You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "luca (JIRA)" <ji...@apache.org> on 2013/08/22 09:24:52 UTC
[jira] [Comment Edited] (CXF-5224) ws_security sign_enc problem
with cxf v. 2.7.4, correct whith cxf v. 2.3.3
[ https://issues.apache.org/jira/browse/CXF-5224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13747333#comment-13747333 ]
luca edited comment on CXF-5224 at 8/22/13 7:24 AM:
----------------------------------------------------
I have download the cxf version 2.3.3 and cxf version 2.7.4
I have unzip the file and i have test the sample:
apache-cxf-2.3.3\samples\ws_security\sign_enc --> this sample is correct
But i want a version more recently and i have test:
apache-cxf-2.7.4\samples\ws_security\sign_enc
whit this library i have the exception:
Caused by: org.apache.ws.security.WSSecurityException: General security error (WSEncryptBody/WSSignEnvelope: Element to encrypt/sign not found: http://schemas.xmlsoap.org/soap/envelope/, Body)
at org.apache.ws.security.message.WSSecSignatureBase.addReferencesToSign(WSSecSignatureBase.java:160)
... 25 more
Whit research i have find that the problem depend by a version of Soap used.
I have made this change:
this code(soap11):
private static final String WSU_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
outProps.put("encryptionParts", "{Element}{" + WSU_NS + "}Timestamp;"
+ "{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body");
outProps.put("signatureParts", "{Element}{" + WSU_NS + "}Timestamp;"
+ "{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body");
whith(soap12):
private static final String WSU_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
outProps.put("encryptionParts", "{Element}{" + WSU_NS + "}Timestamp;"
+ "{Content}{http://www.w3.org/2003/05/soap-envelope}Body");
outProps.put("signatureParts", "{Element}{" + WSU_NS + "}Timestamp;"
+ "{Element}{http://www.w3.org/2003/05/soap-envelope}Body");
But i have this warning:
WARNING: Interceptor for {http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01}Discovery#{http://cxf.apache.org/jaxws/provider}invoke has thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers: [{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] are not understood.
at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$MustUnderstandEndingInterceptor.handleMessage(MustUnderstandInterceptor.java:281)
at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$MustUnderstandEndingInterceptor.handleMessage(MustUnderstandInterceptor.java:259)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.udp.UDPDestination$MCastListener$2.run(UDPDestination.java:106)
at org.apache.cxf.workqueue.AutomaticWorkQueueImpl$3.run(AutomaticWorkQueueImpl.java:428)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at org.apache.cxf.workqueue.AutomaticWorkQueueImpl$AWQThreadFactory$1.run(AutomaticWorkQueueImpl.java:353)
at java.lang.Thread.run(Unknown Source)
Thank you
was (Author: luca76):
I have download the cxf version 2.3.3 and cxf version 2.7.4
I have unzip the file and i have test the sample:
apache-cxf-2.3.3\samples\ws_security\sign_enc --> this sample is correct
But i want a version more recently and i have test:
apache-cxf-2.7.4\samples\ws_security\sign_enc
whit this library i have the exception:
Caused by: org.apache.ws.security.WSSecurityException: General security error (WSEncryptBody/WSSignEnvelope: Element to encrypt/sign not found: http://schemas.xmlsoap.org/soap/envelope/, Body)
at org.apache.ws.security.message.WSSecSignatureBase.addReferencesToSign(WSSecSignatureBase.java:160)
... 25 more
Whit research i have find that the problem depend by a version of Soap used.
I have made this change:
this code(soap11):
private static final String WSU_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
outProps.put("encryptionParts", "{Element}{" + WSU_NS + "}Timestamp;"
+ "{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body");
outProps.put("signatureParts", "{Element}{" + WSU_NS + "}Timestamp;"
+ "{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body");
whith(soap12):
private static final String WSU_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
outProps.put("encryptionParts", "{Element}{" + WSU_NS + "}Timestamp;"
+ "{Content}{http://www.w3.org/2003/05/soap-envelope}Body");
outProps.put("signatureParts", "{Element}{" + WSU_NS + "}Timestamp;"
+ "{Element}{http://www.w3.org/2003/05/soap-envelope}Body");
But i have this warning:
WARNING: Interceptor for {http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01}Discovery#{http://cxf.apache.org/jaxws/provider}invoke has thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers: [{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] are not understood.
at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$MustUnderstandEndingInterceptor.handleMessage(MustUnderstandInterceptor.java:281)
at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$MustUnderstandEndingInterceptor.handleMessage(MustUnderstandInterceptor.java:259)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.udp.UDPDestination$MCastListener$2.run(UDPDestination.java:106)
at org.apache.cxf.workqueue.AutomaticWorkQueueImpl$3.run(AutomaticWorkQueueImpl.java:428)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at org.apache.cxf.workqueue.AutomaticWorkQueueImpl$AWQThreadFactory$1.run(AutomaticWorkQueueImpl.java:353)
at java.lang.Thread.run(Unknown Source)
Thank you
> ws_security sign_enc problem with cxf v. 2.7.4, correct whith cxf v. 2.3.3
> --------------------------------------------------------------------------
>
> Key: CXF-5224
> URL: https://issues.apache.org/jira/browse/CXF-5224
> Project: CXF
> Issue Type: Bug
> Components: WS-* Components
> Affects Versions: 2.7.4
> Environment: apache tomcat
> Reporter: luca
> Labels: patch
>
> The sign_enc sample have problem with soap version.
> The libraries for the version 2.7.4 support only version soap12, but the
> sample about sign_enc is create whit soap11
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira