Werner,
Thank you for your clarification. I generate the
signed soap message at run-time and this time it works
fine. I post my method for here and hope it would be
useful to someone has the same problems.
Thanks,
Jian
import java.util.Map;
import javax.xml.soap.SOAPMessage;
import javax.xml.soap.MessageFactory;
import javax.xml.ws.handler.MessageContext;
import javax.xml.ws.handler.soap.SOAPMessageContext;
import org.apache.ws.security.WSSecurityException;
import com.sun.xml.ws.handler.SOAPHandlerContext;
import java.io.InputStream;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import javax.xml.transform.dom.DOMSource;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import javax.xml.transform.stream.StreamResult;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import com.jtv.core.ws.security.handler.WSS4JHandler;
public class HandlerUtil {
WSS4JHandler wsHandler = null;
Map config = null;
SOAPMessage sm = null;
HandlerUtil(){
wsHandler = new WSS4JHandler();
}
public void Init(Map config){
this.config = config;
wsHandler.init(config);
}
public SOAPMessage setSOAPMessage(String xsm)
throws Exception{
InputStream in = new
ByteArrayInputStream(xsm.getBytes());
sm =
MessageFactory.newInstance().createMessage(null,in);
sm.setProperty(MessageContext.MESSAGE_OUTBOUND_PROPERTY,
Boolean.TRUE);
return sm;
}
public SOAPMessage getSOAPMessage(){
return sm;
}
public SOAPMessage BuildwsSOAPMessage(){
SOAPHandlerContext shc = new
SOAPHandlerContext(null,null,sm);
SOAPMessageContext smc =
shc.getSOAPMessageContext();
try{
wsHandler.processMessage(smc, true);
} catch (WSSecurityException ex){
System.out.println(ex.getStackTrace());
}
sm = smc.getMessage();
return sm;
}
public String SOAPMessageToString(){
ByteArrayOutputStream baos = new
ByteArrayOutputStream();
Document doc =
WSS4JHandler.messageToDocument(sm);
Element element = doc.getDocumentElement();
try {
DOMSource source = new DOMSource(element);
StreamResult result = new
StreamResult(baos);
TransformerFactory transFactory =
TransformerFactory.newInstance();
Transformer transformer =
transFactory.newTransformer();
transformer.transform(source, result);
} catch (Exception e) {
e.printStackTrace();
}
return new String(baos.toByteArray());
}
public String ProcessHandler(){
BuildwsSOAPMessage();
return SOAPMessageToString();
}
}
The unit test is as follows,
String expectedResult =
loadExpectedResult(fileName);
expectedResult =
XMLCanonicalizer.format(expectedResult);
String requestMessage =
loadRequestMessage(fileName);
requestMessage =
XMLCanonicalizer.format(requestMessage);
System.out.println("Original Request Messasge
: ");
System.out.println(requestMessage);
//use WSS4J Handler to add ws-security into
the soap message
HandlerUtil wsHandler = new HandlerUtil();
wsHandler.Init(getInitParam());
wsHandler.setSOAPMessage(requestMessage);
requestMessage = wsHandler.ProcessHandler();
System.out.println("Request Message with
WS-Security : ");
System.out.println(requestMessage);
String actualResult =
runEndpointTest(testName,requestMessage);
actualResult =
XMLCanonicalizer.format(actualResult);
System.out.println(expectedResult);
System.err.println(actualResult);
where getInitParam is as follows,
protected Map getInitParam(){
Map config = new HashMap();
config.put("deployment", "client");
config.put("flow", "request-only");
config.put("action", "Signature");
config.put("user", "alice");
config.put("signaturePropFile",
"client.properties");
config.put("signatureKeyIdentifier",
"DirectReference");
config.put("signatureParts","{}{http://jtv.com}addNumbers";);
config.put("passwordCallbackClass",
"com.jtv.core.ws.endpoint.example.handlerresult.PWCallback");
return config;
}
--- Fang Jian <[EMAIL PROTECTED]> wrote:
> werner,
>
> I removed the XMLCanonicalizer and used the real
> captured XML soap message as the input to the
> server,
> I found that the result is different, this time the
> URI verfication is correct, but the XML signature
> verification still fails.
>
> org.apache.xml.security.signature.Reference verify
> INFO: Verification successful for URI "#id-3866500"
> Oct 12, 2005 11:19:55 AM
>
com.sun.xml.ws.transport.http.servlet.WSServletDelegate
> doPost
> SEVERE: caught throwable
> java.lang.ExceptionInInitializerError
> at
>
org.apache.ws.security.WSSecurityEngine.verifyXMLSignature(WSSecurityEngine.java:628)
>
> When WSS4J signs the message, would blank spaces
> affect the result?
>
> Thanks,
>
> Jian
__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
