It definitely works with 2.3.x but not with 2.4.0. I've updated the zip file at that location to adjust the dependencies so that (for me at least) it builds with a clean local repository on maven 2.2.1 on windows. I'm not sure I can simplify the test case too much; it requires a fully configured and running server hosting the war file and a fully configured client for a test.
Running the tests that should fail requires activating a specific profile in the build: 'mvn clean install -Pintegration-test' from inside the parent module. Ross On Tue, Apr 19, 2011 at 7:00 AM, Colm O hEigeartaigh <[email protected]>wrote: > I get an error on running "mvn clean install" in the > WSSecurityTutorialParent folder: > > [ERROR] Failed to execute goal > org.codehaus.mojo:jaxws-maven-plugin:1.12:wsimport (jaxws) on project > WSSecurityTutorialJaxWs: Execution jaxws of goal > org.codehaus.mojo:jaxws-maven-plugin:1.12:wsimport failed: Plugin > org.codehaus.mojo:jaxws-maven-plugin:1.12 or one of its dependencies > could not be resolved: Failed to collect dependencies for > org.codehaus.mojo:jaxws-maven-plugin:jar:1.12 (): Failed to read > artifact descriptor for com.sun.xml.ws:jaxws-tools:jar:2.1.7: Could > not transfer artifact com.sun.xml.ws:jaxws-tools:pom:2.1.7 from/to > java.net (http://download.java.net/maven/1/): No connector available > to access repository java.net (http://download.java.net/maven/1/) of > type legacy using the available factories > WagonRepositoryConnectorFactory -> [Help 1] > > If you could put together a smaller test-case that shows the problem > that would be great. Does your test-case work with CXF 2.3.x but fail > with CXF 2.4.0? > > Colm. > > On Mon, Apr 18, 2011 at 10:27 PM, Ross Lodge > <[email protected]> wrote: > > I've been trying to get the new 2.4.0 release to work in a project that > I'm > > using that uses WS-Security and WS-SecurityPolicy in a WSDL-First SOAP > > service, and I am getting a signature verification failure: > > > > Caused by: org.apache.ws.security.WSSecurityException: The signature or > >> decryption was invalid; nested exception is: > >> > >> org.apache.ws.security.WSSecurityException: The signature or decryption > was > >> invalid > >> > >> at > >> > org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:378) > >> ~[wss4j-1.6.0.jar:1.6.0] > >> > >> at > >> > org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:174) > >> ~[wss4j-1.6.0.jar:1.6.0] > >> > >> at > >> > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396) > >> ~[wss4j-1.6.0.jar:1.6.0] > >> > >> at > >> > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:248) > >> ~[cxf-rt-ws-security-2.4.0.jar:2.4.0] > >> > >> ... 35 common frames omitted > >> > >> Caused by: org.apache.ws.security.WSSecurityException: The signature or > >> decryption was invalid > >> > >> at > >> > org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:375) > >> ~[wss4j-1.6.0.jar:1.6.0] > >> > >> ... 38 common frames omitted > >> > > > > It's quite possible that I'm missing something (e.g. relating to how > WSS4J > > 1.6 needs to be configured vs WSSJ 1.5, for instance), or this could be a > > bug of some kind. > > > > Any help would be appreciated; I've uploaded sample code that exhibits > this > > problem to: > > > > http://www.electronicmuse.com/WSSecurityTutorial.2.4.0-failure.zip > > > > Thanks. > > > > Ross M. Lodge > > >
