Hi,
Signing works with given version (http://repo.open.iona.com/maven2-snapshot/org/apache/servicemix/servicemix-cxf-bc/2009.01.1-fuse-SNAPSHOT/ ) ! In addition to signing I tried out signing & encryption - that scenario was a bit more difficult to get it working - my cxf configuration was correct but I had to use old version of smx 3.3.0.2 so I received error java.lang.NoSuchMethodError: org.apache.ws.security.WSSecurityEngineResult.get( Ljava/lang/Object;)Ljava/lang/Object; I hacked it by replacing existing servicemix-shared with servicemix-shared-3.3.1.18-fuse-installer.zip that contains wss4j-1.5.5.jar. Next error I got was: java.lang.NoSuchMethodError: org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkReceiverResultsAnyOrder(Ljava/util/Vector;Ljava/util/Vector;)Z what was resolved by setting "ignoreActions" to value="true" in WSS4JInInterceptor. (maybe if I took another servicemix-shared with newer wss4j it won't be necessary). Well, obviously I know it's one huge workaround - but my goal is just to check servicemix-cxf and .NET web service interoperability when signing and encryption/decryption are required. Current solution is a good starting point for sure. Thank you all for your help (especially I appreciate Freeman hints) ! Regards, Maciej Freeman Fang wrote: > > Hi, > > This issue get fixed by SMXCOMP-618 on Aug 21, but the snapshot you > test is published on April, so that snapshot won't pick up the fix. > > You need check out code from > https://svn.apache.org/repos/asf/servicemix/components/bindings/servicemix-cxf-bc/trunk/ > > and build the snapshot yourself now. > follow the step > 1. svn co > https://svn.apache.org/repos/asf/servicemix/components/bindings/servicemix-cxf-bc/trunk/ > 2. mvn install > > > Another option is you can test against the fuse snapshot, you can > download it from [1], copy it to your SMX_HOME/hotdeploy folder to > override the old one > > [1]http://repo.open.iona.com/maven2-snapshot/org/apache/servicemix/servicemix-cxf-bc/2009.01.1-fuse-SNAPSHOT/ > > Freeman > > On 2009-9-4, at 下午8:31, XyLus wrote: > >> >> I've done test with >> http://people.apache.org/repo/m2-snapshot-repository/org/apache/servicemix/servicemix-cxf-bc/2009.02-SNAPSHOT/servicemix-cxf-bc-2009.02-20090417.052350-16-installer.zip >> >> but the result is the same as always - >> System.Web.Services.Protocols.SoapHeaderException: >> Microsoft.Web.Services3.Security.SecurityFault: The signature or >> decryption >> was invalid >> >> >> Regards, >> Maciej >> >> >> >> Freeman Fang wrote: >>> >>> Hi, >>> >>> I believe the fix for SMXCOMP-618 can address this issue. >>> >>> [1]https://issues.apache.org/activemq/browse/SMXCOMP-618 >>> >>> Freeman >>> On 2009-8-19, at 下午3:52, XyLus wrote: >>> >>>> >>>> Here you go : http://www.nabble.com/file/p25039423/PeRCSPoC.jmx >>>> PeRCSPoC.jmx >>>> >>>> Regards, >>>> Maciej >>>> >>>> >>>> Freeman Fang wrote: >>>>> >>>>> Hi, >>>>> >>>>> How is your work flow in smx get invoked? >>>>> I believe you use a standalone jms client sending message to jms >>>>> consumer of smx, if you, could you also append this standalone jms >>>>> client? So that I can test your case from my side. >>>>> Thanks >>>>> Freeman >>>>> On 2009-8-14, at 下午10:52, XyLus wrote: >>>>> >>>>>> >>>>>> Hi, >>>>>> >>>>>> I've also created CXF server (please find in >>>>>> http://www.nabble.com/file/p24973027/wse-cxf-sign-server.zip >>>>>> attachment ). >>>>>> As long as I did not provide keystore with client certificate I >>>>>> was >>>>>> getting >>>>>> error: >>>>>> >>>>>> org.apache.ws.security.WSSecurityException: WSHandler: Certificate >>>>>> path >>>>>> verification failed for certificate with subject >>>>>> CN=WSE2QuickStartClient; >>>>>> nested exception is: >>>>>> org.apache.ws.security.WSSecurityException: General security >>>>>> error >>>>>> (Error >>>>>> during certificate path validation: basic constraints check >>>>>> failed: >>>>>> this is >>>>>> not a CA certificate); nested exception is: >>>>>> java.security.cert.CertPathValidatorException: basic constraints >>>>>> check >>>>>> failed: this is not a CA certificate >>>>>> at >>>>>> org >>>>>> .apache.ws.security.handler.WSHandler.verifyTrust(WSHandler.java: >>>>>> 1176) >>>>>> >>>>>> So I found working configuration for CXF client <-> CXF server >>>>>> (however it >>>>>> does not work as I expected - I thought that client's issuer >>>>>> certificate >>>>>> should be only available on server side) >>>>>> >>>>>> Anyway, problem I am trying to solve is connecting to .NET >>>>>> webservice not >>>>>> CXF... >>>>>> >>>>>> Regards, >>>>>> Maciej >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> XyLus wrote: >>>>>>> >>>>>>> Hi Freeman >>>>>>> >>>>>>> Please find in attachment testcase bundle - it contains >>>>>>> standalone >>>>>>> cxf >>>>>>> (wse-cxf-sign-client) application, >>>>>>> smx test flow (smx-testcase) and sample .Net web service code >>>>>>> (.NET) I am >>>>>>> trying to connect. >>>>>>> >>>>>>> Speaking of cxf server, I have not tried it yet since my goal >>>>>>> is to >>>>>>> work >>>>>>> out working configuration for smx client <-> .NET web service. >>>>>>> However I >>>>>>> will try this as well and send result. >>>>>>> >>>>>>> >>>>>>> >>>>>>> Regards, >>>>>>> Maciej >>>>>>> >>>>>>> Attachment: >>>>>>> http://www.nabble.com/file/p24954647/testcase-bundle.zip >>>>>>> testcase-bundle.zip >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> Freeman Fang wrote: >>>>>>>> >>>>>>>> Hi, >>>>>>>> Could you please append your testcase, both the working >>>>>>>> standalone >>>>>>>> cxf >>>>>>>> client and the problem smx one? >>>>>>>> If possible, also a standalone server what we can test against >>>>>>>> to >>>>>>>> reproduce the error, I understand you are using .NET server on >>>>>>>> windows, but if you can provide a cxf server to simulate the >>>>>>>> error >>>>>>>> it >>>>>>>> would be great. >>>>>>>> Thanks >>>>>>>> Freeman >>>>>>>> On 2009-8-12, at 下午11:14, XyLus wrote: >>>>>>>> >>>>>>>>> >>>>>>>>> Hi All, >>>>>>>>> >>>>>>>>> I have to connect to web service ( .NET implementation with WSE >>>>>>>>> 3.0 on >>>>>>>>> board) that requires signed >>>>>>>>> request. I 've played with CXF framework and now I have >>>>>>>>> solution >>>>>>>>> that works >>>>>>>>> just fine ( I get successful response from web service) >>>>>>>>> >>>>>>>>> When I use cxf bc provider with the same configuration I end up >>>>>>>>> with >>>>>>>>> 'The >>>>>>>>> signature or decryption was invalid' error. >>>>>>>>> >>>>>>>>> I attach smx and cxf logs and requests produced by CXF >>>>>>>>> standalone >>>>>>>>> application and SMX flow. >>>>>>>>> http://www.nabble.com/file/p24938687/cxf.log cxf.log >>>>>>>>> http://www.nabble.com/file/p24938687/cxf.xml cxf.xml >>>>>>>>> http://www.nabble.com/file/p24938687/smx.log smx.log >>>>>>>>> http://www.nabble.com/file/p24938687/smx.xml smx.xml >>>>>>>>> >>>>>>>>> When you compare them they look ALMOST the same what makes me >>>>>>>>> confused. >>>>>>>>> (digest value and signature value are different and one >>>>>>>>> additional >>>>>>>>> namespace >>>>>>>>> is avaialbe in smx request >>>>>>>>> http://java.sun.com/xml/ns/jbi/wsdl-11-wrapper) >>>>>>>>> >>>>>>>>> So I turned on debug mode and tried to find root cause of >>>>>>>>> differences. >>>>>>>>> However I can't see any meaningful information in logs . On top >>>>>>>>> of >>>>>>>>> that I >>>>>>>>> use the same version of wss4j and xmlsec library in both cases. >>>>>>>>> >>>>>>>>> Any help appreciated. >>>>>>>>> >>>>>>>>> Regards, >>>>>>>>> Maciej >>>>>>>>> -- >>>>>>>>> View this message in context: >>>>>>>>> http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p24938687.html >>>>>>>>> Sent from the ServiceMix - User mailing list archive at >>>>>>>>> Nabble.com. >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Freeman Fang >>>>>>>> ------------------------ >>>>>>>> Open Source SOA: http://fusesource.com >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> -- >>>>>> View this message in context: >>>>>> http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p24973027.html >>>>>> Sent from the ServiceMix - User mailing list archive at >>>>>> Nabble.com. >>>>>> >>>>> >>>>> >>>>> -- >>>>> Freeman Fang >>>>> ------------------------ >>>>> Open Source SOA: http://fusesource.com >>>>> >>>>> >>>>> >>>> >>>> -- >>>> View this message in context: >>>> http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p25039423.html >>>> Sent from the ServiceMix - User mailing list archive at Nabble.com. >>>> >>> >>> >>> -- >>> Freeman Fang >>> ------------------------ >>> Open Source SOA: http://fusesource.com >>> >>> >>> >> >> -- >> View this message in context: >> http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p25293515.html >> Sent from the ServiceMix - User mailing list archive at Nabble.com. >> > > > -- > Freeman Fang > ------------------------ > Open Source SOA: http://fusesource.com > > > -- View this message in context: http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p25311700.html Sent from the ServiceMix - User mailing list archive at Nabble.com.
