You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by Jaime Hablutzel Egoavil <ha...@gmail.com> on 2012/01/06 00:43:09 UTC
Re: MTOM, DOOM and axis 2
OK, the client code that generates *two different signatures* but
transports the equivalent thing over the network is:
*DOOM enabled*
public class BinaryClient {
public static void main(String[] args) throws Exception {
ConfigurationContext ctx =
ConfigurationContextFactory.createConfigurationContextFromFileSystem("D:\\software\\axis2-1.6.1\\repository",
"D:\\software\\axis2-1.6.1\\samples\\mtom\\src\\client.axis2-2.xml");
RPCServiceClient client = new RPCServiceClient(ctx, null);
Options opts = new Options();
opts.setAction("ns:echo");
EndpointReference to = new EndpointReference();
to.setAddress("http://localhost:8080/anywhere");
opts.setTo(to);
opts.setProperty(org.apache.axis2.Constants.Configuration.ENABLE_MTOM,
org.apache.axis2.Constants.VALUE_TRUE);
//Set the rampart parameters
opts.setProperty(WSSHandlerConstants.OUTFLOW_SECURITY,
getOutflowConfiguration());
opts.setProperty(WSSHandlerConstants.INFLOW_SECURITY,
getInflowConfiguration());
opts.setProperty(WSSHandlerConstants.USE_DOOM,
org.apache.axis2.Constants.VALUE_TRUE);
client.setOptions(opts);
//Engage rampart
client.engageModule("rampart");
DataHandler dh = new DataHandler(new
FileDataSource("D:\\software\\axis2-1.6.1\\samples\\mtom\\build.xml"));
client.invokeRobust(new QName("http://client.mtom.sample", "echo"),
new Object[]{dh});
}
public static Parameter getOutflowConfiguration() {
OutflowConfiguration ofc = new OutflowConfiguration();
ofc.setActionItems("Signature");
ofc.setUser("client");
ofc.setPasswordCallbackClass("sample.mtom.client.PWCBHandler");
ofc.setSignaturePropFile("client.properties");
ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.ISSUER_SERIAL);
ofc.setEncryptionUser("service");
return ofc.getProperty();
}
public static Parameter getInflowConfiguration() {
InflowConfiguration ifc = new InflowConfiguration();
ifc.setActionItems("Signature");
ifc.setSignaturePropFile("client.properties");
return ifc.getProperty();
}
}
*Without DOOM*
public class BinaryClient {
public static void main(String[] args) throws Exception {
ConfigurationContext ctx =
ConfigurationContextFactory.createConfigurationContextFromFileSystem("D:\\software\\axis2-1.6.1\\repository",
"D:\\software\\axis2-1.6.1\\samples\\mtom\\src\\client.axis2-2.xml");
RPCServiceClient client = new RPCServiceClient(ctx, null);
Options opts = new Options();
opts.setAction("ns:echo");
EndpointReference to = new EndpointReference();
to.setAddress("http://localhost:8080/anywhere");
opts.setTo(to);
opts.setProperty(org.apache.axis2.Constants.Configuration.ENABLE_MTOM,
org.apache.axis2.Constants.VALUE_TRUE);
//Set the rampart parameters
opts.setProperty(WSSHandlerConstants.OUTFLOW_SECURITY,
getOutflowConfiguration());
opts.setProperty(WSSHandlerConstants.INFLOW_SECURITY,
getInflowConfiguration());
// opts.setProperty(WSSHandlerConstants.USE_DOOM,
org.apache.axis2.Constants.VALUE_TRUE);
client.setOptions(opts);
//Engage rampart
client.engageModule("rampart");
DataHandler dh = new DataHandler(new
FileDataSource("D:\\software\\axis2-1.6.1\\samples\\mtom\\build.xml"));
client.invokeRobust(new QName("http://client.mtom.sample", "echo"),
new Object[]{dh});
}
public static Parameter getOutflowConfiguration() {
OutflowConfiguration ofc = new OutflowConfiguration();
ofc.setActionItems("Signature");
ofc.setUser("client");
ofc.setPasswordCallbackClass("sample.mtom.client.PWCBHandler");
ofc.setSignaturePropFile("client.properties");
ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.ISSUER_SERIAL);
ofc.setEncryptionUser("service");
return ofc.getProperty();
}
public static Parameter getInflowConfiguration() {
InflowConfiguration ifc = new InflowConfiguration();
ifc.setActionItems("Signature");
ifc.setSignaturePropFile("client.properties");
return ifc.getProperty();
}
}
*And given that the server after canonicalization will only expect one type
of signature it fails.*
On Thu, Dec 29, 2011 at 1:26 PM, Andreas Veithen
<an...@gmail.com>wrote:
> Can you sent use the code that produces the message causing the
> problems, including everything you do to configure Rampart? That
> should allow us to reproduce the problem.
