You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "luca (JIRA)" <ji...@apache.org> on 2013/08/22 09:24:52 UTC

[jira] [Comment Edited] (CXF-5224) ws_security sign_enc problem with cxf v. 2.7.4, correct whith cxf v. 2.3.3

    [ https://issues.apache.org/jira/browse/CXF-5224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13747333#comment-13747333 ] 

luca edited comment on CXF-5224 at 8/22/13 7:24 AM:
----------------------------------------------------

I have download the cxf version 2.3.3 and cxf version 2.7.4

I have unzip the file and i have test the sample:

apache-cxf-2.3.3\samples\ws_security\sign_enc --> this sample is correct

But i want a version more recently and i have test:

apache-cxf-2.7.4\samples\ws_security\sign_enc 

whit this library i have the exception:

Caused by: org.apache.ws.security.WSSecurityException: General security error (WSEncryptBody/WSSignEnvelope: Element to encrypt/sign not found: http://schemas.xmlsoap.org/soap/envelope/, Body)
at org.apache.ws.security.message.WSSecSignatureBase.addReferencesToSign(WSSecSignatureBase.java:160)
... 25 more 


Whit research i have find that the problem depend by a version of Soap used.

I have made this change:

this code(soap11):

private static final String WSU_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
outProps.put("encryptionParts", "{Element}{" + WSU_NS + "}Timestamp;"
+ "{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body");
outProps.put("signatureParts", "{Element}{" + WSU_NS + "}Timestamp;"
+ "{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body");

whith(soap12):

private static final String WSU_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
outProps.put("encryptionParts", "{Element}{" + WSU_NS + "}Timestamp;"
+ "{Content}{http://www.w3.org/2003/05/soap-envelope}Body");
outProps.put("signatureParts", "{Element}{" + WSU_NS + "}Timestamp;"
+ "{Element}{http://www.w3.org/2003/05/soap-envelope}Body");

But i have this warning:

WARNING: Interceptor for {http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01}Discovery#{http://cxf.apache.org/jaxws/provider}invoke has thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers: [{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] are not understood.
at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$MustUnderstandEndingInterceptor.handleMessage(MustUnderstandInterceptor.java:281)
at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$MustUnderstandEndingInterceptor.handleMessage(MustUnderstandInterceptor.java:259)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.udp.UDPDestination$MCastListener$2.run(UDPDestination.java:106)
at org.apache.cxf.workqueue.AutomaticWorkQueueImpl$3.run(AutomaticWorkQueueImpl.java:428)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at org.apache.cxf.workqueue.AutomaticWorkQueueImpl$AWQThreadFactory$1.run(AutomaticWorkQueueImpl.java:353)
at java.lang.Thread.run(Unknown Source)

Thank you 













                
      was (Author: luca76):
    I have download the cxf version 2.3.3 and cxf version 2.7.4

I have unzip the file and i have test the sample:

apache-cxf-2.3.3\samples\ws_security\sign_enc --> this sample is correct

But i want a version more recently and i have test:

apache-cxf-2.7.4\samples\ws_security\sign_enc 

whit this library i have the exception:

Caused by: org.apache.ws.security.WSSecurityException: General security error (WSEncryptBody/WSSignEnvelope: Element to encrypt/sign not found: http://schemas.xmlsoap.org/soap/envelope/, Body)
at org.apache.ws.security.message.WSSecSignatureBase.addReferencesToSign(WSSecSignatureBase.java:160)
... 25 more 


Whit research i have find that the problem depend by a version of Soap used.

I have made this change:

this code(soap11):

private static final String WSU_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
outProps.put("encryptionParts", "{Element}{" + WSU_NS + "}Timestamp;"
+ "{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body");
outProps.put("signatureParts", "{Element}{" + WSU_NS + "}Timestamp;"
+ "{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body");

whith(soap12):

private static final String WSU_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
outProps.put("encryptionParts", "{Element}{" + WSU_NS + "}Timestamp;"
+ "{Content}{http://www.w3.org/2003/05/soap-envelope}Body");
outProps.put("signatureParts", "{Element}{" + WSU_NS + "}Timestamp;"
+ "{Element}{http://www.w3.org/2003/05/soap-envelope}Body");

But i have this warning:

WARNING: Interceptor for {http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01}Discovery#{http://cxf.apache.org/jaxws/provider}invoke has thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers: [{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] are not understood.
at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$MustUnderstandEndingInterceptor.handleMessage(MustUnderstandInterceptor.java:281)
at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$MustUnderstandEndingInterceptor.handleMessage(MustUnderstandInterceptor.java:259)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.udp.UDPDestination$MCastListener$2.run(UDPDestination.java:106)
at org.apache.cxf.workqueue.AutomaticWorkQueueImpl$3.run(AutomaticWorkQueueImpl.java:428)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at org.apache.cxf.workqueue.AutomaticWorkQueueImpl$AWQThreadFactory$1.run(AutomaticWorkQueueImpl.java:353)
at java.lang.Thread.run(Unknown Source)

Thank you 













                  
> ws_security sign_enc problem with cxf v. 2.7.4, correct whith cxf v. 2.3.3
> --------------------------------------------------------------------------
>
>                 Key: CXF-5224
>                 URL: https://issues.apache.org/jira/browse/CXF-5224
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.7.4
>         Environment: apache tomcat
>            Reporter: luca
>              Labels: patch
>
> The sign_enc sample have problem with soap version.
> The libraries for the version 2.7.4 support only version soap12, but the
> sample about sign_enc is create whit soap11

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira