attempt was made to insert a node where it is not permitted.
at org.apache.axiom.om.impl.dom.ParentNode.insertBefore(ParentNode.java:228)
at org.apache.axiom.om.impl.dom.NodeImpl.appendChild(NodeImpl.java:240)
at org.apache.axis2.saaj.SOAPPartImpl.appendChild(SOAPPartImpl.java:948)
at com.sun.xml.bind.marshaller.SAX2DOMEx.startElement(SAX2DOMEx.java:176)
at com.sun.xml.ws.message.AbstractMessageImpl.writeTo(AbstractMessageImpl.java:158)
at com.sun.xml.ws.message.AbstractMessageImpl.readAsSOAPMessage(AbstractMessageImpl.java:193)
at com.sun.xml.ws.handler.SOAPMessageContextImpl.getMessage(SOAPMessageContextImpl.java:84)
at com.sun.xml.ws.handler.SOAPMessageContextImpl.getMessage(SOAPMessageContextImpl.java:77)
at com.comcast.cet.web.service.routing.lb.f5.impl.SoapSecurityHandler.handleMessage(SoapSecurityHandler.java:40)
at com.comcast.cet.web.service.routing.lb.f5.impl.SoapSecurityHandler.handleMessage(SoapSecurityHandler.java:1)
at com.sun.xml.ws.handler.HandlerProcessor.callHandleMessage(HandlerProcessor.java:292)
at com.sun.xml.ws.handler.HandlerProcessor.callHandlersRequest(HandlerProcessor.java:133)
at com.sun.xml.ws.handler.ClientSOAPHandlerTube.callHandlersOnRequest(ClientSOAPHandlerTube.java:138)
at com.sun.xml.ws.handler.HandlerTube.processRequest(HandlerTube.java:116)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:598)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:557)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:542)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:439)
at com.sun.xml.ws.client.Stub.process(Stub.java:248)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:135)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:118)
at $Proxy257.getWipInfoForSpecificPoolMember(Unknown Source)
at com.comcast.cet.web.service.routing.lb.LoadBalancerMain.getWipInfo(LoadBalancerMain.java:74)
at com.comcast.cet.web.service.routing.lb.LoadBalancerMain.getFarmStatus(LoadBalancerMain.java:42)
at com.comcast.cet.web.controllers.rpc.RoutingServiceImpl.getFarmStatus(RoutingServiceImpl.java:95)
at sun.reflect.GeneratedMethodAccessor130.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:562)
at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:544)
at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:504)
at com.comcast.cet.web.controllers.rpc.RoutingServiceRpcController.processCall(RoutingServiceRpcController.java:64)
at com.google.gwt.user.server.rpc.RemoteServiceServlet.processPost(RemoteServiceServlet.java:243)
at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
at com.comcast.cet.web.controllers.rpc.RoutingServiceRpcController.handleRequest(RoutingServiceRpcController.java:41)
at sun.reflect.GeneratedMethodAccessor129.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:176)
at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:42
6)
at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.java:414)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:790)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:560)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3496)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2180)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2086)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1406)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Ok, after a lot of trial and error, this is what I added to the pom.xml to fix the issue:
Weblogic was using its own impl jars, and they are, as always, outdated.
here are all of the axis2 declarations in my pom.xml file: