You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Fansi <jm...@gmail.com> on 2012/04/10 11:30:37 UTC
Signed soap-faults fail signature verification [with CXF 2.1.9]
Hi mate,
I am currently encountering an apparently old issue with CXF. In fact
signature verification systematically fails when signed message is a soap
fault. Signature verification for regular message is OK.
I am using Mule ESB as security proxy, which in turn integrates CXF 2.1.9.
A snippet of the stack trace is shown below. From this mailing list's
archive, I noticed that this issue has been raised by someone else on
september 2009.
Does anyone has any hint as to how to manage this? Any suggestion would be
appreciated.
With kind regards,
Maj
org.apache.ws.security.WSSecurityException: The signature or decryption was
invalid
at
org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:529)
at
org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:97)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:326)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:243)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:180)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:67)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
Re: Signed soap-faults fail signature verification [with CXF 2.1.9]
Posted by Fansi <jm...@gmail.com>.
Hi,
I do switch to CXF 2.5.3-SNAPSHOT. Everything is working as expected now.
Thank you to anyone of you who paid attention to this thread.
Looking forward to the next release!
Cheers,
Maj
On 12 April 2012 17:19, Fansi <jm...@gmail.com> wrote:
> Ohh that's it! I am still on Spring 2. Thanks guy!
>
>
>
> On 12 April 2012 17:13, Daniel Kulp <dk...@apache.org> wrote:
>
>>
>> What version of Spring are you using? I'm wondering if that method is
>> only
>> available on Spring 3.
>>
>>
>>
>> Dan
>>
>>
>> On Thursday, April 12, 2012 05:10:17 PM Fansi wrote:
>> > Thanks Dan for those precisions, they are very helpful indeed.
>> >
>> > As I cannot push the application to production with a snapshot library,
>> I
>> > am requesting the other party to sign only the detail subtree of the
>> soap
>> > fault message.
>> >
>> > By the way, depending on the snapshots (2.5.3 or 2.6.0) raises another
>> > issue: the CXF bus is not loaded. I guess it is a possible mismatch of
>> > dependent libraries.
>> > A snippet of the stacktrace is shown below. Should you have any idea of
>> > the causes of this, i will appreciate. For information, I am not running
>> > into this with CXF releases until 2.5.2.
>> > Cheers,
>> >
>> > Maj
>> >
>> > java.lang.NoSuchMethodError:
>> >
>> org.springframework.context.support.AbstractApplicationContext.getApplicat
>> > ionListeners()Ljava/util/Collection; at
>> > org.apache.cxf.transport.servlet.CXFServlet.loadBus(CXFServlet.java:52)
>> > at
>> >
>> org.apache.cxf.transport.servlet.CXFNonSpringServlet.init(CXFNonSpringServ
>> > let.java:66) at
>> >
>> org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:
>> > 1173) at
>> > org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:993)
>> > at
>> >
>> org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.jav
>> > a:4187) at
>> >
>> org.apache.catalina.core.StandardContext.start(StandardContext.java:4496)
>> > at
>> > org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045) at
>> > org.apache.catalina.core.StandardHost.start(StandardHost.java:785) at
>> > org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045) at
>> > org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
>> > at
>> > org.apache.catalina.core.StandardService.start(StandardService.java:519)
>> > at
>> > org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
>> > at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
>> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
>> > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
>> > at java.lang.reflect.Method.invoke(Unknown Source)
>> > at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
>> > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
>> > 12 avr. 2012 16:48:58 org.apache.catalina.core.StandardContext
>> > loadOnStartup
>> >
>> > java.lang.NoSuchMethodError:
>> >
>> org.springframework.context.support.AbstractApplicationContext.getApplicat
>> > ionListeners()Ljava/util/Collection; at
>> > org.apache.cxf.transport.servlet.CXFServlet.loadBus(CXFServlet.java:52)
>> > at
>> >
>> org.apache.cxf.transport.servlet.CXFNonSpringServlet.init(CXFNonSpringServ
>> > let.java:66)
>> > On 11 April 2012 23:35, Daniel Kulp <dk...@apache.org> wrote:
>> > > On Wednesday, April 11, 2012 12:57:37 PM Fansi wrote:
>> > > > Hi,
>> > > >
>> > > > Thanks for replying.
>> > > >
>> > > > I am getting the same issue using cxf 2.3.9 and wss4j 1.5.12. May be
>> > > > something is wrong with the signature itself. i am going the check.
>> > >
>> > > You *MAY* actually have to go all the way to the latest 2.5.3-SNAPSHOT
>> > > or
>> > > 2.6.0-SNAPSHOT. As part of CXF-4181, Aki, Alessio, and I did a bunch
>> > > of
>> > > updates to the SAAJInInterceptor and other SAAJ handling to make sure
>> > > the
>> > > Faults are properly parsed into the SAAJ model needed for the
>> security.
