No it's not a bug. WSS4J 1.6 enforces compliance to the Basic Security Profile specification. You can turn this off if you're using WSHandler by setting the configuration tag WSHandlerConstants.IS_BSP_COMPLIANT to "false". If you're not using WSHandler, you can turn if off via the "setWsiBSPCompliant(boolean)" method of WSSConfig.
Colm. On Thu, May 19, 2011 at 3:00 PM, <[email protected]> wrote: > Hello, > > we are slowly migrating our project from wss4j 1.5.7 to wss4j 1.6.0 (and > later 1.6.1 when it will support CRL check). If our client and server are > both using the same version, then all works fine. But if there are > differences (ex. server at 1.5.7, client with 1.6.0), then wss4j 1.6.0 > throws an exception while executing the "processSecurityHeader" method: "An > invalid security token was provided (Bad TokenType "")". > If I look in the messages, I can see just one relevant difference: 1.6.0 > writes the attribute "wsse11:TokenType="..."" into the > SecurityTokenReference element, while 1.5.7 doesn't. The concerned line is > marked with "--->>>": > wss4j1.5: > --- > ... > <wsse:Security > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; > soapenv:mustUnderstand="1"> > <wsse:BinarySecurityToken ...>...</wsse:BinarySecurityToken> > <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; > Id="Signature-9"> > <ds:SignedInfo>...</ds:SignedInfo> > <ds:SignatureValue>...</ds:SignatureValue> > <ds:KeyInfo Id="KeyId-92E7CECF9963FFCEA413058113612858"> > <wsse:SecurityTokenReference > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > wsu:Id="STRId-92E7CECF9963FFCEA413058113612859"> > <wsse:Reference URI="#CertId-92E7CECF9963FFCEA413058113612847" > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1"/> > </wsse:SecurityTokenReference> > </ds:KeyInfo> > </ds:Signature> > </wsse:Security> > ... > --- > > wss4j 1.6.0: > --- > ... > <wsse:Security > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > soapenv:mustUnderstand="1"> > <wsse:BinarySecurityToken ...>...</wsse:BinarySecurityToken> > <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="SIG-6"> > <ds:SignedInfo>...</ds:SignedInfo> > <ds:SignatureValue>...</ds:SignatureValue> > <ds:KeyInfo Id="KI-F274414FEBA072C84313058113504242"> > <wsse:SecurityTokenReference > xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; > --->>> > wsse11:TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1"; > wsu:Id="STR-F274414FEBA072C84313058113504263"> > <wsse:Reference URI="#X509-F274414FEBA072C84313058113504161" > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1"/> > </wsse:SecurityTokenReference> > </ds:KeyInfo> > </ds:Signature> > </wsse:Security> > ... > --- > > The problem is, that 1.6 apparently requires this attribute to be there. Or > can I tell 1.6 (per configuration/programmaticaly) that it should handle > this Element the old way? > The compatibility between 1.5.x and 1.6 is unfortunatly a must have. There > are some other houses that are using their software based on 1.5.x and they > must be allowed to communicate with us. 1.5.7 has no problems zu understand > the messages secured by wss4j 1.6.0. Only the other way makes us some > trouble. > Is there a workaround? Or is it a bug and I should register it in JIRA? > > Many greetings, > Marcin Markiewicz > > > > ---------------------------------------------------------------------------------------------------------------------------------------------- > > Fiducia IT AG > Fiduciastraße 20 > 76227 Karlsruhe > > Sitz der Gesellschaft: Karlsruhe > AG Mannheim HRB 100059 > > Vorsitzender des Aufsichtsrats: Gregor Scheller > Vorsitzender des Vorstands: Michael Krings > Stellv. Vorsitzender des Vorstands: Klaus-Peter Bruns > Vorstand: Jens-Olaf Bartels, Hans-Peter Straberger > > Umsatzsteuer-ID.Nr. DE143582320, http://www.fiducia.de > ---------------------------------------------------------------------------------------------------------------------------------------------- > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
