You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2012/10/22 12:32:13 UTC

[jira] [Resolved] (CXF-4587) Signature Confirmation does not work with TransportBinding and EndorsingSupportingToken

     [ https://issues.apache.org/jira/browse/CXF-4587?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Colm O hEigeartaigh resolved CXF-4587.
--------------------------------------

    Resolution: Fixed
    
> Signature Confirmation does not work with TransportBinding and EndorsingSupportingToken
> ---------------------------------------------------------------------------------------
>
>                 Key: CXF-4587
>                 URL: https://issues.apache.org/jira/browse/CXF-4587
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.6.2, 2.5.6, 2.7.0
>            Reporter: Sunil Bapat
>            Assignee: Colm O hEigeartaigh
>            Priority: Minor
>             Fix For: 2.5.7, 2.6.4, 2.7.1
>
>         Attachments: patch.txt
>
>
> This is based on the discussion in http://cxf.547215.n5.nabble.com/TransportBinding-and-SignatureConfirmation-td5715655.html. 
> Signature Confirmation does not work on the client side, when the web service is secured by TransportBinding with EndorsingSupportingToken. 
> The response from the server contains a Signature Confirmation element, and the response fails with the error:
> Received a SignatureConfirmation element, but there are no stored signature values
> Debugging through the CXF code, here's what is happening:
> - After configuring the client, the WSS11Builder calls setRequireSignatureConfirmation(true) based on the policy (<sp:RequireSignatureConfirmation/>).
> - In the constructor of AbstractBindingBuilder, it initializes the signatures array property with an empty array, and puts it in the message as follows:
> message.getExchange().put(WSHandlerConstants.SEND_SIGV, signatures)
> - In the TransportBindingHandler.handleEndorsingToken (line 300), it calls addSig, which eventually calls the doSignature. However, the signature is never added to the signatures array. (SymmetricBindingHandler and AsymmetricBindingHandler do a signatures.add)
> - As a result when the service response comes to the WSS4JInInterceptor, it calls checkSignatureConfirmation in WSHandler, which retrieves the savedSignatures using
> List<byte[]> savedSignatures = 
>             (List<byte[]>) getProperty(reqData.getMsgContext(), WSHandlerConstants.SEND_SIGV);
> - This array is empty, since the signature was never added by TransportBindingHandler. Therefore it throws the above exception.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira