Werner,
At the client-side I am using Axis and the WSS4J Axis Handlers:
<responseFlow >
<handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="passwordCallbackClass"
value="com.ibm.dw.bookshop.j2seclient.handlers.PWCallbackHandler"/>
<parameter name="action" value="Signature"/>
<parameter name="signaturePropFile" value="crypto.properties" />
</handler>
</responseFlow >
At the server-side I am using a JAXRPC Web service running on Geronimo (which
uses Axis for its JAXRPC functionality):
<handler>
<handler-name>Outbound Security Handler</handler-name>
<handler-class>org.apache.ws.security.handler.WSS4JHandler</handler-class>
<init-param>
<param-name>deployment</param-name>
<param-value>server</param-value>
</init-param>
<init-param>
<param-name>action</param-name>
<param-value>Signature</param-value>
</init-param>
<init-param>
<param-name>passwordCallbackClass</param-name>
<param-value>com.ibm.dw.bookshop.handlers.PWCallbackHandler</param-value>
</init-param>
<init-param>
<param-name>flow</param-name>
<param-value>response-only</param-value>
</init-param>
<init-param>
<param-name>user</param-name>
<param-value>16c73ab6-b892-458f-abf5-2f875f74882e</param-value>
</init-param>
<init-param>
<param-name>signaturePropFile</param-name>
<param-value>crypto.properties</param-value>
</init-param>
</handler>
There is no Handler after this one so I assume the message is not altered after
the signing process.
Here is my TCPMonitor log:
Request:
------------------------------------------------------------------
POST /DWBookShop/XMethodsNames HTTP/1.0
Content-Type: text/xml; charset=utf-8
Accept: application/soap+xml, application/dime, multipart/related, text/*
User-Agent: Axis/1.2.1
Host: localhost:1235
Cache-Control: no-cache
Pragma: no-cache
SOAPAction: "http://ibm.com.dw.bookshop.webservice/getXMethodsWebServiceNames";
Content-Length: 336
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
<soapenv:Body>
<getXMethodsWebServiceNames xmlns="http://ibm.com.dw.bookshop.webservice"/>
</soapenv:Body>
</soapenv:Envelope>
---------------------------------------------------------------------
Response:
----------------------------------------------------------------------
HTTP/1.1 200 OK
Date: Wed, 31 Aug 2005 03:00:21 GMT
Server: Jetty/5.1.5rc0 (Windows XP/5.1 x86 java/1.4.2_09
Content-Type: text/xml; charset=utf-8
Connection: close
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
soapenv:mustUnderstand="1">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:CanonicalizationMethod>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></ds:SignatureMethod>
<ds:Reference URI="#id-12249901">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
<ds:DigestValue>QqWmAQmtL4ZaZb7/TOcYkg4E8c0=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
FQNJiw+lvL7NTSyif9N/Y5PNGeeSsJRf9jIgcfUTpwUsg+R8x4fLoIufT659OSvzQZNnOT1s/UeJ
iQSgf+ODzQ==
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-3882268">
<wsse:SecurityTokenReference
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="STRId-22729241"><ds:X509IssuerSerial>
<ds:X509IssuerName>CN=dims</ds:X509IssuerName>
<ds:X509SerialNumber>44369778256217224370984914847992022613</ds:X509SerialNumber>
</ds:X509IssuerSerial></wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature></wsse:Security></soapenv:Header>
<soapenv:Body
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="id-12249901">
<getXMethodsWebServiceNamesResponse
xmlns="http://ibm.com.dw.bookshop.webservice";>
<result xmlns="" xmlns:ns1="http://arrays/java/lang";
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/";
soapenc:arrayType="ns1:StringArray[5]" xsi:type="soapenc:Array">
<result xsi:type="xsd:string">XSpace</result>
<result xsi:type="xsd:string">XMethods Query Service</result>
<result xsi:type="xsd:string">Dummy replacement for Weather -
Temperature</result>
<result xsi:type="xsd:string">Currency Exchange Rate</result>
<result xsi:type="xsd:string">Delayed Stock Quote</result>
</result>
</getXMethodsWebServiceNamesResponse>
</soapenv:Body>
</soapenv:Envelope>
Now in my client I should see a list like this:
XSpace
XMethods Query Service
Dummy replacement for Weather - Temperature
Currency Exchange Rate
Delayed Stock Quote
instead I see this:
null
null
null
null
null
I can prepare a dummy war file if you would like to test it on Geronimo
yourself.
I hope this helps.
Regards,
Stefan
Werner Dittmann wrote:
Stefna,
do you use the Axis handlers and Axis as your SOAP subsystem?
If yes then it should work - otherwise pls try to get a
dump of the request (tcpmon) and send it along.
If you don't use the xis handler (and Axis) then make sure
theat you SOAP system does not modify the request after signature
processing.
Regards,
Werner
Stefan Schmidt wrote:
Werner,
Thanks for this remark - I wan't aware of the Crimson namespace problem.
Now I got one step further. Unfortunately there is still something
wrong. I am sending a SOAP array and when I sign the msg I cannot
retrieve the string values from this array. Instead I simply get 'null'
for each array item. tcpmon shows that the signed msg with the correct
array values is send but the client seems to have a problem. There is no
error message. Running the WS without security everything works fine.
Ideas?
Regards,
Stefan
Werner Dittmann wrote:
Stefan,
acording to the stack printout you use the crimson parser
at the client side. Crimson does _not_ support namespaces
fully (only partial support). Pls make sure you have a
fully namespace aware parser first in your classpath, e.g.
xerces.
AFAIK Crimson is the standard parser for JDK 1.4.x, but I'm
not sure if Crimson is supported by Apache anymore.
Regards,
Werner
Stefan Schmidt wrote:
<SNIP> ..... <SNAP>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
