You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by ma...@fsb.se on 2006/03/22 08:57:04 UTC
WSS4J in WebSphere enviroment
Hi
I am trying to get WSS4J to secure a web service that is generated by
the IBM plugin in WSAD(5.1.2). The IBM plugin is based only on Jaxrpc,
no references to Axis. So I am using the WSS4J
jaxrpc(org.apache.ws.security.handler.WSS4JHandler) handler by defining
it as an inbound security handler.
Unfortunate I am not getting it to work. When I generate the same web
service with Axis and specify the Axis WSS4J handler it works like a
charm(both in a Tomcat and a WebSphere server). The parameters for the
Axis and the Jaxrpc handler is as follows:
Axis:
<requestFlow>
<handler
type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="passwordCallbackClass"
value="se.fsb.spoe.security.PWCallback"/>
<parameter name="action" value="Signature Encrypt
Timestamp"/>
<parameter name="signaturePropFile"
value="cryptoserver.properties" />
</handler>
</requestFlow>
Jaxrpc:
<init-param id="InitParam_23424352342">
<param-name>passwordCallbackClass</param-name>
<param-value>se.fsb.spoe.security.PWCallback</param-value>
</init-param>
<init-param id="InitParam_23452345232872983">
<param-name>action</param-name>
<param-value>Signature Encrypt Timestamp</param-value>
</init-param>
<init-param id="InitParam_1146546345872984">
<param-name>signaturePropFile</param-name>
<param-value>cryptoserver.properties</param-value>
</init-param>
<init-param id="InitParam_114253563472985">
<param-name>deployment</param-name>
<param-value>server</param-value>
</init-param>
<init-param id="InitParam_114234563456872986">
<param-name>flow</param-name>
<param-value>request-only</param-value>
</init-param>
I have debugged as far as it was possible and its when the
WSSecurityEngine tries to verifies the XML Signature (method
verifyXmlSignature(Element, Crypto, X509Certificate, Vector)) at line
571 (WSS4J version 1.0.0). The following is executed at that line
signatureOk = sig.checkSignatureValue(certs[0]); Where sig is a
org.apache.xml.security.signature.XMLSignature. Unfortunate I can't get
the debugger to find the source code lines when entering the xmlsec so I
can see exactly where the problem occurs. But during the call the
following is written in the server console
"org.apache.xml.security.signature.Reference Verification successful
for URI "#id-1680521892"". This should indicate that the signature is
valid but the checkSignatureValue method returns false which WSS4J then
of course reports as a WSSecurityException.
Has anyone used WSS4J jaxrpc handler successfully in a WebSphere 5.1
enviroment? Anyone that has any ideas on what can be wrong?
As the company I am working for has a simple web service framework build
with jaxrpc handlers (things like authentication, SST etc) I am
recommended to use the WSS4J without Axis. But if I can show that there
are some problems with it I hope that I can use Axis instead. As I need
to state my case on why Axis is needed I would like to find whats
causing this error I am getting.
Thanks,
Markus
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org