You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by "Venkat Reddy (JIRA)" <ax...@ws.apache.org> on 2005/06/26 12:22:02 UTC

[jira] Resolved: (AXIS-1458) Signature verification with WSS4J fails due to (guess) serialization bug in Axis

     [ http://issues.apache.org/jira/browse/AXIS-1458?page=all ]
     
Venkat Reddy resolved AXIS-1458:
--------------------------------

    Resolution: Fixed

Can't reproduce anymore.

> Signature verification with WSS4J fails due to (guess) serialization bug in Axis
> --------------------------------------------------------------------------------
>
>          Key: AXIS-1458
>          URL: http://issues.apache.org/jira/browse/AXIS-1458
>      Project: Apache Axis
>         Type: Bug
>   Components: Serialization/Deserialization
>     Versions: beta-2, beta-1
>  Environment: SuSE 9.1, JDK 1.4.2-b28
>     Reporter: Yves Langisch
>     Assignee: Venkat Reddy

>
> Here the problem description from my mail to the list:
> *********************
> All,
> I have following situation:
> - Client with WSDoAllSender (just signing)
> - Web Service with WSDOAllReceiver
> Client-side I read an XML instance document, manipulate it and send it
> over the signing handler to the web service. If I manipulate the
> document then the verification fails server-side. This is very strange
> since the signing process is at the very end of the handler chain. In
> order to manipulate the document I transform the file to a JDOM
> document, manipulate it, transform it back to a W3C document
> and add it to the body of the envelope. It seems to be this transformation from JDOM to W3C which causes the verification to fail at server-side.
> Example:
> <snip1>
> InputStream i = new BufferedInputStream(new
> FileInputStream(declaration));
> envelope.addBodyElement(new SOAPBodyElement(i));
> response = call.invoke(envelope)
> </snip1>
> <snip2>
> // just do a transformation without any data manipulation
> org.jdom.Document aSDDoc =
> XMLHelper.getJDomDocumentFromFile(declaration);
> org.w3c.dom.Document d =
> XMLHelper.getW3CDocumentFromJDOMDocument(aSDDoc);
> envelope.addBodyElement(new SOAPBodyElement(d.getDocumentElement()));
> response = call.invoke(envelope)
> </snip2>
> The first one works fine (with Beta1, not with Beta2 -> same issue), the second one fails at verification. Tracing the whole stuff I just found one difference between the two calls. The second call has a duplicate namespace entry (with beta2 both calls have these duplicate entries) in the body element which is valid though:
> <soapenv:Body wsu:Id="id-7719486" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><SDRequest xmlns="http://xyz" xmlns:ns1="http://xyz">
> The W3C document hasn't yet this duplicate namespace but the printout of the envelope before invoking the call already has this duplicate namespace entry. I saw that there are different forms of representation of content in the SOAPEnvelope class thus I have the very vague guess that the digest calculation is made on another representation (w/o the duplicate ns) than the message which arrives at the other end.
> Any ideas where problem could be? My mistake? Axis or WSS4 problem?
> **************

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira