Hi!
Here comes the stactrace our customer sent us:
cause: org.apache.ws.security.WSSecurityException (The signature
verification failed)
] ACI_FAULT_TRACE[
de.jbfagree.babylon.ps0.axis.faults.client.ClientBabylonFault: Fehler beim
Verarbeiten des Security-Headers
at
de.jbfagree.babylon.ps0.axis.faults.BabylonFaultFactory.CLIENT_ERROR_DURING_SECURITY_PROCESSING
(BabylonFaultFactory.java:1489)
at
de.jbfagree.babylon.ps2.axis.handler.security.ExtractSecurityHandlerPS2.processSecurityHeader
(ExtractSecurityHandlerPS2.java:130)
at
de.jbfagree.babylon.ps2.axis.handler.security.ExtractSecurityHandlerPS2.invokePS2
(ExtractSecurityHandlerPS2.java:96)
at
de.jbfagree.babylon.ps2.axis.handler.AbstractPS2Handler.invokePS0
(AbstractPS2Handler.java:29)
at
de.jbfagree.babylon.ps0.axis.handler.AbstractPS0Handler.invoke
(AbstractPS0Handler.java:85)
at org.apache.axis.strategies.InvocationStrategy.visit
(InvocationStrategy.java:32)
at
org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.strategies.InvocationStrategy.visit
(InvocationStrategy.java:32)
at
org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.strategies.InvocationStrategy.visit
(InvocationStrategy.java:32)
at
org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.handlers.soap.SOAPService.invoke
(SOAPService.java:454)
at
org.apache.axis.server.AxisServer.invoke(AxisServer.java:281)
at
de.jbfagree.webservices.servlet.AxisWebServiceServlet.doPostImpl
(AxisWebServiceServlet.java:336)
at
de.jbfagree.webservices.servlet.WebServiceServletBase.doPost
(WebServiceServletBase.java:331)
at
javax.servlet.http.HttpServlet.service(HttpServlet.java:638)
at
de.jbfagree.webservices.servlet.WebServiceServletBase.service
(WebServiceServletBase.java:432)
at
javax.servlet.http.HttpServlet.service(HttpServlet.java:720)
at
de.jbfagree.bootstrap.servlet.impl.DefaultProductServletManager.service
(DefaultProductServletManager.java:170)
at de.jbfagree.bootstrap.servlet.api.BootstrapServlet.service
(BootstrapServlet.java:208)
at
javax.servlet.http.HttpServlet.service(HttpServlet.java:720)
at de.jbfagree.bootstrap.servlet.api.BootstrapServlet.service
(BootstrapServlet.java:225)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter
(ApplicationFilterChain.java:199)
at org.apache.catalina.core.ApplicationFilterChain.doFilter
(ApplicationFilterChain.java:145)
at org.apache.catalina.core.StandardWrapperValve.invoke
(StandardWrapperValve.java:210)
at org.apache.catalina.core.StandardPipeline
$StandardPipelineValveContext.invokeNext(StandardPipeline.java:596)
at org.apache.catalina.core.StandardPipeline.invoke
(StandardPipeline.java:433)
at org.apache.catalina.core.ContainerBase.invoke
(ContainerBase.java:955)
at org.apache.catalina.core.StandardContextValve.invoke
(StandardContextValve.java:139)
at org.apache.catalina.core.StandardPipeline
$StandardPipelineValveContext.invokeNext(StandardPipeline.java:596)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke
(AuthenticatorBase.java:446)
at org.apache.catalina.core.StandardPipeline
$StandardPipelineValveContext.invokeNext(StandardPipeline.java:594)
at org.apache.catalina.core.StandardPipeline.invoke
(StandardPipeline.java:433)
at org.apache.catalina.core.ContainerBase.invoke
(ContainerBase.java:955)
at org.apache.catalina.core.StandardContext.invoke
(StandardContext.java:2460)
at org.apache.catalina.core.StandardHostValve.invoke
(StandardHostValve.java:133)
at org.apache.catalina.core.StandardPipeline