>
> Andreas
>
> On Thu, Dec 29, 2011 at 17:16, Jaime Hablutzel Egoavil
> <ha...@gmail.com> wrote:
> > Axis 1.6.1, rampart 1.6.1, axiom 1.2.12
> > By the way I discovered that this problem only arises when using
> >
> > client.invokeRobust(new QName("http://client.mtom.sample", "echo"), new
> > Object[]{dh});
> >
> > And not with
> >
> > client.sendReceive(elem)
> >
> > And I'm looking that the first one creates
> >
> > <soapenv:Body
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > wsu:Id="id-2"><echo xmlns="http://client.mtom.sample"><arg0
> > xmlns=""><xop:Include xmlns:xop="http://www.w3.org/2004/08/xop/include"
> > href="cid:0710aab4c96720a1886956170b3b109376c02d3e09c5233e@apache.org"
> > /></arg0></echo></soapenv:Body>
> >
> > And the second one:
> >
> > <soapenv:Body
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > wsu:Id="id-2"><ns1:echo
> > xmlns:ns1="http://client.mtom.sample"><arg0><xop:Include
> > xmlns:xop="http://www.w3.org/2004/08/xop/include"
> > href="cid:ff5f2e1026b6fe4b08a45687431ea67221606586a337e626@apache.org"
> > /></arg0></ns1:echo></soapenv:Body>
> >
> >
> > Anyway using the second it is working but with the first the stripped
> > xmlns="" makes the signature value different so the server after
> > canonicalization produces a different value and validation fails
> >
> > On Thu, Dec 29, 2011 at 4:31 AM, Andreas Veithen <
> andreas.veithen@gmail.com>
> > wrote:
> >>
> >> What are the Axis2, Rampart and Axiom versions that you are using?
> >>
> >> Andreas
> >>
> >> On Tue, Dec 27, 2011 at 23:18, Jaime Hablutzel Egoavil
> >> <ha...@gmail.com> wrote:
> >> > Hi I want to post an apparent bug when DOOM option is activated in the
> >> > client, so the SOAP message include xop:Include even when using
> >> > WS-Signature
> >> > and doesn't send the message in base64, this way getting advantage of
> >> > MTOM.
> >> >
> >> > When using DOOM the canonicalized data to create the digest is:
> >> >
> >> > <soapenv:Body xmlns:soapenv="
> http://schemas.xmlsoap.org/soap/envelope/"
> >> >
> >> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> >> > wsu:Id="id-2"><echo
> >> >
> >> > xmlns="http://client.mtom.sample
> "><arg0>b3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ucHJvdmlkZXI9b3JnLmFwYWNoZS53cy5zZWN1cml0eS5jb21wb25lbnRzLmNyeXB0by5NZXJsaW4Kb3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ubWVybGluLmtleXN0b3JlLnR5cGU9amtzCm9yZy5hcGFjaGUud3Muc2VjdXJpdHkuY3J5cHRvLm1lcmxpbi5rZXlzdG9yZS5wYXNzd29yZD1hcGFjaGUKb3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ubWVybGluLmZpbGU9Y2xpZW50Lmprcw==</arg0></echo></soapenv:Body>
> >> >
> >> > But when DOOM is disabled the data is:
> >> >
> >> > <soapenv:Body xmlns:soapenv="
> http://schemas.xmlsoap.org/soap/envelope/"
> >> >
> >> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> >> > wsu:Id="id-2"><echo xmlns="http://client.mtom.sample"><arg0
> >> >
> >> >
> xmlns="">b3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ucHJvdmlkZXI9b3JnLmFwYWNoZS53cy5zZWN1cml0eS5jb21wb25lbnRzLmNyeXB0by5NZXJsaW4Kb3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ubWVybGluLmtleXN0b3JlLnR5cGU9amtzCm9yZy5hcGFjaGUud3Muc2VjdXJpdHkuY3J5cHRvLm1lcmxpbi5rZXlzdG9yZS5wYXNzd29yZD1hcGFjaGUKb3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ubWVybGluLmZpbGU9Y2xpZW50Lmprcw==</arg0></echo></soapenv:Body>
> >> >
> >> > Look at the difference in red color. This causes the digest value to
> be
> >> > different so the server gets confused and is unable to validate the
> >> > signature when using DOOM in the client. A workaround seems to be to
> use
> >> > only namespaced elements so the xmlns="" doesn't get generated never.
> >> >
> >> > I would like to know if someone has reached this problem when using
> MTOM
> >> > +
> >> > WS-Signature in axis 2.
> >> >
> >> > Other thing, DOOM option is not really well documented anywhere in
> axis2
> >> > website and I just found that it was available to make real MTOM with
> >> > WS-Signature debugging the source code for three days u.u.
> >> >
> >> > Good bye
> >> >
> >> >
> >> >
> >> > --
> >> > Jaime Hablutzel - 9-9956-3299
> >> >
> >> > (tildes omitidas intencionalmente)
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
> >> For additional commands, e-mail: java-dev-help@axis.apache.org
> >>
> >
> >
> >
> > --
> > Jaime Hablutzel - 9-9956-3299
> >
> > (tildes omitidas intencionalmente)
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
> For additional commands, e-mail: java-dev-help@axis.apache.org
>
>
--
Jaime Hablutzel - 9-9956-3299
(tildes omitidas intencionalmente)
Re: MTOM, DOOM and axis 2
Posted by Jaime Hablutzel Egoavil <ha...@gmail.com>.
glad to hear that bug has been fixed.
On Sat, Jan 7, 2012 at 12:06 PM, Andreas Veithen
<an...@gmail.com>wrote:
> I've fixed AXIOM-408 and that solves the signature issue. Fresh
> 1.6.2-SNAPSHOT builds including that change are available here:
>
>
> https://builds.apache.org/job/axis2-1.6/lastBuild/org.apache.axis2$distribution/
>
> https://builds.apache.org/job/rampart-1.6/lastBuild/org.apache.rampart$rampart-dist/
>
> Andreas
>
> On Sat, Jan 7, 2012 at 12:20, Andreas Veithen <an...@gmail.com>
> wrote:
> > Thanks for the code, Jaime.
