You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Be...@sanofi-aventis.com on 2005/06/20 14:36:01 UTC

Réf. : Axis Session + WSS4J Certificate




Hello All,

Just to say I have found the solution to my problem.
In fact I instance the service like this ListCityServiceService service =
new ListCityServiceServiceLocator(config);
And I retrieve data stored in Session by getting session variable like
this:
 SimpleSession axis_session =
(SimpleSession)engine.getApplicationSession();
instead of this:
SimpleSession axis_session =
(SimpleSession)MessageContext.getCurrentContext().getSession();

Thanks to all,

Benjamin



|---------+--------------------------->
|         |           Benjamin        |
|         |           Francioni       |
|         |                           |
|         |           09/06/2005 13:48|
|         |                           |
|---------+--------------------------->
  >-------------------------------------------------------------------------------------------------------------------------------|
  |                                                                                                                               |
  |        Pour :   fx-dev@ws.apache.org                                                                                          |
  |        cc :                                                                                                                   |
  |        Objet :  Axis Session + WSS4J Certificate                                                                              |
  >-------------------------------------------------------------------------------------------------------------------------------|



Hi All,

I have a problem when I use Axis SimpleSessionHandler and WSS4J
Certificate.
I use SimpleSessionHandler because I need to store and retrieve objects for
users on server-side.
I also use WSS4J Encryption and certification.
I configure my client request like this:

    <handler name="DoSecuritySender" type="
java:org.apache.ws.axis.security.WSDoAllSender" >
      <parameter name="action" value="Signature Encrypt"/>
      <parameter name="user" value="16c73ab6-b892-458f-abf5-2f875f74882e"/>
      <parameter name="passwordCallbackClass"
value="samples.stock.client.PWCallback"/>
      <parameter name="signaturePropFile" value="crypto.properties" />
      <parameter name="signatureKeyIdentifier" value="DirectReference" />
      <parameter name="encryptionKeyIdentifier" value="X509KeyIdentifier"
/>
    </handler>
    <handler type="SimpleSessionHandler"/>

If I want to retireve data stored in Session on server-side I must reuse
service variable on client-side:

                  ListCityServiceService service = null;
                  if(request.getSession().getAttribute("service")==null){
                        service = new
ListCityServiceServiceLocator(config);
                        request.getSession().setAttribute("service"
,service);
                  }
                  else
                  {
                        service =
(ListCityServiceService)request.getSession().getAttribute("service");
                  }

My problem is when I reuse the service variable stored in client-side
session, the certificate verification failed:
- Verification failed for URI "#id-9713235"
org.apache.ws.security.WSSecurityException: The signature verification
failed
      at
org.apache.ws.security.WSSecurityEngine.verifyXMLSignature(WSSecurityEngine.java:644)
      at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:334)
      at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:259)
      at
org.apache.ws.axis.security.WSDoAllReceiver.invoke(WSDoAllReceiver.java:181)
      at
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
      at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)

This problem does not occur if the service variable is instanced each time
like this: ListCityServiceService service = new
ListCityServiceServiceLocator(config);
But I can't retrieve data stored in session on server-side.
I'm lost. Anyone have an idea?

Thanks,
Benjamin



----------------------------------------------------------
Le présent message ainsi que ses éventuelles pièces jointes est
exclusivement destiné au(x) destinataire(s), personnes physiques ou
morales, qu'il désigne.
Il constitue de ce fait une correspondance à caractère privé et peut
contenir des informations confidentielles.
Si ce message vous est parvenu par erreur, nous vous remercions d'en aviser
immédiatement l'expéditeur par retour de courrier électronique puis de le
détruire, ainsi que ses éventuelles pièces jointes, sans en conserver de
copie.


This message, including any attachment, is intended for the use of the
individual or entity to which it is addressed.
It is therefore to be considered as a private correspondence which may
contain confidential information.
If you are not the intended recipient, please advise the sender immediately
by reply e.mail and delete this message and any attachment thereto without
retaining a copy.
----------------------------------------------------------