Signature verification fails when signing the Body
I am trying to write a client to consume a set of about 15 Web services secured by an implementation of the WS-Security 1.0 standard. These Web services require a usernametoken, that the content of the body be signed and encrypted, and that the entire usernametoken element be encrypted as well. Normally we use Axis2 and Rampart for Java, but in this case we are constrained to using C, and because other tools like gSoap don't support XML encryption, we decided on using Axis2/C and Rampart/C. The problem is that something isn't quite working right on the signing of the content. When I perform the operation with the policy.xml file set to do these tasks, the Web service complains and fails with the following message: "An error occured while processing the message security header: Signature verification failed". This has perplexed me for a while, because the other tools I've been using seem to work properly. I've written clients in Systinet Server for Java using their WS-Security implementation, Axis2/Rampart for Java, and Axis/WSS4J implementation, all of which work properly. I took a look at the fault message that was returned to the Axis2/C client, as it included a Java exception stack, and I see that the Web services are using an implementation of security by Amberpoint along with Entrust security libraries. So I decided to make sure this was not an implementation issue with those tools. I created a fake service from one of the services' WSDL files using a testing tool I have which uses WSS4J as its WS-Security implementation. The fake service returns a similar error: "org.apache.wss4j11.security.WSSecurityException: The signature verification failed." Since I can't change the security policies of the real Web services, I decided to see what would happen if I made the signature and encryption optional in my faked out service and then played around with the options in my Axis2/C and Rampart/C based client's policy.xml file. It turns out that everything works fine except when I try to sign the body. It is when I sign the body that the signature fails. Ironically, if I sign other content in the header, such as the UsernameToken, the signature checking passes validation on my faked out service, while the real services complain that the Body isn't signed when it is required to be. Is this a known issue? I am using the 1.3.0 release. Is there any way to work around it that won't require me to change security policies on the services I am trying to consume?
Problems using Axis2/c in Windows
I am attempting to use Axis2/c 1.6.0 to generate C client stubs in
Windows with the "-d adb" option for use with the Microsoft C
compiler and am facing three problems.
First I had trouble actually generating the stubs using the WSDL2C.bat
file supplied in the package. I got past this obstacle by changing
the line that read:
java -classpath %AXIS2_CLASSPATH%
org.apache.axis2.wsdl.WSDL2C %*
to:
java -classpath
"%AXIS2_CLASSPATH%" org.apache.axis2.wsdl.WSDL2C %*
Since I can see no downside to it, may I suggest that this change
be made to the distribution package. It could save a bit of
puzzlement and frustration.
The other problems cause the generated code to get compilation
errors. The second is that declarations are generated that are not
at the top of their blocks. I see code like this:
{
axiom_node_t
*text_node = NULL;
text_node =
axiom_node_get_first_child(parent, env);
axiom_text_t
*text_element = NULL;
...
This is fine in C++ but not in plain C.
The third problem is one that I have yet to fully analyze and I will post
about it later.
By the way, I previously posted a version of this message to the
axis-user mailing list having not realized at the time that there is an
axis-c-user list.
My thanks for any assistance,
Pete Maclean
Re: Axis2c Questions
I try the following approach. I connect to the database in the function init and I use a global variable for the connection information, but when a try to make any operation in the database I receive a core dump in the service. This problem only occur when I use the axis2c module for the apache server, when I use the simple http server from axis2, the approach work like a charm, so I think that the problems is something about threads. If anybody has other idea about my questions, I thank in advance. Regards, On Oct 12, 2009, at 10:18 AM, Sam Carleton wrote: I am no Axis2/C pro, and I don't have an answer to your first Q, but I believe the answer to the second question is: Do the initial connection to the database in the service's axis2_get_instance() function and then cleanup in axis2_remove_instance(). I am using SQLite and this is where I call sqlite3_initialize() and sqlite3_shutdown(), respectfully. It works for me;) Sam On Sun, Oct 11, 2009 at 12:29 PM, Jose M Medina V > wrote: I am using Axis2/C for a few weeks and I think this is an incredible tool, but I’m still a newbie in web services world and an axis environment. So I have a couple of questions and I appreciate any help that anyone could give to me. There are some of the questions: 1. It is possible use simple XML as a message in axis2c? If it possible could send me an example? 2. If I need run some operation in a PostgreSQL database from the web service, I have to connect and disconnect to the database every time that the web service is called? Thanks in advance and apologize for my bad English. José M. Medina V. Wesam Consulting jose_med...@wesamconsulting.com Mobile: +58(416)613-3302 +58(414)019-0580 Ofc: +58(212)959-4155 Ext. 204 BB pin: 31E562BF Caracas - Venezuela José M. Medina V. Wesam Consulting jose_med...@wesamconsulting.com Mobile: +58(416)613-3302 +58(414)019-0580 Ofc: +58(212)959-4155 Ext. 204 BB pin: 31E562BF Caracas - Venezuela
