Hi Dobri,
I came across the same problem when there is an empty signature element
in
the message. That is if there are no references in the signature element,
xmlsec
can't process that signature. Looking at the policy, we can see it is the
case here.
So can you post your soap request ? Can you put JIRA [1] if this is the
case. This
can be fixed in Rampart. We can simply avoid creating a signature when there
is
nothing to sign.
BTW, I have a small problem about your policy. As it seems this policy
doesn't
provide any security at all. No integrity or confidentiality protections,
no timestamp
and no supporting tokens.
Regards,
Nandana
[1] - http://issues.apache.org/jira/browse/Rampart
On Nov 9, 2007 4:54 PM, Dobri Kitipov <[EMAIL PROTECTED]>
wrote:
> Hi everybody,
> I know this is a question that has been already asked in this mailing
> list but there is no answer to it.
> My environment is based on Axis2 1.3, Rampart 1.3. and
> xmlsec-1.4.1.jar. What I am testing is the symmetric binding.
> The problem is that I am receiving the following exception when
> invoking the service:
>
> 2007-11-09 11:58:24 (axis2_test.log) 09:11:2007 11:58:24,406
> [http-8081-Processor24] (AxisServlet.java:159) ERROR
> org.apache.axis2.transport.http.AxisServlet - Cannot find Reference
> in Manifest
> 2007-11-09 11:58:24 (axis2_test.log) org.w3c.dom.DOMException: Cannot
> find Reference in Manifest
> 2007-11-09 11:58:24 (axis2_test.log) at
> org.apache.xml.security.signature.Manifest.<init>(Unknown Source)
> 2007-11-09 11:58:24 (axis2_test.log) at
> org.apache.xml.security.signature.SignedInfo.<init>(Unknown Source)
> 2007-11-09 11:58:24 (axis2_test.log) at
> org.apache.xml.security.signature.XMLSignature.<init>(Unknown Source)
> 2007-11-09 11:58:24 (axis2_test.log) at
> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(
> SignatureProcessor.java:161)
> 2007-11-09 11:58:24 (axis2_test.log) at
> org.apache.ws.security.processor.SignatureProcessor.handleToken(
> SignatureProcessor.java:85)
> 2007-11-09 11:58:24 (axis2_test.log) at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(
> WSSecurityEngine.java:284)
> 2007-11-09 11:58:24 (axis2_test.log) at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(
> WSSecurityEngine.java:206)
> 2007-11-09 11:58:24 (axis2_test.log) at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(
> WSSecurityEngine.java:159)
> 2007-11-09 11:58:24 (axis2_test.log) at
> org.apache.rampart.RampartEngine.process(RampartEngine.java:127)
> 2007-11-09 11:58:24 (axis2_test.log) at
> org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:85)
> etc.........
>
> Here is my services.xml:
>
> <?xml version="1.0" encoding="UTF-8"?>
> <serviceGroup>
> <service name="HelloPojo">
> <description>Web Service HelloPojo</description>
> <parameter name="ServiceClass">
> com.mycompany.wsstack.pojo.HelloPojo</parameter>
> <messageReceivers>
> <messageReceiver
> class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"
> mep="http://www.w3.org/2004/08/wsdl/in-out"/>
> </messageReceivers>
> <operation name="sayHello"/>
> <wsp:Policy wsu:Id="User defined"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> ">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SymmetricBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <wsp:Policy>
>
> <sp:ProtectionToken>
> <wsp:Policy
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
>
> <sp:X509Token
> sp:IncludeToken="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
>
> <wsp:Policy>
>
> <sp:WssX509V3Token10/>
>
> <sp:RequireDerivedKeys/>
>
> </wsp:Policy>
>
> </sp:X509Token>
>
> </wsp:Policy>
>
> </sp:ProtectionToken>
> <sp:AlgorithmSuite
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>
> <wsp:Policy>
>
> <sp:Basic128/>
>
> </wsp:Policy>
>
> </sp:AlgorithmSuite>
> <sp:Layout>
>
> <wsp:Policy>
>
> <sp:Strict/>
>
> </wsp:Policy>
> </sp:Layout>
> </wsp:Policy>
> </sp:SymmetricBinding>
> <sp:Wss10 xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <sp:Policy>
>
> <sp:MustSupportRefKeyIdentifier/>
>
> <sp:MustSupportRefIssuerSerial/>
> </sp:Policy>
> </sp:Wss10>
> <sp:SignedSupportingTokens
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <wsp:Policy/>
> </sp:SignedSupportingTokens>
> <ramp:RampartConfig xmlns:ramp="
> http://ws.apache.org/rampart/policy";>
>
> <ramp:user>service</ramp:user>
>
> <ramp:encryptionUser>client</ramp:encryptionUser>
>
> <ramp:passwordCallbackClass>
> com.mycompany.wsstack.pwcb.PasswordCallbackHandler
> </ramp:passwordCallbackClass>
> <ramp:signatureCrypto>
> <ramp:crypto
> provider="org.apache.ws.security.components.crypto.Merlin">
>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type
> ">JKS</ramp:property>
>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.file">service.jks
> </ramp:property>
>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password
> ">openssl</ramp:property>
> </ramp:crypto>
> </ramp:signatureCrypto>
> <ramp:encryptionCypto>
> <ramp:crypto
> provider="org.apache.ws.security.components.crypto.Merlin">
>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type
> ">JKS</ramp:property>
>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.file">service.jks
> </ramp:property>
>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password
> ">openssl</ramp:property>
> </ramp:crypto>
> </ramp:encryptionCypto>
> </ramp:RampartConfig>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> <module ref="addressing"/>
> <module ref="rampart"/>
> </service>
> </serviceGroup>
>
>
> Can someone give me some info about that problem?
>
>
> Thank you in advance!
> Dobri
>