> >
> > I think that I have identified the root cause of the issue:
> > https://issues.apache.org/jira/browse/AXIOM-408
> >
> > Andreas
> >
> > On Fri, Jan 6, 2012 at 00:43, Jaime Hablutzel Egoavil
> > <ha...@gmail.com> wrote:
> >> OK, the client code that generates two different signatures but
> transports
> >> the equivalent thing over the network is:
> >>
> >> DOOM enabled
> >>
> >> public class BinaryClient {
> >>
> >> public static void main(String[] args) throws Exception {
> >>
> >> ConfigurationContext ctx =
> >>
> ConfigurationContextFactory.createConfigurationContextFromFileSystem("D:\\software\\axis2-1.6.1\\repository",
> >> "D:\\software\\axis2-1.6.1\\samples\\mtom\\src\\client.axis2-2.xml");
> >> RPCServiceClient client = new RPCServiceClient(ctx, null);
> >> Options opts = new Options();
> >> opts.setAction("ns:echo");
> >> EndpointReference to = new EndpointReference();
> >> to.setAddress("http://localhost:8080/anywhere");
> >> opts.setTo(to);
> >>
> >> opts.setProperty(org.apache.axis2.Constants.Configuration.ENABLE_MTOM,
> >> org.apache.axis2.Constants.VALUE_TRUE);
> >> //Set the rampart parameters
> >> opts.setProperty(WSSHandlerConstants.OUTFLOW_SECURITY,
> >> getOutflowConfiguration());
> >> opts.setProperty(WSSHandlerConstants.INFLOW_SECURITY,
> >> getInflowConfiguration());
> >> opts.setProperty(WSSHandlerConstants.USE_DOOM,
> >> org.apache.axis2.Constants.VALUE_TRUE);
> >> client.setOptions(opts);
> >>
> >> //Engage rampart
> >> client.engageModule("rampart");
> >>
> >> DataHandler dh = new DataHandler(new
> >> FileDataSource("D:\\software\\axis2-1.6.1\\samples\\mtom\\build.xml"));
> >>
> >> client.invokeRobust(new QName("http://client.mtom.sample",
> "echo"),
> >> new Object[]{dh});
> >> }
> >>
> >> public static Parameter getOutflowConfiguration() {
> >> OutflowConfiguration ofc = new OutflowConfiguration();
> >> ofc.setActionItems("Signature");
> >> ofc.setUser("client");
> >> ofc.setPasswordCallbackClass("sample.mtom.client.PWCBHandler");
> >> ofc.setSignaturePropFile("client.properties");
> >>
> >> ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
> >>
> ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.ISSUER_SERIAL);
> >> ofc.setEncryptionUser("service");
> >> return ofc.getProperty();
> >> }
> >>
> >> public static Parameter getInflowConfiguration() {
> >> InflowConfiguration ifc = new InflowConfiguration();
> >> ifc.setActionItems("Signature");
> >> ifc.setSignaturePropFile("client.properties");
> >> return ifc.getProperty();
> >> }
> >>
> >> }
> >>
> >>
> >>
> >> Without DOOM
> >>
> >> public class BinaryClient {
> >>
> >> public static void main(String[] args) throws Exception {
> >>
> >> ConfigurationContext ctx =
> >>
> ConfigurationContextFactory.createConfigurationContextFromFileSystem("D:\\software\\axis2-1.6.1\\repository",
> >> "D:\\software\\axis2-1.6.1\\samples\\mtom\\src\\client.axis2-2.xml");
> >> RPCServiceClient client = new RPCServiceClient(ctx, null);
> >> Options opts = new Options();
> >> opts.setAction("ns:echo");
> >> EndpointReference to = new EndpointReference();
> >> to.setAddress("http://localhost:8080/anywhere");
> >> opts.setTo(to);
> >>
> >> opts.setProperty(org.apache.axis2.Constants.Configuration.ENABLE_MTOM,
> >> org.apache.axis2.Constants.VALUE_TRUE);
> >> //Set the rampart parameters
> >> opts.setProperty(WSSHandlerConstants.OUTFLOW_SECURITY,
> >> getOutflowConfiguration());
> >> opts.setProperty(WSSHandlerConstants.INFLOW_SECURITY,
> >> getInflowConfiguration());
> >> // opts.setProperty(WSSHandlerConstants.USE_DOOM,
> >> org.apache.axis2.Constants.VALUE_TRUE);
> >> client.setOptions(opts);
> >>
> >> //Engage rampart
> >> client.engageModule("rampart");
> >>
> >> DataHandler dh = new DataHandler(new
> >> FileDataSource("D:\\software\\axis2-1.6.1\\samples\\mtom\\build.xml"));
> >>
> >> client.invokeRobust(new QName("http://client.mtom.sample",
> "echo"),
> >> new Object[]{dh});
> >> }
> >>
> >> public static Parameter getOutflowConfiguration() {
> >> OutflowConfiguration ofc = new OutflowConfiguration();
> >> ofc.setActionItems("Signature");
> >> ofc.setUser("client");
> >> ofc.setPasswordCallbackClass("sample.mtom.client.PWCBHandler");
> >> ofc.setSignaturePropFile("client.properties");
> >>
> >> ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
> >>
> ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.ISSUER_SERIAL);
> >> ofc.setEncryptionUser("service");
> >> return ofc.getProperty();
> >> }
> >>
> >> public static Parameter getInflowConfiguration() {
> >> InflowConfiguration ifc = new InflowConfiguration();
> >> ifc.setActionItems("Signature");
> >> ifc.setSignaturePropFile("client.properties");
> >> return ifc.getProperty();
> >> }
> >>
> >> }
> >>
> >>
> >> And given that the server after canonicalization will only expect one
> type
> >> of signature it fails.
