|
Hi, I work on testing interoperability between Java and .net WebServices. At present, my main problem is to sign request. My client can send a signed request to the server, but the server response with a soap error: : (snippet of the result on the client side) Erreur: WSE402: The message does not conform to the policy it was mapped to. AxisFault faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Client faultSubcode: faultString: WSE402: The message does not conform to the policy it was mapped to. faultActor: http://server04/ServiceSecurise/Service1.asmx faultNode: faultDetail: {http://xml.apache.org/axis/}stackTrace:WSE402: The message does not conform to the policy it was mapped to. at org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:221) at org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:128) at org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087) at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source) at org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown Source) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source) at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) at org.apache.xerces.parsers.XMLParser.parse(Unknown Source) at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source) at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source) at javax.xml.parsers.SAXParser.parse(SAXParser.java:375) at org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227) at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696) at org.apache.axis.Message.getSOAPEnvelope(Message.java:424) at org.apache.axis.message.addressing.handler.AddressingHandler.processClientResponse(AddressingHandler.java:300) at org.apache.axis.message.addressing.handler.AddressingHandler.invoke(AddressingHandler.java:110) at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) at org.apache.axis.client.AxisClient.invoke(AxisClient.java:190) at org.apache.axis.client.Call.invokeEngine(Call.java:2765) at org.apache.axis.client.Call.invoke(Call.java:2748) at org.apache.axis.client.Call.invoke(Call.java:2424) at org.apache.axis.client.Call.invoke(Call.java:2347) at org.apache.axis.client.Call.invoke(Call.java:1804) at wss.Service1Soap_BindingStub.helloWorld(Service1Soap_BindingStub.java:115) at ws.Main.main(Main.java:102) I checked all the certificate and the policy on the server is correct: I catch the xml message from the Java Client and from the .net Client. Here is the main difference between the 2 files: WSS4J CLIENT: ... </ds:Transforms>
<ds:DigestValue>V9LIVl8g9d9u1dvhWrcUwXHJu/8=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>VDg9rKbO2cGkoMvmaHNxL5bnLki+A41AsiPd3PZakFtic3XLmrQ42jiwFufqkJXkZDubzPzQCyTM
OBI5De6Ub+mK81c6BsO6qrKiJjLP+tZuSPMjqwwFjxE06qnCoLlqhgewJ7MIaO+EvertTffiFgSl
xMAZNsL9XoMWGX7bSbU=</ds:SignatureValue>
-
<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-22908277">
<wsse:Reference
URI="#CertId-14080341" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
... .NET CLIENT ...
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
</Transforms>
<DigestValue>v4Te1liHeznwsXqfYThWz4/oGY8=</DigestValue>
</Reference>
</Transforms>
<DigestValue>t9W3z0PflXfGh/dhTekRC/32PqM=</DigestValue>
</Reference>
</Transforms>
<DigestValue>bX3Xibb7JA1TAAZFLjxwwWAxJus=</DigestValue>
</Reference>
</Transforms>
<DigestValue>xApDHcXdNXowrCxORsCYZbIKiLs=</DigestValue>
</Reference>
</Transforms>
<DigestValue>w22vEmgmXpdiNBkZXtZRj1Yp2Zk=</DigestValue>
</Reference>
</Transforms>
<DigestValue>WghIsez5aKicT4HXUSDFq+YkTUA=</DigestValue>
</Reference>
</SignedInfo>
...
As you can see there is much more reference on the .NET CLIENT. My questions: - Do you think that the error message come from this lack of reference? - How is it possible to change the configuration of my Java Client to make possible the interop? Here is my WSDD file: <?xml version="1.0" encoding="UTF-8"?> <deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java"> <transport name="http" pivot="java:org.apache.axis.transport.http.HTTPSender"/> <globalConfiguration> <requestFlow> <!-- ADDRESSING --> <handler type="java:org.apache.axis.message.addressing.handler.AddressingHandler"/> <!-- SECURITY --> <handler type="java:org.apache.ws.axis.security.WSDoAllSender"> <parameter name="action" value="Signature" /> <parameter name="user" value="dbfc1bde493de4894975e09e5c6247e3_435e19e1-be28-4dd4-817c-f1e0c5bbc233" /> <parameter name="passwordCallbackClass" value="ws.PWCallback" /> <parameter name="signaturePropFile" value="crypto.properties" /> <parameter name="signatureKeyIdentifier" value="DirectReference" /> </handler> <handler type="java:org.apache.ws.axis.security.WSDoAllSender"><!-- OK --> <parameter name="action" value="UsernameToken Timestamp" /> <parameter name="user" value="login" /> <parameter name="passwordCallbackClass" value="ws.PWCallback" /> <parameter name="passwordType" value="PasswordText" /><!-- PasswordDigest --> <parameter name="addUTElements" value="Nonce Created" /> </handler> </requestFlow> <responseFlow> <handler type="java:org.apache.axis.message.addressing.handler.AddressingHandler"/> </responseFlow> </globalConfiguration> </deployment> Thanks for your help. Regards, Laurent |
- WSS4J and DOTNET Laurent COLLET
- Re: WSS4J and DOTNET Werner Dittmann
- Re: WSS4J and DOTNET Werner Dittmann
- Re: WSS4J and DOTNET Laurent COLLET
- Re: WSS4J and DOTNET Davide Romanini
- Re: WSS4J and DOTNET Laurent COLLET
- Re: WSS4J and DOTNET Davide Romanini