>> > > With the older versions, if you JUST sign the detail element, it may
>> > > work, but signing the entire body likely won't.
>> > >
>> > > Dan
>> > >
>> > > > Cheers,
>> > > >
>> > > > Maj
>> > > >
>> > > > On 11 April 2012 10:26, Freeman Fang <fr...@gmail.com>
>> wrote:
>> > > > > Hi,
>> > > > >
>> > > > > Could you try with more recent CXF version, most likely this issue
>> > > > > already get resolved.
>> > > > > CXF 2.1.9 is quite old and even CXF 2.2.x is out-of-support now.
>> > > > >
>> > > > > Freeman
>> > > > >
>> > > > > On 2012-4-10, at 下午5:30, Fansi wrote:
>> > > > > Hi mate,
>> > > > >
>> > > > >> I am currently encountering an apparently old issue with CXF. In
>> > > > >> fact
>> > > > >> signature verification systematically fails when signed message
>> is
>> > > > >> a
>> > > > >> soap
>> > > > >> fault. Signature verification for regular message is OK.
>> > > > >>
>> > > > >> I am using Mule ESB as security proxy, which in turn integrates
>> CXF
>> > > > >> 2.1.9. A snippet of the stack trace is shown below. From this
>> > > > >> mailing
>> > > > >> list's archive, I noticed that this issue has been raised by
>> > > > >> someone
>> > > > >> else on september 2009.
>> > > > >>
>> > > > >> Does anyone has any hint as to how to manage this? Any suggestion
>> > >
>> > > would
>> > >
>> > > > >> be appreciated.
>> > > > >>
>> > > > >> With kind regards,
>> > > > >>
>> > > > >> Maj
>> > > > >>
>> > > > >> org.apache.ws.security.**WSSecurityException: The signature or
>> > > > >> decryption was
>> > > > >> invalid
>> > > > >>
>> > > > >> at
>> > > > >>
>> > > > >> org.apache.ws.security.**processor.SignatureProcessor.**
>> > > > >> verifyXMLSignature(**SignatureProcessor.java:529)
>> > > > >>
>> > > > >> at
>> > > > >>
>> > > > >>
>> org.apache.ws.security.**processor.SignatureProcessor.**handleToken
>> > > > >> (**
>> > > > >> SignatureProcessor.java:97)
>> > > > >>
>> > > > >> at
>> > > > >>
>> > > > >>
>> org.apache.ws.security.**WSSecurityEngine.**processSecurityHeader(*
>> > > > >> *
>> > > > >> WSSecurityEngine.java:326)
>> > > > >>
>> > > > >> at
>> > > > >>
>> > > > >>
>> org.apache.ws.security.**WSSecurityEngine.**processSecurityHeader(*
>> > > > >> *
>> > > > >> WSSecurityEngine.java:243)
>> > > > >>
>> > > > >> at
>> > >
>> > >
>> org.apache.cxf.ws.security.**wss4j.WSS4JInInterceptor.**handleMessage(*
>> > >
>> > > > >> *
>> > > > >> WSS4JInInterceptor.java:180)
>> > > > >>
>> > > > >> at
>> > >
>> > >
>> org.apache.cxf.ws.security.**wss4j.WSS4JInInterceptor.**handleMessage(*
>> > >
>> > > > >> *
>> > > > >> WSS4JInInterceptor.java:67)
>> > > > >>
>> > > > >> at
>> > > > >>
>> > > > >> org.apache.cxf.phase.**PhaseInterceptorChain.**doIntercept(**
>> > > > >> PhaseInterceptorChain.java:**243)
>> > > > >
>> > > > > ------------------------------**---------------
>> > > > > Freeman Fang
>> > > > >
>> > > > > FuseSource
>> > > > > Email:ffang@fusesource.com
>> > > > > Web: fusesource.com
>> > > > > Twitter: freemanfang
>> > > > > Blog: http://freemanfang.blogspot.**com
>> > > > > <http://freemanfang.blogspot.com>
>> > > > > http://blog.sina.com.cn/u/**1473905042<
>> > >
>> > > http://blog.sina.com.cn/u/1473905
>> > >
>> > > > > 042> weibo: http://weibo.com/u/1473905042
>> > >
>> > > --
>> > > Daniel Kulp
>> > > dan@kulp.com
>> > > http://dankulp.com/blog
>> --
>> Daniel Kulp
>> dkulp@apache.org - http://dankulp.com/blog
>> Talend Community Coder - http://coders.talend.com
>>
>>
>
Re: Signed soap-faults fail signature verification [with CXF 2.1.9]
Posted by Fansi <jm...@gmail.com>.
