hi,
i am using wss4j for webservice security.
earlier i used clientside config file to configure the handlers (wsallsender and wsallreceiver). that was working fine. then i try to configure this handlers programattically , there i got an exception
- org.apache.ws.security.WSSecurityException: The signature verification failed
and this 2 lines debug info from wss4j
- Verification failed for URI "#id-10998550"
- Verification successful for URI "#sigcon-21142615"
but i am sure that i used same configuration. even i reffered that FAQ wss4j wiki page.
there u said to insert this line
<globalConfiguration>
<parameter name="enableNamespacePrefixOptimization" value="false" />
</globalConfiguration>
<parameter name="enableNamespacePrefixOptimization" value="false" />
</globalConfiguration>
how can i include this line pragramattically ?
this is my configuration class
public EngineConfiguration createClientConfig() {
SimpleProvider clientConfig = new SimpleProvider();
Handler securitySenderHandler = (Handler) new WSDoAllSender();
Handl er securityReceiverHandler = (Handler) new WSDoAllReceiver();
SimpleProvider clientConfig = new SimpleProvider();
Handler securitySenderHandler = (Handler) new WSDoAllSender();
Handl er securityReceiverHandler = (Handler) new WSDoAllReceiver();
// here read all the config-properties from
// a file (user,signatureKeyIdentifier,.....)
securitySenderHandler.setOption(WSHandlerConstants.USER, user);
securitySenderHandler.setOption(WSHandlerConstants.SIG_KEY_ID,
signatureKeyIdentifier);
securitySenderHandler.setOption(WSHandlerConstants.ENC_KEY_ID,
encryptionKeyIdentifier);
securitySenderHandler.setOption(WSHandlerConstants.SIG_PROP_FILE, signaturePropFile);
securitySenderHandler.setOption(WSHandlerConstants.PW_CALLBACK_CLASS,
passwordCallbackClass);
securitySenderHandler.setOption(WSHandlerConstants.ENCRYPTION_USER, encryptionUser);
securitySenderHandler.setOption(WSHandlerConstants.ACTION, action);
// set all the properties securitySenderHandler
securityReceiverHandler.setOption(WSHandlerConstants.ACTION, action);
securityReceiverHandler.setOption(WSHandlerConstants.PW_CALLBACK_CLASS,
passwordCallbackClass);
//securityReceiverHandler.setOption(WSHandlerConstants.ENC_PROP_FILE, signaturePropFile);
securityReceiverHandler.setOption(WSHandlerConstants.SIG_PROP_FILE, signaturePropFile);
SimpleChain reqHandler = new SimpleChain();
SimpleChain respHandler = new SimpleChain();
// add the sender handler to the request
reqHandler.addHandler(securitySenderHandler);
// add the reveiver handler to the response
respHandler.addHandler(securityReceiverHandler);
Handler pivot = (Handler) new HTTPSender();
Handler transport = new SimpleTargetedChain(reqHandler, pivot,
respHandler);
clientConfig.deployTransport(HTTPTransport.DEFAULT_TRANSPORT_NAME,
transport);
return clientConfig;
transport);
return clientConfig;
could anyone help in this isse?
regards,
anpu
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
