Hi, I do switch to CXF 2.5.3-SNAPSHOT. Everything is working as expected now. Thank you to anyone of you who paid attention to this thread. Looking forward to the next release! Cheers,
Maj On 12 April 2012 17:19, Fansi <[email protected]> wrote: > Ohh that's it! I am still on Spring 2. Thanks guy! > > > > On 12 April 2012 17:13, Daniel Kulp <[email protected]> wrote: > >> >> What version of Spring are you using? I'm wondering if that method is >> only >> available on Spring 3. >> >> >> >> Dan >> >> >> On Thursday, April 12, 2012 05:10:17 PM Fansi wrote: >> > Thanks Dan for those precisions, they are very helpful indeed. >> > >> > As I cannot push the application to production with a snapshot library, >> I >> > am requesting the other party to sign only the detail subtree of the >> soap >> > fault message. >> > >> > By the way, depending on the snapshots (2.5.3 or 2.6.0) raises another >> > issue: the CXF bus is not loaded. I guess it is a possible mismatch of >> > dependent libraries. >> > A snippet of the stacktrace is shown below. Should you have any idea of >> > the causes of this, i will appreciate. For information, I am not running >> > into this with CXF releases until 2.5.2. >> > Cheers, >> > >> > Maj >> > >> > java.lang.NoSuchMethodError: >> > >> org.springframework.context.support.AbstractApplicationContext.getApplicat >> > ionListeners()Ljava/util/Collection; at >> > org.apache.cxf.transport.servlet.CXFServlet.loadBus(CXFServlet.java:52) >> > at >> > >> org.apache.cxf.transport.servlet.CXFNonSpringServlet.init(CXFNonSpringServ >> > let.java:66) at >> > >> org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java: >> > 1173) at >> > org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:993) >> > at >> > >> org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.jav >> > a:4187) at >> > >> org.apache.catalina.core.StandardContext.start(StandardContext.java:4496) >> > at >> > org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045) at >> > org.apache.catalina.core.StandardHost.start(StandardHost.java:785) at >> > org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045) at >> > org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443) >> > at >> > org.apache.catalina.core.StandardService.start(StandardService.java:519) >> > at >> > org.apache.catalina.core.StandardServer.start(StandardServer.java:710) >> > at org.apache.catalina.startup.Catalina.start(Catalina.java:581) >> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) >> > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) >> > at java.lang.reflect.Method.invoke(Unknown Source) >> > at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289) >> > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414) >> > 12 avr. 2012 16:48:58 org.apache.catalina.core.StandardContext >> > loadOnStartup >> > >> > java.lang.NoSuchMethodError: >> > >> org.springframework.context.support.AbstractApplicationContext.getApplicat >> > ionListeners()Ljava/util/Collection; at >> > org.apache.cxf.transport.servlet.CXFServlet.loadBus(CXFServlet.java:52) >> > at >> > >> org.apache.cxf.transport.servlet.CXFNonSpringServlet.init(CXFNonSpringServ >> > let.java:66) >> > On 11 April 2012 23:35, Daniel Kulp <[email protected]> wrote: >> > > On Wednesday, April 11, 2012 12:57:37 PM Fansi wrote: >> > > > Hi, >> > > > >> > > > Thanks for replying. >> > > > >> > > > I am getting the same issue using cxf 2.3.9 and wss4j 1.5.12. May be >> > > > something is wrong with the signature itself. i am going the check. >> > > >> > > You *MAY* actually have to go all the way to the latest 2.5.3-SNAPSHOT >> > > or >> > > 2.6.0-SNAPSHOT. As part of CXF-4181, Aki, Alessio, and