[ https://issues.apache.org/jira/browse/CXF-4587?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh reassigned CXF-4587: ---------------------------------------- Assignee: Colm O hEigeartaigh > Signature Confirmation does not work with TransportBinding and > EndorsingSupportingToken > --------------------------------------------------------------------------------------- > > Key: CXF-4587 > URL: https://issues.apache.org/jira/browse/CXF-4587 > Project: CXF > Issue Type: Bug > Components: WS-* Components > Affects Versions: 2.6.2, 2.5.6, 2.7.0 > Reporter: Sunil Bapat > Assignee: Colm O hEigeartaigh > Priority: Minor > Fix For: 2.5.7, 2.6.4, 2.7.1 > > Attachments: patch.txt > > > This is based on the discussion in > http://cxf.547215.n5.nabble.com/TransportBinding-and-SignatureConfirmation-td5715655.html. > > Signature Confirmation does not work on the client side, when the web service > is secured by TransportBinding with EndorsingSupportingToken. > The response from the server contains a Signature Confirmation element, and > the response fails with the error: > Received a SignatureConfirmation element, but there are no stored signature > values > Debugging through the CXF code, here's what is happening: > - After configuring the client, the WSS11Builder calls > setRequireSignatureConfirmation(true) based on the policy > (<sp:RequireSignatureConfirmation/>). > - In the constructor of AbstractBindingBuilder, it initializes the signatures > array property with an empty array, and puts it in the message as follows: > message.getExchange().put(WSHandlerConstants.SEND_SIGV, signatures) > - In the TransportBindingHandler.handleEndorsingToken (line 300), it calls > addSig, which eventually calls the doSignature. However, the signature is > never added to the signatures array. (SymmetricBindingHandler and > AsymmetricBindingHandler do a signatures.add) > - As a result when the service response comes to the WSS4JInInterceptor, it > calls checkSignatureConfirmation in WSHandler, which retrieves the > savedSignatures using > List<byte[]> savedSignatures = > (List<byte[]>) getProperty(reqData.getMsgContext(), > WSHandlerConstants.SEND_SIGV); > - This array is empty, since the signature was never added by > TransportBindingHandler. Therefore it throws the above exception. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira