Re: AW: [WSS4J 1.5]WSDoAllReceiver: The signature verification failed

Tue, 03 Oct 2006 17:56:06 -0700

Is this issue still unknown/unresolved?

I'm having the same problem, with WSS4J 1.5 bin (unchanged bin release). My simple service returns "signature verification failed" but when I simply substitute axis-1.4.jar with axis-1.2.jar the problem goes away! I also tried using Axis 1.4 with WSS4J 1.1 and that would cause it to break in the same way, so this seems to me like a problem with Axis 1.4.

I have pretty printing and prefix optimization disabled in both cases (in server-config.wsdd).

I can provide the full binaries and source code of my services, easily deployable on Tomcat 5.5 and which reproduce the problem if that would help somebody look into it..  Or please give me some pointers on how to debug this.

Thanks,
Rami Jaamour

Dittmann, Werner wrote:
[WSS4J 1.5]WSDoAllReceiver: The signature verification failed
Which Axis version do you use? There is a know problem in Axis 1.4 AFAIK.
In one of your posting I saw that you disabled "prettyPrinting" - can you do this
again. _Any_ modification of the signed part of the request causes a verification
failure. Sometimes some SOAP engines tend to modify or "pretty print" the request
after the Signature was created.
 
I saw something like this in one of your previous posts:
 
...
 Hashtable<String, Object> opts = new Hashtable<String, Object>();
        opts.put(AxisEngine.PROP_DISABLE_PRETTY_XML, Boolean.TRUE);
        this.setGlobalOptions(opts);
...
 
Pls give it a try.
 
Regards,
Werner

Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Gesendet: Dienstag, 27. Juni 2006 15:47
An: [email protected]
Betreff: [WSS4J 1.5]WSDoAllReceiver: The signature verification failed

Hi all,

I finally send a signed soap message i created a class engine where i set all my properties

public class Engine{

public static EngineConfiguration createClientConfig() {
       
          AxisProperties.setProperty("enableNamespacePrefixOptimization","false");
          SimpleProvider clientConfig = new SimpleProvider();
          Handler securitySenderHandler = (Handler) new WSDoAllSender();
          securitySenderHandler.setOption(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE);
          securitySenderHandler.setOption(WSHandlerConstants.USER, "167deb1fb811921fce0fe7890db0b9da93225867");
          securitySenderHandler.setOption(WSHandlerConstants.PW_CALLBACK_CLASS,"Clas.PWCallback");
          securitySenderHandler.setOption(WSHandlerConstants.SIG_PROP_FILE, "cryptoSender.properties"); 
          securitySenderHandler.setOption(WSHandlerConstants.SIG_KEY_ID, "DirectReference"); 
          securitySenderHandler.setOption(WSHandlerConstants.MUST_UNDERSTAND, "false");   
          SimpleChain reqHandler = new SimpleChain();
          SimpleChain respHandler = new SimpleChain();
          // add the sender handler to the request
          reqHandler.addHandler(securitySenderHandler);
         
          Handler pivot = (Handler) new HTTPSender();
          Handler transport = new SimpleTargetedChain(reqHandler, pivot, respHandler);
          clientConfig.deployTransport(HTTPTransport.DEFAULT_TRANSPORT_NAME,transport);
          return clientConfig;
          }
}

and call this class in my locator:
EngineConfiguration config=Engine.createClientConfig();
PerformWSSecServiceLocator l=new PerformWSSecServiceLocator(config);

but when i run the program and send to server It return me this error:
WSDoAllReceiver: security processing failed; nested exception is:
org.apache.ws.security.WSSecurityException: The signature verification failed

The deploy.wsdd of the server is this:
<!-- Use this file to deploy some handlers/chains and services      -->
<!-- Two ways to do this:                                           -->
<!--   java org.apache.axis.client.AdminClient deploy.wsdd          -->
<!--      after the axis server is running                          -->
<!-- or                                                             -->
<!--   java org.apache.axis.utils.Admin client|server deploy.wsdd   -->
<!--      from the same directory that the Axis engine runs         -->

<deployment
    xmlns="http://xml.apache.org/axis/wsdd/"
    xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">

  <!-- Services from PerformWSService WSDL service -->

  <service name="PerformWService" provider="java:RPC" style="rpc" use="encoded">
<requestFlow>
   <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
     <parameter name="action" value="Signature"/>
     <parameter name="signaturePropFile" value="cryptoReceiver.properties"/>
   </handler>
</requestFlow>
      <parameter name="wsdlTargetNamespace" value="urn:PerformWService"/>
      <parameter name="wsdlServiceElement" value="PerformWSService"/>
      <parameter name="wsdlServicePort" value="PerformWService"/>
      <parameter name="className" value="PerformWS.PerformWServiceSoapBindingSkeleton"/>
      <parameter name="wsdlPortType" value="PerformWS"/>
      <parameter name="typeMappingVersion" value="1.2"/>
      <parameter name="allowedMethods" value="*"/>
      <parameter name="scope" value="Session"/>
</service>
</deployment>

How can resolve this error?

The properties are setting well I think

Thanks for help

Hermann 




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to