Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failed to parse Created TimeStamp in UsernameTokenValidator #12523

Closed
jonasrutishauser opened this issue Jun 8, 2020 · 2 comments
Closed

Failed to parse Created TimeStamp in UsernameTokenValidator #12523

jonasrutishauser opened this issue Jun 8, 2020 · 2 comments
Assignees
@sawadood
Labels
bug This bug is not present in a released version of Open Liberty release bug This bug is present in a released version of Open Liberty release:20008

Comments

@jonasrutishauser
Copy link

Describe the bug
Sending a SOAP Request with a UsernameToken like the following does not work:

      <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
         <wsse:UsernameToken wsu:Id="Example-1">
            <wsse:Username>Zoe_test</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">love$Dogs</wsse:Password>
            <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">bOht6stnVm1gQsoaOeiauAC=</wsse:Nonce>
            <wsu:Created>2020-06-08T12:40:10Z</wsu:Created>
         </wsse:UsernameToken>
      </wsse:Security>
   </soapenv:Header>

Stacktrace in server

Interceptor for {***}MyService#{***}myMethod has thrown exception
, unwinding now
org.apache.cxf.interceptor.Fault: Can not parse TimeStamp :2020-06-08T12:50:10Z
        at org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.processUsernameToken(UsernameTokenInterceptor.java:165) ~[com.ibm.ws.org.apache.cxf.ws.security.2.6.2_1.0.40.jar:?]
        at org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.handleMessage(UsernameTokenInterceptor.java:120) ~[com.ibm.ws.org.apache.cxf.ws.security.2.6.2_1.0.40.jar:?]
        at org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.handleMessage(UsernameTokenInterceptor.java:78) ~[com.ibm.ws.org.apache.cxf.ws.security.2.6.2_1.0.40.jar:?]
        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) [com.ibm.ws.org.apache.cxf.cxf.api.2.6.2_1.0.40.jar:2.6.2]
        at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) [com.ibm.ws.org.apache.cxf.cxf.api.2.6.2_1.0.40.jar:2.6.2]
        at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:214) [com.ibm.ws.org.apache.cxf.cxf.rt.transports.http.2.6.2_1.0.40.jar:2.6.2]
        at com.ibm.ws.jaxws.endpoint.AbstractJaxWsWebEndpoint$1.run(AbstractJaxWsWebEndpoint.java:187) [com.ibm.ws.jaxws.common_1.0.40.jar:?]
        at com.ibm.ws.jaxws.endpoint.AbstractJaxWsWebEndpoint$1.run(AbstractJaxWsWebEndpoint.java:185) [com.ibm.ws.jaxws.common_1.0.40.jar:?]
        at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_201]
        at com.ibm.ws.jaxws.endpoint.AbstractJaxWsWebEndpoint.invoke(AbstractJaxWsWebEndpoint.java:185) [com.ibm.ws.jaxws.common_1.0.40.jar:?]
        at com.ibm.ws.jaxws.webcontainer.LibertyJaxWsServlet.handleRequest(LibertyJaxWsServlet.java:134) [com.ibm.ws.jaxws.webcontainer_1.0.40.jar:?]
        at com.ibm.ws.jaxws.webcontainer.LibertyJaxWsServlet.doPost(LibertyJaxWsServlet.java:93) [com.ibm.ws.jaxws.webcontainer_1.0.40.jar:?]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) [com.ibm.websphere.javaee.servlet.3.1_1.0.40.jar:?]
        at com.ibm.ws.jaxws.webcontainer.LibertyJaxWsServlet.service(LibertyJaxWsServlet.java:85) [com.ibm.ws.jaxws.webcontainer_1.0.40.jar:?]
        at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1230) [com.ibm.ws.webcontainer_1.1.40.jar:?]
        at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:729) [com.ibm.ws.webcontainer_1.1.40.jar:?]
        at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:426) [com.ibm.ws.webcontainer_1.1.40.jar:?]
        at com.ibm.ws.webcontainer.filter.WebAppFilterChain.invokeTarget(WebAppFilterChain.java:182) [com.ibm.ws.webcontainer_1.1.40.jar:?]
        at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:93) [com.ibm.ws.webcontainer_1.1.40.jar:?]
        at com.ibm.ws.security.jaspi.JaspiServletFilter.doFilter(JaspiServletFilter.java:56) [com.ibm.ws.security.jaspic.1.1_1.0.40.jar:?]
        at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:201) [com.ibm.ws.webcontainer_1.1.40.jar:?]
        at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90) [com.ibm.ws.webcontainer_1.1.40.jar:?]
        at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:1001) [com.ibm.ws.webcontainer_1.1.40.jar:?]
        at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1139) [com.ibm.ws.webcontainer_1.1.40.jar:?]
        at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1010) [com.ibm.ws.webcontainer_1.1.40.jar:?]
        at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:75) [com.ibm.ws.webcontainer_1.1.40.jar:?]
        at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:938) [com.ibm.ws.webcontainer_1.1.40.jar:?]
