Certificates bundled with WSS4J (interop.jks) have expired. So I generated X509 v3 certificates using OpenSSL (PKCS12) and having same alias and converted them to JKS.
Rajiv -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, June 09, 2005 7:49 AM To: [email protected] Subject: Axis Session + WSS4J Certificate Hi All, I have a problem when I use Axis SimpleSessionHandler and WSS4J Certificate. I use SimpleSessionHandler because I need to store and retrieve objects for users on server-side. I also use WSS4J Encryption and certification. I configure my client request like this: <handler name="DoSecuritySender" type="java:org.apache.ws.axis.security.WSDoAllSender" > <parameter name="action" value="Signature Encrypt"/> <parameter name="user" value="16c73ab6-b892-458f-abf5-2f875f74882e"/> <parameter name="passwordCallbackClass" value="samples.stock.client.PWCallback"/> <parameter name="signaturePropFile" value="crypto.properties" /> <parameter name="signatureKeyIdentifier" value="DirectReference" /> <parameter name="encryptionKeyIdentifier" value="X509KeyIdentifier" /> </handler> <handler type="SimpleSessionHandler"/> If I want to retireve data stored in Session on server-side I must reuse service variable on client-side: ListCityServiceService service = null; if(request.getSession().getAttribute("service")==null){ service = new ListCityServiceServiceLocator(config); request.getSession().setAttribute("service" ,service); } else { service = (ListCityServiceService)request.getSession().getAttribute("service"); } My problem is when I reuse the service variable stored in client-side session, the certificate verification failed: - Verification failed for URI "#id-9713235" org.apache.ws.security.WSSecurityException: The signature verification failed at org.apache.ws.security.WSSecurityEngine.verifyXMLSignature(WSSecurityEngine.java:644) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:334) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:259) at org.apache.ws.axis.security.WSDoAllReceiver.invoke(WSDoAllReceiver.java:181) at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) This problem does not occur if the service variable is instanced each time like this: ListCityServiceService service = new ListCityServiceServiceLocator(config); But I can't retrieve data stored in session on server-side. I'm lost. Anyone have an idea? Thanks, Benjamin ---------------------------------------------------------- Le pr�sent message ainsi que ses �ventuelles pi�ces jointes est exclusivement destin� au(x) destinataire(s), personnes physiques ou morales, qu'il d�signe. Il constitue de ce fait une correspondance � caract�re priv� et peut contenir des informations confidentielles. Si ce message vous est parvenu par erreur, nous vous remercions d'en aviser imm�diatement l'exp�diteur par retour de courrier �lectronique puis de le d�truire, ainsi que ses �ventuelles pi�ces jointes, sans en conserver de copie. This message, including any attachment, is intended for the use of the individual or entity to which it is addressed. It is therefore to be considered as a private correspondence which may contain confidential information. If you are not the intended recipient, please advise the sender immediately by reply e.mail and delete this message and any attachment thereto without retaining a copy. ----------------------------------------------------------
