Hi, this problem was solved by Kumar's suggestion in metro's mailing list. Simply, we added this tag <sunsp:DisableInclusivePrefixList xmlns:sunsp=" http://schemas.sun.com/2006/03/wss/client";></sunsp:DisableInclusivePrefixList> in our wsit-client.xml. Then Metro BS->PHP OPS works fine.
Since the last scenario was passed in our local workstation, we'll check all scenarios tomorrow to ensure no mistake introduced by this new added configuration. here is the address http://blogs.sun.com/ashutosh/entry/custom_security_policy_assertions_in for your interest. > Tango security by default generates InclusivePrefixList for Exclusive > Canonicalization algorithm. But, not many implementations support this. On Mon, Jun 15, 2009 at 7:31 PM, Ming Jin <[email protected]> wrote: > Hi, I posted a new message in metro mailing list, in which I attached the > two wsdl files from php and java sides, policy.xml used in WSF/PHP, > wsit-client used in Metro, glassfish log file and soap request/response > message with this mail for more details. The php.wsdl is return from php > service via ?wsdl(not the one packaged with the source code), while the > java.wsdl is the original one. The SOAP request/response messages are > captured by HTTP Debugger Pro. > > From the scenarios we've already tested, we think the manipulations of the > policy in Metro, WCF, WSF/PHP, or WSO2 are different, which may lead to the > problem we got. > > Here is the address to the message: > http://forums.java.net/jive/thread.jspa?threadID=63107&tstart=0 > > > > On Fri, Jun 12, 2009 at 10:31 PM, Ming Jin <[email protected]> wrote: > >> Hi, we're using the METRO version BS to communicate with PHP OPS with >> security, but we got error said '500 Internal Server Error', the reason is >> 'Signature Verification failed.' To compare with that, we used .NET version >> stocktrader to communicate with PHP version from both sides(.NET BS->PHP OPS >> and PHP BS->.NET OPS), which both worked fine. >> *Following is a brief explanation of different versions of Stocktrader >> used:* >> >> - .NET Stocktrader: built from the source code in /branches/m1 >> - PHP Stocktrader: built from the source code in /branches/m1 >> - WSO2 Stocktrader: built from the trunk version source code >> - Metro Strocktrader: as the same as in the directory contrib >> >> In our local workstation, all scenarios, including with or without >> security, are verified except METRO BS->PHP OPS with security. >> >> *Following are the scenarios tested with security:* >> >> - .NET Stocktrader <=> Metro Stocktrader >> - PHP Stocktrader <=> WSO2 Stocktrader >> - .NET Stocktrader <=> WSO2 Stocktrader(need to downgrade the WSAS >> server from version 3.0.1 to 3.0) >> - .NET Stocktrader <=> PHP Stocktrader >> - Metro BS -> WSO2 OPS >> - PHP BS -> Metro OPS >> - WSO2 BS -> Metro OPS(need to generate the Metro OPS from the WSO2 >> version OrderProcessorMsec.wsdl) >> - Metro BS -> PHP OPS *failed* >> >> *Why Metro BS->PHP OPS failed, here are our understanding:* >> 1. The certificates and private keys used in the whole scenario >> verifications are the same one, the default OPS one. So the problem >> shouldn't be due to the certificate issue. >> 2. As .NET BS/Metro BS->Metro OPS and .NET BS/Metro BS->WSO2 OPS, the >> security configurations and policy definitions in .NET BS and Metro BS >> should be functionally equal. >> 3. As .NET BS->PHP OPS, then there shouldn't be any problem in Metro BS >> communicating with PHP OPS. >> >> Do we understand them wrong? Could anyone give some suggestion? >> >> I attached the error.log from glassfish, the soap message of >> request/response during the process of placing an order, which can provide >> you more details about the problem. >> >> Thanks >> >> ------ >> Ming Jin >> >> Consultant >> Thoughtworks, Inc >> >> > > > -- > Ming Jin > > Consultant > Thoughtworks, Inc > Mobile: +86 135-2125-6300 > Email: [email protected] > MSN: [email protected] > Blog: http://blogjava.net/mingj > > -- Ming Jin Consultant Thoughtworks, Inc Mobile: +86 135-2125-6300 Email: [email protected] MSN: [email protected] Blog: http://blogjava.net/mingj