Ohh that's it! I am still on Spring 2. Thanks guy!
On 12 April 2012 17:13, Daniel Kulp <dk...@apache.org> wrote:
>
> What version of Spring are you using? I'm wondering if that method is only
> available on Spring 3.
>
>
>
> Dan
>
>
> On Thursday, April 12, 2012 05:10:17 PM Fansi wrote:
> > Thanks Dan for those precisions, they are very helpful indeed.
> >
> > As I cannot push the application to production with a snapshot library, I
> > am requesting the other party to sign only the detail subtree of the soap
> > fault message.
> >
> > By the way, depending on the snapshots (2.5.3 or 2.6.0) raises another
> > issue: the CXF bus is not loaded. I guess it is a possible mismatch of
> > dependent libraries.
> > A snippet of the stacktrace is shown below. Should you have any idea of
> > the causes of this, i will appreciate. For information, I am not running
> > into this with CXF releases until 2.5.2.
> > Cheers,
> >
> > Maj
> >
> > java.lang.NoSuchMethodError:
> >
> org.springframework.context.support.AbstractApplicationContext.getApplicat
> > ionListeners()Ljava/util/Collection; at
> > org.apache.cxf.transport.servlet.CXFServlet.loadBus(CXFServlet.java:52)
> > at
> >
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.init(CXFNonSpringServ
> > let.java:66) at
> >
> org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:
> > 1173) at
> > org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:993)
> > at
> >
> org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.jav
> > a:4187) at
> > org.apache.catalina.core.StandardContext.start(StandardContext.java:4496)
> > at
> > org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045) at
> > org.apache.catalina.core.StandardHost.start(StandardHost.java:785) at
> > org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045) at
> > org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
> > at
> > org.apache.catalina.core.StandardService.start(StandardService.java:519)
> > at
> > org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
> > at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
> > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
> > at java.lang.reflect.Method.invoke(Unknown Source)
> > at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
> > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
> > 12 avr. 2012 16:48:58 org.apache.catalina.core.StandardContext
> > loadOnStartup
> >
> > java.lang.NoSuchMethodError:
> >
> org.springframework.context.support.AbstractApplicationContext.getApplicat
> > ionListeners()Ljava/util/Collection; at
> > org.apache.cxf.transport.servlet.CXFServlet.loadBus(CXFServlet.java:52)
> > at
> >
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.init(CXFNonSpringServ
> > let.java:66)
> > On 11 April 2012 23:35, Daniel Kulp <dk...@apache.org> wrote:
> > > On Wednesday, April 11, 2012 12:57:37 PM Fansi wrote:
> > > > Hi,
> > > >
> > > > Thanks for replying.
> > > >
> > > > I am getting the same issue using cxf 2.3.9 and wss4j 1.5.12. May be
> > > > something is wrong with the signature itself. i am going the check.
> > >
> > > You *MAY* actually have to go all the way to the latest 2.5.3-SNAPSHOT
> > > or
> > > 2.6.0-SNAPSHOT. As part of CXF-4181, Aki, Alessio, and I did a bunch
> > > of
> > > updates to the SAAJInInterceptor and other SAAJ handling to make sure
> > > the
> > > Faults are properly parsed into the SAAJ model needed for the security.
> > > With the older versions, if you JUST sign the detail element, it may
> > > work, but signing the entire body likely won't.
> > >
> > > Dan
> > >
> > > > Cheers,
> > > >
> > > > Maj
> > > >
> > > > On 11 April 2012 10:26, Freeman Fang <fr...@gmail.com> wrote:
> > > > > Hi,
> > > > >
> > > > > Could you try with more recent CXF version, most likely this issue
> > > > > already get resolved.
> > > > > CXF 2.1.9 is quite old and even CXF 2.2.x is out-of-support now.
> > > > >
> > > > > Freeman
> > > > >
> > > > > On 2012-4-10, at 下午5:30, Fansi wrote:
> > > > > Hi mate,
> > > > >
> > > > >> I am currently encountering an apparently old issue with CXF. In
> > > > >> fact
> > > > >> signature verification systematically fails when signed message is
> > > > >> a
> > > > >> soap
> > > > >> fault. Signature verification for regular message is OK.
> > > > >>
> > > > >> I am using Mule ESB as security proxy, which in turn integrates
> CXF
> > > > >> 2.1.9. A snippet of the stack trace is shown below. From this
> > > > >> mailing
> > > > >> list's archive, I noticed that this issue has been raised by
> > > > >> someone
> > > > >> else on september 2009.
> > > > >>
> > > > >> Does anyone has any hint as to how to manage this? Any suggestion
> > >
> > > would
> > >
> > > > >> be appreciated.