> >>
> >>
> >>
> >>
> >> On Thu, Dec 29, 2011 at 1:26 PM, Andreas Veithen <
> andreas.veithen@gmail.com>
> >> wrote:
> >>>
> >>> Can you sent use the code that produces the message causing the
> >>> problems, including everything you do to configure Rampart? That
> >>> should allow us to reproduce the problem.
> >>>
> >>> Andreas
> >>>
> >>> On Thu, Dec 29, 2011 at 17:16, Jaime Hablutzel Egoavil
> >>> <ha...@gmail.com> wrote:
> >>> > Axis 1.6.1, rampart 1.6.1, axiom 1.2.12
> >>> > By the way I discovered that this problem only arises when using
> >>> >
> >>> > client.invokeRobust(new QName("http://client.mtom.sample", "echo"),
> new
> >>> > Object[]{dh});
> >>> >
> >>> > And not with
> >>> >
> >>> > client.sendReceive(elem)
> >>> >
> >>> > And I'm looking that the first one creates
> >>> >
> >>> > <soapenv:Body
> >>> >
> >>> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> >>> > wsu:Id="id-2"><echo xmlns="http://client.mtom.sample"><arg0
> >>> > xmlns=""><xop:Include xmlns:xop="
> http://www.w3.org/2004/08/xop/include"
> >>> > href="
> cid:0710aab4c96720a1886956170b3b109376c02d3e09c5233e@apache.org"
> >>> > /></arg0></echo></soapenv:Body>
> >>> >
> >>> > And the second one:
> >>> >
> >>> > <soapenv:Body
> >>> >
> >>> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> >>> > wsu:Id="id-2"><ns1:echo
> >>> > xmlns:ns1="http://client.mtom.sample"><arg0><xop:Include
> >>> > xmlns:xop="http://www.w3.org/2004/08/xop/include"
> >>> > href="
> cid:ff5f2e1026b6fe4b08a45687431ea67221606586a337e626@apache.org"
> >>> > /></arg0></ns1:echo></soapenv:Body>
> >>> >
> >>> >
> >>> > Anyway using the second it is working but with the first the stripped
> >>> > xmlns="" makes the signature value different so the server after
> >>> > canonicalization produces a different value and validation fails
> >>> >
> >>> > On Thu, Dec 29, 2011 at 4:31 AM, Andreas Veithen
> >>> > <an...@gmail.com>
> >>> > wrote:
> >>> >>
> >>> >> What are the Axis2, Rampart and Axiom versions that you are using?
> >>> >>
> >>> >> Andreas
> >>> >>
> >>> >> On Tue, Dec 27, 2011 at 23:18, Jaime Hablutzel Egoavil
> >>> >> <ha...@gmail.com> wrote:
> >>> >> > Hi I want to post an apparent bug when DOOM option is activated in
> >>> >> > the
> >>> >> > client, so the SOAP message include xop:Include even when using
> >>> >> > WS-Signature
> >>> >> > and doesn't send the message in base64, this way getting
> advantage of
> >>> >> > MTOM.
> >>> >> >
> >>> >> > When using DOOM the canonicalized data to create the digest is:
> >>> >> >
> >>> >> > <soapenv:Body
> >>> >> > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
> >>> >> >
> >>> >> >
> >>> >> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> >>> >> > wsu:Id="id-2"><echo
> >>> >> >
> >>> >> >
> >>> >> > xmlns="http://client.mtom.sample
> "><arg0>b3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ucHJvdmlkZXI9b3JnLmFwYWNoZS53cy5zZWN1cml0eS5jb21wb25lbnRzLmNyeXB0by5NZXJsaW4Kb3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ubWVybGluLmtleXN0b3JlLnR5cGU9amtzCm9yZy5hcGFjaGUud3Muc2VjdXJpdHkuY3J5cHRvLm1lcmxpbi5rZXlzdG9yZS5wYXNzd29yZD1hcGFjaGUKb3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ubWVybGluLmZpbGU9Y2xpZW50Lmprcw==</arg0></echo></soapenv:Body>
> >>> >> >
> >>> >> > But when DOOM is disabled the data is:
> >>> >> >
> >>> >> > <soapenv:Body
> >>> >> > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
> >>> >> >
> >>> >> >
> >>> >> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> >>> >> > wsu:Id="id-2"><echo xmlns="http://client.mtom.sample"><arg0
> >>> >> >
> >>> >> >
> >>> >> >
> xmlns="">b3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ucHJvdmlkZXI9b3JnLmFwYWNoZS53cy5zZWN1cml0eS5jb21wb25lbnRzLmNyeXB0by5NZXJsaW4Kb3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ubWVybGluLmtleXN0b3JlLnR5cGU9amtzCm9yZy5hcGFjaGUud3Muc2VjdXJpdHkuY3J5cHRvLm1lcmxpbi5rZXlzdG9yZS5wYXNzd29yZD1hcGFjaGUKb3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ubWVybGluLmZpbGU9Y2xpZW50Lmprcw==</arg0></echo></soapenv:Body>
> >>> >> >
> >>> >> > Look at the difference in red color. This causes the digest value
> to
> >>> >> > be
> >>> >> > different so the server gets confused and is unable to validate
> the
> >>> >> > signature when using DOOM in the client. A workaround seems to be
> to
> >>> >> > use
> >>> >> > only namespaced elements so the xmlns="" doesn't get generated
> never.
> >>> >> >
> >>> >> > I would like to know if someone has reached this problem when
> using
> >>> >> > MTOM
> >>> >> > +
> >>> >> > WS-Signature in axis 2.
