Hello,
I would like to check security for incoming soap requests at server side
using the Rampart module(Axis 2). I have an existing client that sends
signed SOAP requests(no encryption).
The problem is that the signature is never checked. I can see this in the
log(debug level):
DEBUG - Phase.invoke(372) | Invoking phase "Security"
DEBUG - Phase.invoke(379) | Invoking Handler 'SecurityInHandler' in Phase
'Security'
DEBUG - WSDoAllReceiver.processMessage(92) | WSDoAllReceiver: enter invoke()
DEBUG - Phase.invoke(392) | Checking post-conditions for phase "Security"
DEBUG - Phase.invoke(362) | Checking pre-condition for Phase "PreDispatch"
DEBUG - Phase.invoke(372) | Invoking phase "PreDispatch"
DEBUG - Phase.invoke(379) | Invoking Handler 'AddressingFinalInHandler' in
Phase 'PreDispatch'
DEBUG - AddressingInHandler.invoke(71) | Starting WS-Addressing Final IN
handler ...
DEBUG - AddressingInHandler.invoke(87) | No Headers present corresponding to
WS-Addressing Final
DEBUG - Phase.invoke(379) | Invoking Handler 'AddressingSubmissionInHandler'
in Phase 'PreDispatch'
DEBUG - AddressingInHandler.invoke(71) | Starting WS-Addressing Submission
IN handler ...
DEBUG - AddressingInHandler.invoke(87) | No Headers present corresponding to
WS-Addressing Submission
It seems that the handler is invoked but the security headers are not found.
Is there something wrong with my request below?
Thx in advance.
Johan.
<?xml version='1.0' encoding='utf-8'?><soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";>
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
mustUnderstand="1" soapenv:actor="">
<wsse:BinarySecurityToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
wsu:Id="Id-ref2VerifySignature"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";>MIIDjjCCAnagAwIBAgILAQAAAAABAxNSI6QwDQYJKoZIhvcNAQEFBQAwJTELMAkGA1UEBhMCQkUx
FjAUBgNVBAMTDUdvdmVybm1lbnQgQ0EwHhcNMDUwNDA1MTcwNDM5WhcNMDYwNDA1MTcwNDM5WjBE
MQswCQYDVQQGEwJCRTEQMA4GA1UEAxMHRlJOQi5CRTEUMBIGA1UEChMLNDA5LjM1Ny4zMjExDTAL
BgNVBAsTBEZSTkIwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp1VEDpvYhctJp+agiQdpzsWsC6zI
nIUo7EkrIGQEbrI1COcvLIsQp3CN10sHAhOkFIu0A+H+onJ2XgTEt2FAhwIDAQABo4IBZjCCAWIw
RAYDVR0gBD0wOzA5BgdgOAEBAQMDMC4wLAYIKwYBBQUHAgEWIGh0dHA6Ly9yZXBvc2l0b3J5LmVp
ZC5iZWxnaXVtLmJlMA4GA1UdDwEB/wQEAwIGwDAfBgNVHSMEGDAWgBT1Qdziis6XVgXoU2dG1/RP
Z7J2DzAdBgNVHQ4EFgQUXiuc2/NDXnAqbnoTGE1JHzTX0VAwPQYDVR0fBDYwNDAyoDCgLoYsaHR0
cDovL2NybC5laWQuYmVsZ2l1bS5iZS9nb3Zlcm5tZW50MjAwNS5jcmwwCQYDVR0TBAIwADARBglg
hkgBhvhCAQEEBAMCBLAwbQYIKwYBBQUHAQEEYTBfMDUGCCsGAQUFBzAChilodHRwOi8vY2VydHMu
ZWlkLmJlbGdpdW0uYmUvYmVsZ2l1bXJzLmNydDAmBggrBgEFBQcwAYYaaHR0cDovL29jc3AuZWlk
LmJlbGdpdW0uYmUwDQYJKoZIhvcNAQEFBQADggEBABOqebsV63FaY1Ekf5TS9WufW4+zJRe3BOZs
ZUGPMFUJs65nWsjlzMtOHS3wfyReq01uIG2HQkZ0XK+/NJ56Xh+xJNywgbo9mxRhCBgTUqSM/feT
uYPrZAB1O7QHEH4PLoDNtJtZ8+Zz+GXfARLS5AMSfjqtxwvj4+Pgt6HAuxHb/4mDS1C4xFQNZhZR
+XkFtFku1AjN9cXQMFN6vtmYKhwduPj6yxtE4wmnZ559V9DyFLi/feonoA1/H1vIwAGWbhYIjEDG
yApoBEBoGkpHvoWeoQRWwiRf9WGIbLZ5Mcq1SFGPF06+4kkYmJUnPNtXT3yO2hHBP8c4ftXsrgHu
iBo=</wsse:BinarySecurityToken><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";
/>
<ds:Reference URI="#id-21826773">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
<ds:DigestValue>iLwjzNrDGK562cdtEMfDi0mALgM=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
gLziQrLd7oAAxd67IChIDKgImRuPbKrLe0ZuyIa+fFesfrZFuCc643Q6lfTMs0rXXYEU3btQdEpQ
CQObiTCH1A==
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-1899108">
<wsse:SecurityTokenReference
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="STRId-8047015"><wsse:Reference URI="#Id-ref2VerifySignature"
/></wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsu:Timestamp
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";><wsu:Created>2006-06-13T15:31:03Z</wsu:Created><wsu:Expires>2006-06-13T15:31:03Z</wsu:Expires></wsu:Timestamp></wsse:Security></soapenv:Header><soapenv:Body
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="id-21826773"><fphp100
xmlns="http://fsb.belgium.be/prove";><ns1:fphp100
xmlns:ns1="http://fsb.belgium.be/prove/fphp100";><ns2:notary
xmlns:ns2="http://fsb.belgium.be/prove/notary";><ns2:office_id>217063</ns2:office_id><ns2:lang>fr</ns2:lang><ns2:nrn>60052301706</ns2:nrn><ns2:num_kbo_not>0477430931</ns2:num_kbo_not><ns2:num_kbo_fed>0409357321</ns2:num_kbo_fed></ns2:notary><ns1:person><ns1:last_name>r</ns1:last_name><ns1:birth_date_year>1977</ns1:birth_date_year></ns1:person></ns1:fphp100></fphp100></soapenv:Body></soapenv:Envelope>
Services.xml:
<serviceGroup>
<service name="findPerson">
<messageReceivers>
<messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out";
class="com.notary.fphp.FindPersonMessageReceiverInOut"/>
</messageReceivers>
<parameter name="ServiceClass" locked="false">
com.notary.fphp.FindPersonSkeleton
</parameter>
<parameter name="InFlowSecurity">
<action>
<items>Timestamp Signature Encrypt</items>
<signaturePropFile>interop.properties</signaturePropFile>
</action>
</parameter>
<operation name="fphp100" mep="http://www.w3.org/2004/08/wsdl/in-out";>
<actionMapping>http://fsb.belgium.be/prove/fphp100</actionMapping>
</operation>
<operation name="testSOAPFault"
mep="http://www.w3.org/2004/08/wsdl/in-out";>
<actionMapping>http://fsb.belgium.be/prove/testSOAPFault</actionMapping>
</operation>
<operation name="ping" mep="http://www.w3.org/2004/08/wsdl/in-out";>
<actionMapping>http://fsb.belgium.be/prove/ping</actionMapping>
</operation>
</service>
</serviceGroup>
interop.properties:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=changeit
org.apache.ws.security.crypto.merlin.file=D:/WebServices/keystore/testKeystore
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
