I am having trouble signing my soap request. To confound matters, everything is running smoothly, there are no errors, or exceptions being thrown; the Request is just not being signed. I have javax.net.debug turned on, and I can see the key being loaded, the password being retrieved and the details of my certificate chain.
My configuration is very straightforward. I am running my webapps with tomcat 5.5.17 on Debian 2.6.15-8, using axis 1.4, and wss4j 1.5 to generate and sign my SOAP request. A WsDoAllSender handler is configured in a
client-config.wsdd, which is located in WEB-INF, to sign the request, and the request is sent over an SSL connection with mutual authentication.
I have a request logger which correctly logs the request, before the Signature, to my
console (catalina.out in this case). when i place it after the WsDoAllSender handler
in the requestFlow, it does not log anything, but I have verified from the server side
that the request is being received unsigned.
I am basically out of ideas at this point. I have made sure there are no other client-config.wsdd anywhere in my classpath. Is it possible that there is a dependency issue? or some other library is interfering with this request? Is there anyway to get more debugging information from WSS4J itself? Any suggestions would be greatly appreciated, below is relevant configuration and app info.
here is my client-config.wsdd located in WEB-INF
------------------------------------
<?xml version="1.0" encoding="UTF-8"?>
<deployment xmlns="
http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<globalConfiguration>
<requestFlow>
<handler type= "java:MySOAPRequestLogger"></handler>
</requestFlow>
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender">
<parameter name="action" value="Signature"/>
<parameter name="user" value="myAlias"/>
<parameter name="passwordCallbackClass" value="
org.justgive.clients.security.MyPWCallback"/>
<parameter name="signaturePropFile" value="crypto.properties"/>
<parameter name="signatureKeyIdentifier" value="DirectReference"/>
</handler>
</requestFlow>
</globalConfiguration>
<transport name="local" pivot="java:org.apache.axis.transport.local.LocalSender"/>
<transport name="http" pivot="java:
org.apache.axis.transport.http.HTTPSender"/>
<transport name="java" pivot="java:org.apache.axis.transport.java.JavaSender"/>
</deployment>
------------------------------------
i get the same result--no signature--with or without the request logger, before
of after the WsDoAllSender handler.
here is my crypto.properties, also located in WEB-INF
------------------------------------
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.file=/path/to/my.keystore
org.apache.ws.security.crypto.merlin.keystore.password=myPasswd
------------------------------------
I use system properties to create an ssl connection for mutual authentication,
which is successful
------------------------------------
System.setProperty("
javax.net.ssl.trustStore", "path/to/trustStore}
System.setProperty("javax.net.ssl.trustStorePassword", "trustPassword
System.setProperty("javax.net.ssl.keyStoreType", "pkcs12
System.setProperty("javax.net.ssl.keyStore", "path/to/keystore.p12
System.setProperty("javax.net.ssl.keyStorePassword", "keyPassword
------------------------------------
this is the very straightforward web service call
------------------------------------
import com.myurl.mywebservice.MRClaimWebServiceService;
import com.myurl.mywebservice.MRClaimWebServiceServiceLocator;
import com.myurl.mywebservice.MRClaimWebService;
import com.myurl.mywebservice.MRClaimServiceRequest;
import com.myurl.mywebservice.MRClaimServiceResponse;
//MyWebService extends java.rmi.Remote
//MyWebServiceService extends javax.xml.rpc.Service
//MyWebServiceServiceLocator extends
org.apache.axis.client.Service
MyWebServiceResponse myResponse = null;
MyWebServiceService service = new MyWebServiceServiceLocator();
MyWebService port = (MyWebService)service.getPort(MyWebService.class
);
MyWebServiceRequest myRequest = new MyWebServiceRequest();
myRequest.setProperties(myProperties);
myResponse = port.getMyWebSevice(myRequest);
------------------------------------
here is my WEB-INF/lib contents:
------------------------------------
addressing-1.0.jar
axis-1.4.jar
axis-ant-1.4.jar
axis-jaxrpc-1.4.jar
axis-saaj-1.4.jar
axis-tasks.properties
axis-test-tasks.properties
bcprov-jdk13-132.jar
bcprov-jdk15-132.jar
castor-1.0M1.jar
castor-1.0M1-srcgen-ant-task.jar
castor-1.0M1-xml.jar
commons-codec-1.3.jar
commons-discovery-0.2.jar
commons-httpclient-3.0-rc2.jar
commons-logging-1.0.4.jar
junit-3.8.1.jar
opensaml-1.0.1.jar
policy.jar
serializer-2.7.0.jar
soap-sec.jar
wsdl4j-1.5.1.jar
wss4j-1.5.0.jar
xalan-2.7.0.jar
xmldoc.jar
xmlsec-1.3.0.jar
xss4j.jar
------------------------------------
thanks,
-peter