        at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost$2.run(DynamicVirtualHost.java:279) [com.ibm.ws.webcontainer_1.1.40.jar:?]
        at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink$TaskWrapper.run(HttpDispatcherLink.java:1134) [com.ibm.ws.transport.http_1.0.40.jar:?]
        at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink.wrapHandlerAndExecute(HttpDispatcherLink.java:415) [com.ibm.ws.transport.http_1.0.40.jar:?]
        at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink.ready(HttpDispatcherLink.java:374) [com.ibm.ws.transport.http_1.0.40.jar:?]
        at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:551) [com.ibm.ws.transport.http_1.0.40.jar:?]
        at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.handleNewRequest(HttpInboundLink.java:484) [com.ibm.ws.transport.http_1.0.40.jar:?]
        at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.processRequest(HttpInboundLink.java:346) [com.ibm.ws.transport.http_1.0.40.jar:?]
        at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.ready(HttpInboundLink.java:317) [com.ibm.ws.transport.http_1.0.40.jar:?]
        at com.ibm.ws.tcpchannel.internal.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:167) [com.ibm.ws.channelfw_1.0.40.jar:?]
        at com.ibm.ws.tcpchannel.internal.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:75) [com.ibm.ws.channelfw_1.0.40.jar:?]
        at com.ibm.ws.tcpchannel.internal.WorkQueueManager.requestComplete(WorkQueueManager.java:504) [com.ibm.ws.channelfw_1.0.40.jar:?]
        at com.ibm.ws.tcpchannel.internal.WorkQueueManager.attemptIO(WorkQueueManager.java:574) [com.ibm.ws.channelfw_1.0.40.jar:?]
        at com.ibm.ws.tcpchannel.internal.WorkQueueManager.workerRun(WorkQueueManager.java:958) [com.ibm.ws.channelfw_1.0.40.jar:?]
        at com.ibm.ws.tcpchannel.internal.WorkQueueManager$Worker.run(WorkQueueManager.java:1047) [com.ibm.ws.channelfw_1.0.40.jar:?]
        at com.ibm.ws.threading.internal.ExecutorServiceImpl$RunnableWrapper.run(ExecutorServiceImpl.java:239) [com.ibm.ws.threading_1.1.40.jar:?]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_201]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_201]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_201]
Caused by: org.apache.ws.security.WSSecurityException: Can not parse TimeStamp :2020-06-08T12:50:10Z
        at com.ibm.ws.wssecurity.cxf.validator.UsernameTokenValidator.convertDate(UsernameTokenValidator.java:460) ~[?:?]
        at com.ibm.ws.wssecurity.cxf.validator.UsernameTokenValidator.verifyCreated(UsernameTokenValidator.java:422) ~[?:?]
        at com.ibm.ws.wssecurity.cxf.validator.UsernameTokenValidator.validateCreated(UsernameTokenValidator.java:401) ~[?:?]
        at com.ibm.ws.wssecurity.cxf.validator.UsernameTokenValidator.validate(UsernameTokenValidator.java:101) ~[?:?]
        at org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:181) ~[com.ibm.ws.org.apache.ws.security.wss4j.1.6.7_1.0.40.jar:?]
        at org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:67) ~[com.ibm.ws.org.apache.ws.security.wss4j.1.6.7_1.0.40.jar:?]
        at com.ibm.ws.wssecurity.cxf.interceptor.UsernameTokenInterceptor.getPrincipal(UsernameTokenInterceptor.java:89) ~[?:?]
        at org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.processUsernameToken(UsernameTokenInterceptor.java:135) ~[com.ibm.ws.org.apache.cxf.ws.security.2.6.2_1.0.40.jar:?]
        ... 44 more
Caused by: java.text.ParseException: Unparseable date: "2020-06-08T12:50:10Z"
        at java.text.DateFormat.parse(DateFormat.java:366) ~[?:1.8.0_201]
        at com.ibm.ws.wssecurity.cxf.validator.UsernameTokenValidator.convertDate(UsernameTokenValidator.java:450) ~[?:?]
        at com.ibm.ws.wssecurity.cxf.validator.UsernameTokenValidator.verifyCreated(UsernameTokenValidator.java:422) ~[?:?]
        at com.ibm.ws.wssecurity.cxf.validator.UsernameTokenValidator.validateCreated(UsernameTokenValidator.java:401) ~[?:?]
        at com.ibm.ws.wssecurity.cxf.validator.UsernameTokenValidator.validate(UsernameTokenValidator.java:101) ~[?:?]
        at org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:181) ~[com.ibm.ws.org.apache.ws.security.wss4j.1.6.7_1.0.40.jar:?]
        at org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:67) ~[com.ibm.ws.org.apache.ws.security.wss4j.1.6.7_1.0.40.jar:?]
        at com.ibm.ws.wssecurity.cxf.interceptor.UsernameTokenInterceptor.getPrincipal(UsernameTokenInterceptor.java:89) ~[?:?]
        at org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.processUsernameToken(UsernameTokenInterceptor.java:135) ~[com.ibm.ws.org.apache.cxf.ws.security.2.6.2_1.0.40.jar:?]
        ... 44 more

