[ http://issues.apache.org/jira/browse/AXIS-1458?page=all ]
Davanum Srinivas reassigned AXIS-1458:
--------------------------------------
Assign To: Venkat Reddy
another one...
> Signature verification with WSS4J fails due to (guess) serialization bug in
> Axis
> --------------------------------------------------------------------------------
>
> Key: AXIS-1458
> URL: http://issues.apache.org/jira/browse/AXIS-1458
> Project: Axis
> Type: Bug
> Components: Serialization/Deserialization
> Versions: beta-1, beta-2
> Environment: SuSE 9.1, JDK 1.4.2-b28
> Reporter: Yves Langisch
> Assignee: Venkat Reddy
>
> Here the problem description from my mail to the list:
> *********************
> All,
> I have following situation:
> - Client with WSDoAllSender (just signing)
> - Web Service with WSDOAllReceiver
> Client-side I read an XML instance document, manipulate it and send it
> over the signing handler to the web service. If I manipulate the
> document then the verification fails server-side. This is very strange
> since the signing process is at the very end of the handler chain. In
> order to manipulate the document I transform the file to a JDOM
> document, manipulate it, transform it back to a W3C document
> and add it to the body of the envelope. It seems to be this transformation
> from JDOM to W3C which causes the verification to fail at server-side.
> Example:
> <snip1>
> InputStream i = new BufferedInputStream(new
> FileInputStream(declaration));
> envelope.addBodyElement(new SOAPBodyElement(i));
> response = call.invoke(envelope)
> </snip1>
> <snip2>
> // just do a transformation without any data manipulation
> org.jdom.Document aSDDoc =
> XMLHelper.getJDomDocumentFromFile(declaration);
> org.w3c.dom.Document d =
> XMLHelper.getW3CDocumentFromJDOMDocument(aSDDoc);
> envelope.addBodyElement(new SOAPBodyElement(d.getDocumentElement()));
> response = call.invoke(envelope)
> </snip2>
> The first one works fine (with Beta1, not with Beta2 -> same issue), the
> second one fails at verification. Tracing the whole stuff I just found one
> difference between the two calls. The second call has a duplicate namespace
> entry (with beta2 both calls have these duplicate entries) in the body
> element which is valid though:
> <soapenv:Body wsu:Id="id-7719486"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";><SDRequest
> xmlns="http://xyz"; xmlns:ns1="http://xyz";>
> The W3C document hasn't yet this duplicate namespace but the printout of the
> envelope before invoking the call already has this duplicate namespace entry.
> I saw that there are different forms of representation of content in the
> SOAPEnvelope class thus I have the very vague guess that the digest
> calculation is made on another representation (w/o the duplicate ns) than the
> message which arrives at the other end.
> Any ideas where problem could be? My mistake? Axis or WSS4 problem?
> **************
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