> > > > >>
> > > > >> With kind regards,
> > > > >>
> > > > >> Maj
> > > > >>
> > > > >> org.apache.ws.security.**WSSecurityException: The signature or
> > > > >> decryption was
> > > > >> invalid
> > > > >>
> > > > >> at
> > > > >>
> > > > >> org.apache.ws.security.**processor.SignatureProcessor.**
> > > > >> verifyXMLSignature(**SignatureProcessor.java:529)
> > > > >>
> > > > >> at
> > > > >>
> > > > >>
> org.apache.ws.security.**processor.SignatureProcessor.**handleToken
> > > > >> (**
> > > > >> SignatureProcessor.java:97)
> > > > >>
> > > > >> at
> > > > >>
> > > > >>
> org.apache.ws.security.**WSSecurityEngine.**processSecurityHeader(*
> > > > >> *
> > > > >> WSSecurityEngine.java:326)
> > > > >>
> > > > >> at
> > > > >>
> > > > >>
> org.apache.ws.security.**WSSecurityEngine.**processSecurityHeader(*
> > > > >> *
> > > > >> WSSecurityEngine.java:243)
> > > > >>
> > > > >> at
> > >
> > > org.apache.cxf.ws.security.**wss4j.WSS4JInInterceptor.**handleMessage(*
> > >
> > > > >> *
> > > > >> WSS4JInInterceptor.java:180)
> > > > >>
> > > > >> at
> > >
> > > org.apache.cxf.ws.security.**wss4j.WSS4JInInterceptor.**handleMessage(*
> > >
> > > > >> *
> > > > >> WSS4JInInterceptor.java:67)
> > > > >>
> > > > >> at
> > > > >>
> > > > >> org.apache.cxf.phase.**PhaseInterceptorChain.**doIntercept(**
> > > > >> PhaseInterceptorChain.java:**243)
> > > > >
> > > > > ------------------------------**---------------
> > > > > Freeman Fang
> > > > >
> > > > > FuseSource
> > > > > Email:ffang@fusesource.com
> > > > > Web: fusesource.com
> > > > > Twitter: freemanfang
> > > > > Blog: http://freemanfang.blogspot.**com
> > > > > <http://freemanfang.blogspot.com>
> > > > > http://blog.sina.com.cn/u/**1473905042<
> > >
> > > http://blog.sina.com.cn/u/1473905
> > >
> > > > > 042> weibo: http://weibo.com/u/1473905042
> > >
> > > --
> > > Daniel Kulp
> > > dan@kulp.com
> > > http://dankulp.com/blog
> --
> Daniel Kulp
> dkulp@apache.org - http://dankulp.com/blog
> Talend Community Coder - http://coders.talend.com
>
>
Re: Signed soap-faults fail signature verification [with CXF 2.1.9]
Posted by Daniel Kulp <dk...@apache.org>.
What version of Spring are you using? I'm wondering if that method is only
available on Spring 3.
Dan
On Thursday, April 12, 2012 05:10:17 PM Fansi wrote:
> Thanks Dan for those precisions, they are very helpful indeed.
>
> As I cannot push the application to production with a snapshot library, I
> am requesting the other party to sign only the detail subtree of the soap
> fault message.
>
> By the way, depending on the snapshots (2.5.3 or 2.6.0) raises another
> issue: the CXF bus is not loaded. I guess it is a possible mismatch of
> dependent libraries.
> A snippet of the stacktrace is shown below. Should you have any idea of
> the causes of this, i will appreciate. For information, I am not running
> into this with CXF releases until 2.5.2.
> Cheers,
>
> Maj
>
> java.lang.NoSuchMethodError:
> org.springframework.context.support.AbstractApplicationContext.getApplicat
> ionListeners()Ljava/util/Collection; at
> org.apache.cxf.transport.servlet.CXFServlet.loadBus(CXFServlet.java:52)
> at
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.init(CXFNonSpringServ
> let.java:66) at
> org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:
> 1173) at
> org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:993)
> at
> org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.jav
> a:4187) at
> org.apache.catalina.core.StandardContext.start(StandardContext.java:4496)
> at
> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045) at
> org.apache.catalina.core.StandardHost.start(StandardHost.java:785) at
> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045) at
> org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
> at
> org.apache.catalina.core.StandardService.start(StandardService.java:519)
> at
> org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
> at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
> at java.lang.reflect.Method.invoke(Unknown Source)
> at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
> 12 avr. 2012 16:48:58 org.apache.catalina.core.StandardContext
> loadOnStartup
>
> java.lang.NoSuchMethodError:
> org.springframework.context.support.AbstractApplicationContext.getApplicat
> ionListeners()Ljava/util/Collection; at
> org.apache.cxf.transport.servlet.CXFServlet.loadBus(CXFServlet.java:52)
> at
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.init(CXFNonSpringServ
> let.java:66)
> On 11 April 2012 23:35, Daniel Kulp <dk...@apache.org> wrote:
> > On Wednesday, April 11, 2012 12:57:37 PM Fansi wrote:
> > > Hi,
> > >
> > > Thanks for replying.
