Colm, Thanks for the help. I am still working with the vendor to see if they can upgrade the WSS4J version on their end. Will let you know whenever I have any update.
Regarding the test case - we are not able to re-create the issue on our end using client/server. This issue happens only when we send a request to Service Provider. And the access to the service is restricted by IP ranges as well. So you won't be able to hit their webservice even if I provide you with the test certificates and the client code. Thanks, Rameshwer Jangra ________________________________ From: Colm O hEigeartaigh <[email protected]> To: Rameshwer Jangra <[email protected]> Cc: "[email protected]" <[email protected]> Sent: Friday, April 20, 2012 3:36 AM Subject: Re: Help Required - Adding wsu:Id in <ds:Signature> I'm pretty sure the problem has nothing to do with the wsu:Id attribute on the Signature Element. The problem is a NPE when searching for the Element that has the wsu:Id Reference that the Signature contains. The best strategy is to try upgrading to a later version of WSS4J. Failing that if you can create a test-case that reproduces the problem I'll take a look. Colm. On Thu, Apr 19, 2012 at 4:13 PM, Rameshwer Jangra <[email protected]> wrote: > Colm, > Service provider is a third party vendor and the same service is shared by > many other clients. Not sure if it will be feasible to upgrade the version > on Service provider side. Though I can try to convince the provider if we > know how upgrading will fix the issue. > > Found the following comment in 1.5.1 version of > SinatureProcessor.verifyXmlSignature(). Not sure if this refer to the same > wsu:Id tag that is resulting in throwing an exception on the server side. If > this is the same attribute, then how should I send the request differently > so that this tag gets added while processing the request? > --------------------------------------------- > * @param returnElements verifyXMLSignature adds the wsu:ID attribute values > for > * the signed elements to this Set > ------------------------------------------------ > > Thanks, > Rameshwer Jangra > ________________________________ > From: Colm O hEigeartaigh <[email protected]> > To: Rameshwer Jangra <[email protected]> > Cc: "[email protected]" <[email protected]> > Sent: Thursday, April 19, 2012 10:00 AM > > Subject: Re: Help Required - Adding wsu:Id in <ds:Signature> > > I've no idea what's going on there - 1.5.1 is an ancient version of > WSS4J. Would it be possible to upgrade the service provider to the > latest 1.5.12 version? > > Colm. > > On Thu, Apr 19, 2012 at 3:48 PM, Rameshwer Jangra <[email protected]> wrote: >> My bad! Here's the complete request XML and the corresponding response >> xml. >> >> Thanks, >> Rameshwer Jangra >> ________________________________ >> From: Colm O hEigeartaigh <[email protected]> >> To: Rameshwer Jangra <[email protected]> >> Cc: "[email protected]" <[email protected]> >> Sent: Thursday, April 19, 2012 9:32 AM >> >> Subject: Re: Help Required - Adding wsu:Id in <ds:Signature> >> >> The SOAP Body appears to be missing in "Request2.xml"? >> >> Colm. >> >> On Thu, Apr 19, 2012 at 3:29 PM, Rameshwer Jangra <[email protected]> >> wrote: >>> Colm, >>> Please find the request and response xmls attached to the mail. >>> "successful-echo-request.xml" is a request XML provided by the Service >>> Provider as an example of a successfully processed request. >>> >>> "Request2.xml" & "Response2.xml" are the request that I sent and the >>> response I am getting. I have changed the value/data for the >>> <wsse:SecurityTokenReference> & <wsse:BinarySecurityToken> tags. Other >>> than >>> that the request is the actual request that I am sending to Service >>> Provider. >>> >>> Let me know if you need any other information. >>> >>> Thanks, >>> Rameshwer Jangra >>> ________________________________ >>> From: Colm O hEigeartaigh <[email protected]> >>> To: Rameshwer Jangra <[email