I have a restriction not to use trasport level SSL... instead I can use the
X509 certificate... where .Net service provides...
now the next question: If I use the x509 certificate... how do I use that...
I am getting the following error
I have key.cer...
I generated the xyz.jks...
Caused by: org.apache.ws.security.WSSecurityException: WSHandler: Signature:
error during message procesingorg.apache.ws.security.WSSecurityException:
General security error (Unexpected number of X509Data: for Signature)
at
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:57)
at
org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:192)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.handleMessage(WSS4JOutInterceptor.java:166)
... 97 more
2008-09-10 13:23:18,573 ERROR [GraphElement] action threw exception: Cannot
create SAAJ factory instance.
javax.xml.ws.WebServiceException: Cannot create SAAJ factory instance.
at
org.apache.cxf.jaxws.binding.soap.SOAPBindingImpl.getSOAPFactory(SOAPBindingImpl.java:118)
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:151)
at $Proxy158.getNewSubmissionNumber(Unknown Source)
at
com.firstbest.pso.amsf.bpm.IcamsSubmissionNumberHandler.execute(IcamsSubmissionNumberHandler.java:62)
at
org.springmodules.workflow.jbpm31.JbpmHandlerProxy.execute(JbpmHandlerProxy.java:133)
at org.jbpm.graph.def.Action.execute(Action.java:123)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at
org.hibernate.proxy.pojo.javassist.JavassistLazyInitializer.invoke(JavassistLazyInitializer.java:173)
at
org.jbpm.graph.def.Action_$$_javassist_201.execute(Action_$$_javassist_201.java)
at org.jbpm.graph.def.Action.execute(Action.java:116)
at
org.jbpm.graph.def.GraphElement.executeAction(GraphElement.java:235)
at
org.jbpm.graph.def.GraphElement.executeActions(GraphElement.java:212)
at
org.jbpm.graph.def.GraphElement.fireAndPropagateEvent(GraphElement.java:182)
at org.jbpm.graph.def.GraphElement.fireEvent(GraphElement.java:166)
at org.jbpm.graph.def.Node.enter(Node.java:301)
at org.jbpm.graph.def.Transition.take(Transition.java:119)
at org.jbpm.graph.def.Node.leave(Node.java:383)
at
org.jbpm.graph.exe.ExecutionContext.leaveNode(ExecutionContext.java:136)
at org.jbpm.graph.node.Decision.execute(Decision.java:146)
at org.jbpm.graph.def.Node.enter(Node.java:316)
at org.jbpm.graph.def.Transition.take(Transition.java:119)
at org.jbpm.graph.def.Node.leave(Node.java:383)
at org.jbpm.graph.node.TaskNode.leave(TaskNode.java:198)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at
org.hibernate.proxy.pojo.javassist.JavassistLazyInitializer.invoke(JavassistLazyInitializer.java:173)
at
org.jbpm.graph.def.Node_$$_javassist_145.leave(Node_$$_javassist_145.java)
at org.jbpm.graph.exe.Token.signal(Token.java:178)
at org.jbpm.graph.exe.Token.signal(Token.java:141)
at
com.firstbest.bpm.BPMServiceImpl$2.doInJbpm(BPMServiceImpl.java:83)
at
org.springmodules.workflow.jbpm31.JbpmTemplate$1.doInHibernate(JbpmTemplate.java:86)
at
org.springframework.orm.hibernate3.HibernateTemplate.doExecute(HibernateTemplate.java:419)
at
org.springframework.orm.hibernate3.HibernateTemplate.execute(HibernateTemplate.java:339)
at
org.springmodules.workflow.jbpm31.JbpmTemplate.execute(JbpmTemplate.java:79)
Glen Mazza wrote:
>
>
> CXF-de'per wrote:
>>
>> When I use the "PasswordDigest", I am able to encrypt the password. My
>> requirement is how do I let the serverside (.Net webservice) know that
>> what algorithm I am using for encryption?
>>
>
> I don't know, but I think you might have it backwards--namely, you would
> need to encrypt the password in the same manner that the MS server does.
> If I understand correctly, servers normally do not store passwords in
> cleartext but after using a one-way encryption mechanism--when a cleartext
> password comes in they apply the same one-way mechanism and compare
> against the value in the data store.
>
> If you use the same hashing mechanism as the server's, it can compare your
> "skldfjh" with the "skldfjh" in the database and then validate that it's a
> match.
>
> Perhaps you might alternatively wish to send the password in non-digest
> form, but encrypt the message as a whole (including the password) using
> transport-level SSL instead. Security-wise, it would be very similar to
> typing in the password on a SSL-encrypted web-page--the server will apply
> its encryption algorithm on your plain password and do its normal
> comparison.
>
> Glen
>
>
--
View this message in context:
http://www.nabble.com/%3Centry-key%3D%22passwordType%22-value%3D%22PasswordDigest%22--%3E-follows-which-algorithm--to-encrypt-tp19416347p19420100.html
Sent from the cxf-user mailing list archive at Nabble.com.