> >>> >> >
> >>> >> > Other thing, DOOM option is not really well documented anywhere in
> >>> >> > axis2
> >>> >> > website and I just found that it was available to make real MTOM
> with
> >>> >> > WS-Signature debugging the source code for three days u.u.
> >>> >> >
> >>> >> > Good bye
> >>> >> >
> >>> >> >
> >>> >> >
> >>> >> > --
> >>> >> > Jaime Hablutzel - 9-9956-3299
> >>> >> >
> >>> >> > (tildes omitidas intencionalmente)
> >>> >>
> >>> >>
> ---------------------------------------------------------------------
> >>> >> To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
> >>> >> For additional commands, e-mail: java-dev-help@axis.apache.org
> >>> >>
> >>> >
> >>> >
> >>> >
> >>> > --
> >>> > Jaime Hablutzel - 9-9956-3299
> >>> >
> >>> > (tildes omitidas intencionalmente)
> >>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
> >>> For additional commands, e-mail: java-dev-help@axis.apache.org
> >>>
> >>
> >>
> >>
> >> --
> >> Jaime Hablutzel - 9-9956-3299
> >>
> >> (tildes omitidas intencionalmente)
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
> For additional commands, e-mail: java-dev-help@axis.apache.org
>
>
--
Jaime Hablutzel - 9-9956-3299
(tildes omitidas intencionalmente)
Re: MTOM, DOOM and axis 2
Posted by Andreas Veithen <an...@gmail.com>.
I've fixed AXIOM-408 and that solves the signature issue. Fresh
1.6.2-SNAPSHOT builds including that change are available here:
https://builds.apache.org/job/axis2-1.6/lastBuild/org.apache.axis2$distribution/
https://builds.apache.org/job/rampart-1.6/lastBuild/org.apache.rampart$rampart-dist/
Andreas
On Sat, Jan 7, 2012 at 12:20, Andreas Veithen <an...@gmail.com> wrote:
> Thanks for the code, Jaime.
>
> I think that I have identified the root cause of the issue:
> https://issues.apache.org/jira/browse/AXIOM-408
>
> Andreas
>
> On Fri, Jan 6, 2012 at 00:43, Jaime Hablutzel Egoavil
> <ha...@gmail.com> wrote:
>> OK, the client code that generates two different signatures but transports
>> the equivalent thing over the network is:
>>
>> DOOM enabled
>>
>> public class BinaryClient {
>>
>> public static void main(String[] args) throws Exception {
>>
>> ConfigurationContext ctx =
>> ConfigurationContextFactory.createConfigurationContextFromFileSystem("D:\\software\\axis2-1.6.1\\repository",
>> "D:\\software\\axis2-1.6.1\\samples\\mtom\\src\\client.axis2-2.xml");
>> RPCServiceClient client = new RPCServiceClient(ctx, null);
>> Options opts = new Options();
>> opts.setAction("ns:echo");
>> EndpointReference to = new EndpointReference();
>> to.setAddress("http://localhost:8080/anywhere");
>> opts.setTo(to);
>>
>> opts.setProperty(org.apache.axis2.Constants.Configuration.ENABLE_MTOM,
>> org.apache.axis2.Constants.VALUE_TRUE);
>> //Set the rampart parameters
>> opts.setProperty(WSSHandlerConstants.OUTFLOW_SECURITY,
>> getOutflowConfiguration());
>> opts.setProperty(WSSHandlerConstants.INFLOW_SECURITY,
>> getInflowConfiguration());
>> opts.setProperty(WSSHandlerConstants.USE_DOOM,
>> org.apache.axis2.Constants.VALUE_TRUE);
>> client.setOptions(opts);
>>
>> //Engage rampart
>> client.engageModule("rampart");
>>
>> DataHandler dh = new DataHandler(new
>> FileDataSource("D:\\software\\axis2-1.6.1\\samples\\mtom\\build.xml"));
>>
>> client.invokeRobust(new QName("http://client.mtom.sample", "echo"),
>> new Object[]{dh});
>> }
>>
>> public static Parameter getOutflowConfiguration() {
>> OutflowConfiguration ofc = new OutflowConfiguration();
>> ofc.setActionItems("Signature");
>> ofc.setUser("client");
>> ofc.setPasswordCallbackClass("sample.mtom.client.PWCBHandler");
>> ofc.setSignaturePropFile("client.properties");
>>
>> ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
>> ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.ISSUER_SERIAL);
>> ofc.setEncryptionUser("service");
>> return ofc.getProperty();
>> }
>>
>> public static Parameter getInflowConfiguration() {
>> InflowConfiguration ifc = new InflowConfiguration();
>> ifc.setActionItems("Signature");
>> ifc.setSignaturePropFile("client.properties");
>> return ifc.getProperty();
>> }
>>
>> }
>>
>>
>>
>> Without DOOM
>>
>> public class BinaryClient {
>>
>> public static void main(String[] args) throws Exception {
>>
>> ConfigurationContext ctx =