> > >
> > > I am getting the same issue using cxf 2.3.9 and wss4j 1.5.12. May be
> > > something is wrong with the signature itself. i am going the check.
> >
> > You *MAY* actually have to go all the way to the latest 2.5.3-SNAPSHOT
> > or
> > 2.6.0-SNAPSHOT. As part of CXF-4181, Aki, Alessio, and I did a bunch
> > of
> > updates to the SAAJInInterceptor and other SAAJ handling to make sure
> > the
> > Faults are properly parsed into the SAAJ model needed for the security.
> > With the older versions, if you JUST sign the detail element, it may
> > work, but signing the entire body likely won't.
> >
> > Dan
> >
> > > Cheers,
> > >
> > > Maj
> > >
> > > On 11 April 2012 10:26, Freeman Fang <fr...@gmail.com> wrote:
> > > > Hi,
> > > >
> > > > Could you try with more recent CXF version, most likely this issue
> > > > already get resolved.
> > > > CXF 2.1.9 is quite old and even CXF 2.2.x is out-of-support now.
> > > >
> > > > Freeman
> > > >
> > > > On 2012-4-10, at 下午5:30, Fansi wrote:
> > > > Hi mate,
> > > >
> > > >> I am currently encountering an apparently old issue with CXF. In
> > > >> fact
> > > >> signature verification systematically fails when signed message is
> > > >> a
> > > >> soap
> > > >> fault. Signature verification for regular message is OK.
> > > >>
> > > >> I am using Mule ESB as security proxy, which in turn integrates CXF
> > > >> 2.1.9. A snippet of the stack trace is shown below. From this
> > > >> mailing
> > > >> list's archive, I noticed that this issue has been raised by
> > > >> someone
> > > >> else on september 2009.
> > > >>
> > > >> Does anyone has any hint as to how to manage this? Any suggestion
> >
> > would
> >
> > > >> be appreciated.
> > > >>
> > > >> With kind regards,
> > > >>
> > > >> Maj
> > > >>
> > > >> org.apache.ws.security.**WSSecurityException: The signature or
> > > >> decryption was
> > > >> invalid
> > > >>
> > > >> at
> > > >>
> > > >> org.apache.ws.security.**processor.SignatureProcessor.**
> > > >> verifyXMLSignature(**SignatureProcessor.java:529)
> > > >>
> > > >> at
> > > >>
> > > >> org.apache.ws.security.**processor.SignatureProcessor.**handleToken
> > > >> (**
> > > >> SignatureProcessor.java:97)
> > > >>
> > > >> at
> > > >>
> > > >> org.apache.ws.security.**WSSecurityEngine.**processSecurityHeader(*
> > > >> *
> > > >> WSSecurityEngine.java:326)
> > > >>
> > > >> at
> > > >>
> > > >> org.apache.ws.security.**WSSecurityEngine.**processSecurityHeader(*
> > > >> *
> > > >> WSSecurityEngine.java:243)
> > > >>
> > > >> at
> >
> > org.apache.cxf.ws.security.**wss4j.WSS4JInInterceptor.**handleMessage(*
> >
> > > >> *
> > > >> WSS4JInInterceptor.java:180)
> > > >>
> > > >> at
> >
> > org.apache.cxf.ws.security.**wss4j.WSS4JInInterceptor.**handleMessage(*
> >
> > > >> *
> > > >> WSS4JInInterceptor.java:67)
> > > >>
> > > >> at
> > > >>
> > > >> org.apache.cxf.phase.**PhaseInterceptorChain.**doIntercept(**
> > > >> PhaseInterceptorChain.java:**243)
> > > >
> > > > ------------------------------**---------------
> > > > Freeman Fang
> > > >
> > > > FuseSource
> > > > Email:ffang@fusesource.com
> > > > Web: fusesource.com
> > > > Twitter: freemanfang
> > > > Blog: http://freemanfang.blogspot.**com
> > > > <http://freemanfang.blogspot.com>
> > > > http://blog.sina.com.cn/u/**1473905042<
> >
> > http://blog.sina.com.cn/u/1473905
> >
> > > > 042> weibo: http://weibo.com/u/1473905042
> >
> > --
> > Daniel Kulp
> > dan@kulp.com
> > http://dankulp.com/blog
--
Daniel Kulp
dkulp@apache.org - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com
Re: Signed soap-faults fail signature verification [with CXF 2.1.9]
Posted by Fansi <jm...@gmail.com>.
Thanks Dan for those precisions, they are very helpful indeed.
