I search for information signed in the policy.config file on .Net server
and I found this list:
wsp:Body()
wsp:Header(wsa:Action)
wsp:Header(wsa:FaultTo)
wsp:Header(wsa:From)
wsp:Header(wsa:MessageID)
wsp:Header(wsa:RelatesTo)
wsp:Header(wsa:ReplyTo)
wsp:Header(wsa:To)
wse:Timestamp
so I changed my wsdd client file to
...
<handler type="java:org.apache.ws.axis.security.WSDoAllSender">
<parameter name="action" value="Timestamp Signature" />
<parameter name="user"
value="dbfc1bde493de4894975e09e5c6247e3_435e19e1-be28-4dd4-817c-f1e0c5bbc233"
/>
<parameter name="passwordCallbackClass"
value="ws.PWCallback" />
<parameter name="signaturePropFile"
value="crypto.properties" />
<parameter name="signatureParts" value="
{Element}{}Body;
{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}Action;
{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}From;
{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}MessageID;
{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}To;
{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;";
/>
<parameter name="signatureKeyIdentifier"
value="DirectReference" />
</handler>
...
the result is:
6 sept. 2005 15:35:05
org.apache.ws.security.components.crypto.CryptoFactory loadClass
INFO: Using Crypto Engine [org.apache.ws.security.components.crypto.Merlin]
Erreur: L'en-tête SOAP Security n'a pas été reconnu. (SOAP Security
Header was not recognized)
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}MustUnderstand
faultSubcode:
faultString: L'en-tête SOAP Security n'a pas été reconnu.
faultActor:
faultNode:
faultDetail:
as you can see. some elements are missing: ReplyTo, RelatesTo and
FaultTo. This elements are missing in the default configuration of the
AddressingHandler. So, for instance, I try to found a good tutorial on
Apache WS-Addressing...
regards,
Laurent
Werner Dittmann a écrit :
Sorry - small typo:
IMO this is _not_ a wrong Signature or similar. ...
Werner
Werner Dittmann wrote:
Laurent,
IMO this is a wrong SIgnature or similar. The .Net client
uses the WS-Address specfication to set up its request. Also
the .Net server expects a request with WS-Address elements.
There is a WS-Address implementation for Apache. Maybe you
can use this. Also some people on this list use it to
work with .Net servers / .Net clients.
Regards,
Werner
Laurent COLLET wrote:
Hi,
I work on testing interoperability between Java and .net WebServices. At
present, my main problem is to sign request.
My client can send a signed request to the server, but the server
response with a soap error:
:
(snippet of the result on the client side)
Erreur: WSE402: The message does not conform to the policy it was mapped to.
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Client
faultSubcode:
faultString: WSE402: The message does not conform to the policy it was
mapped to.
faultActor: http://server04/ServiceSecurise/Service1.asmx
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:WSE402: The message does not
conform to the policy it was mapped to.
at
org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:221)
at
org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:128)
at
org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087)
at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown
Source)
at
org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown
Source)
at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown
Source)
at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown
Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown
Source)
at javax.xml.parsers.SAXParser.parse(SAXParser.java:375)
at
org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)
at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
at org.apache.axis.Message.getSOAPEnvelope(Message.java:424)
at
org.apache.axis.message.addressing.handler.AddressingHandler.processClientResponse(AddressingHandler.java:300)
at
org.apache.axis.message.addressing.handler.AddressingHandler.invoke(AddressingHandler.java:110)
at
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:190)
at org.apache.axis.client.Call.invokeEngine(Call.java:2765)
at org.apache.axis.client.Call.invoke(Call.java:2748)
at org.apache.axis.client.Call.invoke(Call.java:2424)
at org.apache.axis.client.Call.invoke(Call.java:2347)
at org.apache.axis.client.Call.invoke(Call.java:1804)
at
wss.Service1Soap_BindingStub.helloWorld(Service1Soap_BindingStub.java:115)
at ws.Main.main(Main.java:102)
I checked all the certificate and the policy on the server is correct:
I catch the xml message from the Java Client and from the .net Client.
Here is the main difference between the 2 files:
WSS4J CLIENT:
...
- <#> <ds:Signature xmlns:ds="*http://www.w3.org/2000/09/xmldsig#*";>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*"; />
<ds:SignatureMethod
Algorithm="*http://www.w3.org/2000/09/xmldsig#rsa-sha1*"; />
- <#> <ds:Reference URI="*#id-20259687*">
- <#> <ds:Transforms>
<ds:Transform
Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*"; />
</ds:Transforms>
<ds:DigestMethod
Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*"; />
<ds:DigestValue>V9LIVl8g9d9u1dvhWrcUwXHJu/8=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>VDg9rKbO2cGkoMvmaHNxL5bnLki+A41AsiPd3PZakFtic3XLmrQ42jiwFufqkJXkZDubzPzQCyTM
OBI5De6Ub+mK81c6BsO6qrKiJjLP+tZuSPMjqwwFjxE06qnCoLlqhgewJ7MIaO+EvertTffiFgSl
xMAZNsL9XoMWGX7bSbU=</ds:SignatureValue>
- <#> <ds:KeyInfo Id="*KeyId-14625088*">
- <#> <wsse:SecurityTokenReference
xmlns:wsu="*http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd*";
wsu:Id="*STRId-22908277*">
<wsse:Reference URI="*#CertId-14080341*"
ValueType="*http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3*";
/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
...