>> ConfigurationContextFactory.createConfigurationContextFromFileSystem("D:\\software\\axis2-1.6.1\\repository",
>> "D:\\software\\axis2-1.6.1\\samples\\mtom\\src\\client.axis2-2.xml");
>> RPCServiceClient client = new RPCServiceClient(ctx, null);
>> Options opts = new Options();
>> opts.setAction("ns:echo");
>> EndpointReference to = new EndpointReference();
>> to.setAddress("http://localhost:8080/anywhere");
>> opts.setTo(to);
>>
>> opts.setProperty(org.apache.axis2.Constants.Configuration.ENABLE_MTOM,
>> org.apache.axis2.Constants.VALUE_TRUE);
>> //Set the rampart parameters
>> opts.setProperty(WSSHandlerConstants.OUTFLOW_SECURITY,
>> getOutflowConfiguration());
>> opts.setProperty(WSSHandlerConstants.INFLOW_SECURITY,
>> getInflowConfiguration());
>> // opts.setProperty(WSSHandlerConstants.USE_DOOM,
>> org.apache.axis2.Constants.VALUE_TRUE);
>> client.setOptions(opts);
>>
>> //Engage rampart
>> client.engageModule("rampart");
>>
>> DataHandler dh = new DataHandler(new
>> FileDataSource("D:\\software\\axis2-1.6.1\\samples\\mtom\\build.xml"));
>>
>> client.invokeRobust(new QName("http://client.mtom.sample", "echo"),
>> new Object[]{dh});
>> }
>>
>> public static Parameter getOutflowConfiguration() {
>> OutflowConfiguration ofc = new OutflowConfiguration();
>> ofc.setActionItems("Signature");
>> ofc.setUser("client");
>> ofc.setPasswordCallbackClass("sample.mtom.client.PWCBHandler");
>> ofc.setSignaturePropFile("client.properties");
>>
>> ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
>> ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.ISSUER_SERIAL);
>> ofc.setEncryptionUser("service");
>> return ofc.getProperty();
>> }
>>
>> public static Parameter getInflowConfiguration() {
>> InflowConfiguration ifc = new InflowConfiguration();
>> ifc.setActionItems("Signature");
>> ifc.setSignaturePropFile("client.properties");
>> return ifc.getProperty();
>> }
>>
>> }
>>
>>
>> And given that the server after canonicalization will only expect one type
>> of signature it fails.
>>
>>
>>
>>
>> On Thu, Dec 29, 2011 at 1:26 PM, Andreas Veithen <an...@gmail.com>
>> wrote:
>>>
>>> Can you sent use the code that produces the message causing the
>>> problems, including everything you do to configure Rampart? That
>>> should allow us to reproduce the problem.
>>>
>>> Andreas
>>>
>>> On Thu, Dec 29, 2011 at 17:16, Jaime Hablutzel Egoavil
>>> <ha...@gmail.com> wrote:
>>> > Axis 1.6.1, rampart 1.6.1, axiom 1.2.12
>>> > By the way I discovered that this problem only arises when using
>>> >
>>> > client.invokeRobust(new QName("http://client.mtom.sample", "echo"), new
>>> > Object[]{dh});
>>> >
>>> > And not with
>>> >
>>> > client.sendReceive(elem)
>>> >
>>> > And I'm looking that the first one creates
>>> >
>>> > <soapenv:Body
>>> >
>>> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>>> > wsu:Id="id-2"><echo xmlns="http://client.mtom.sample"><arg0
>>> > xmlns=""><xop:Include xmlns:xop="http://www.w3.org/2004/08/xop/include"
>>> > href="cid:0710aab4c96720a1886956170b3b109376c02d3e09c5233e@apache.org"
>>> > /></arg0></echo></soapenv:Body>
>>> >
>>> > And the second one:
>>> >
>>> > <soapenv:Body
>>> >
>>> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>>> > wsu:Id="id-2"><ns1:echo
>>> > xmlns:ns1="http://client.mtom.sample"><arg0><xop:Include
>>> > xmlns:xop="http://www.w3.org/2004/08/xop/include"
>>> > href="cid:ff5f2e1026b6fe4b08a45687431ea67221606586a337e626@apache.org"
>>> > /></arg0></ns1:echo></soapenv:Body>
>>> >
>>> >
>>> > Anyway using the second it is working but with the first the stripped
>>> > xmlns="" makes the signature value different so the server after
>>> > canonicalization produces a different value and validation fails
>>> >
>>> > On Thu, Dec 29, 2011 at 4:31 AM, Andreas Veithen
>>> > <an...@gmail.com>
>>> > wrote:
>>> >>
>>> >> What are the Axis2, Rampart and Axiom versions that you are using?
>>> >>
>>> >> Andreas
>>> >>
>>> >> On Tue, Dec 27, 2011 at 23:18, Jaime Hablutzel Egoavil
>>> >> <ha...@gmail.com> wrote:
>>> >> > Hi I want to post an apparent bug when DOOM option is activated in
>>> >> > the
>>> >> > client, so the SOAP message include xop:Include even when using
>>> >> > WS-Signature
>>> >> > and doesn't send the message in base64, this way getting advantage of
>>> >> > MTOM.
