Hi Mihir,
I just saw your mail recently when going through the archives. I had a
look at this issue. The problem is with the Axis1 SAAJ implementation,
not with XML-Security or WSS4J. Some test-code that shows the problem:
org.apache.xml.security.Init.init();
MessageFactory factory = MessageFactory.newInstance();
SOAPMessage soapMessage = factory.createMessage();
Document doc = soapMessage.getSOAPPart();
Element sigElem =
XMLUtils.createElementInSignatureSpace(
doc, Constants._TAG_SIGNATUREMETHOD);
System.out.println(sigElem.getLocalName());
System.out.println(sigElem.getPrefix());
The output *should* be:
SignatureMethod
ds
However, with Axis1 SAAJ the output is:
ds:SignatureMethod
null
This is a bug in the Axis1 SAAJ implementation. It's been fixed in the
Axis2 SAAJ implementation, so you might have better luck trying this. I
don't know if the Axis1 code is being maintained, you might want to file
a bug on the axis-user list if it's a blocker.
Colm.
-----Original Message-----
From: Mihir Mathuria [mailto:mmathu...@epoll.com]
Sent: 19 March 2009 19:16
To: security-dev@xml.apache.org
Subject: Cannot create a
http://www.w3.org/2000/09/xmldsig#:ds:SignatureMethod from a
http://www.w3.org/2000/09/xmldsig#:SignatureMethod element
Hello,
I am trying to use Apache XML Security through Spring web services
1.5.6 (WSS4JInterceptor) to digitally sign messages.
At runtime I get the following exception:
ERROR o.a.w.s.message.WSSecSignature -
org.apache.xml.security.exceptions.XMLSecurityException: Cannot create
a http://www.w3.org/2000/09/xmldsig#:ds:SignatureMethod from a
http://www.w3.org/2000/09/xmldsig#
:SignatureMethod element
at org.apache.xml.security.utils.ElementCheckerImpl
$InternedNsChecker.guaranteeThatElementInCorrectSpace(Unknown Source)
at
org
.apache
.xml
.security
.utils.ElementProxy.guaranteeThatElementInCorrectSpace(Unknown Source)
at org.apache.xml.security.utils.ElementProxy.<init>(Unknown
Source)
at
org.apache.xml.security.utils.SignatureElementProxy.<init>(Unknown
Source)
at
org.apache.xml.security.algorithms.Algorithm.<init>(Unknown Source)
at
org.apache.xml.security.algorithms.SignatureAlgorithm.<init>(Unknown
Source)
at
org.apache.xml.security.signature.SignedInfo.<init>(Unknown Source)
at
org.apache.xml.security.signature.XMLSignature.<init>(Unknown Source)
at
org
.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:
366)
at
org
.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:
746)
at
org
.apache
.ws.security.action.SignatureAction.execute(SignatureAction.java:54)
at
org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:
201)
at
org
.springframework
.ws.soap.security.wss4j.Wss4jHandler.doSenderAction(Wss4jHandler.java:
162)
at
org
.springframework
.ws
.soap
.security
.wss4j
.Wss4jSecurityInterceptor.secureMessage(Wss4jSecurityInterceptor.java:
457)
I downloaded wssj-1.5.5 and xmlsec-1.4.2 source code to understand
what's going on. Trying to construct XMLSignature in
WSSecSignature.java throws the exception:
SignatureAlgorithm signatureAlgorithm = new
SignatureAlgorithm(doc, sigAlgo);
sig = new XMLSignature(doc, null,
signatureAlgorithm.getElement(), canonElem);
_constructionElement of signatureAlgorithm instance looks something
like: <ds:SignatureMethod...../>. I am assuming, while creating
instance of XMLSignature the guaranteeThatElementInCorrectSpace()
method tries to compare <SignatureMethod.../> with
<ds:SignatureMethod../> and hence the exception. For some reason the
"ds" prefix does not get set in the call to XMLSignature's constructor.
Not sure if this is due to Wss4JInterceptor configuration, or
conflicting jars or plain bug in wss4j-1.5.5 or xmlsec-1.4.2.
Could some one please guide.
Thanks,
--
Mihir Mathuria
