Re: "action mismatch" and WSConstants.SC meaning ?

[Fred Dushin <fr...@dushin.net>]

The action mismatch is occurring because the prescribed order of  
"actions" does not match the order (and number) of actions that were  
actually encountered.  I would need to know about how you are using  
WSS4J (e.g, Axis, CXF, etc) to know what you have specified as the  
prescribed ordering in your server/message receiver.

> If I add this line to ignore value 32 also:
>           if (act == WSConstants.SC) {
>                continue;
>            }
>            // ADDED BY ME
>            if (act == 32){
>                continue;
>            }
>
> everyting still works fine.

What you've done is to tell WSS4J to "ignore" the check over whether  
a timestamp is present (WSConstants.TS == 0x20 == 32).  I suspect  
the .NET client has sent you a timestamp in the header, which you've  
not configured in your server to expect.  You should instead  
configure your server to expect a timestamp, or configure your .NET  
client to not send one.

FWIW, I have found this action check in the WSHandler to be  
unreliable, at least in cases where you received messages from  
multiple sources.  E.g., the ordering of elements in the header  
differs if the message is sent from .NET clients, as opposed to WSS4J- 
enabled clients  This makes it pretty hard to define a server that is  
interoperable with lots of different secure clients, if they use  
different SOAP toolkits.  I think the intention is right -- I think  
it's supposed to allow you to check that a message was signed before  
it was encrypted.  But I'm not sure if the algorithm is quite right,  
so we may need to revisit it.

-Fred

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org