You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by "Chris Weitner (JIRA)" <ji...@apache.org> on 2010/05/06 22:12:48 UTC
[jira] Created: (WSS-231) There is an issue with the position of
the element in the header when using WSS4J calling
.NET Web Services with WS-Security.
There is an issue with the position of the <Timestamp> element in the <Security> header when using WSS4J calling .NET Web Services with WS-Security.
-------------------------------------------------------------------------------------------------------------------------------------------------------
Key: WSS-231
URL: https://issues.apache.org/jira/browse/WSS-231
Project: WSS4J
Issue Type: Bug
Components: WSS4J Core
Affects Versions: 1.5.8
Environment: Windows, Solaris
Reporter: Chris Weitner
Assignee: Ruchith Udayanga Fernando
There is an issue with the position of the <Timestamp> element in the <Security> header when using WSS4J calling .NET Web Services with WS-Security. When using the "Timestamp Signature" action over https, we are receiving the following error: "Signing without primary signature requires timestamp". When I modified org.apache.ws.security.message.WSSecSignature to position <Timestamp> as the first element in <Security> it worked fine (by default <Timestamp> is the last element and after the <Signature>). Can this be fixed or can you make Timestamp positioned first as a configuration option?
<soapenv:Header>
<wsse:Security>
<wsu:Timestamp>
<wsu:Created>2010-05-06T16:46:31.594Z</wsu:Created>
<wsu:Expires>2010-05-06T16:51:31.594Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken</wsse:BinarySecurityToken>
<ds:Signature>
....
</ds:Signature>
</wsse:Security>
</soapenv:Header>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: [jira] Created: (WSS-231) There is an issue with the position
of the element in the header when using WSS4J calling
.NET Web Services with WS-Security.
Posted by Werner Dittmann <We...@t-online.de>.
IIRC you can influence the position of the timestamp in the "action" parameter
of the deployment file (at least this was tru for Axis 1 :-) )
<parameter name="action" value="UsernameTokenSignature Encrypt Timestamp"/>
You may check the order of actions here. WSS4J creates the parts of the
security header in the order give in the action parameter (above is just an
example).
Regards,
Werner
Am 06.05.2010 22:12, schrieb Chris Weitner (JIRA):
> There is an issue with the position of the <Timestamp> element in the <Security> header when using WSS4J calling .NET Web Services with WS-Security.
> -------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: WSS-231
> URL: https://issues.apache.org/jira/browse/WSS-231
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.5.8
> Environment: Windows, Solaris
> Reporter: Chris Weitner
> Assignee: Ruchith Udayanga Fernando
>
>
> There is an issue with the position of the <Timestamp> element in the <Security> header when using WSS4J calling .NET Web Services with WS-Security. When using the "Timestamp Signature" action over https, we are receiving the following error: "Signing without primary signature requires timestamp". When I modified org.apache.ws.security.message.WSSecSignature to position <Timestamp> as the first element in <Security> it worked fine (by default <Timestamp> is the last element and after the <Signature>). Can this be fixed or can you make Timestamp positioned first as a configuration option?
>
> <soapenv:Header>
> <wsse:Security>
>
> <wsu:Timestamp>
> <wsu:Created>2010-05-06T16:46:31.594Z</wsu:Created>
> <wsu:Expires>2010-05-06T16:51:31.594Z</wsu:Expires>
> </wsu:Timestamp>
>
> <wsse:BinarySecurityToken</wsse:BinarySecurityToken>
>
> <ds:Signature>
> ....
> </ds:Signature>
> </wsse:Security>
> </soapenv:Header>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Commented: (WSS-231) There is an issue with the position of
the element in the header when using WSS4J calling
.NET Web Services with WS-Security.
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-231?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12872174#action_12872174 ]
Colm O hEigeartaigh commented on WSS-231:
-----------------------------------------
I don't think it's possible to construct a security header in that order at the moment in WSS4J, either through config or programatically. The Signature element always gets prepended to the security header, and I can't change this for backwards compatibility reasons.
Colm.
> There is an issue with the position of the <Timestamp> element in the <Security> header when using WSS4J calling .NET Web Services with WS-Security.
