Hi, Colm, What's your dev env? I checked out 1_5_x-fixes branch into MyEclipse 7.5 and MyEclipse hung at "Initinalizging Java Tools" each time I restart MyEclipse.
Gang -----Original Message----- From: Colm O hEigeartaigh [mailto:cohei...@progress.com] Sent: Tuesday, November 24, 2009 6:33 AM To: Yang, Gang CTR USA; wss4j-dev@ws.apache.org Subject: RE: Wss4j working with WebSphere? Hi Gang, If I apply your fix it breaks 5 tests, one in TestWSSecurityNew3 and 4 in TestWSSecurityNew11. Can you take a look at these tests in branches/1_5_x-fixes after applying your fix? Colm. -----Original Message----- From: Yang, Gang CTR USA [mailto:gang.y...@us.army.mil] Sent: 18 November 2009 22:30 To: wss4j-dev@ws.apache.org Subject: RE: Wss4j working with WebSphere? Hi, After some debugging, I think I found why wss4j isn't working with WAS properly. The problem is caused by the way WAS's SOAP/DOM implements Node.appendChild() and Node.insertBefore() and the timing wss4j inserts the <Signature> element into the header. WAS's element insertion implementation puts the appended/inserted child in a temp area (altContent) and used the API to hide that. When the child element is actually accessed, it would put the child and its sub-tree into the normal place by "copying", which causes "new" node objects to be generated. Back to wss4j, WSSecSignature.build() calls "prependToHeader" to insert <Signature> element into the header (and doc) early and then was trying to do the signing. During the signing process, it actually accesses the <Signature> element causing WAS to copy and regenerate. This would cause the object references to the <DigestValue> and <SignatureValue> in sig (XMLSignaure) member to stale. Therefore the inserted <DigestValue> values and <SignatureValue> value are not actually inserted into the final SOAP document. I modified the code to call prependToHeader() at last after the computeSignature() call. This seems to have worked fine with WAS now. However, since I'm not an expert in wss4j and would like some one, Cole maybe?, to bless the change and pull that into the codebase if that's fine. Thanks, Gang PS: The modified WSSecSignature.build() code: public Document build(Document doc, Crypto cr, WSSecHeader secHeader) throws WSSecurityException { doDebug = log.isDebugEnabled(); if (doDebug) { log.debug("Beginning signing..."); } prepare(doc, cr, secHeader); SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(doc.getDocumentElement()); if (parts == null) { parts = new Vector(); WSEncryptionPart encP = new WSEncryptionPart( soapConstants.getBodyQName().getLocalPart(), soapConstants.getEnvelopeURI(), "Content" ); parts.add(encP); } addReferencesToSign(parts, secHeader); // put at the end instead: // prependToHeader(secHeader); // // if we have a BST prepend it in front of the Signature according to // strict layout rules. // if (bstToken != null) { prependBSTElementToHeader(secHeader); } computeSignature(); prependToHeader(secHeader); return doc; } -----Original Message----- From: Yang, Gang CTR USA [mailto:gang.y...@us.army.mil] Sent: Tuesday, November 17, 2009 9:31 AM To: wss4j-dev@ws.apache.org Subject: Wss4j working with WebSphere? Hi, Has any one used wss4j with WebSphere successfully? I'm using wss4j 1.5.8 with WAS 7.0 unsuccessfully. I'm using wss4j to build the SOAP security headers and signature using JAX-WS handlers. After the WSSSingnature.build() call without any error, the security headers were added to the SOAP message without the digest values and signature value. Has any one experienced similar behavior and has any insight? Thanks, Gang --------------------------------------------------------------------- To unsubscribe, e-mail: wss4j-dev-unsubscr...@ws.apache.org For additional commands, e-mail: wss4j-dev-h...@ws.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: wss4j-dev-unsubscr...@ws.apache.org For additional commands, e-mail: wss4j-dev-h...@ws.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: wss4j-dev-unsubscr...@ws.apache.org For additional commands, e-mail: wss4j-dev-h...@ws.apache.org
