[
https://issues.apache.org/jira/browse/CXF-7172?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh resolved CXF-7172.
--------------------------------------
Resolution: Not A Problem
> Error Validating Signed MTOM Message CXF 3.0.6 and up
> -----------------------------------------------------
>
> Key: CXF-7172
> URL: https://issues.apache.org/jira/browse/CXF-7172
> Project: CXF
> Issue Type: Bug
> Components: WS-* Components
> Affects Versions: 3.0.6, 3.1.8
> Reporter: Hrvoje Slavicek
> Priority: Critical
>
> As explained :
> http://stackoverflow.com/questions/37308017/error-validating-signed-mtom-message-cxf-3-0-6-and-up
> I created a simple web service using CXF that has MTOM enabled, it also
> expects a time stamp and the body to be signed, it configured like this:
> @ComponentScan(basePackageClasses={MyService.class})
> @Configuration
> @ImportResource({ "classpath:META-INF/cxf/cxf.xml" })
> public class CXFConfig {
> @Autowired
> Bus cxfBus;
> @Autowired
> MyService ws;
> @Bean
> public Endpoint endpoint() {
> EndpointImpl endpoint = new EndpointImpl(cxfBus, ws);
> endpoint.publish("/MyService");
> SOAPBinding binding = (SOAPBinding)endpoint.getBinding();
> binding.setMTOMEnabled(true);
> Map<String, Object> inProps = new HashMap<String, Object>();
> inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE+"
> "+WSHandlerConstants.TIMESTAMP);
> inProps.put(WSHandlerConstants.SIG_PROP_FILE, "wsserver.properties");
> WSS4JInInterceptor inc = new WSS4JInInterceptor(inProps);
> endpoint.getInInterceptors().add(inc);
> return endpoint;
> }
> }
> My Service Interface is:
> @WebService
> @Component
> public interface MyService {
> @WebMethod(action="doStuff")
> public String doStuff(@WebParam(name="FileData") MTOMMessage message)
> throws IOException;
> }
> My Data Type is:
> @XmlType
> @XmlAccessorType(XmlAccessType.FIELD)
> public class MTOMMessage {
> @XmlElement(name = "data", required = true)
> @XmlMimeType("text/xml")
> protected DataHandler data;
> @XmlElement(name = "FileName", required = true)
> protected String fileName;
> //Getters and Setters
> }
> I then have a client to call it:
> public static void main(String[] args) throws IOException {
> String xmlLoc = "classpath:com/avum/dasn/ws/test/client-context.xml";
> ClassPathXmlApplicationContext ctx = new
> ClassPathXmlApplicationContext(xmlLoc);
> MyService svc = ctx.getBean(MyService.class);
> MTOMMessage msg = new MTOMMessage();
> msg.setXmlData(new DataHandler(getURLForTestFile()));
> msg.setFileName("TestFileName");
> System.out.println(svc.doStuff(msg));
> }
> The client-context.xml looks like this:
> <jaxws:properties>
> <entry key="mtom-enabled" value="true"/>
> </jaxws:properties>
> <jaxws:outInterceptors>
> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
> <constructor-arg>
> <map>
> <entry key="action" value="Signature Timestamp"/>
> <entry key="signaturePropFile" value="wsclient.properties"/>
> <entry key="user" value="ws-security" />
> <entry key="passwordCallbackClass"
> value="com.co.test.PasswordCallbackHandler"/>
> </map>
> </constructor-arg>
> </bean>
> <bean class="org.apache.cxf.interceptor.LoggingOutInterceptor" />
> </jaxws:outInterceptors>
> If I’m using CXF version 3.0.5 or lower this works fine. However if I use
> 3.0.6 or later I get “A security error was encountered when verifying the
> message.”. On the server I’m getting messages like “Couldn't validate the
> References”. This is because the server doesn’t get the same DigestValue that
> comes across in the ds:DigestValue element.
> I think it has something to do with the way MTOM message are handled by the
> server side code because if I disable MTOM (on the client and server) then it
> works fine. I’m not sure how to get this working in later versions of CXF.
> Does anyone have any ideas what I’m doing wrong?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