As I cannot push the application to production with a snapshot library, I
am requesting the other party to sign only the detail subtree of the soap
fault message.
By the way, depending on the snapshots (2.5.3 or 2.6.0) raises another
issue: the CXF bus is not loaded. I guess it is a possible mismatch of
dependent libraries.
A snippet of the stacktrace is shown below. Should you have any idea of the
causes of this, i will appreciate. For information, I am not running into
this with CXF releases until 2.5.2.
Cheers,
Maj
java.lang.NoSuchMethodError:
org.springframework.context.support.AbstractApplicationContext.getApplicationListeners()Ljava/util/Collection;
at
org.apache.cxf.transport.servlet.CXFServlet.loadBus(CXFServlet.java:52)
at
org.apache.cxf.transport.servlet.CXFNonSpringServlet.init(CXFNonSpringServlet.java:66)
at
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1173)
at
org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:993)
at
org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4187)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:4496)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:785)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at
org.apache.catalina.core.StandardService.start(StandardService.java:519)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
12 avr. 2012 16:48:58 org.apache.catalina.core.StandardContext loadOnStartup
java.lang.NoSuchMethodError:
org.springframework.context.support.AbstractApplicationContext.getApplicationListeners()Ljava/util/Collection;
at
org.apache.cxf.transport.servlet.CXFServlet.loadBus(CXFServlet.java:52)
at
org.apache.cxf.transport.servlet.CXFNonSpringServlet.init(CXFNonSpringServlet.java:66)
On 11 April 2012 23:35, Daniel Kulp <dk...@apache.org> wrote:
> On Wednesday, April 11, 2012 12:57:37 PM Fansi wrote:
> > Hi,
> >
> > Thanks for replying.
> >
> > I am getting the same issue using cxf 2.3.9 and wss4j 1.5.12. May be
> > something is wrong with the signature itself. i am going the check.
>
> You *MAY* actually have to go all the way to the latest 2.5.3-SNAPSHOT or
> 2.6.0-SNAPSHOT. As part of CXF-4181, Aki, Alessio, and I did a bunch of
> updates to the SAAJInInterceptor and other SAAJ handling to make sure the
> Faults are properly parsed into the SAAJ model needed for the security.
> With the older versions, if you JUST sign the detail element, it may work,
> but signing the entire body likely won't.
>
> Dan
>
>
> >
> > Cheers,
> >
> > Maj
> >
> > On 11 April 2012 10:26, Freeman Fang <fr...@gmail.com> wrote:
> > > Hi,
> > >
> > > Could you try with more recent CXF version, most likely this issue
> > > already get resolved.
> > > CXF 2.1.9 is quite old and even CXF 2.2.x is out-of-support now.
> > >
> > > Freeman
> > >
> > > On 2012-4-10, at 下午5:30, Fansi wrote:
> > > Hi mate,
> > >
> > >> I am currently encountering an apparently old issue with CXF. In fact
> > >> signature verification systematically fails when signed message is a
> > >> soap
> > >> fault. Signature verification for regular message is OK.
> > >>
> > >> I am using Mule ESB as security proxy, which in turn integrates CXF
> > >> 2.1.9. A snippet of the stack trace is shown below. From this mailing
> > >> list's archive, I noticed that this issue has been raised by someone
> > >> else on september 2009.
> > >>
> > >> Does anyone has any hint as to how to manage this? Any suggestion
> would
> > >> be appreciated.
> > >>
> > >> With kind regards,
> > >>
> > >> Maj
> > >>
> > >> org.apache.ws.security.**WSSecurityException: The signature or
> > >> decryption was
> > >> invalid
> > >>
> > >> at
> > >>
> > >> org.apache.ws.security.**processor.SignatureProcessor.**
> > >> verifyXMLSignature(**SignatureProcessor.java:529)
> > >>
> > >> at
> > >>
> > >> org.apache.ws.security.**processor.SignatureProcessor.**handleToken(**
> > >> SignatureProcessor.java:97)
> > >>
> > >> at
> > >>
> > >> org.apache.ws.security.**WSSecurityEngine.**processSecurityHeader(**
> > >> WSSecurityEngine.java:326)
> > >>
> > >> at
> > >>
> > >> org.apache.ws.security.**WSSecurityEngine.**processSecurityHeader(**
> > >> WSSecurityEngine.java:243)
> > >>
> > >> at
> > >>
> > >>
> org.apache.cxf.ws.security.**wss4j.WSS4JInInterceptor.**handleMessage(*
> > >> *
> > >> WSS4JInInterceptor.java:180)
> > >>
> > >> at
> > >>
> > >>
> org.apache.cxf.ws.security.**wss4j.WSS4JInInterceptor.**handleMessage(*
> > >> *
> > >> WSS4JInInterceptor.java:67)
> > >>
> > >> at
> > >>
> > >> org.apache.cxf.phase.**PhaseInterceptorChain.**doIntercept(**
> > >> PhaseInterceptorChain.java:**243)
> > >
> > > ------------------------------**---------------
> > > Freeman Fang
> > >
> > > FuseSource
> > > Email:ffang@fusesource.com
> > > Web: fusesource.com
> > > Twitter: freemanfang
> > > Blog: http://freemanfang.blogspot.**com
> > > <http://freemanfang.blogspot.com>
> > > http://blog.sina.com.cn/u/**1473905042<
> http://blog.sina.com.cn/u/1473905
> > > 042> weibo: http://weibo.com/u/1473905042
> --
> Daniel Kulp
> dan@kulp.com
> http://dankulp.com/blog
>
Re: Signed soap-faults fail signature verification [with CXF 2.1.9]
Posted by Daniel Kulp <dk...@apache.org>.
