fyi i checked in an interop2.jks -- dims
On 6/9/05, Rajiv Kanaujia <[EMAIL PROTECTED]> wrote: > Certificates bundled with WSS4J (interop.jks) have expired. So I generated > X509 v3 certificates using OpenSSL (PKCS12) and having same alias and > converted them to JKS. > > Rajiv > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Thursday, June 09, 2005 7:49 AM > To: [email protected] > Subject: Axis Session + WSS4J Certificate > > > > > > Hi All, > > I have a problem when I use Axis SimpleSessionHandler and WSS4J > Certificate. > I use SimpleSessionHandler because I need to store and retrieve objects for > users on server-side. > I also use WSS4J Encryption and certification. > I configure my client request like this: > > <handler name="DoSecuritySender" > type="java:org.apache.ws.axis.security.WSDoAllSender" > > <parameter name="action" value="Signature Encrypt"/> > <parameter name="user" value="16c73ab6-b892-458f-abf5-2f875f74882e"/> > <parameter name="passwordCallbackClass" > value="samples.stock.client.PWCallback"/> > <parameter name="signaturePropFile" value="crypto.properties" /> > <parameter name="signatureKeyIdentifier" value="DirectReference" /> > <parameter name="encryptionKeyIdentifier" value="X509KeyIdentifier" > /> > </handler> > <handler type="SimpleSessionHandler"/> > > If I want to retireve data stored in Session on server-side I must reuse > service variable on client-side: > > ListCityServiceService service = null; > if(request.getSession().getAttribute("service")==null){ > service = new > ListCityServiceServiceLocator(config); > request.getSession().setAttribute("service" > ,service); > } > else > { > service = > (ListCityServiceService)request.getSession().getAttribute("service"); > } > > My problem is when I reuse the service variable stored in client-side > session, the certificate verification failed: > - Verification failed for URI "#id-9713235" > org.apache.ws.security.WSSecurityException: The signature verification > failed > at > org.apache.ws.security.WSSecurityEngine.verifyXMLSignature(WSSecurityEngine.java:644) > at > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:334) > at > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:259) > at > org.apache.ws.axis.security.WSDoAllReceiver.invoke(WSDoAllReceiver.java:181) > at > org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) > at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) > > This problem does not occur if the service variable is instanced each time > like this: ListCityServiceService service = new > ListCityServiceServiceLocator(config); > But I can't retrieve data stored in session on server-side. > I'm lost. Anyone have an idea? > > Thanks, > Benjamin > > ---------------------------------------------------------- > Le pr�sent message ainsi que ses �ventuelles pi�ces jointes est > exclusivement destin� au(x) destinataire(s), personnes physiques ou > morales, qu'il d�signe. > Il constitue de ce fait une correspondance � caract�re priv� et peut > contenir des informations confidentielles. > Si ce message vous est parvenu par erreur, nous vous remercions d'en aviser > imm�diatement l'exp�diteur par retour de courrier �lectronique puis de le > d�truire, ainsi que ses �ventuelles pi�ces jointes, sans en conserver de > copie. > > > This message, including any attachment, is intended for the use of the > individual or entity to which it is addressed. > It is therefore to be considered as a private correspondence which may > contain confidential information. > If you are not the intended recipient, please advise the sender immediately > by reply e.mail and delete this message and any attachment thereto without > retaining a copy. > ---------------------------------------------------------- > > > > -- Davanum Srinivas -http://blogs.cocoondev.org/dims/