> -------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: WSS-231
> URL: https://issues.apache.org/jira/browse/WSS-231
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.5.8
> Environment: Windows, Solaris
> Reporter: Chris Weitner
> Assignee: Ruchith Udayanga Fernando
>
> There is an issue with the position of the <Timestamp> element in the <Security> header when using WSS4J calling .NET Web Services with WS-Security. When using the "Timestamp Signature" action over https, we are receiving the following error: "Signing without primary signature requires timestamp". When I modified org.apache.ws.security.message.WSSecSignature to position <Timestamp> as the first element in <Security> it worked fine (by default <Timestamp> is the last element and after the <Signature>). Can this be fixed or can you make Timestamp positioned first as a configuration option?
> <soapenv:Header>
> <wsse:Security>
>
> <wsu:Timestamp>
> <wsu:Created>2010-05-06T16:46:31.594Z</wsu:Created>
> <wsu:Expires>2010-05-06T16:51:31.594Z</wsu:Expires>
> </wsu:Timestamp>
>
> <wsse:BinarySecurityToken</wsse:BinarySecurityToken>
>
> <ds:Signature>
> ....
> </ds:Signature>
> </wsse:Security>
> </soapenv:Header>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Commented: (WSS-231) There is an issue with the position of
the element in the header when using WSS4J calling
.NET Web Services with WS-Security.
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-231?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12869605#action_12869605 ]
Colm O hEigeartaigh commented on WSS-231:
-----------------------------------------
As Werner said, try reversing the action list to be "Signature Timestamp".
Colm.
> There is an issue with the position of the <Timestamp> element in the <Security> header when using WSS4J calling .NET Web Services with WS-Security.
> -------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: WSS-231
> URL: https://issues.apache.org/jira/browse/WSS-231
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.5.8
> Environment: Windows, Solaris
> Reporter: Chris Weitner
> Assignee: Ruchith Udayanga Fernando
>
> There is an issue with the position of the <Timestamp> element in the <Security> header when using WSS4J calling .NET Web Services with WS-Security. When using the "Timestamp Signature" action over https, we are receiving the following error: "Signing without primary signature requires timestamp". When I modified org.apache.ws.security.message.WSSecSignature to position <Timestamp> as the first element in <Security> it worked fine (by default <Timestamp> is the last element and after the <Signature>). Can this be fixed or can you make Timestamp positioned first as a configuration option?
> <soapenv:Header>
> <wsse:Security>
>
> <wsu:Timestamp>
> <wsu:Created>2010-05-06T16:46:31.594Z</wsu:Created>
> <wsu:Expires>2010-05-06T16:51:31.594Z</wsu:Expires>
> </wsu:Timestamp>
>
> <wsse:BinarySecurityToken</wsse:BinarySecurityToken>
>
> <ds:Signature>
> ....
> </ds:Signature>
> </wsse:Security>
> </soapenv:Header>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Commented: (WSS-231) There is an issue with the position of
the element in the header when using WSS4J calling
.NET Web Services with WS-Security.
Posted by "Chris Weitner (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-231?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12869666#action_12869666 ]
Chris Weitner commented on WSS-231:
-----------------------------------
We are signing the Timestamp, so if the order is reversed, Signature is executed prior to Timestamp being generated.
[java] Error during Signature: ; nested exception is:
[java] org.apache.ws.security.WSSecurityException: General security error (WSEncryptBody/WSSignEnvelope: Element to encrypt/sign not found: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd, Timesta
mp)
> There is an issue with the position of the <Timestamp> element in the <Security> header when using WSS4J calling .NET Web Services with WS-Security.
> -------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: WSS-231
> URL: https://issues.apache.org/jira/browse/WSS-231
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.5.8
> Environment: Windows, Solaris
> Reporter: Chris Weitner
> Assignee: Ruchith Udayanga Fernando
>
> There is an issue with the position of the <Timestamp> element in the <Security> header when using WSS4J calling .NET Web Services with WS-Security. When using the "Timestamp Signature" action over https, we are receiving the following error: "Signing without primary signature requires timestamp". When I modified org.apache.ws.security.message.WSSecSignature to position <Timestamp> as the first element in <Security> it worked fine (by default <Timestamp> is the last element and after the <Signature>). Can this be fixed or can you make Timestamp positioned first as a configuration option?
> <soapenv:Header>
> <wsse:Security>
>
> <wsu:Timestamp>
> <wsu:Created>2010-05-06T16:46:31.594Z</wsu:Created>
> <wsu:Expires>2010-05-06T16:51:31.594Z</wsu:Expires>
> </wsu:Timestamp>
>
> <wsse:BinarySecurityToken</wsse:BinarySecurityToken>
>
> <ds:Signature>
> ....
> </ds:Signature>
> </wsse:Security>
> </soapenv:Header>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org