Dear Wiki user, You have subscribed to a wiki page or wiki category on "Ws Wiki" for change notification.
The following page has been changed by WernerDittmann: http://wiki.apache.org/ws/FrontPage/WsFx/wss4jFAQ ------------------------------------------------------------------------------ 1. [#isWSS4J What is WSS4J?] 1. [#isWSS4Jnot What is WSS4J not?] - 1. [#sigverify Problems and errors with Signature verificaton] + 1. [#sigverify Problems and errors with Signature verification] + 1. [#noalgo No such algorithm: http://www.w3.org/2001/04/xmlenc#rsa-1_5 or similar] + 1. [#npe Spurious Null Pointer Exception] [[Anchor(isWSS4J)]] @@ -20, +22 @@ Apache WSS4J is an implementation of the OASIS Web Services Security specifications (WS-Security, WSS) from OASIS Web Services Security TC. WSS4J is primarily a Java library that can be used to sign, verify, encrypt, - and decrypt SOAP Messages according to the WS-Security specifications. This library is independet of + and decrypt SOAP Messages according to the WS-Security specifications. This library is independent of underlying SOAP engines. The link between WSS4J and SOAP engines is provided by handlers. On top of this library we also implemented handlers for the Axis SOAP engine and for SOAP engines that use - JAX-RPC specifications. + JAX-RPC specifications. + + Here is the [http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss link] to the OASIS WS-Security + specifications. [[Anchor(isWSS4Jnot)]] ==== What is WSS4J not? ==== - WSS4J is '''not''' a tools to + WSS4J is '''not''' a tool to * manage certificates or create certificates * encrypt, decrypt, sign, and verify arbitray XML documents [[Anchor(sigverify)]] - ==== Problems and errors with Signature verificaton ==== + ==== Problems and errors with Signature verification ==== In this case you often an error or waring message similar to this one: {{{ 08:24:58,371 WARN [Reference] Verification failed for URI "#id-22221245" org.apache.ws.security.WSSecurityException: The signature verification failed @@ -44, +49 @@ Most often this problem occurs if the request message was modified ''after'' it was signed. Mostly this is due to some ''pretty printing'' where the request message was modified to look nicer. This - pretty printing inserts newlines, blanks and tabs. Very often people think that tese additional + pretty printing inserts newlines, blanks and tabs. Very often people think that these additional - charaters are removed by ''canonicalization'' (c14n) of the message. This is a common misunderstandig. + charaters are removed by ''canonicalization'' (c14n) of the message. This is a common misunderstanding. C14n does '''not''' remove these newlines or other significant whitespace. For more information on c14n refer to [http://www.w3.org/TR/xml-c14n Canonical XML]. + [[Anchor(noalgo)]] + ==== No such algorithm: http://www.w3.org/2001/04/xmlenc#rsa-1_5 or similar ==== + In most case this is a problem of a security provider. Depending on the used Java SDK + several problems may show up: + * Check if you have the full strengt encryption policy installed. + By default only the limited one is installed (please refer to Sun's Java documentation how to + get the full strength policy). + * The Bouncycastle JAR is not in the Path of the server Web application. + If WSS4J does not find the Bouncycastle in the classpath it is not + initialized and registered as security provider. The standard Sun security + provider does not support all requiered algorithms and keystore formats. + + Other Java SDKs also may have problems to initialize and install the correct security + provider. + + [[Anchor(npe)]] + ==== Spurious Null Pointer Exception ==== + Sometimes we get reports about a Null Pointer Exception (NPE) during WSS4J processing. In many + cases this is due to a non namespace aware XML parser. Sun's Java 1.4.x uses the Crimson XML + parser as default parser. This parser has problems supporting namespaces. + + If you have a NPE please check the stacktrace if you find a class similar to + {{{org.apache.crimson.tree.ElementNode2}}}. In this case you use the Crimson parser. + Please make sure that a full namespace aware parser is in the classpath, e.g. Apache + Xerces. Of course this is also true for other parsers that do not support XML namespace. +
