Ruchith, Werner. Thanks for your (again, fast :) replies. Unfortunately I was already celebrating the weekend when I read them :) Monday morning (CET, I'm in Holland), I'll turn off the MTOM optimization and see where it leads. I'll post the results of course.
As for thoughts: what Werner says does make some sense to me. I do not know the MTOM optimization mechanism but the client->service SOAP message (see my original post, here it's truncated already) is rather small. It includes actually the identification of the action and one or two parameters only. The service->client message is much larger and depends on the exact data one is querying for (the entities we ask for have children entities and the message can include these ones as well). Again, I am not familiar with the MTOM optimization algorithm but if it resembles other encoding and compression algorithms I do know, maybe it is more "forgiving" for small amounts of data; or for a a less complex XML strructure? When Brian complained about it in March he also complained about sending a complex XML document. Like him, my original message also included in the first place as a CDATA an embedded XML document (generated by a POJO object) but I have removed that and now I only work with AXIOM to generate the SOAP message. Friday at midnight I don't have any brighter ideas, more will follow Monday :) Nice weekend, / Roy --- Ruchith Fernando <[EMAIL PROTECTED]> wrote: > Werner, Roy, > > Yes ... I think can give it a try by turning off > MTOM optimization ... > however the thing that troubles me is that the > client -> service > configuration seems to be the same as service > ->client config and it > (client -> service) worked with MTOM optimization, > where is seems to > be replacing the binary content properly to be > decrypted at the > service. > > Thoughts?? > > Thanks, > Ruchith > > On 5/19/06, Dittmann, Werner > <[EMAIL PROTECTED]> wrote: > > Roy, > > > > Axis2 has a feature that optimizes transmission of > binary > > data, AFAIK it convert base64 into real binary and > send it > > over the wire. That save some bandwith. The > problem is that > > the receiver cannot restore the base64 from the > binary in > > exactly the same way as it was. Thus decryption > and also > > signatuire processing have problems. > > > > You may switch off this optimization an try again, > > no "optimizeParts" parameter. > > > > Regards, > > Werner > > > > > -----Urspr�ngliche Nachricht----- > > > Von: Reshef Roy [mailto:[EMAIL PROTECTED] > > > Gesendet: Freitag, 19. Mai 2006 17:12 > > > An: [email protected]; > [email protected] > > > Betreff: Decryption of a complex Axis2 SOAP > message fails in > > > WSS4J/XmlSec > > > > > > Hello WSS4J and Axis2 folks, > > > > > > I come back here on this issue which was > discussed by > > > Brian and Werner on the WSS4J mailing list in > March, > > > and has not been resolved. I am facing exactly > the > > > same problem. I believe it is a WSS4J/XMLSec > issue, > > > but I send it to both Axis2 and WSSS4J mailing > lists. > > > The original thread I copied from the mail > archive and > > > added at the bottom. > > > > > > My configuration is as follows: > > > - My webservice is running on Axis2 1.0 deployed > on > > > Tomcat 5.5.16 > > > - My client application is a standalone Java > > > application using an Axis2 1.0 client repository > > > - jre1.5.0_06 > > > - relevant jar files in the Axis2 lib directory > (both > > > the server and the client): wss4j-1.5.0, > xmlsec-1.3.0, > > > xalan-2.7.0 (probably not relevant), various > > > javamail-1.4 jars (in case it has to do with the > MTOM > > > attachment??). > > > - the security configuration of both the > webservice > > > and the Axis2 client repository is similar to > the one > > > in the security sample of Axis2 1.0. > > > > > > I send a simple SOAP message from the client to > the > > > service, and get a complex, eventually a very > complex, > > > SOAP message containing the data back. > > > > > > The client->server message works fine, both when > I > > > configure it to be signed and encrypted and when > I > > > don't. > > > The server->client message works fine without > > > signature and encryption, but fails on the same > > > exception as Brian's when the client side has to > > > decrypt it. > > > > > > At first I thought the fault was in our code, as > the > > > generated XML was a mixture of XML generated by > AXIOM > > > and "self-made" XML Strings in POJO code > (however > > > Axis2 does escape the < sign). In the past few > days I > > > cleaned our POJO code up completely, now the XML > > > message is generated solely by AXIOM. I still > get the > > > following exception: > > > > > > [java] org.apache.axis2.AxisFault: > > > WSDoAllReceiver: security processing failed; > nested > > > exception is: > > > [java] > > > org.apache.ws.security.WSSecurityException: > Cannot > > > encrypt/decrypt data; nested exception is: > > > [java] > > > > org.apache.xml.security.encryption.XMLEncryptionException: > > > Error while decoding > > > [java] Original Exception was > > > > org.apache.xml.security.exceptions.Base64DecodingException: > > > Error while decoding > > > [java] at > > > > org.apache.axis2.security.WSDoAllReceiver.processMessage(WSDoA > > > llReceiver.java:183) > > > [java] at > > > > org.apache.axis2.security.handler.WSDoAllHandler.invoke(WSDoAl > > > lHandler.java:82) > > > [java] at > > > > org.apache.axis2.engine.Phase.invoke(Phase.java:381) > > > [java] at > > > > org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:473) > > > [java] at > > > > org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:445) > > > [java] at > > > > org.apache.axis2.description.OutInAxisOperationClient.send(Out > > > InAxisOperation.java:355) > > > [java] at > > > > org.apache.axis2.description.OutInAxisOperationClient.execute( > > > OutInAxisOperation.java:279) > > > [java] at > > > > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClien > > > t.java:457) > > > [java] at > > > > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClien > > > t.java:399) > > > [java] at > > > > nitg.dino.dataclient.DataClient.sendDataRequest(Unknown > > > Source) > > > [java] at > > > nitg.dino.dataclient.DataClient.getData(Unknown > > > Source) > > > [java] at > > > nitg.dino.dataclient.DataClient.getData(Unknown > > > Source) > > > [java] at > > > nitg.dino.dataclient.DataClient.main(Unknown > Source) > > > [java] Caused by: > > > org.apache.ws.security.WSSecurityException: > Cannot > > > encrypt/decrypt data; nested exception is: > > > [java] > > > > org.apache.xml.security.encryption.XMLEncryptionException: > > > Error while decoding > > > [java] Original Exception was > > > > org.apache.xml.security.exceptions.Base64DecodingException: > > > Error while decoding > > > [java] at > > > > org.apache.ws.security.processor.EncryptedKeyProcessor.decrypt > > > DataRef(EncryptedKeyProcessor.java:404) > > > [java] at > > > > org.apache.ws.security.processor.EncryptedKeyProcessor.handleE > > > ncryptedKey(EncryptedKeyProcessor.java:328) > > > [java] at > > > > org.apache.ws.security.processor.EncryptedKeyProcessor.handleE > === message truncated === __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
