[jira] [Resolved] (CXF-4587) Signature Confirmation does not work with TransportBinding and EndorsingSupportingToken

Mon, 22 Oct 2012 03:32:19 -0700 

     [ 
https://issues.apache.org/jira/browse/CXF-4587?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Colm O hEigeartaigh resolved CXF-4587.
--------------------------------------

    Resolution: Fixed
    
> Signature Confirmation does not work with TransportBinding and 
> EndorsingSupportingToken
> ---------------------------------------------------------------------------------------
>
>                 Key: CXF-4587
>                 URL: https://issues.apache.org/jira/browse/CXF-4587
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.6.2, 2.5.6, 2.7.0
>            Reporter: Sunil Bapat
>            Assignee: Colm O hEigeartaigh
>            Priority: Minor
>             Fix For: 2.5.7, 2.6.4, 2.7.1
>
>         Attachments: patch.txt
>
>
> This is based on the discussion in 
> http://cxf.547215.n5.nabble.com/TransportBinding-and-SignatureConfirmation-td5715655.html.
>  
> Signature Confirmation does not work on the client side, when the web service 
> is secured by TransportBinding with EndorsingSupportingToken. 
> The response from the server contains a Signature Confirmation element, and 
> the response fails with the error:
> Received a SignatureConfirmation element, but there are no stored signature 
> values
> Debugging through the CXF code, here's what is happening:
> - After configuring the client, the WSS11Builder calls 
> setRequireSignatureConfirmation(true) based on the policy 
> (<sp:RequireSignatureConfirmation/>).
> - In the constructor of AbstractBindingBuilder, it initializes the signatures 
> array property with an empty array, and puts it in the message as follows:
> message.getExchange().put(WSHandlerConstants.SEND_SIGV, signatures)
> - In the TransportBindingHandler.handleEndorsingToken (line 300), it calls 
> addSig, which eventually calls the doSignature. However, the signature is 
> never added to the signatures array. (SymmetricBindingHandler and 
> AsymmetricBindingHandler do a signatures.add)
> - As a result when the service response comes to the WSS4JInInterceptor, it 
> calls checkSignatureConfirmation in WSHandler, which retrieves the 
> savedSignatures using
> List<byte[]> savedSignatures = 
>             (List<byte[]>) getProperty(reqData.getMsgContext(), 
> WSHandlerConstants.SEND_SIGV);
> - This array is empty, since the signature was never added by 
> TransportBindingHandler. Therefore it throws the above exception.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to