Security

Why do I get the error "Incoming message does not contain required Security header"?

Typically, this error occurs when the client configuration files were not found within the client classpath. The complete content of the classes folder of the wsag4j client distribution must be placed within the classpath of a wsag4j client implementation. This comprises the files within the classes folder as well as all sub-directories, namely the Axis 2 configuration.


Why do I get the error "security processing failed"?

WSAG4J uses WS-Security time stamps to ensure a message must be delivered within a certain time frame. If the clocks of a client system and a server system are not synchronous (e.g. the time differs more than 5 minutes) the security processing will fail.

Running a client application

I can't connect to the WSAG4J server (connection refused). What can I do?

This problems has usually one of the following causes:

  1. The server disallows client access because of missing security data here.
  2. The client uses a wrong server endpoint reference (EPR). here.
  3. The gateway URL is not configured correctly for WSAG4J server. See here.

The server refuses client access with the error message "Incoming message does not contain required Security header". What can I do?

In case the client is not configured correctly (e.g. client configuration files were not found), the client would not sign outgoing messages. Since the WSAG4J server enforces message signatures, it will in turn reject these messages with the error "Incoming message does not contain required Security header". Take a look here to resolve this error.


What endpoint reference should I use to access a WSAG4J server installation?

The url a client uses to access a WSAG4J server is called WSAG4J-URL. In fact, this is the url under which the WSAG4J server application is deployed. You can use this url to check whether the server application is configured and running correctly by entering the WSAG4J-URL in a browser. An overview page with the status of the WSAG4J server installation should show up. By default, the WSAG4J-URL is http://localhost:8080/wsag4j-agreement-factory-2.0.0.

Configuration of ther WSAG4J Server

What is the gateway url of a WSAG4J server?

The gateway url of a WSAG4J server the URL from which the servercan be accessed. The gateway URL matches the WSAG4J-URL explained here. It is used by WSAG4J engine to deploy new webservice instances within the server. It is for example possible to deploy multiple agreement factories within one server installation. Each factory is deployed as a separate webservice instance. A web service instance is identified by a unique endpoint reference (EPR). Client applications can use this EPR to can access a factory. Each EPR contains the url at wich the web service instance is deployed. This is in fact the gateway URL. If the gateway address is not configured correctly, the EPRs generated by the WSAG4J server for new web service instances will not be valid. A client will not be able to e.g. access an agreement factory. A connection refused error may occur.


How do I configure the gateway url for WSAG4J server?

The gateway url can be configured in the wsrf-engine.config file. In case the gateway address is not configured correctly, a client may not be able to access the registered factories and agreements of a WSAG4J server. A connection refused error may occur instead.