Hello
Im was trying to execute a WS, in Axis 1.4, with a Signature but Im
having problems and I dont know why.
I know that the WS without any security are working correctly, but
when I try to implements Signature Security, Im having the error: "
faultString: WSDoAllReceiver: security processing failed; nested
exception is:
org.apache.ws.security.WSSecurityException: The signature verification
failed"
I was reading that the problem is because the signed message is
modificated after it was signed, and It was resolving changing this
two globalParameters: (it's how I have)
<parameter name="disablePrettyXML" value="true"/>
<parameter name="enableNamespacePrefixOptimization" value="false"/>
In my keystore, aml_server.jks, I only have one entry which is one
Certificate with the "amlbrite" alias and the same name for its
password.
For the client side I create the EngineConfiguration instead of using
a client.wsdd, like:
public static EngineConfiguration createClientConfig(){
AxisProperties.setProperty("enableNamespacePrefixOptimization","false");
AxisProperties.setProperty("disablePrettyXML", "true");
SimpleProvider clientConfig = new SimpleProvider();
Handler securitySenderHandler = (Handler) new WSDoAllSender();
securitySenderHandler.setOption(WSHandlerConstants.ACTION,
WSHandlerConstants.SIGNATURE);
securitySenderHandler.setOption(WSHandlerConstants.USER,"amlbrite");
securitySenderHandler.setOption(WSHandlerConstants.PW_CALLBACK_CLASS,"com.repeat.client.PWCallback");
securitySenderHandler.setOption(WSHandlerConstants.SIG_PROP_FILE,
"crypto.properties");
securitySenderHandler.setOption(WSHandlerConstants.ENCRYPTION_USER,"amlbrite");
securitySenderHandler.setOption(WSHandlerConstants.SIG_KEY_ID,
"DirectReference");
securitySenderHandler.setOption(WSHandlerConstants.MUST_UNDERSTAND,
"false");
SimpleChain reqHandler = new SimpleChain();
SimpleChain respHandler = new SimpleChain();
reqHandler.addHandler(securitySenderHandler);
Handler pivot = (Handler) new HTTPSender();
Handler transport = new SimpleTargetedChain(reqHandler,
pivot, respHandler);
clientConfig.deployTransport(HTTPTransport.DEFAULT_TRANSPORT_NAME,transport);
return clientConfig;
}
Anything in any file are wrong?
Any help is welcome
Thanks to all.
[1 / 4] My server-config.wsdd is:
-------------------------------------------------------------------------------------
<deployment xmlns="http://xml.apache.org/axis/wsdd/";
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>
<globalConfiguration>
<parameter name="sendMultiRefs" value="true"/>
<parameter name="disablePrettyXML" value="true"/>
<parameter name="adminPassword" value="admin"/>
<parameter name="attachments.Directory"
value="C:\Servers\apache-tomcat-5.5.25\webapps\repeat\WEB-INF\attachments"/>
<parameter name="dotNetSoapEncFix" value="true"/>
<parameter name="enableNamespacePrefixOptimization" value="false"/>
<parameter name="sendXMLDeclaration" value="true"/>
<parameter name="attachments.implementation"
value="org.apache.axis.attachments.AttachmentsImpl"/>
<parameter name="sendXsiTypes" value="true"/>
<requestFlow>
<handler type="java:org.apache.axis.handlers.JWSHandler">
<parameter name="scope" value="session"/>
</handler>
<handler type="java:org.apache.axis.handlers.JWSHandler">
<parameter name="scope" value="request"/>
<parameter name="extension" value=".jwr"/>
</handler>
</requestFlow>
</globalConfiguration>
<handler name="URLMapper"
type="java:org.apache.axis.handlers.http.URLMapper"/>
<handler name="LocalResponder"
type="java:org.apache.axis.transport.local.LocalResponder"/>
<handler name="Authenticate"
type="java:org.apache.axis.handlers.SimpleAuthenticationHandler"/>
<service name="EchoRepeat" provider="java:RPC" style="document" use="literal">
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="signatureKeyIdentifier" value="DirectReference"/>
<parameter name="signaturePropFile" value="crypto.properties"/>
<parameter name="passwordCallbackClass"
value="com.repeat.client.PWCallback"/>
<parameter name="action" value="Signature"/>
</handler>
</requestFlow>
<responseFlow>
<handler type="soapmonitor"/>
</responseFlow>
<parameter name="allowedMethods" value="*"/>
<parameter name="scope" value="application"/>
<parameter name="className" value="com.repeat.main.EchoRepeat"/>
<parameter name="sendMultiRefs" value="false"/>
<parameter name="sendXsiTypes" value="false"/>
</service>
[2 / 4] Mi WS calling is:
-------------------------------------------------------------------------------------
{
EchoRepeatservice = null;
EngineConfiguration config = createClientConfig();
EchoRepeatServiceLocator locator = new
EchoRepeatServiceLocator(config);
locator.setEchoRepeatEndpointAddress(Propertymanager.getInstance().get("echoEndPoint"));
service = locator.getEchoRepeat();
System.out.println(service.echo(args[0]));
}
[3/4] crypto.properties:
--------------------------------------------------------------------------------
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.alias=amlbrite
org.apache.ws.security.crypto.merlin.alias.password=amlbrite
org.apache.ws.security.crypto.merlin.keystore.password=amlbrite
org.apache.ws.security.crypto.merlin.file=aml_server.jks
[4/ 4] The stack error:
-------------------------------------------------------------------------------
<service name="EchoRepeat" provider="java:RPC" style="document" use="literal">
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="signatureKeyIdentifier" value="DirectReference"/>
<parameter name="signaturePropFile" value="crypto.properties"/>
<parameter name="passwordCallbackClass"
value="com.repeat.client.PWCallback"/>
<parameter name="action" value="Signature"/>
</handler>
</requestFlow>
<responseFlow>
<handler type="soapmonitor"/>
</responseFlow>
<parameter name="allowedMethods" value="*"/>
<parameter name="scope" value="application"/>
<parameter name="className" value="com.repeat.main.EchoRepeat"/>
<parameter name="sendMultiRefs" value="false"/>
<parameter name="sendXsiTypes" value="false"/>
</service>
at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown
Source)
at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown
Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown
Source)
at javax.xml.parsers.SAXParser.parse(Unknown Source)
at
org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)
at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
at org.apache.axis.Message.getSOAPEnvelope(Message.java:435)
at
org.apache.axis.handlers.SimpleSessionHandler.doClient(SimpleSessionHandler.java:173)
at
org.apache.axis.handlers.SimpleSessionHandler.invoke(SimpleSessionHandler.java:157)
at
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at
com.repeat.client.LoginWSSoapBindingStub.echo(LoginWSSoapBindingStub.java:224)
at com.repeat.client.Main.main(Main.java:21)
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