Steps to Reproduce
Send valid soap request with a created timestamp in UsernameToken without milliseconds.

Expected behavior
No parse error occurs.

Diagnostic information:

  • OpenLiberty Version: 20.0.0.5 (same with older versions)
  • Java Version: 1.8.0_201-b26
  • server.xml configuration with wsSecurity-1.1 enabled
@jonasrutishauser jonasrutishauser added the bug This bug is not present in a released version of Open Liberty label Jun 8, 2020
@sawadood sawadood self-assigned this Jun 10, 2020
@sawadood sawadood added the release bug This bug is present in a released version of Open Liberty label Jun 18, 2020
@sawadood sawadood mentioned this issue Jun 18, 2020
Merged
@sawadood
Copy link
Contributor

This issue is fixed and will be available in next Liberty release.

@sawadood
Copy link
Contributor

@jonasrutishauser
Thanks for opening this issue. The issue is fixed by updating UsernameTokenValidator so that it successfully validates a UsernameToken containing created timestamp without milliseconds.
You can download the latest development build from: https://openliberty.io/downloads/#development_builds
If you disagree that issue is resolved, you can reopen this issue or open a new issue.

@jonasrutishauser jonasrutishauser mentioned this issue Oct 20, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sawadood sawadood

Labels
bug This bug is not present in a released version of Open Liberty release bug This bug is present in a released version of Open Liberty release:20008
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mbroz2 @jonasrutishauser @LibbyBot @sawadood