>>> >> >
>>> >> > When using DOOM the canonicalized data to create the digest is:
>>> >> >
>>> >> > <soapenv:Body
>>> >> > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
>>> >> >
>>> >> >
>>> >> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>>> >> > wsu:Id="id-2"><echo
>>> >> >
>>> >> >
>>> >> > xmlns="http://client.mtom.sample"><arg0>b3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ucHJvdmlkZXI9b3JnLmFwYWNoZS53cy5zZWN1cml0eS5jb21wb25lbnRzLmNyeXB0by5NZXJsaW4Kb3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ubWVybGluLmtleXN0b3JlLnR5cGU9amtzCm9yZy5hcGFjaGUud3Muc2VjdXJpdHkuY3J5cHRvLm1lcmxpbi5rZXlzdG9yZS5wYXNzd29yZD1hcGFjaGUKb3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ubWVybGluLmZpbGU9Y2xpZW50Lmprcw==</arg0></echo></soapenv:Body>
>>> >> >
>>> >> > But when DOOM is disabled the data is:
>>> >> >
>>> >> > <soapenv:Body
>>> >> > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
>>> >> >
>>> >> >
>>> >> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>>> >> > wsu:Id="id-2"><echo xmlns="http://client.mtom.sample"><arg0
>>> >> >
>>> >> >
>>> >> > xmlns="">b3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ucHJvdmlkZXI9b3JnLmFwYWNoZS53cy5zZWN1cml0eS5jb21wb25lbnRzLmNyeXB0by5NZXJsaW4Kb3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ubWVybGluLmtleXN0b3JlLnR5cGU9amtzCm9yZy5hcGFjaGUud3Muc2VjdXJpdHkuY3J5cHRvLm1lcmxpbi5rZXlzdG9yZS5wYXNzd29yZD1hcGFjaGUKb3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ubWVybGluLmZpbGU9Y2xpZW50Lmprcw==</arg0></echo></soapenv:Body>
>>> >> >
>>> >> > Look at the difference in red color. This causes the digest value to
>>> >> > be
>>> >> > different so the server gets confused and is unable to validate the
>>> >> > signature when using DOOM in the client. A workaround seems to be to
>>> >> > use
>>> >> > only namespaced elements so the xmlns="" doesn't get generated never.
>>> >> >
>>> >> > I would like to know if someone has reached this problem when using
>>> >> > MTOM
>>> >> > +
>>> >> > WS-Signature in axis 2.
>>> >> >
>>> >> > Other thing, DOOM option is not really well documented anywhere in
>>> >> > axis2
>>> >> > website and I just found that it was available to make real MTOM with
>>> >> > WS-Signature debugging the source code for three days u.u.
>>> >> >
>>> >> > Good bye
>>> >> >
>>> >> >
>>> >> >
>>> >> > --
>>> >> > Jaime Hablutzel - 9-9956-3299
>>> >> >
>>> >> > (tildes omitidas intencionalmente)
>>> >>
>>> >> ---------------------------------------------------------------------
>>> >> To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
>>> >> For additional commands, e-mail: java-dev-help@axis.apache.org
>>> >>
>>> >
>>> >
>>> >
>>> > --
>>> > Jaime Hablutzel - 9-9956-3299
>>> >
>>> > (tildes omitidas intencionalmente)
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
>>> For additional commands, e-mail: java-dev-help@axis.apache.org
>>>
>>
>>
>>
>> --
>> Jaime Hablutzel - 9-9956-3299
>>
>> (tildes omitidas intencionalmente)
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org
Re: MTOM, DOOM and axis 2
Posted by Andreas Veithen <an...@gmail.com>.
Thanks for the code, Jaime.
I think that I have identified the root cause of the issue:
https://issues.apache.org/jira/browse/AXIOM-408
Andreas
On Fri, Jan 6, 2012 at 00:43, Jaime Hablutzel Egoavil
<ha...@gmail.com> wrote:
> OK, the client code that generates two different signatures but transports
> the equivalent thing over the network is:
>
> DOOM enabled
>
> public class BinaryClient {
>
> public static void main(String[] args) throws Exception {
>
> ConfigurationContext ctx =
> ConfigurationContextFactory.createConfigurationContextFromFileSystem("D:\\software\\axis2-1.6.1\\repository",
> "D:\\software\\axis2-1.6.1\\samples\\mtom\\src\\client.axis2-2.xml");
> RPCServiceClient client = new RPCServiceClient(ctx, null);
> Options opts = new Options();
> opts.setAction("ns:echo");
> EndpointReference to = new EndpointReference();
> to.setAddress("http://localhost:8080/anywhere");
> opts.setTo(to);
>
> opts.setProperty(org.apache.axis2.Constants.Configuration.ENABLE_MTOM,
> org.apache.axis2.Constants.VALUE_TRUE);
> //Set the rampart parameters
> opts.setProperty(WSSHandlerConstants.OUTFLOW_SECURITY,
> getOutflowConfiguration());
> opts.setProperty(WSSHandlerConstants.INFLOW_SECURITY,
> getInflowConfiguration());
> opts.setProperty(WSSHandlerConstants.USE_DOOM,
> org.apache.axis2.Constants.VALUE_TRUE);
> client.setOptions(opts);
>
> //Engage rampart
> client.engageModule("rampart");
>
> DataHandler dh = new DataHandler(new
> FileDataSource("D:\\software\\axis2-1.6.1\\samples\\mtom\\build.xml"));
>
> client.invokeRobust(new QName("http://client.mtom.sample", "echo"),
> new Object[]{dh});
> }
>
> public static Parameter getOutflowConfiguration() {
> OutflowConfiguration ofc = new OutflowConfiguration();
> ofc.setActionItems("Signature");
> ofc.setUser("client");
> ofc.setPasswordCallbackClass("sample.mtom.client.PWCBHandler");
> ofc.setSignaturePropFile("client.properties");
>
> ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
> ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.ISSUER_SERIAL);
> ofc.setEncryptionUser("service");
