You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2012/10/22 12:32:13 UTC
[jira] [Resolved] (CXF-4587) Signature Confirmation does not work
with TransportBinding and EndorsingSupportingToken
[ https://issues.apache.org/jira/browse/CXF-4587?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh resolved CXF-4587.
--------------------------------------
Resolution: Fixed
> Signature Confirmation does not work with TransportBinding and EndorsingSupportingToken
> ---------------------------------------------------------------------------------------
>
> Key: CXF-4587
> URL: https://issues.apache.org/jira/browse/CXF-4587
> Project: CXF
> Issue Type: Bug
> Components: WS-* Components
> Affects Versions: 2.6.2, 2.5.6, 2.7.0
> Reporter: Sunil Bapat
> Assignee: Colm O hEigeartaigh
> Priority: Minor
> Fix For: 2.5.7, 2.6.4, 2.7.1
>
> Attachments: patch.txt
>
>
> This is based on the discussion in http://cxf.547215.n5.nabble.com/TransportBinding-and-SignatureConfirmation-td5715655.html.
> Signature Confirmation does not work on the client side, when the web service is secured by TransportBinding with EndorsingSupportingToken.
> The response from the server contains a Signature Confirmation element, and the response fails with the error:
> Received a SignatureConfirmation element, but there are no stored signature values
> Debugging through the CXF code, here's what is happening:
> - After configuring the client, the WSS11Builder calls setRequireSignatureConfirmation(true) based on the policy (<sp:RequireSignatureConfirmation/>).
> - In the constructor of AbstractBindingBuilder, it initializes the signatures array property with an empty array, and puts it in the message as follows:
> message.getExchange().put(WSHandlerConstants.SEND_SIGV, signatures)
> - In the TransportBindingHandler.handleEndorsingToken (line 300), it calls addSig, which eventually calls the doSignature. However, the signature is never added to the signatures array. (SymmetricBindingHandler and AsymmetricBindingHandler do a signatures.add)
> - As a result when the service response comes to the WSS4JInInterceptor, it calls checkSignatureConfirmation in WSHandler, which retrieves the savedSignatures using
> List<byte[]> savedSignatures =
> (List<byte[]>) getProperty(reqData.getMsgContext(), WSHandlerConstants.SEND_SIGV);
> - This array is empty, since the signature was never added by TransportBindingHandler. Therefore it throws the above exception.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira