Skip to main content

Security error when calling webservice

2 replies [Last post]
kikujiro
Offline
Joined: 2011-08-09
Points: 0

Hi,

I have a webservice with mutual certificates security. When I call it from my client I get this exception in the server log:

Error in Verifying Security in Inbound Message. com.sun.xml.wss.impl.PolicyViolationException: ERROR: No security header found in the message

Does it have something to do with the webservices-tools.jar, etc. files? I checked the lib folder of glassfish on my server and I couldn't find them. Or do the jars have to be on the client side?

I created the webservice client in Eclipse with the usual new->web service client. The service worked before I added the security thing into the wsdl (in Netbeans). The webservices ear deploys correct.

Thanks!

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
kikujiro
Offline
Joined: 2011-08-09
Points: 0

Now I got past the last error. I think it was because I didn't use the webservices-rt lib.

Now I have another exception however:

[#|2011-10-18T08:39:31.960+0200|SEVERE|glassfish3.1.1|javax.enterprise.resource.xml.webservices.security|_ThreadID=162;_ThreadName=http-thread-pool-8080(1);|WSS1533: Validation of self signed certificate failed.|#]

[#|2011-10-18T08:39:31.971+0200|SEVERE|glassfish3.1.1|com.sun.xml.wss.provider.wsit|_ThreadID=162;_ThreadName=http-thread-pool-8080(1);|WSITPVD0035: Error in Verifying Security in Inbound Message.

com.sun.xml.wss.XWSSecurityException: Validation of self signed certificate failed
at com.sun.xml.wss.impl.misc.WSITProviderSecurityEnvironment.validateCertificate(WSITProviderSecurityEnvironment.java:937)
at com.sun.xml.ws.security.opt.impl.incoming.X509BinarySecurityToken.validate(X509BinarySecurityToken.java:185)
...

I created my own keystores through the jroller.com guide.

I know that it finds the keystores because I tried changing in the xml files to wrong filenames and got a file not found exception. I'm sure that what is written in the cml files (server and client side) is correct (at least according to the guide).

Do I have to add or change anything in the domain.xml file or from Glassfish admin console because I created new keystores?

kumarjayanti
Offline
Joined: 2003-12-10
Points: 0

 sorry for the late reply.  If you have a new Keystore and it contains a self-signed certificate then make sure the self-signed cert is also present in the configured TrustStore.