You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Ross Lodge <ro...@concentricsky.com> on 2011/04/18 23:27:56 UTC
Problem with 2.4.0 and WS-Security
I've been trying to get the new 2.4.0 release to work in a project that I'm
using that uses WS-Security and WS-SecurityPolicy in a WSDL-First SOAP
service, and I am getting a signature verification failure:
Caused by: org.apache.ws.security.WSSecurityException: The signature or
> decryption was invalid; nested exception is:
>
> org.apache.ws.security.WSSecurityException: The signature or decryption was
> invalid
>
> at
> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:378)
> ~[wss4j-1.6.0.jar:1.6.0]
>
> at
> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:174)
> ~[wss4j-1.6.0.jar:1.6.0]
>
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
> ~[wss4j-1.6.0.jar:1.6.0]
>
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:248)
> ~[cxf-rt-ws-security-2.4.0.jar:2.4.0]
>
> ... 35 common frames omitted
>
> Caused by: org.apache.ws.security.WSSecurityException: The signature or
> decryption was invalid
>
> at
> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:375)
> ~[wss4j-1.6.0.jar:1.6.0]
>
> ... 38 common frames omitted
>
It's quite possible that I'm missing something (e.g. relating to how WSS4J
1.6 needs to be configured vs WSSJ 1.5, for instance), or this could be a
bug of some kind.
Any help would be appreciated; I've uploaded sample code that exhibits this
problem to:
http://www.electronicmuse.com/WSSecurityTutorial.2.4.0-failure.zip
Thanks.
Ross M. Lodge
Re: Problem with 2.4.0 and WS-Security
Posted by Ross Lodge <ro...@concentricsky.com>.
It definitely works with 2.3.x but not with 2.4.0.
I've updated the zip file at that location to adjust the dependencies so
that (for me at least) it builds with a clean local repository on maven
2.2.1 on windows. I'm not sure I can simplify the test case too much; it
requires a fully configured and running server hosting the war file and a
fully configured client for a test.
Running the tests that should fail requires activating a specific profile in
the build:
'mvn clean install -Pintegration-test' from inside the parent module.
Ross
On Tue, Apr 19, 2011 at 7:00 AM, Colm O hEigeartaigh <co...@apache.org>wrote:
> I get an error on running "mvn clean install" in the
> WSSecurityTutorialParent folder:
>
> [ERROR] Failed to execute goal
> org.codehaus.mojo:jaxws-maven-plugin:1.12:wsimport (jaxws) on project
> WSSecurityTutorialJaxWs: Execution jaxws of goal
> org.codehaus.mojo:jaxws-maven-plugin:1.12:wsimport failed: Plugin
> org.codehaus.mojo:jaxws-maven-plugin:1.12 or one of its dependencies
> could not be resolved: Failed to collect dependencies for
> org.codehaus.mojo:jaxws-maven-plugin:jar:1.12 (): Failed to read
> artifact descriptor for com.sun.xml.ws:jaxws-tools:jar:2.1.7: Could
> not transfer artifact com.sun.xml.ws:jaxws-tools:pom:2.1.7 from/to
> java.net (http://download.java.net/maven/1/): No connector available
> to access repository java.net (http://download.java.net/maven/1/) of
> type legacy using the available factories
> WagonRepositoryConnectorFactory -> [Help 1]
>
> If you could put together a smaller test-case that shows the problem
> that would be great. Does your test-case work with CXF 2.3.x but fail
> with CXF 2.4.0?
>
> Colm.
>
> On Mon, Apr 18, 2011 at 10:27 PM, Ross Lodge
> <ro...@concentricsky.com> wrote:
> > I've been trying to get the new 2.4.0 release to work in a project that
> I'm
> > using that uses WS-Security and WS-SecurityPolicy in a WSDL-First SOAP
> > service, and I am getting a signature verification failure:
> >
> > Caused by: org.apache.ws.security.WSSecurityException: The signature or
> >> decryption was invalid; nested exception is:
> >>
> >> org.apache.ws.security.WSSecurityException: The signature or decryption
> was
> >> invalid
> >>
> >> at
> >>
> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:378)
> >> ~[wss4j-1.6.0.jar:1.6.0]
> >>
> >> at
> >>
> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:174)
> >> ~[wss4j-1.6.0.jar:1.6.0]
> >>
> >> at
> >>
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
> >> ~[wss4j-1.6.0.jar:1.6.0]
> >>
> >> at
> >>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:248)
> >> ~[cxf-rt-ws-security-2.4.0.jar:2.4.0]
> >>
> >> ... 35 common frames omitted
> >>
> >> Caused by: org.apache.ws.security.WSSecurityException: The signature or
> >> decryption was invalid
> >>
> >> at
> >>
> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:375)
> >> ~[wss4j-1.6.0.jar:1.6.0]
> >>
> >> ... 38 common frames omitted
> >>
> >
> > It's quite possible that I'm missing something (e.g. relating to how
> WSS4J
> > 1.6 needs to be configured vs WSSJ 1.5, for instance), or this could be a
> > bug of some kind.
> >
> > Any help would be appreciated; I've uploaded sample code that exhibits
> this
> > problem to:
> >
> > http://www.electronicmuse.com/WSSecurityTutorial.2.4.0-failure.zip
> >
> > Thanks.
> >
> > Ross M. Lodge
> >
>
Re: Problem with 2.4.0 and WS-Security
Posted by Colm O hEigeartaigh <co...@apache.org>.
