Werner, At the server side, the configuration of the handler is as follows,
<?xml version="1.0" encoding="UTF-8"?> <jws:handler-config xmlns:jws="http://java.sun.com/xml/ns/javaee";> <jws:handler-chain> <jws:handler> <jws:handler-name>ChainHR</jws:handler-name> <jws:handler-class>com.jtv.core.ws.security.handler.WSS4JHandler</jws:handler-class> <jws:init-param> <jws:param-name>deployment</jws:param-name> <jws:param-value>server</jws:param-value> </jws:init-param> <jws:init-param> <jws:param-name>flow</jws:param-name> <jws:param-value>request-only</jws:param-value> </jws:init-param> <jws:init-param> <jws:param-name>user</jws:param-name> <jws:param-value>alice</jws:param-value> </jws:init-param> <jws:init-param> <jws:param-name>action</jws:param-name> <jws:param-value>Signature</jws:param-value> </jws:init-param> <jws:init-param> <jws:param-name>signaturePropFile</jws:param-name> <jws:param-value>server.properties</jws:param-value> </jws:init-param> <jws:init-param> <jws:param-name>signatureKeyIdentifier</jws:param-name> <jws:param-value>DirectReference</jws:param-value> </jws:init-param> <jws:init-param> <jws:param-name>signatureParts</jws:param-name> <jws:param-value>{}{http://jtv.com}addNumbers</jws:param-value> </jws:init-param> <jws:init-param> <jws:param-name>passwordCallbackClass</jws:param-name> <jws:param-value>com.jtv.core.ws.endpoint.example.handlerresult.PWCallback</jws:param-value> </jws:init-param> <jws:soap-role>SecurityProvider</jws:soap-role> </jws:handler> </jws:handler-chain> </jws:handler-config> while the configuration for the handler at the client side is <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <bindings xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"; wsdlLocation="http://localhost:8080/core-ws/handlerresult?wsdl"; xmlns="http://java.sun.com/xml/ns/jaxws";> <bindings node="wsdl:definitions"> <package name="com.jtv.core.ws.endpoint.example.handlerresult"/> </bindings> <bindings node="wsdl:definitions" xmlns:jws="http://java.sun.com/xml/ns/javaee";> <jws:handler-chains> <jws:handler-chain> <jws:handler> <jws:handler-name>ChainHRC</jws:handler-name> <jws:handler-class>com.jtv.core.ws.security.handler.WSS4JHandler</jws:handler-class> <jws:init-param> <jws:param-name>deployment</jws:param-name> <jws:param-value>client</jws:param-value> </jws:init-param> <jws:init-param> <jws:param-name>flow</jws:param-name> <jws:param-value>request-only</jws:param-value> </jws:init-param> <jws:init-param> <jws:param-name>user</jws:param-name> <jws:param-value>alice</jws:param-value> </jws:init-param> <jws:init-param> <jws:param-name>action</jws:param-name> <jws:param-value>Signature</jws:param-value> </jws:init-param> <jws:init-param> <jws:param-name>signaturePropFile</jws:param-name> <jws:param-value>client.properties</jws:param-value> </jws:init-param> <jws:init-param> <jws:param-name>signatureKeyIdentifier</jws:param-name> <jws:param-value>DirectReference</jws:param-value> </jws:init-param> <jws:init-param> <jws:param-name>signatureParts</jws:param-name> <jws:param-value>{}{http://jtv.com}addNumbers</jws:param-value> </jws:init-param> <jws:init-param> <jws:param-name>passwordCallbackClass</jws:param-name> <jws:param-value>com.jtv.core.ws.endpoint.example.handlerresult.ClientPWCallback</jws:param-value> </jws:init-param> <jws:soap-role>SecurityProvider</jws:soap-role> </jws:handler> </jws:handler-chain> </jws:handler-chains> </bindings> </bindings> The captured XML soap message from the client is as follows, <?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";> <soapenv:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; soapenv:actor="test" soapenv:mustUnderstand="1"> <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; wsu:Id="CertId-1776694">MIIDDDCCAfSgAwIBAgIQM6YEf7FVYx/tZyEXgVComTANBgkqhkiG9w0BAQUFADAwMQ4wDAYDVQQKDAVPQVNJUzEeMBwGA1UEAwwVT0FTSVMgSW50ZXJvcCBUZXN0IENBMB4XDTA1MDMxOTAwMDAwMFoXDTE4MDMxOTIzNTk1OVowQjEOMAwGA1UECgwFT0FTSVMxIDAeBgNVBAsMF09BU0lTIEludGVyb3AgVGVzdCBDZXJ0MQ4wDAYDVQQDDAVBbGljZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoqi99By1VYo0aHrkKCNT4DkIgPL/SgahbeKdGhrbu3K2XG7arfD9tqIBIKMfrX4Gp90NJa85AV1yiNsEyvq+mUnMpNcKnLXLOjkTmMCqDYbbkehJlXPnaWLzve+mW0pJdPxtf3rbD4PS/cBQIvtpjmrDAU8VsZKT8DN5Kyz+EZsCAwEAAaOBkzCBkDAJBgNVHRMEAjAAMDMGA1UdHwQsMCowKKImhiRodHRwOi8vaW50ZXJvcC5iYnRlc3QubmV0L2NybC9jYS5jcmwwDgYDVR0PAQH/BAQDAgSwMB0GA1UdDgQWBBQK4l0TUHZ1QV3V2QtlLNDm+PoxiDAfBgNVHSMEGDAWgBTAnSj8wes1oR3WqqqgHBpNwkkPDzANBgkqhkiG9w0BAQUFAAOCAQEABTqpOpvW+6yrLXyUlP2xJbEkohXHI5OWwKWleOb9hlkhWntUalfcFOJAgUyH30TTpHldzx1+vK2LPzhoUFKYHE1IyQvokBN2JjFO64BQukCKnZhldLRPxGhfkTdxQgdf5rCK/wh3xVsZCNTfuMNmlAM6lOAg8QduDah3WFZpEA0s2nwQaCNQTNMjJC8tav1CBr6+E5FAmwPXP7pJxn9Fw9OXRyqbRA4v2y7YpbGkG2GI9UvOHw6SGvf4FRSthMMO35Ybpi kGsLix3v AsXWWi4rwfVOYzQK0OFPNi9RMCUdSH06m9uLWckiCxjos0FQODZE9l4ATGy9s9hNVwryOJTw==</wsse:BinarySecurityToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> </ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";> </ds:SignatureMethod> <ds:Reference URI="#id-15308417"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";> </ds:DigestMethod> <ds:DigestValue>BKvNHaN+dKKGiRcndc9Fe9Cs/nk=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>mRm5ed5un7sMPGp6yCyMgVu0UcotIc1tAfpxxsjqEQGtmpVoiQM5b2o2QwIt+FRDBhqO1lfYOABuJ3BxD+guHn3QlAfkmGhtngjzJpCPFam5yuzk2wUzLeLnKY0lDnbM0WDBU+dE7H32bl8mu/G/bP92bSf6cCK4fM3gJITn+/M=</ds:SignatureValue> <ds:KeyInfo Id="KeyId-31534957"> <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="STRId-22292701"> <wsse:Reference URI="#CertId-1776694" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";> </wsse:Reference> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> </soapenv:Header> <soapenv:Body> <ns2:addNumbers xmlns:ns2="http://jtv.com"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="id-15308417"> <number1>10</number1> <number2>20</number2> </ns2:addNumbers> </soapenv:Body> </soapenv:Envelope> Based on this xml file, I created MockHttpServletRequest request then call wsServlet.service(request, response); The testing for Username token and encrypted Username token work fine, but failed for signature testing. Thanks, Jian --- "Dittmann, Werner" <[EMAIL PROTECTED]> wrote: > Jian, > > without some more info like the XML request you > intercepted it is har to guess what the problem > is. Can you send the request (SOAP XML)? > > Regards, > Werner > > > -----Ursprüngliche Nachricht----- > > Von: Fang Jian [mailto:[EMAIL PROTECTED] > > Gesendet: Dienstag, 11. Oktober 2005 18:45 > > An: [email protected] > > Betreff: signature verification failed > > > > > > Hi, > > > > I am trying to use the WSS4J handler for Jaxws 2.0 > > security processing. I succeeded in testing User > Name > > Token and User Name Token Encryption. When I am > > testing signature, some problem occurred. If I use > > client connecting to the server, the signature > > verfication seems successful. I intercepted the > XML > > Markup for the soap message sent by the client and > > using this XML file as the input to the web > service > > for unit test, the signature verification failed. > I > > traced the the code and found the CertUri, STRId, > > KeyInfoUri are different at the server side when > the > > server WSS4J handler decodes the soap message from > the > > xml file. What is the cause for this problem? Or > is it > > impossible to do unit test using the xml file for > > signature? The xml file for unit test works fine > for > > User Name Token and User Name Token Encryption. > Could > > anyone give me some hints about it? > > > > Thanks in advance, > > > > Jian > > > > > > > > __________________________________ > > Yahoo! Music Unlimited > > Access over 1 million songs. Try it free. > > http://music.yahoo.com/unlimited/ > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
