I am guessing on the lack of response that no one has tried WSS4J with WebSphere 5 together with IBM generated Web Services?
Thanks, Markus -----Ursprungligt meddelande----- Från: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Skickat: den 22 mars 2006 08:57 Till: [email protected] Ämne: WSS4J in WebSphere enviroment Hi I am trying to get WSS4J to secure a web service that is generated by the IBM plugin in WSAD(5.1.2). The IBM plugin is based only on Jaxrpc, no references to Axis. So I am using the WSS4J jaxrpc(org.apache.ws.security.handler.WSS4JHandler) handler by defining it as an inbound security handler. Unfortunate I am not getting it to work. When I generate the same web service with Axis and specify the Axis WSS4J handler it works like a charm(both in a Tomcat and a WebSphere server). The parameters for the Axis and the Jaxrpc handler is as follows: Axis: <requestFlow> <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver"> <parameter name="passwordCallbackClass" value="se.fsb.spoe.security.PWCallback"/> <parameter name="action" value="Signature Encrypt Timestamp"/> <parameter name="signaturePropFile" value="cryptoserver.properties" /> </handler> </requestFlow> Jaxrpc: <init-param id="InitParam_23424352342"> <param-name>passwordCallbackClass</param-name> <param-value>se.fsb.spoe.security.PWCallback</param-value> </init-param> <init-param id="InitParam_23452345232872983"> <param-name>action</param-name> <param-value>Signature Encrypt Timestamp</param-value> </init-param> <init-param id="InitParam_1146546345872984"> <param-name>signaturePropFile</param-name> <param-value>cryptoserver.properties</param-value> </init-param> <init-param id="InitParam_114253563472985"> <param-name>deployment</param-name> <param-value>server</param-value> </init-param> <init-param id="InitParam_114234563456872986"> <param-name>flow</param-name> <param-value>request-only</param-value> </init-param> I have debugged as far as it was possible and its when the WSSecurityEngine tries to verifies the XML Signature (method verifyXmlSignature(Element, Crypto, X509Certificate, Vector)) at line 571 (WSS4J version 1.0.0). The following is executed at that line signatureOk = sig.checkSignatureValue(certs[0]); Where sig is a org.apache.xml.security.signature.XMLSignature. Unfortunate I can't get the debugger to find the source code lines when entering the xmlsec so I can see exactly where the problem occurs. But during the call the following is written in the server console "org.apache.xml.security.signature.Reference Verification successful for URI "#id-1680521892"". This should indicate that the signature is valid but the checkSignatureValue method returns false which WSS4J then of course reports as a WSSecurityException. Has anyone used WSS4J jaxrpc handler successfully in a WebSphere 5.1 enviroment? Anyone that has any ideas on what can be wrong? As the company I am working for has a simple web service framework build with jaxrpc handlers (things like authentication, SST etc) I am recommended to use the WSS4J without Axis. But if I can show that there are some problems with it I hope that I can use Axis instead. As I need to state my case on why Axis is needed I would like to find whats causing this error I am getting. Thanks, Markus --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