I get an error on running "mvn clean install" in the
WSSecurityTutorialParent folder:
[ERROR] Failed to execute goal
org.codehaus.mojo:jaxws-maven-plugin:1.12:wsimport (jaxws) on project
WSSecurityTutorialJaxWs: Execution jaxws of goal
org.codehaus.mojo:jaxws-maven-plugin:1.12:wsimport failed: Plugin
org.codehaus.mojo:jaxws-maven-plugin:1.12 or one of its dependencies
could not be resolved: Failed to collect dependencies for
org.codehaus.mojo:jaxws-maven-plugin:jar:1.12 (): Failed to read
artifact descriptor for com.sun.xml.ws:jaxws-tools:jar:2.1.7: Could
not transfer artifact com.sun.xml.ws:jaxws-tools:pom:2.1.7 from/to
java.net (http://download.java.net/maven/1/): No connector available
to access repository java.net (http://download.java.net/maven/1/) of
type legacy using the available factories
WagonRepositoryConnectorFactory -> [Help 1]
If you could put together a smaller test-case that shows the problem
that would be great. Does your test-case work with CXF 2.3.x but fail
with CXF 2.4.0?
Colm.
On Mon, Apr 18, 2011 at 10:27 PM, Ross Lodge
<ro...@concentricsky.com> wrote:
> I've been trying to get the new 2.4.0 release to work in a project that I'm
> using that uses WS-Security and WS-SecurityPolicy in a WSDL-First SOAP
> service, and I am getting a signature verification failure:
>
> Caused by: org.apache.ws.security.WSSecurityException: The signature or
>> decryption was invalid; nested exception is:
>>
>> org.apache.ws.security.WSSecurityException: The signature or decryption was
>> invalid
>>
>> at
>> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:378)
>> ~[wss4j-1.6.0.jar:1.6.0]
>>
>> at
>> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:174)
>> ~[wss4j-1.6.0.jar:1.6.0]
>>
>> at
>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
>> ~[wss4j-1.6.0.jar:1.6.0]
>>
>> at
>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:248)
>> ~[cxf-rt-ws-security-2.4.0.jar:2.4.0]
>>
>> ... 35 common frames omitted
>>
>> Caused by: org.apache.ws.security.WSSecurityException: The signature or
>> decryption was invalid
>>
>> at
>> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:375)
>> ~[wss4j-1.6.0.jar:1.6.0]
>>
>> ... 38 common frames omitted
>>
>
> It's quite possible that I'm missing something (e.g. relating to how WSS4J
> 1.6 needs to be configured vs WSSJ 1.5, for instance), or this could be a
> bug of some kind.
>
> Any help would be appreciated; I've uploaded sample code that exhibits this
> problem to:
>
> http://www.electronicmuse.com/WSSecurityTutorial.2.4.0-failure.zip
>
> Thanks.
>
> Ross M. Lodge
>
Re: Problem with 2.4.0 and WS-Security
Posted by Daniel Kulp <dk...@apache.org>.
I really couldn't run this test case. I cannot build with Maven 3 due to
the java.net repo requirement. With maven 2.2.1, I get:
Caused by: java.lang.ClassCastException: java.lang.String cannot be cast to
java.lang.Integer
at org.testng.TestNG.configure(TestNG.java:1292)
at
org.apache.maven.surefire.testng.conf.TestNGMapConfigurator.configure(TestNGMapConfigurator.java:95)
at
org.apache.maven.surefire.testng.TestNGExecutor.run(TestNGExecutor.java:57)
at
org.apache.maven.surefire.testng.TestNGDirectoryTestSuite.execute(TestNGDirectoryTestSuite.java:106)
at
org.apache.maven.surefire.testng.TestNGProvider.invoke(TestNGProvider.java:111)
Any ideas? I've never used TestNG for anything so I'm not even sure where
to start looking at that.
Dan
On Monday 18 April 2011 5:27:56 PM Ross Lodge wrote:
> I've been trying to get the new 2.4.0 release to work in a project that I'm
> using that uses WS-Security and WS-SecurityPolicy in a WSDL-First SOAP
> service, and I am getting a signature verification failure:
>
> Caused by: org.apache.ws.security.WSSecurityException: The signature or
>
> > decryption was invalid; nested exception is:
> >
> > org.apache.ws.security.WSSecurityException: The signature or decryption
> > was invalid
> >
> > at
> > org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(Si
> > gnatureProcessor.java:378) ~[wss4j-1.6.0.jar:1.6.0]
> >
> > at
> > org.apache.ws.security.processor.SignatureProcessor.handleToken(Signature
> > Processor.java:174) ~[wss4j-1.6.0.jar:1.6.0]
> >
> > at
> > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityE
> > ngine.java:396) ~[wss4j-1.6.0.jar:1.6.0]
> >
> > at
> > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JIn
> > Interceptor.java:248) ~[cxf-rt-ws-security-2.4.0.jar:2.4.0]
> >
> > ... 35 common frames omitted
> >
> > Caused by: org.apache.ws.security.WSSecurityException: The signature or
> > decryption was invalid
> >
> > at
> > org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(Si
> > gnatureProcessor.java:375) ~[wss4j-1.6.0.jar:1.6.0]
> >
> > ... 38 common frames omitted
>
> It's quite possible that I'm missing something (e.g. relating to how WSS4J
> 1.6 needs to be configured vs WSSJ 1.5, for instance), or this could be a
> bug of some kind.
>
> Any help would be appreciated; I've uploaded sample code that exhibits this
> problem to:
>
> http://www.electronicmuse.com/WSSecurityTutorial.2.4.0-failure.zip
>
> Thanks.
>
> Ross M. Lodge
--
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog
Talend - http://www.talend.com