.NET CLIENT
...
<<Signature xmlns="*http://www.w3.org/2000/09/xmldsig#*";>
- <#> <SignedInfo>
<ds:CanonicalizationMethod
Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*";
xmlns:ds="*http://www.w3.org/2000/09/xmldsig#*"; />
<SignatureMethod
Algorithm="*http://www.w3.org/2000/09/xmldsig#rsa-sha1*"; />
- <#> <Reference URI="*#Id-8c11c53d-dd74-44c3-9cec-e76163be1c44*">
- <#> <Transforms>
<Transform
Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*"; />
</Transforms>
<DigestMethod
Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*"; />
<DigestValue>v4Te1liHeznwsXqfYThWz4/oGY8=</DigestValue>
</Reference>
- <#> <Reference URI="*#Id-d5c91450-9be5-4c20-a11e-ad4dbfa9b6df*">
- <#> <Transforms>
<Transform
Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*"; />
</Transforms>
<DigestMethod
Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*"; />
<DigestValue>t9W3z0PflXfGh/dhTekRC/32PqM=</DigestValue>
</Reference>
- <#> <Reference URI="*#Id-86fd872f-fcf8-4874-9649-c424546078f1*">
- <#> <Transforms>
<Transform
Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*"; />
</Transforms>
<DigestMethod
Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*"; />
<DigestValue>bX3Xibb7JA1TAAZFLjxwwWAxJus=</DigestValue>
</Reference>
- <#> <Reference URI="*#Id-d2416533-130a-48f0-99d7-9d93acd664f9*">
- <#> <Transforms>
<Transform
Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*"; />
</Transforms>
<DigestMethod
Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*"; />
<DigestValue>xApDHcXdNXowrCxORsCYZbIKiLs=</DigestValue>
</Reference>
- <#> <Reference
URI="*#Timestamp-7d5835ff-7a51-4fab-9cd9-a5f4edcf4496*">
- <#> <Transforms>
<Transform
Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*"; />
</Transforms>
<DigestMethod
Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*"; />
<DigestValue>w22vEmgmXpdiNBkZXtZRj1Yp2Zk=</DigestValue>
</Reference>
- <#> <Reference URI="*#Id-59bb037e-d745-4d0d-90f3-9414e74d7954*">
- <#> <Transforms>
<Transform
Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*"; />
</Transforms>
<DigestMethod
Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*"; />
<DigestValue>WghIsez5aKicT4HXUSDFq+YkTUA=</DigestValue>
</Reference>
</SignedInfo>
...
As you can see there is much more reference on the .NET CLIENT.
My questions:
- Do you think that the error message come from this lack of reference?
- How is it possible to change the configuration of my Java Client to
make possible the interop?
Here is my WSDD file:
<?xml version="1.0" encoding="UTF-8"?>
<deployment xmlns="http://xml.apache.org/axis/wsdd/";
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<globalConfiguration>
<requestFlow>
<!-- ADDRESSING -->
<handler
type="java:org.apache.axis.message.addressing.handler.AddressingHandler"/>
<!-- SECURITY -->
<handler type="java:org.apache.ws.axis.security.WSDoAllSender">
<parameter name="action" value="Signature" />
<parameter name="user"
value="dbfc1bde493de4894975e09e5c6247e3_435e19e1-be28-4dd4-817c-f1e0c5bbc233"
/>
<parameter name="passwordCallbackClass"
value="ws.PWCallback" />
<parameter name="signaturePropFile"
value="crypto.properties" />
<parameter name="signatureKeyIdentifier"
value="DirectReference" />
</handler>
<handler
type="java:org.apache.ws.axis.security.WSDoAllSender"><!-- OK -->
<parameter name="action" value="UsernameToken Timestamp" />
<parameter name="user" value="login" />
<parameter name="passwordCallbackClass"
value="ws.PWCallback" />
<parameter name="passwordType" value="PasswordText"
/><!-- PasswordDigest -->
<parameter name="addUTElements" value="Nonce Created" />
</handler>
</requestFlow>
<responseFlow>
<handler
type="java:org.apache.axis.message.addressing.handler.AddressingHandler"/>
</responseFlow>
</globalConfiguration>
</deployment>
Thanks for your help.
Regards,
Laurent
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