$StandardPipelineValveContext.invokeNext(StandardPipeline.java:596)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke
(ErrorDispatcherValve.java:119)
at org.apache.catalina.core.StandardPipeline
$StandardPipelineValveContext.invokeNext(StandardPipeline.java:594)
at org.apache.catalina.valves.ErrorReportValve.invoke
(ErrorReportValve.java:117)
at org.apache.catalina.core.StandardPipeline
$StandardPipelineValveContext.invokeNext(StandardPipeline.java:594)
at org.apache.catalina.core.StandardPipeline.invoke
(StandardPipeline.java:433)
at org.apache.catalina.core.ContainerBase.invoke
(ContainerBase.java:955)
at org.apache.catalina.core.StandardEngineValve.invoke
(StandardEngineValve.java:127)
at org.apache.catalina.core.StandardPipeline
$StandardPipelineValveContext.invokeNext(StandardPipeline.java:596)
at org.apache.catalina.core.StandardPipeline.invoke
(StandardPipeline.java:433)
at org.apache.catalina.core.ContainerBase.invoke
(ContainerBase.java:955)
at org.apache.coyote.tomcat4.CoyoteAdapter.service
(CoyoteAdapter.java:157)
at org.apache.jk.server.JkCoyoteHandler.invoke
(JkCoyoteHandler.java:200)
at org.apache.jk.common.HandlerRequest.invoke
(HandlerRequest.java:283)
at org.apache.jk.common.ChannelSocket.invoke
(ChannelSocket.java:773)
at org.apache.jk.common.ChannelSocket.processConnection
(ChannelSocket.java:703)
at org.apache.jk.common.ChannelSocket$SocketConnection.runIt
(ChannelSocket.java:895)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run
(ThreadPool.java:689)
at java.lang.Thread.run(Thread.java:619)
caused by org.apache.ws.security.WSSecurityException: The signature
verification
failed
at
org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature
(SignatureProcessor.java:387)
at
org.apache.ws.security.processor.SignatureProcessor.handleToken
(SignatureProcessor.java:85)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader
(WSSecurityEngine.java:284)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader
(WSSecurityEngine.java:206)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader
(WSSecurityEngine.java:159)
at
de.jbfagree.babylon.ps2.axis.handler.security.ExtractSecurityHandlerPS2.processSecurityHeader
(ExtractSecurityHandlerPS2.java:126)
at
de.jbfagree.babylon.ps2.axis.handler.security.ExtractSecurityHandlerPS2.invokePS2
(ExtractSecurityHandlerPS2.java:96)
at
de.jbfagree.babylon.ps2.axis.handler.AbstractPS2Handler.invokePS0
(AbstractPS2Handler.java:29)
at
de.jbfagree.babylon.ps0.axis.handler.AbstractPS0Handler.invoke
(AbstractPS0Handler.java:85)
at org.apache.axis.strategies.InvocationStrategy.visit
(InvocationStrategy.java:32)
at
org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.strategies.InvocationStrategy.visit
(InvocationStrategy.java:32)
at
org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.strategies.InvocationStrategy.visit
(InvocationStrategy.java:32)
at
org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.handlers.soap.SOAPService.invoke
(SOAPService.java:454)
at
org.apache.axis.server.AxisServer.invoke(AxisServer.java:281)
at
de.jbfagree.webservices.servlet.AxisWebServiceServlet.doPostImpl
(AxisWebServiceServlet.java:336)
at
de.jbfagree.webservices.servlet.WebServiceServletBase.doPost
(WebServiceServletBase.java:331)
at
javax.servlet.http.HttpServlet.service(HttpServlet.java:638)
at
de.jbfagree.webservices.servlet.WebServiceServletBase.service
(WebServiceServletBase.java:432)
at
javax.servlet.http.HttpServlet.service(HttpServlet.java:720)
at
de.jbfagree.bootstrap.servlet.impl.DefaultProductServletManager.service
