You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Sandra Kosmalla <ko...@cs.uni-bonn.de> on 2008/01/25 13:02:24 UTC
Problems with tomcat and wss4j
Hi,
I have some problems with tomcat and wss4j. I programmed a servlet that
recieves Soap-messages with signatures. The servlet checks the
signature. In case of a valid signature the servlet removes it.
The removeSignature gives me the error message "Signature is unvalid"
even with valid signatures.
The code of my servlet:
public class TestServlet extends HttpServlet
{
private SecurityHandler signer = new SecurityHandler();
public void doPost(HttpServletRequest request, HttpServletResponse
response)
throws IOException
{
InputStream input = request.getInputStream();
Document soapRequest = null;
try
{
soapRequest = XmlUtils.createDocument(input);
}
catch (SAXException error)
{
throw new IOException(error.getMessage());
}
try {
soapRequest = this.signer.removeSignature(soapRequest);
//auth failed!!
} catch (SignatureNotFoundException e) {
e.printStackTrace();
}
}
}
My client is a jUnit-Test.
@Test
public final void testSendSignature() throws IOException,
SAXException, SignatureNotFoundException{
/* Create valid signed example ---------------------------- */
Document request =
createNspExampleRequestWithoutSignature(this.nspExampleRequestWithoutSignature);
this.secureHandler.setAddSignatureFlag(true);
Document response = this.secureHandler.addSignature(request);
/* ---------------------------------------------------------- */
/* Check example -------------------------------------------- */
boolean check = this.signer.checkSignature(response);
Assert.assertTrue("Signature is unvalid!", check);
/* ---------------------------------------------------------- */
/* Convert document to byte[]*/
String requestString = XMLUtils.PrettyDocumentToString(request);
byte[] soapBytes = requestString.getBytes();
/* ---------------------------------------------------------- */
/* set up the HTTP request - POST of SOAP 1.2 data */
URL url = getDestinationURL(dest);
HttpURLConnection connection =
(HttpURLConnection)url.openConnection();
connection.setRequestMethod("POST");
connection.setRequestProperty("Content-type",
SoapConstants.CONTENT_TYPE_HEADER);
connection.setDoOutput(true);
connection.connect();
/* ---------------------------------------------------------- */
/* send the SOAP request... */
OutputStream output = connection.getOutputStream();
output.write(soapBytes);
output.flush();
output.close();
/* --------------------------------------------------------- */
}
The client adds a signature in my Soap-message and checks the new
Soap-message. The signature is ok. The message is converted to a
bytestream and sent. In TestServlet, removeSignature can't remove the
signature. I got the error message "signature is unvalid".
I assumed that the converting to string or byte ruins the signature. I
coded a test to test the converting.
@Test
public final void testSignatureToByte() throws IOException,
SAXException, SignatureNotFoundException{
/* Create valid signed example ------------------------------ */
Document request =
createNspExampleRequestWithoutSignature(this.nspExampleRequestWithoutSignature);
this.secureHandler.setAddSignatureFlag(true);
Document response = this.secureHandler.addSignature(request);
String responseString = XMLUtils.PrettyDocumentToString(response);
/* --------------------------------------------------------- */
/* Check example -------------------------------------------- */
boolean check = this.signer.checkSignature(response);
Assert.assertTrue("Signature is unvalid!", check);
/* -------------------------------------------------------- */
/*Create a copy----------------------------------------------*/
byte[] responseByte = responseString.getBytes();
String newResponseString = new String(responseByte);
System.out.println("newResponse: ---------");
System.out.println(newResponseString);
Assert.assertTrue("Strings are unequal",
responseString.equals(newResponseString));
/* -------------------------------------------------------- */
/*Check copy ---------------------------------------------- */
Document newResponse = XmlUtils.createDocument(newResponseString);
check = this.signer.checkSignature(newResponse);
Assert.assertTrue("Signature is unvalid!", check);
/* ------------------------------------------------------- */
}
The result of the test is positive.
I do not understand why removeSignature() in TestServlet calls me
"signature is unvalid". It would be nice if you could help me with this
problem.
Thank you in advance.
Regards,
Sandra Kosmalla
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org