I did a bunch >> > > of >> > > updates to the SAAJInInterceptor and other SAAJ handling to make sure >> > > the >> > > Faults are properly parsed into the SAAJ model needed for the >> security. >> > > With the older versions, if you JUST sign the detail element, it may >> > > work, but signing the entire body likely won't. >> > > >> > > Dan >> > > >> > > > Cheers, >> > > > >> > > > Maj >> > > > >> > > > On 11 April 2012 10:26, Freeman Fang <[email protected]> >> wrote: >> > > > > Hi, >> > > > > >> > > > > Could you try with more recent CXF version, most likely this issue >> > > > > already get resolved. >> > > > > CXF 2.1.9 is quite old and even CXF 2.2.x is out-of-support now. >> > > > > >> > > > > Freeman >> > > > > >> > > > > On 2012-4-10, at 下午5:30, Fansi wrote: >> > > > > Hi mate, >> > > > > >> > > > >> I am currently encountering an apparently old issue with CXF. In >> > > > >> fact >> > > > >> signature verification systematically fails when signed message >> is >> > > > >> a >> > > > >> soap >> > > > >> fault. Signature verification for regular message is OK. >> > > > >> >> > > > >> I am using Mule ESB as security proxy, which in turn integrates >> CXF >> > > > >> 2.1.9. A snippet of the stack trace is shown below. From this >> > > > >> mailing >> > > > >> list's archive, I noticed that this issue has been raised by >> > > > >> someone >> > > > >> else on september 2009. >> > > > >> >> > > > >> Does anyone has any hint as to how to manage this? Any suggestion >> > > >> > > would >> > > >> > > > >> be appreciated. >> > > > >> >> > > > >> With kind regards, >> > > > >> >> > > > >> Maj >> > > > >> >> > > > >> org.apache.ws.security.**WSSecurityException: The signature or >> > > > >> decryption was >> > > > >> invalid >> > > > >> >> > > > >> at >> > > > >> >> > > > >> org.apache.ws.security.**processor.SignatureProcessor.** >> > > > >> verifyXMLSignature(**SignatureProcessor.java:529) >> > > > >> >> > > > >> at >> > > > >> >> > > > >> >> org.apache.ws.security.**processor.SignatureProcessor.**handleToken >> > > > >> (** >> > > > >> SignatureProcessor.java:97) >> > > > >> >> > > > >> at >> > > > >> >> > > > >> >> org.apache.ws.security.**WSSecurityEngine.**processSecurityHeader(* >> > > > >> * >> > > > >> WSSecurityEngine.java:326) >> > > > >> >> > > > >> at >> > > > >> >> > > > >> >> org.apache.ws.security.**WSSecurityEngine.**processSecurityHeader(* >> > > > >> * >> > > > >> WSSecurityEngine.java:243) >> > > > >> >> > > > >> at >> > > >> > > >> org.apache.cxf.ws.security.**wss4j.WSS4JInInterceptor.**handleMessage(* >> > > >> > > > >> * >> > > > >> WSS4JInInterceptor.java:180) >> > > > >> >> > > > >> at >> > > >> > > >> org.apache.cxf.ws.security.**wss4j.WSS4JInInterceptor.**handleMessage(* >> > > >> > > > >> * >> > > > >> WSS4JInInterceptor.java:67) >> > > > >> >> > > > >> at >> > > > >> >> > > > >> org.apache.cxf.phase.**PhaseInterceptorChain.**doIntercept(** >> > > > >> PhaseInterceptorChain.java:**243) >> > > > > >> > > > > ------------------------------**--------------- >> > > > > Freeman Fang >> > > > > >> > > > > FuseSource >> > > > > Email:[email protected] >> > > > > Web: fusesource.com >> > > > > Twitter: freemanfang >> > > > > Blog: http://freemanfang.blogspot.**com >> > > > > <http://freemanfang.blogspot.com> >> > > > > http://blog.sina.com.cn/u/**1473905042< >> > > >> > > http://blog.sina.com.cn/u/1473905 >> > > >> > > > > 042> weibo: http://weibo.com/u/1473905042 >> > > >> > > -- >> > > Daniel Kulp >> > > [email protected] >> > > http://dankulp.com/blog >> -- >> Daniel Kulp >> [email protected] - http://dankulp.com/blog >> Talend Community Coder - http://coders.talend.com >> >> >
