On Wednesday, April 11, 2012 12:57:37 PM Fansi wrote: > Hi, > > Thanks for replying. > > I am getting the same issue using cxf 2.3.9 and wss4j 1.5.12. May be > something is wrong with the signature itself. i am going the check.
You *MAY* actually have to go all the way to the latest 2.5.3-SNAPSHOT or 2.6.0-SNAPSHOT. As part of CXF-4181, Aki, Alessio, and I did a bunch of updates to the SAAJInInterceptor and other SAAJ handling to make sure the Faults are properly parsed into the SAAJ model needed for the security. With the older versions, if you JUST sign the detail element, it may work, but signing the entire body likely won't. Dan > > Cheers, > > Maj > > On 11 April 2012 10:26, Freeman Fang <[email protected]> wrote: > > Hi, > > > > Could you try with more recent CXF version, most likely this issue > > already get resolved. > > CXF 2.1.9 is quite old and even CXF 2.2.x is out-of-support now. > > > > Freeman > > > > On 2012-4-10, at 下午5:30, Fansi wrote: > > Hi mate, > > > >> I am currently encountering an apparently old issue with CXF. In fact > >> signature verification systematically fails when signed message is a > >> soap > >> fault. Signature verification for regular message is OK. > >> > >> I am using Mule ESB as security proxy, which in turn integrates CXF > >> 2.1.9. A snippet of the stack trace is shown below. From this mailing > >> list's archive, I noticed that this issue has been raised by someone > >> else on september 2009. > >> > >> Does anyone has any hint as to how to manage this? Any suggestion would > >> be appreciated. > >> > >> With kind regards, > >> > >> Maj > >> > >> org.apache.ws.security.**WSSecurityException: The signature or > >> decryption was > >> invalid > >> > >> at > >> > >> org.apache.ws.security.**processor.SignatureProcessor.** > >> verifyXMLSignature(**SignatureProcessor.java:529) > >> > >> at > >> > >> org.apache.ws.security.**processor.SignatureProcessor.**handleToken(** > >> SignatureProcessor.java:97) > >> > >> at > >> > >> org.apache.ws.security.**WSSecurityEngine.**processSecurityHeader(** > >> WSSecurityEngine.java:326) > >> > >> at > >> > >> org.apache.ws.security.**WSSecurityEngine.**processSecurityHeader(** > >> WSSecurityEngine.java:243) > >> > >> at > >> > >> org.apache.cxf.ws.security.**wss4j.WSS4JInInterceptor.**handleMessage(* > >> * > >> WSS4JInInterceptor.java:180) > >> > >> at > >> > >> org.apache.cxf.ws.security.**wss4j.WSS4JInInterceptor.**handleMessage(* > >> * > >> WSS4JInInterceptor.java:67) > >> > >> at > >> > >> org.apache.cxf.phase.**PhaseInterceptorChain.**doIntercept(** > >> PhaseInterceptorChain.java:**243) > > > > ------------------------------**--------------- > > Freeman Fang > > > > FuseSource > > Email:[email protected] > > Web: fusesource.com > > Twitter: freemanfang > > Blog: http://freemanfang.blogspot.**com > > <http://freemanfang.blogspot.com> > > http://blog.sina.com.cn/u/**1473905042<http://blog.sina.com.cn/u/1473905 > > 042> weibo: http://weibo.com/u/1473905042 -- Daniel Kulp [email protected] http://dankulp.com/blog