(DefaultProductServletManager.java:170)
at de.jbfagree.bootstrap.servlet.api.BootstrapServlet.service
(BootstrapServlet.java:208)
at
javax.servlet.http.HttpServlet.service(HttpServlet.java:720)
at de.jbfagree.bootstrap.servlet.api.BootstrapServlet.service
(BootstrapServlet.java:225)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter
(ApplicationFilterChain.java:199)
at org.apache.catalina.core.ApplicationFilterChain.doFilter
(ApplicationFilterChain.java:145)
at org.apache.catalina.core.StandardWrapperValve.invoke
(StandardWrapperValve.java:210)
at org.apache.catalina.core.StandardPipeline
$StandardPipelineValveContext.invokeNext(StandardPipeline.java:596)
at org.apache.catalina.core.StandardPipeline.invoke
(StandardPipeline.java:433)
at org.apache.catalina.core.ContainerBase.invoke
(ContainerBase.java:955)
at org.apache.catalina.core.StandardContextValve.invoke
(StandardContextValve.java:139)
at org.apache.catalina.core.StandardPipeline
$StandardPipelineValveContext.invokeNext(StandardPipeline.java:596)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke
(AuthenticatorBase.java:446)
at org.apache.catalina.core.StandardPipeline
$StandardPipelineValveContext.invokeNext(StandardPipeline.java:594)
at org.apache.catalina.core.StandardPipeline.invoke
(StandardPipeline.java:433)
at org.apache.catalina.core.ContainerBase.invoke
(ContainerBase.java:955)
at org.apache.catalina.core.StandardContext.invoke
(StandardContext.java:2460)
at org.apache.catalina.core.StandardHostValve.invoke
(StandardHostValve.java:133)
at org.apache.catalina.core.StandardPipeline
$StandardPipelineValveContext.invokeNext(StandardPipeline.java:596)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke
(ErrorDispatcherValve.java:119)
at org.apache.catalina.core.StandardPipeline
$StandardPipelineValveContext.invokeNext(StandardPipeline.java:594)
at org.apache.catalina.valves.ErrorReportValve.invoke
(ErrorReportValve.java:117)
at org.apache.catalina.core.StandardPipeline
$StandardPipelineValveContext.invokeNext(StandardPipeline.java:594)
at org.apache.catalina.core.StandardPipeline.invoke
(StandardPipeline.java:433)
at org.apache.catalina.core.ContainerBase.invoke
(ContainerBase.java:955)
at org.apache.catalina.core.StandardEngineValve.invoke
(StandardEngineValve.java:127)
at org.apache.catalina.core.StandardPipeline
$StandardPipelineValveContext.invokeNext(StandardPipeline.java:596)
at org.apache.catalina.core.StandardPipeline.invoke
(StandardPipeline.java:433)
at org.apache.catalina.core.ContainerBase.invoke
(ContainerBase.java:955)
at org.apache.coyote.tomcat4.CoyoteAdapter.service
(CoyoteAdapter.java:157)
at org.apache.jk.server.JkCoyoteHandler.invoke
(JkCoyoteHandler.java:200)
at org.apache.jk.common.HandlerRequest.invoke
(HandlerRequest.java:283)
at org.apache.jk.common.ChannelSocket.invoke
(ChannelSocket.java:773)
at org.apache.jk.common.ChannelSocket.processConnection
(ChannelSocket.java:703)
at org.apache.jk.common.ChannelSocket$SocketConnection.runIt
(ChannelSocket.java:895)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run
(ThreadPool.java:689)
at java.lang.Thread.run(Thread.java:619)]
Greetings
Hans
> From:
>
> Nandana Mihindukulasooriya <[email protected]>
>
> To:
>
> [email protected]
>
> Date:
>
> 15.02.2010 23:52
>
> Subject:
>
> Re: Receive WSSecurityException (The signature verification failed)
>
> Hans,
> Can you post the stacktrace too. Might be helpful to figure out
> what exactly is happening.
