Hi,
After some debugging, I think I found why wss4j isn't working with WAS
properly. The problem is caused by the way WAS's SOAP/DOM implements
Node.appendChild() and Node.insertBefore() and the timing wss4j inserts
the <Signature> element into the header. WAS's element insertion
implementation puts the appended/inserted child in a temp area
(altContent) and used the API to hide that. When the child element is
actually accessed, it would put the child and its sub-tree into the
normal place by "copying", which causes "new" node objects to be
generated. Back to wss4j, WSSecSignature.build() calls "prependToHeader"
to insert <Signature> element into the header (and doc) early and then
was trying to do the signing. During the signing process, it actually
accesses the <Signature> element causing WAS to copy and regenerate.
This would cause the object references to the <DigestValue> and
<SignatureValue> in sig (XMLSignaure) member to stale. Therefore the
inserted <DigestValue> values and <SignatureValue> value are not
actually inserted into the final SOAP document.
I modified the code to call prependToHeader() at last after the
computeSignature() call. This seems to have worked fine with WAS now.
However, since I'm not an expert in wss4j and would like some one, Cole
maybe?, to bless the change and pull that into the codebase if that's
fine.
Thanks,
Gang
PS: The modified WSSecSignature.build() code:
public Document build(Document doc, Crypto cr, WSSecHeader
secHeader)
throws WSSecurityException {
doDebug = log.isDebugEnabled();
if (doDebug) {
log.debug("Beginning signing...");
}
prepare(doc, cr, secHeader);
SOAPConstants soapConstants =
WSSecurityUtil.getSOAPConstants(doc.getDocumentElement());
if (parts == null) {
parts = new Vector();
WSEncryptionPart encP =
new WSEncryptionPart(
soapConstants.getBodyQName().getLocalPart(),
soapConstants.getEnvelopeURI(),
"Content"
);
parts.add(encP);
}
addReferencesToSign(parts, secHeader);
// put at the end instead:
// prependToHeader(secHeader);
//
// if we have a BST prepend it in front of the Signature
according to
// strict layout rules.
//
if (bstToken != null) {
prependBSTElementToHeader(secHeader);
}
computeSignature();
prependToHeader(secHeader);
return doc;
}
-----Original Message-----
From: Yang, Gang CTR USA [mailto:[email protected]]
Sent: Tuesday, November 17, 2009 9:31 AM
To: [email protected]
Subject: Wss4j working with WebSphere?
Hi,
Has any one used wss4j with WebSphere successfully? I'm using wss4j
1.5.8 with WAS 7.0 unsuccessfully. I'm using wss4j to build the SOAP
security headers and signature using JAX-WS handlers. After the
WSSSingnature.build() call without any error, the security headers were
added to the SOAP message without the digest values and signature value.
Has any one experienced similar behavior and has any insight?
Thanks,
Gang
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
