That doesn't *appear* to be the problem; neither switching to the latest 2.4.1-SNAPSHOT nor removing any handlers I had added seems to make a difference.
Ross On Wed, Jun 1, 2011 at 3:03 AM, Dirk Rudolph <[email protected] > wrote: > I also had problems porting a cxf 2.3.3 webservice using ws-security to cxf > 2.4.0. Maybe the solution provided for my issue also solves your problem. > > Have a look at https://issues.apache.org/jira/browse/CXF-3514 and try the > CXF 2.4.1-SNAPSHOT. > > Dirk Rudolph > > -----Ursprüngliche Nachricht----- > Von: Ross Lodge [mailto:[email protected]] > Gesendet: Mittwoch, 1. Juni 2011 01:41 > An: [email protected] > Betreff: Problem with WS-Security and CXF 2.4.0 > > I've been trying to get the new 2.4.0 release to work in a project that I'm > using that uses WS-Security and WS-SecurityPolicy in a WSDL-First SOAP > service, and I am getting a signature verification failure: > > Caused by: org.apache.ws.security.WSSecurityException: The signature or > > decryption was invalid; nested exception is: > > > > org.apache.ws.security.WSSecurityException: The signature or decryption > was > > invalid > > > > at > > > > org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(Signa > tureProcessor.java:378) > > ~[wss4j-1.6.0.jar:1.6.0] > > > > at > > > > org.apache.ws.security.processor.SignatureProcessor.handleToken(SignaturePro > cessor.java:174) > > ~[wss4j-1.6.0.jar:1.6.0] > > > > at > > > > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngi > ne.java:396) > > ~[wss4j-1.6.0.jar:1.6.0] > > > > at > > > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInt > erceptor.java:248) > > ~[cxf-rt-ws-security-2.4.0.jar:2.4.0] > > > > ... 35 common frames omitted > > > > Caused by: org.apache.ws.security.WSSecurityException: The signature or > > decryption was invalid > > > > at > > > > org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(Signa > tureProcessor.java:375) > > ~[wss4j-1.6.0.jar:1.6.0] > > > > ... 38 common frames omitted > > > > It's quite possible that I'm missing something (e.g. relating to how WSS4J > 1.6 needs to be configured vs WSSJ 1.5, for instance), or this could be a > bug of some kind. > > Any help would be appreciated; I've uploaded sample code that exhibits this > problem to: > > > http://software-entropy.com/wp-content/uploads/2011/05/ws-security-bug.2.3.4 > .zip > > http://software-entropy.com/wp-content/uploads/2011/05/ws-security-bug.2.4.0 > .zip > > Both of these are simple maven projects based on Glen Mazza's blog-posts > about how to build a WS-Security-enabled service with CXF. You'll need to > do a "mvn clean install" from the parent module and then first a "mvn > jetty:run" (or deploy the war to your favorite container) in the > service-war > module and, while it's running, a "mvn exec:exec" in the client module. > For > me, this works fine for the 2.3.4 version of the code, but fails for the > 2.4.0 version of the code; everything aside from the CXF dependency version > is the same between the two zip files. > > Thanks. > > (yes, this is a repost, with a different and potentially easier-to-use > example; I've been unable to find a solution for this). > > Ross M. Lodge > >
