You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by Ricuzzo <ri...@gmail.com> on 2010/07/15 14:23:29 UTC
Re: Help Error using WSS4j
Hi, Although it is an old post, i wanted to help solving this problem for
all Java Developers dont waste their time as much as i did. I founda couple
of the multiple reasons this error can happend, i got solved.
I use Weblogic 8.1 and Java 1.4. For some reasons I think if works fine for
java 1.6 (maybe because some changes in the '=' operator in java 1.6). All
the problems have the same root, 'it cannot read the resource/config.xml'
file in the xmlsec.jar
1) First. Make sure you have permissions in your com.puter for reading doc.s
inside the java project. The problem is in xmlsec.java, not in WSS4J. You
can find inside the jar the following code:
Class: org.apache.xml.security.Init;
InputStream is = (InputStream) AccessController.doPrivileged(
new PrivilegedAction() {
public Object run() {
String cfile =
System.getProperty("org.apache.xml.security.resource.config");
return getClass().getResourceAsStream(cfile != null ? cfile :
"resource/config.xml");
}
});
So make sure you have the priviledges for getting access to the config.xml
2) This one you gonna love it: The version xmlsec-1.4.3 and 1.4.1 ( dont
know in 1.3 too) have a bug, a very big bug, wich prevents you from reading
the file config.xml, in wich all the algoritms and java classes for
encrypting are specified.
Thebug is in this Class: org.apache.xml.security.utils.ElementCheckerImpl;
In the code they compared two strings with the '=' operator, and not the
equals(), check this bugged code in the jar src:
public boolean isNamespaceElement(Node el, String type, String ns) {
if ((el == null) ||
¡¡¡¡Comparing strings with the != operator!!!!! -->
ns!=el.getNamespaceURI() || !el.getLocalName().equals(type)){
return false;
}
return true;
}
Just change it: ns!=el.getNamespaceURI() -->
!ns.equals(el.getNamespaceURI())
It will probably make your code work.
Hope it helps. Good luck.
--
View this message in context: http://old.nabble.com/Help-Error-using-WSS4j-tp24920678p29172291.html
Sent from the WSS4J mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Snapshots released from 1_5_x-fixes branch
Posted by David Valeri <dv...@apache.org>.
I have a fix or two in the 1.5.x fixes branch and will need to submit patches for a couple more over the next couple weeks. Right now, there is no published snapshot of this branch in a public repository (at least not that I can find). Would it be possible to have this branch release a snapshot on a regular basis? I have users of my code that do not share a common repository which makes distributing up-to-date snapshot builds problematic.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Help Error using WSS4j
Posted by Colm O hEigeartaigh <co...@apache.org>.
Hi,
> In the code they compared two strings with the '=' operator, and not the
> equals(), check this bugged code in the jar src:
This is not a bug. The namespaces are assumed to be interned, which is
what most DOM parsers do, and so checking strings for equality using
"==" should work fine. This may change in a future (major) release of
XML Security, as we/they should possibly default to a more robust
solution.
Colm.
On Thu, Jul 15, 2010 at 1:23 PM, Ricuzzo <ri...@gmail.com> wrote:
>
>
> Hi, Although it is an old post, i wanted to help solving this problem for
> all Java Developers dont waste their time as much as i did. I founda couple
> of the multiple reasons this error can happend, i got solved.
> I use Weblogic 8.1 and Java 1.4. For some reasons I think if works fine for
> java 1.6 (maybe because some changes in the '=' operator in java 1.6). All
> the problems have the same root, 'it cannot read the resource/config.xml'
> file in the xmlsec.jar
>
> 1) First. Make sure you have permissions in your com.puter for reading doc.s
> inside the java project. The problem is in xmlsec.java, not in WSS4J. You
> can find inside the jar the following code:
> Class: org.apache.xml.security.Init;
>
> InputStream is = (InputStream) AccessController.doPrivileged(
> new PrivilegedAction() {
> public Object run() {
> String cfile =
> System.getProperty("org.apache.xml.security.resource.config");
> return getClass().getResourceAsStream(cfile != null ? cfile :
> "resource/config.xml");
> }
> });
>
> So make sure you have the priviledges for getting access to the config.xml
>
> 2) This one you gonna love it: The version xmlsec-1.4.3 and 1.4.1 ( dont
> know in 1.3 too) have a bug, a very big bug, wich prevents you from reading
> the file config.xml, in wich all the algoritms and java classes for
> encrypting are specified.
> Thebug is in this Class: org.apache.xml.security.utils.ElementCheckerImpl;
>
> In the code they compared two strings with the '=' operator, and not the
> equals(), check this bugged code in the jar src:
>
> public boolean isNamespaceElement(Node el, String type, String ns) {
> if ((el == null) ||
> ¡¡¡¡Comparing strings with the != operator!!!!! -->
>
> ns!=el.getNamespaceURI() || !el.getLocalName().equals(type)){
> return false;
> }
>
> return true;
> }
>
> Just change it: ns!=el.getNamespaceURI() -->
> !ns.equals(el.getNamespaceURI())
>
> It will probably make your code work.
>
> Hope it helps. Good luck.
>
>
> --
> View this message in context: http://old.nabble.com/Help-Error-using-WSS4j-tp24920678p29172291.html
> Sent from the WSS4J mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org