You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by "Deepal Jayasinghe (JIRA)" <ji...@apache.org> on 2009/06/13 02:07:07 UTC
[jira] Resolved: (AXIS2-2930) AXIS2 - signature verification failed
in Axis2 with Rampart
[ https://issues.apache.org/jira/browse/AXIS2-2930?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Deepal Jayasinghe resolved AXIS2-2930.
--------------------------------------
Resolution: Fixed
Please reopen if the issue is still there
> AXIS2 - signature verification failed in Axis2 with Rampart
> -----------------------------------------------------------
>
> Key: AXIS2-2930
> URL: https://issues.apache.org/jira/browse/AXIS2-2930
> Project: Axis 2.0 (Axis2)
> Issue Type: Bug
> Affects Versions: 1.0
> Environment: Window Xp, Tomcat 5.5.20
> Reporter: Boon
> Assignee: Ruchith Udayanga Fernando
>
> AXIS2 - signature verification failed in Axis2 with Rampart
> I encountered the signature verification problem when I tried to build a Axis2 client to access an .NET WS and a Axis WS.
> I believe this is the same issue/problem raised by Allen in April 2007. I've follow the issue raised by Allen but have not come across the solution for the issue.
> Issue details: The signature verification failed in Axis2 in axis-dev mailing list on 17 Apr 2007 & 18 Apr 2007.
> The message exchange in the above mailing list mentioned that the issue could be cause by some pretty printing that cause some additional chars being inserted into the message and which subsequently lead to Signature verification problem.
> Could someone from AXIS2/Rampart confirm whether this is the cause of the problem and if it is, how can I resolve this or any solution to get around this problem.
> Your assistance on this will be very much appreciated. Thank you very much.
> Best regards,
> Boon
> The exception that get thrown back to me is as follow:
> org.apache.axis2.AxisFault: WSDoAllReceiver: security processing failed; nested exception is:
> ==========================================================================================
> org.apache.ws.security.WSSecurityException: The signature verification failed
> at org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:287)
> at itree.iacd.webservice.axis2.iap_sp.ServiceProviderStub.notifyRejection(ServiceProviderStub.java:120)
> at itree.iacd.webservice.axis2.iap_sp.ServiceProviderClient.notifyRejection(ServiceProviderClient.java:183)
> at itree.iacd.webservice.axis2.iap_sp.ServiceProviderClient.main(ServiceProviderClient.java:108)
> ==========================================================================================
> I have appended the discussion from the above mailing list for your convenience:
> ===========================================================================================
> Hi Allen,
> Since its the response from the .NET server that causes the signature
> failure I need that particular message in it original form (without
> any xml formatting).
> Thanks,
> Ruchith
> On 4/19/07, Liu, Xiao-Tao (Allen, HPIT-GADSC) <xi...@hp.com> wrote:
> >
> >
> > Hi Ruchith,
> >
> > Do you have any update on this issue? I have searched all the document I
> > could find, but all didn't work. Hope you can help me.
> >
> > Thanks,
> > Allen
> >
> >
> > ________________________________
> > From: Liu, Xiao-Tao (Allen, HPIT-GADSC)
> > Sent: 2007��4��18�� 19:19
> > To: 'rampart-dev@ws.apache.org'
> > Subject: RE: The signature verification failed in Axis2 with Rampart
> >
> >
> >
> >
> > Hi Ruchith,
> >
> > I send out my client source code with all necessary configurations/keystore.
> > I created the request message inside the client, using AXIOM. The web
> > service is written in .net and running on IIS.
> >
> > Thanks,
> > Allen
> >
> > -----Original Message-----
> > From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> > Sent: 2007��4��18�� 19:08
> > To: rampart-dev@ws.apache.org
> > Subject: Re: The signature verification failed in Axis2 with Rampart
> >
> > Hi Allen,
> >
> > Can you please send the message that caused the exception (with out xml
> > formatting) and also send the public key cert of the key that was used to
> > sign the message. I'll try to recreate your issue.
> >
> > Thanks,
> > Ruchith
> >
> > On 4/18/07, Liu, Xiao-Tao (Allen, HPIT-GADSC) <xi...@hp.com> wrote:
> > > Hi,
> > >
> > > I am taking use of Axis2 to build a client to access a .net ws with
> > > X509 certificate signature. All the steps are fine except when I
> > > receive the response from .net, the signature verification always failed.
> > >
> > > Warning: Verification failed for URI
> > > "#Id-c59b2f2c-9d10-4107-bea9-e8eb690dd67d"
> > > Exception in thread "main" org.apache.axis2.AxisFault: WSDoAllReceiver:
> > > security processing failed; nested exception is:
> > > org.apache.ws.security.WSSecurityException: The
> > signature
> > > verification failed
> > > at
> > >
> > org.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.
> > > java:259)
> > > at
> > >
> > org.apache.rampart.handler.WSDoAllReceiver.processMessage(WSDoAllRecei
> > > ve
> > > r.java:91)
> > > at
> > >
> > org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:74)
> > > at
> > org.apache.axis2.engine.Phase.invoke(Phase.java:382)
> > > at
> > >
> > org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:522)
> > > at
> > >
> > org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:487)
> > > at
> > >
> > org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOp
> > > er
> > > ation.java:276)
> > > at
> > >
> > org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxi
> > > sO
> > > peration.java:202)
> > > at
> > >
> > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:5
> > > 79
> > > )
> > > at
> > >
> > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:5
> > > 08
> > > )
> > > at ws.axis2.DotNetWSRClient.main(DotNetWSRClient.java:45)
> > > Caused by: org.apache.ws.security.WSSecurityException:
> > The signature
> > > verification failed
> > > at
> > >
> > org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature
> > > (S
> > > ignatureProcessor.java:332)
> > > at
> > >
> > org.apache.ws.security.processor.SignatureProcessor.handleToken(Signat
> > > ur
> > > eProcessor.java:79)
> > > at
> > >
> > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecuri
> > > ty
> > > Engine.java:279)
> > > at
> > >
> > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecuri
> > > ty
> > > Engine.java:201)
> > > at
> > >
> > org.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.
> > > java:256)
> > > ... 10 more
> > >
> > > I am suspecting that's probably caused by some PrettyXML or
> > > NamespacePrefixOptimization mechanism when Axis modified the response
> > > body with new lines/breaks/spaces to let it looks better. And I found
> > > there was some specific parameter in Axis configuration for Axis1:
> > >
> > > <globalConfiguration>
> > > <!-- MUST turn off pretty printing otherwise signature verification
> > > fails -->
> > > <parameter name="enableNamespacePrefixOptimization"
> > value="false"/>
> > > <parameter name="disablePrettyXML" value="true"/>
> > >
> > > </globalConfiguration>
> > >
> > >
> > > But I didn't find there is corresponding parameters in Axis2. Has
> > > somebody faced the same problem? I have been struggling with it for
> > > over
> > > 2 days...
> > >
> > > Thanks,
> > > Allen
> > >
> > >
> >
> >
> > --
> > www.ruchith.org
> > www.wso2.org
> ==============================================================================================
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.