On Wednesday, April 11, 2012 12:57:37 PM Fansi wrote:
> Hi,
>
> Thanks for replying.
>
> I am getting the same issue using cxf 2.3.9 and wss4j 1.5.12. May be
> something is wrong with the signature itself. i am going the check.
You *MAY* actually have to go all the way to the latest 2.5.3-SNAPSHOT or
2.6.0-SNAPSHOT. As part of CXF-4181, Aki, Alessio, and I did a bunch of
updates to the SAAJInInterceptor and other SAAJ handling to make sure the
Faults are properly parsed into the SAAJ model needed for the security.
With the older versions, if you JUST sign the detail element, it may work,
but signing the entire body likely won't.
Dan
>
> Cheers,
>
> Maj
>
> On 11 April 2012 10:26, Freeman Fang <fr...@gmail.com> wrote:
> > Hi,
> >
> > Could you try with more recent CXF version, most likely this issue
> > already get resolved.
> > CXF 2.1.9 is quite old and even CXF 2.2.x is out-of-support now.
> >
> > Freeman
> >
> > On 2012-4-10, at 下午5:30, Fansi wrote:
> > Hi mate,
> >
> >> I am currently encountering an apparently old issue with CXF. In fact
> >> signature verification systematically fails when signed message is a
> >> soap
> >> fault. Signature verification for regular message is OK.
> >>
> >> I am using Mule ESB as security proxy, which in turn integrates CXF
> >> 2.1.9. A snippet of the stack trace is shown below. From this mailing
> >> list's archive, I noticed that this issue has been raised by someone
> >> else on september 2009.
> >>
> >> Does anyone has any hint as to how to manage this? Any suggestion would
> >> be appreciated.
> >>
> >> With kind regards,
> >>
> >> Maj
> >>
> >> org.apache.ws.security.**WSSecurityException: The signature or
> >> decryption was
> >> invalid
> >>
> >> at
> >>
> >> org.apache.ws.security.**processor.SignatureProcessor.**
> >> verifyXMLSignature(**SignatureProcessor.java:529)
> >>
> >> at
> >>
> >> org.apache.ws.security.**processor.SignatureProcessor.**handleToken(**
> >> SignatureProcessor.java:97)
> >>
> >> at
> >>
> >> org.apache.ws.security.**WSSecurityEngine.**processSecurityHeader(**
> >> WSSecurityEngine.java:326)
> >>
> >> at
> >>
> >> org.apache.ws.security.**WSSecurityEngine.**processSecurityHeader(**
> >> WSSecurityEngine.java:243)
> >>
> >> at
> >>
> >> org.apache.cxf.ws.security.**wss4j.WSS4JInInterceptor.**handleMessage(*
> >> *
> >> WSS4JInInterceptor.java:180)
> >>
> >> at
> >>
> >> org.apache.cxf.ws.security.**wss4j.WSS4JInInterceptor.**handleMessage(*
> >> *
> >> WSS4JInInterceptor.java:67)
> >>
> >> at
> >>
> >> org.apache.cxf.phase.**PhaseInterceptorChain.**doIntercept(**
> >> PhaseInterceptorChain.java:**243)
> >
> > ------------------------------**---------------
> > Freeman Fang
> >
> > FuseSource
> > Email:ffang@fusesource.com
> > Web: fusesource.com
> > Twitter: freemanfang
> > Blog: http://freemanfang.blogspot.**com
> > <http://freemanfang.blogspot.com>
> > http://blog.sina.com.cn/u/**1473905042<http://blog.sina.com.cn/u/1473905
> > 042> weibo: http://weibo.com/u/1473905042
--
Daniel Kulp
dan@kulp.com
http://dankulp.com/blog
Re: Signed soap-faults fail signature verification [with CXF 2.1.9]
Posted by Fansi <jm...@gmail.com>.
