[
https://issues.apache.org/jira/browse/WSS-508?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Gene B. updated WSS-508:
------------------------
Attachment: request1-printedby-provider-signedby-wss4j.xml
request1-printedby-provider-signedby-soapui.xml
Colm, included are the two requests for side-by-side comparison. The first
thing I notice is that the prefix list generated by WSS4j is [soapenc, xsd,
xsi] and the prefix list generated by SOAP UI is [base, enr]. From looking at
the body of the request signed by SOAP UI - I can see that these prefixes
(base, enr) are "visibly used" inside the body. Not sure if the prefix list
created by SOAP UI makes any sense - but that is the one which validated
successfully. Please let me know what you think.
> When using "add inclusive prefixes" and EXC C14N - signature cannot be
> validated
> --------------------------------------------------------------------------------
>
> Key: WSS-508
> URL: https://issues.apache.org/jira/browse/WSS-508
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 2.0.0, 2.0.1
> Environment: WAS 7.x, IBM JDK 1.6, WebSphere JAX-WS stack, MS Windows.
> Reporter: Gene B.
> Assignee: Colm O hEigeartaigh
> Attachments: log 01 - signature verification failed with
> InclusiveNamespaces PrefixList.txt, log 02 - signature verification ok -
> signed by SOAP UI.txt, request1-printedby-provider-signedby-soapui.xml,
> request1-printedby-provider-signedby-wss4j.xml
>
>
> Security implemented using WSS4J securement/validation action approach. We
> are trying to sign the body.
> The provider is a JAX-WS service running on WebSphere JAX-WS stack. Custom
> handler uses WSS4j to validate security.
> The consumer is a WebSphere JAX-WS dispatch client – also attaching custom
> security handler.
> Signature can be validated on the provider side when EXC C14N
> canonicalization is specified with BST compliance flag relaxed. That is
> because when we chose to add “InclusiveNamespaces” “PrefixList” on the
> consumer side, verification fails. When the same test is done with the SOAP
> UI – signature verifies Ok – so I am blaming the consumer – the signing
> process - not verification process.
> I am attaching a log file which shows verification failure when the
> InclusiveNamespaces option is used. If not for this option – this
> verification would’ve been a success.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