>
> regards,
> Nandana
> On Mon, Feb 15, 2010 at 7:17 PM, Hans-Bernhard Friedrich <
> [email protected]> wrote:
> Hi,
>
> I work on a webservice client and I always receive the same error
> when I try to make a request to our clients webservice.
>
> "org.apache.ws.security.WSSecurityException (The signature
> verification failed)"
>
> - Our client's webservice is axis-based, more I don't know
>
> - I use rampart 1.3 and Axis2 1.4.1, EclipseEE
> - I generated the customers WSDLs with axis2 1.4.1 in EclipseEE
> - I received certificates of our customer and imported them to a
keystore
> - I set up the the security using outflow configuration. I know it's
> deprecated but it seemed easier to me than using a policy.xml.
> - I also set up a client using a policy.xml signing the body but
> reveice the same error. I will change to policy in the next step.
>
> - I read all I could find on the web and in mailinglists but nothing
helped:
> - XML is UTF-B
> - JVM argument "language=EN" didn't help
> - Mixing different Axis2 and rampart versions didn't help
> - Changing xmlsec1.4.0. jar to 1.4.1 or 1.4.2 didn't help
> - The certs are have not expired
> - Eclipse' Workspace encoding is UTF-8
>
> Question:
> - Does the exception really mean the SOAP-Envelope has been changed
> after is was singed? Are there any other reasons this exception
> could be thrown?
>
> - What is about the "Pretty Printing" of the XML issue I've found on
> the mailing list. This this really solved in axis2 1.4.1?
> - Is there a way to set up namespace optimation and pretty printing
> manually in axis2 like in axis 1?
> - Could somethig else be wrong with the certificates?
>
> The thing is when I use the a modified sample using a policy.xml I
> get the same Exception
>
> - Is there anything I could tell our client to changed what could help
me?
>
> What did I do special:
> - Wrote a little handler to avoid "mustunderstand"-Problem in the
> response: I Set all headers in the response to processed. The error
> also occurs if I don't engage my handler
>
> Here is my Security setup using outflowConfiguration:
>
> ...options.setProperty(WSSHandlerConstants.OUTFLOW_SECURITY,
> getOutflowConfiguration());
> ...
> private Parameter getOutflowConfiguration() {
> OutflowConfiguration ofc = new OutflowConfiguration();
> ofc.setActionItems("Timestamp Signature");
> ofc.setSignatureParts("{Element}{http://docs.oasis-open.org/
> wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp");
> ofc.setUser("fcms-aci");
> ofc.setPasswordCallbackClass("de.aci.handler.PWCBHandler");
> ofc.setSignaturePropRefId("cyrpto_props");
>
ofc.setSignatureKeyIdentifier(WSSHandlerConstants.X509_KEY_IDENTIFIER)
> ;
> return ofc.getProperty();
> }
>
>
>
> The PWCBHandler is the same as in all Samples. I just changed the
> alias and the password
>
> I set the properties programmatically, because they should change
> dynamically later:
>
> Properties prop1 = getProps();
> serviceclient.getOptions.options.setProperty("cyrpto_props", prop1);
> ...
> private Properties getProps() {
> Properties prop1 = new Properties();
>
prop1.setProperty("org.apache.ws.security.crypto.provider",
> "org.apache.ws.security.components.crypto.Merlin");
> prop1.setProperty(
> "org.apache.ws.security.crypto.merlin.keystore.type", "jks");
> prop1.setProperty(
> "org.apache.ws.security.crypto.merlin.keystore.password",
"l7uzjx1ju...@+w2");
>
prop1.setProperty("org.apache.ws.security.crypto.merlin.file"
> , "fcms.keystore");
> return prop1;
> }
>
>
>
> Does anybody has an idea what I do wrong?
>
> Thank you so very much in advance for any ideas!!!!
>
> Greetings
> Hans
