Shawn,
it seems that something is going wrong when preparing
the part of the XML document that is to be signed/verified.
Another idea: is there any chane that the document is modified
after it was signed? Some pretty-printing, some modifications
during transmission?
maybe you can trace the request and send it to the
list?
regards,
Werner
Shawn McKinney schrieb:
Then let UsernamenTokenSignature sign the SOAP body
(the
complete body) or a part thereof.
OK - so I'm back to figuring out why the server
signature validation fails on the complete Soap body.
This is the exception I'm getting, any idea what's the
problem here?
Exception:
2005-07-22 11:12:07,071,
org.apache.ws.security.message.EnvelopeIdResolver,
(DEBUG), Tag: #text, '
'
2005-07-22 11:12:07,071, org.apache.ws.security.TIME,
(DEBUG), engineResolve= 31
2005-07-22 11:12:07,071,
org.apache.ws.security.message.EnvelopeIdResolver,
(DEBUG), exit engineResolve, result:
XMLSignatureInput/NodeSet/211 nodes/null
2005-07-22 11:12:07,075,
org.apache.xml.security.signature.Reference, (WARN ),
Verification failed for URI "#id-20736546"
org.apache.ws.security.WSSecurityException: The
signature verification failed
at
org.apache.ws.security.WSSecurityEngine.verifyXMLSignature(WSSecurityEngine.java:644)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:334)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:259)
at
org.apache.ws.axis.security.WSDoAllReceiver.invoke(WSDoAllReceiver.java:181)
at
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at
org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at
org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at
org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at
org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at
org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:453)
at
org.apache.axis.server.AxisServer.invoke(AxisServer.java:281)
at
org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:699)
at
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:327)
at
javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at
org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
at
org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:793)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:702)
at
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:571)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:644)
at java.lang.Thread.run(Thread.java:534)
client-side.wsdd:
<deployment xmlns="http://xml.apache.org/axis/wsdd/";
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<globalConfiguration >
<requestFlow >
<handler
type="java:org.apache.ws.axis.security.WSDoAllSender"
<parameter name="action"
value="UsernameTokenSignature Encrypt Timestamp"/>
<parameter name="passwordCallbackClass"
value="x.PWClientCallback"/>
<parameter name="passwordType"
value="PasswordText" />
<parameter name="addUTElements" value="Nonce
Created" />
<parameter name="encryptionPropFile"
value="crypto.client.properties" />
<parameter name="encryptionKeyIdentifier"
value="X509KeyIdentifier" />
<parameter name="encryptionUser"
value="xespublickey" />
<parameter name="encryptionParts"
value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken";
/>
</handler>
</requestFlow >
</globalConfiguration >
</deployment>
server-side.wsdd:
<service name="IFXService2" provider="java:MSG"
style="message" use="literal">
<requestFlow name="XESSecurity">
<handler
type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="passwordCallbackClass"
value="x2.PWServerCallback"/>
<parameter name="action"
value="UsernameTokenSignature UsernameToken Encrypt
Timestamp"/>
<parameter name="decryptionPropFile"
value="crypto.server.properties"/>
</handler>
</requestFlow>
<wsdlFile>/IFXService2SOAPService.wsdl</wsdlFile>
<parameter name="allowedMethods"
value="processIFX"/>
<parameter name="className" value="x.IFXService"/>
</service>
