Skip to main content

help, No security header found in the message

Please note these java.net forums are being decommissioned and use the new and improved forums at https://community.oracle.com/community/java.
2 replies [Last post]
nethawk
Offline
Joined: 2012-12-14

I am write a WCF service to use wsHttpBinding and have a username / password authentication, and another to write a Java client to try to call WCF.

I use
JDK 1.6.0_37
NetBeans 7.2
Metro 2.2.1
but I get a error

com.sun.xml.wss.impl.PolicyViolationException: ERROR: No security header found in the message
at com.sun.xml.wss.impl.policy.verifier.MessagePolicyVerifier.verifyPolicy(MessagePolicyVerifier.java:138)
at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.createMessage(SecurityRecipient.java:1016)
at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:252)
at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.verifyInboundMessage(SecurityTubeBase.java:455)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientResponsePacket(SecurityClientTube.java:434)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processResponse(SecurityClientTube.java:362)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1074)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:979)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:950)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:825)
at com.sun.xml.ws.client.Stub.process(Stub.java:443)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:174)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:119)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:102)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:154)
at $Proxy41.saySomething(Unknown Source)
at wcf.javaClient.main(javaClient.java:33)

"No security header found in the message", What does this mean?

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
gmazza
Offline
Joined: 2005-01-14

If I understand correctly, your web service provider is Windows WCF and your SOAP client is using Metro, right? I'm not sure from the error message whether there's a problem with the SOAP request to the server or the SOAP response back to the client, but, for one of those two, there's no security element found in the soap:header element in the soap:envelope. You're required to do security but somehow it's being overlooked, and just a plain SOAP message with no security is being sent or received. You may wish to run Wireshark (Link #33 from http://www.jroller.com/gmazza/entry/blog_article_index) to determine which message (SOAP request or response) is failing here.

I'm not sure whether what you call "username/password authentication" is transport-layer Basic Auth over SSL or the message-layer UsernameToken security method (Links #11 and #13: http://www.jroller.com/gmazza/entry/blog_article_index) or something else, possibly. You're going to need to know that in order to set up security right.

HTH,
Glen

nethawk
Offline
Joined: 2012-12-14

Thanks gmazza, sorry, my english is very poor.
I found my problem.

Yes, my web service provider is Windows WCF and my SOAP client is using Metro.My WCF use a Custom User Name and Password Validator, so I use makecert to create X509 certificate for my localhost and export the certificate and use keytool import to my custom keystore.

I use Netbeans write a java client, but I set config error for xxxxx.svc.xml, so my java client to run fail.