Home/ Questions/Q 8142207
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-06T12:44:22+00:00

I have a jax-ws web service developped using netbeans 7 and glassfish 3.1.2 .

  • 0

I have a jax-ws web service developped using netbeans 7 and glassfish 3.1.2 .
I configured the web service to use Username authentication with symmetric keys security and default keystore.
When I test my web service in localhost everything work fine but when I delployed it in remote test server it didnt’ work .
First I got exception complaining about Key used to decrypt EncryptedKey cannot be null so I uploaded the local keystore.jks and cacerts.jks to the remote server.

Now I’m gettinh those exceptions:

Server side:

WSITPVD0035: Error in Verifying Security in Inbound Message. com.sun.xml.wss.impl.PolicyViolationException: com.sun.xml.wss.impl.WssSoapFaultException: Invalid Security Header at 
com.sun.xml.wss.impl.policy.verifier.MessagePolicyVerifier.verifyPolicy(MessagePolicyVerifier.java:151) at 
com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.createMessage(SecurityRecipient.java:1003) at 
com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:248) at 
com.sun.xml.wss.provider.wsit.WSITServerAuthContext.verifyInboundMessage(WSITServerAuthContext.java:588) at 
com.sun.xml.wss.provider.wsit.WSITServerAuthContext.validateRequest(WSITServerAuthContext.java:361) at 
com.sun.xml.wss.provider.wsit.WSITServerAuthContext.validateRequest(WSITServerAuthContext.java:264) at 
com.sun.enterprise.security.webservices.CommonServerSecurityPipe.processRequest(CommonServerSecurityPipe.java:173) at 
com.sun.enterprise.security.webservices.CommonServerSecurityPipe.process(CommonServerSecurityPipe.java:144) at 
com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:119) at 
com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:961) at 
com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:910) at 
com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:873) at 
com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:775) at 
com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:386) at 
com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:640) at 
com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:263) at 
com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:163) at 
org.glassfish.webservices.Ejb3MessageDispatcher.handlePost(Ejb3MessageDispatcher.java:120) at 
org.glassfish.webservices.Ejb3MessageDispatcher.invoke(Ejb3MessageDispatcher.java:91) at 
org.glassfish.webservices.EjbWebServiceServlet.dispatchToEjbEndpoint(EjbWebServiceServlet.java:200) at 
org.glassfish.webservices.EjbWebServiceServlet.service(EjbWebServiceServlet.java:131) at 
javax.servlet.http.HttpServlet.service(HttpServlet.java:770) at 
com.sun.grizzly.http.servlet.ServletAdapter$FilterChainImpl.doFilter(ServletAdapter.java:1059) at 
com.sun.grizzly.http.servlet.ServletAdapter$FilterChainImpl.invokeFilterChain(ServletAdapter.java:999) at 
com.sun.grizzly.http.servlet.ServletAdapter.doService(ServletAdapter.java:434) at 
com.sun.grizzly.http.servlet.ServletAdapter.service(ServletAdapter.java:384) at 
com.sun.grizzly.tcp.http11.GrizzlyAdapter.service(GrizzlyAdapter.java:179) at 
com.sun.enterprise.v3.server.HK2Dispatcher.dispath(HK2Dispatcher.java:117) at 
com.sun.enterprise.v3.services.impl.ContainerMapper$Hk2DispatcherCallable.call(ContainerMapper.java:354) at 
com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:195) at 
com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:849) at 
com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:746) at 
com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1045) at 
com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:228) at 
com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137) at 
com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104) at 
com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90) at 
com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79) at 
com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54) at 
com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59) at 
com.sun.grizzly.ContextTask.run(ContextTask.java:71) at 
com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532) at 
com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513) at 
java.lang.Thread.run(Thread.java:662) Caused by: com.sun.xml.wss.impl.WssSoapFaultException: Invalid Security Header at 
com.sun.xml.ws.security.opt.impl.util.SOAPUtil.newSOAPFaultException(SOAPUtil.java:159) at 
com.sun.xml.wss.impl.policy.verifier.MessagePolicyVerifier.processSecondaryPolicy(MessagePolicyVerifier.java:220) at 
com.sun.xml.wss.impl.policy.verifier.MessagePolicyVerifier.verifyPolicy(MessagePolicyVerifier.java:144) ... 43 more

Client side:

Exception in thread "AWT-EventQueue-0" javax.xml.ws.soap.SOAPFaultException: Invalid Security Header
    at com.sun.xml.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:193)
    at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:126)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:123)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:93)
    at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:144)

How can i fix this ?

Thanks .

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The stack trace does not look familiar to me but maybe your problem is the certificate itself.

    When you create a certificate you should set a ‘server name’. This will be used by the client to check if the certificate’s ‘server name’ match with the URL ‘server name’. If the server names does not match the client should abort the connection because it can be an stolen certificate!!!. For more info, check this tutorial

    Example with a java client: if you create a certificate for 'localhost' the client
    verification will pass if and only if it access the web service using an URL
    like 'https://localhost/stuff...'. So, if you tries to access the same application with the same client but using the IP like 'https://10.0.0.1/stuff...', a verification error should arise.

    NOTE: The default configuration of a java web service client do this check, but If you want to bypass this client side verification please check this post

    Try to check if this is the problem you are having. If it is the case you have several solutions:

    • Create a certificate for the server where you are deploying the
      application
    • Disable client side verification

    PS: I never did something special on the server-side to solve this kind of issues. Installing the correct certificate should be enough

    • 0