Hi,
Thanks for replying.
I am getting the same issue using cxf 2.3.9 and wss4j 1.5.12. May be
something is wrong with the signature itself. i am going the check.
Cheers,
Maj
On 11 April 2012 10:26, Freeman Fang <fr...@gmail.com> wrote:
> Hi,
>
> Could you try with more recent CXF version, most likely this issue already
> get resolved.
> CXF 2.1.9 is quite old and even CXF 2.2.x is out-of-support now.
>
> Freeman
>
> On 2012-4-10, at 下午5:30, Fansi wrote:
>
> Hi mate,
>>
>> I am currently encountering an apparently old issue with CXF. In fact
>> signature verification systematically fails when signed message is a soap
>> fault. Signature verification for regular message is OK.
>>
>> I am using Mule ESB as security proxy, which in turn integrates CXF 2.1.9.
>> A snippet of the stack trace is shown below. From this mailing list's
>> archive, I noticed that this issue has been raised by someone else on
>> september 2009.
>>
>> Does anyone has any hint as to how to manage this? Any suggestion would be
>> appreciated.
>>
>> With kind regards,
>>
>> Maj
>>
>> org.apache.ws.security.**WSSecurityException: The signature or
>> decryption was
>> invalid
>> at
>> org.apache.ws.security.**processor.SignatureProcessor.**
>> verifyXMLSignature(**SignatureProcessor.java:529)
>> at
>> org.apache.ws.security.**processor.SignatureProcessor.**handleToken(**
>> SignatureProcessor.java:97)
>> at
>> org.apache.ws.security.**WSSecurityEngine.**processSecurityHeader(**
>> WSSecurityEngine.java:326)
>> at
>> org.apache.ws.security.**WSSecurityEngine.**processSecurityHeader(**
>> WSSecurityEngine.java:243)
>> at
>> org.apache.cxf.ws.security.**wss4j.WSS4JInInterceptor.**handleMessage(**
>> WSS4JInInterceptor.java:180)
>> at
>> org.apache.cxf.ws.security.**wss4j.WSS4JInInterceptor.**handleMessage(**
>> WSS4JInInterceptor.java:67)
>> at
>> org.apache.cxf.phase.**PhaseInterceptorChain.**doIntercept(**
>> PhaseInterceptorChain.java:**243)
>>
>
> ------------------------------**---------------
> Freeman Fang
>
> FuseSource
> Email:ffang@fusesource.com
> Web: fusesource.com
> Twitter: freemanfang
> Blog: http://freemanfang.blogspot.**com <http://freemanfang.blogspot.com>
> http://blog.sina.com.cn/u/**1473905042<http://blog.sina.com.cn/u/1473905042>
> weibo: http://weibo.com/u/1473905042
>
>
>
>
>
>
>
>
>
>
>
Re: Signed soap-faults fail signature verification [with CXF 2.1.9]
Posted by Freeman Fang <fr...@gmail.com>.
Hi,
Could you try with more recent CXF version, most likely this issue
already get resolved.
CXF 2.1.9 is quite old and even CXF 2.2.x is out-of-support now.
Freeman
On 2012-4-10, at 下午5:30, Fansi wrote:
> Hi mate,
>
> I am currently encountering an apparently old issue with CXF. In fact
> signature verification systematically fails when signed message is a
> soap
> fault. Signature verification for regular message is OK.
>
> I am using Mule ESB as security proxy, which in turn integrates CXF
> 2.1.9.
> A snippet of the stack trace is shown below. From this mailing list's
> archive, I noticed that this issue has been raised by someone else on
> september 2009.
>
> Does anyone has any hint as to how to manage this? Any suggestion
> would be
> appreciated.
>
> With kind regards,
>
> Maj
>
> org.apache.ws.security.WSSecurityException: The signature or
> decryption was
> invalid
> at
> org
> .apache
> .ws
> .security
> .processor
> .SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:529)
> at
> org
> .apache
> .ws
> .security
> .processor.SignatureProcessor.handleToken(SignatureProcessor.java:97)
> at
> org
> .apache
> .ws
> .security
> .WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:326)
> at
> org
> .apache
> .ws
> .security
> .WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:243)
> at
> org
> .apache
> .cxf
> .ws
> .security
> .wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:180)
> at
> org
> .apache
> .cxf
> .ws
> .security
> .wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:67)
> at
> org
> .apache
> .cxf
> .phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:
> 243)
---------------------------------------------
Freeman Fang
FuseSource
Email:ffang@fusesource.com
Web: fusesource.com
Twitter: freemanfang
Blog: http://freemanfang.blogspot.com
http://blog.sina.com.cn/u/1473905042
weibo: http://weibo.com/u/1473905042