Hrvoje Slavicek created CXF-7172:
------------------------------------
Summary: Error Validating Signed MTOM Message CXF 3.0.6 and up
Key: CXF-7172
URL: https://issues.apache.org/jira/browse/CXF-7172
Project: CXF
Issue Type: Bug
Components: WS-* Components
Affects Versions: 3.1.8, 3.0.6
Reporter: Hrvoje Slavicek
As explained :
http://stackoverflow.com/questions/37308017/error-validating-signed-mtom-message-cxf-3-0-6-and-up
I created a simple web service using CXF that has MTOM enabled, it also expects
a time stamp and the body to be signed, it configured like this:
@ComponentScan(basePackageClasses={MyService.class})
@Configuration
@ImportResource({ "classpath:META-INF/cxf/cxf.xml" })
public class CXFConfig {
@Autowired
Bus cxfBus;
@Autowired
MyService ws;
@Bean
public Endpoint endpoint() {
EndpointImpl endpoint = new EndpointImpl(cxfBus, ws);
endpoint.publish("/MyService");
SOAPBinding binding = (SOAPBinding)endpoint.getBinding();
binding.setMTOMEnabled(true);
Map<String, Object> inProps = new HashMap<String, Object>();
inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE+"
"+WSHandlerConstants.TIMESTAMP);
inProps.put(WSHandlerConstants.SIG_PROP_FILE, "wsserver.properties");
WSS4JInInterceptor inc = new WSS4JInInterceptor(inProps);
endpoint.getInInterceptors().add(inc);
return endpoint;
}
}
My Service Interface is:
@WebService
@Component
public interface MyService {
@WebMethod(action="doStuff")
public String doStuff(@WebParam(name="FileData") MTOMMessage message)
throws IOException;
}
My Data Type is:
@XmlType
@XmlAccessorType(XmlAccessType.FIELD)
public class MTOMMessage {
@XmlElement(name = "data", required = true)
@XmlMimeType("text/xml")
protected DataHandler data;
@XmlElement(name = "FileName", required = true)
protected String fileName;
//Getters and Setters
}
I then have a client to call it:
public static void main(String[] args) throws IOException {
String xmlLoc = "classpath:com/avum/dasn/ws/test/client-context.xml";
ClassPathXmlApplicationContext ctx = new
ClassPathXmlApplicationContext(xmlLoc);
MyService svc = ctx.getBean(MyService.class);
MTOMMessage msg = new MTOMMessage();
msg.setXmlData(new DataHandler(getURLForTestFile()));
msg.setFileName("TestFileName");
System.out.println(svc.doStuff(msg));
}
The client-context.xml looks like this:
<jaxws:properties>
<entry key="mtom-enabled" value="true"/>
</jaxws:properties>
<jaxws:outInterceptors>
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<constructor-arg>
<map>
<entry key="action" value="Signature Timestamp"/>
<entry key="signaturePropFile" value="wsclient.properties"/>
<entry key="user" value="ws-security" />
<entry key="passwordCallbackClass"
value="com.co.test.PasswordCallbackHandler"/>
</map>
</constructor-arg>
</bean>
<bean class="org.apache.cxf.interceptor.LoggingOutInterceptor" />
</jaxws:outInterceptors>
If I’m using CXF version 3.0.5 or lower this works fine. However if I use 3.0.6
or later I get “A security error was encountered when verifying the message.”.
On the server I’m getting messages like “Couldn't validate the References”.
This is because the server doesn’t get the same DigestValue that comes across
in the ds:DigestValue element.
I think it has something to do with the way MTOM message are handled by the
server side code because if I disable MTOM (on the client and server) then it
works fine. I’m not sure how to get this working in later versions of CXF. Does
anyone have any ideas what I’m doing wrong?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