protected]> >>> Cc: "[email protected]" <[email protected]> >>> Sent: Thursday, April 19, 2012 9:08 AM >>> >>> Subject: Re: Help Required - Adding wsu:Id in <ds:Signature> >>> >>> What does the request look like? >>> >>> Colm. >>> >>> On Thu, Apr 19, 2012 at 2:55 PM, Rameshwer Jangra <[email protected]> >>> wrote: >>>> I am using WSS4j 1.5.9 while creating the request. The Service Provider >>>> is >>>> using 1.5.1 for signature verification and decryption. >>>> >>>> Thanks, >>>> Rameshwer Jangra >>>> ________________________________ >>>> From: Colm O hEigeartaigh <[email protected]> >>>> To: [email protected]; Rameshwer Jangra <[email protected]> >>>> Sent: Thursday, April 19, 2012 8:10 AM >>>> Subject: Re: Help Required - Adding wsu:Id in <ds:Signature> >>>> >>>> What version of WSS4J are you using? >>>> >>>> Colm. >>>> >>>> On Tue, Apr 17, 2012 at 7:34 PM, Rameshwer Jangra <[email protected]> >>>> wrote: >>>>> Hi, >>>>> I am using WSS4J for invoking a secured web service. The request XML >>>>> generated by my client is almost the same as the sample provided by the >>>>> Service Provider. The only difference is an additional "wsu:Id" >>>>> attribute >>>>> defined for <ds:Signature> tag. >>>>> >>>>> Here's what my code is generating: >>>>> >>>>> <ds:Signature Id="Signature-22" >>>>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> >>>>> >>>>> Here's what the Service Provider is expecting >>>>> >>>>> <ds:Signature Id="Signature-16906910" wsu:Id="Id-8819824" >>>>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; >>>>> >>>>> >>>>> >>>>> >>>>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> >>>>> >>>>> I suspect that due to this missing tag I am getting the exception, >>>>> pasted >>>>> below, when I am try to invoke the service. I am not able to figure out >>>>> how >>>>> the highlighted tag will get added to the XML. Is there any >>>>> configuration/attribute that I can change while invoking >>>>> the WSSecSignature.build()? >>>>> >>>>> Gone through the API documentation and the code but could not find >>>>> anything >>>>> specific to this. Will appreciate any help/guidance in resolving this. >>>>> >>>>> -------------------------------------------- >>>>> Caused by: java.lang.NullPointerException >>>>> at >>>>> >>>>> >>>>> >>>>> >>>>> org.apache.ws.security.util.WSSecurityUtil.findElementById(WSSecurityUtil.java:298) >>>>> at >>>>> >>>>> >>>>> >>>>> >>>>> org.apache.ws.security.util.WSSecurityUtil.getElementByWsuId(WSSecurityUtil.java:438) >>>>> at >>>>> >>>>> >>>>> >>>>> >>>>> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:297) >>>>> at >>>>> >>>>> >>>>> >>>>> >>>>> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:79) >>>>> at >>>>> >>>>> >>>>> >>>>> >>>>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:279) >>>>> at >>>>> >>>>> >>>>> >>>>> >>>>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:201) >>>>> at org.apache.rampart.RampartEngine.process(RampartEngine.java:71) >>>>> at >>>>> >>>>> >>>>> >>>>> org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:69) >>>>> at org.apache.axis2.engine.Phase.invoke(Phase.java:381) >>>>> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:518) >>>>> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:483) >>>>> at >>>>> >>>>> >>>>> >>>>> >>>>> org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:319) >>>>> at >>>>> >>>>> org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:247) >>>>> ... 12 more >>>>> ---------------------------------------------- >>>>> >>>>> Thanks, >>>>> Rameshwer Jangra >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>> >>>> >>>> >>>> -- >>>> Colm O hEigeartaigh >>>> >>>> Talend Community Coder >>>> http://coders.talend.com >>>> >>>> >>> >>> >>> >>> -- >>> Colm O hEigeartaigh >>> >>> Talend Community Coder >>> http://coders.talend.com >>> >>> >> >> >> >> -- >> Colm O hEigeartaigh >> >> Talend Community Coder >> http://coders.talend.com >> >> > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