> return ofc.getProperty();
> }
>
> public static Parameter getInflowConfiguration() {
> InflowConfiguration ifc = new InflowConfiguration();
> ifc.setActionItems("Signature");
> ifc.setSignaturePropFile("client.properties");
> return ifc.getProperty();
> }
>
> }
>
>
>
> Without DOOM
>
> public class BinaryClient {
>
> public static void main(String[] args) throws Exception {
>
> ConfigurationContext ctx =
> ConfigurationContextFactory.createConfigurationContextFromFileSystem("D:\\software\\axis2-1.6.1\\repository",
> "D:\\software\\axis2-1.6.1\\samples\\mtom\\src\\client.axis2-2.xml");
> RPCServiceClient client = new RPCServiceClient(ctx, null);
> Options opts = new Options();
> opts.setAction("ns:echo");
> EndpointReference to = new EndpointReference();
> to.setAddress("http://localhost:8080/anywhere");
> opts.setTo(to);
>
> opts.setProperty(org.apache.axis2.Constants.Configuration.ENABLE_MTOM,
> org.apache.axis2.Constants.VALUE_TRUE);
> //Set the rampart parameters
> opts.setProperty(WSSHandlerConstants.OUTFLOW_SECURITY,
> getOutflowConfiguration());
> opts.setProperty(WSSHandlerConstants.INFLOW_SECURITY,
> getInflowConfiguration());
> // opts.setProperty(WSSHandlerConstants.USE_DOOM,
> org.apache.axis2.Constants.VALUE_TRUE);
> client.setOptions(opts);
>
> //Engage rampart
> client.engageModule("rampart");
>
> DataHandler dh = new DataHandler(new
> FileDataSource("D:\\software\\axis2-1.6.1\\samples\\mtom\\build.xml"));
>
> client.invokeRobust(new QName("http://client.mtom.sample", "echo"),
> new Object[]{dh});
> }
>
> public static Parameter getOutflowConfiguration() {
> OutflowConfiguration ofc = new OutflowConfiguration();
> ofc.setActionItems("Signature");
> ofc.setUser("client");
> ofc.setPasswordCallbackClass("sample.mtom.client.PWCBHandler");
> ofc.setSignaturePropFile("client.properties");
>
> ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
> ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.ISSUER_SERIAL);
> ofc.setEncryptionUser("service");
> return ofc.getProperty();
> }
>
> public static Parameter getInflowConfiguration() {
> InflowConfiguration ifc = new InflowConfiguration();
> ifc.setActionItems("Signature");
> ifc.setSignaturePropFile("client.properties");
> return ifc.getProperty();
> }
>
> }
>
>
> And given that the server after canonicalization will only expect one type
> of signature it fails.
>
>
>
>
> On Thu, Dec 29, 2011 at 1:26 PM, Andreas Veithen <an...@gmail.com>
> wrote:
>>
>> Can you sent use the code that produces the message causing the
>> problems, including everything you do to configure Rampart? That
>> should allow us to reproduce the problem.
>>
>> Andreas
>>
>> On Thu, Dec 29, 2011 at 17:16, Jaime Hablutzel Egoavil
>> <ha...@gmail.com> wrote:
>> > Axis 1.6.1, rampart 1.6.1, axiom 1.2.12
>> > By the way I discovered that this problem only arises when using
>> >
>> > client.invokeRobust(new QName("http://client.mtom.sample", "echo"), new
>> > Object[]{dh});
>> >
>> > And not with
>> >
>> > client.sendReceive(elem)
>> >
>> > And I'm looking that the first one creates
>> >
>> > <soapenv:Body
>> >
>> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>> > wsu:Id="id-2"><echo xmlns="http://client.mtom.sample"><arg0
>> > xmlns=""><xop:Include xmlns:xop="http://www.w3.org/2004/08/xop/include"
>> > href="cid:0710aab4c96720a1886956170b3b109376c02d3e09c5233e@apache.org"
>> > /></arg0></echo></soapenv:Body>
>> >
>> > And the second one:
>> >
>> > <soapenv:Body
>> >
>> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>> > wsu:Id="id-2"><ns1:echo
>> > xmlns:ns1="http://client.mtom.sample"><arg0><xop:Include
>> > xmlns:xop="http://www.w3.org/2004/08/xop/include"
>> > href="cid:ff5f2e1026b6fe4b08a45687431ea67221606586a337e626@apache.org"
>> > /></arg0></ns1:echo></soapenv:Body>
>> >
>> >
>> > Anyway using the second it is working but with the first the stripped
>> > xmlns="" makes the signature value different so the server after
>> > canonicalization produces a different value and validation fails
>> >
>> > On Thu, Dec 29, 2011 at 4:31 AM, Andreas Veithen
>> > <an...@gmail.com>
>> > wrote:
>> >>
>> >> What are the Axis2, Rampart and Axiom versions that you are using?
>> >>
>> >> Andreas
>> >>
>> >> On Tue, Dec 27, 2011 at 23:18, Jaime Hablutzel Egoavil
>> >> <ha...@gmail.com> wrote:
>> >> > Hi I want to post an apparent bug when DOOM option is activated in
>> >> > the
>> >> > client, so the SOAP message include xop:Include even when using
>> >> > WS-Signature
>> >> > and doesn't send the message in base64, this way getting advantage of
>> >> > MTOM.
>> >> >
>> >> > When using DOOM the canonicalized data to create the digest is:
>> >> >
>> >> > <soapenv:Body
>> >> > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
>> >> >
>> >> >
>> >> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>> >> > wsu:Id="id-2"><echo
>> >> >
>> >> >
>> >> > xmlns="http://client.mtom.sample"><arg0>b3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ucHJvdmlkZXI9b3JnLmFwYWNoZS53cy5zZWN1cml0eS5jb21wb25lbnRzLmNyeXB0by5NZXJsaW4Kb3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ubWVybGluLmtleXN0b3JlLnR5cGU9amtzCm9yZy5hcGFjaGUud3Muc2VjdXJpdHkuY3J5cHRvLm1lcmxpbi5rZXlzdG9yZS5wYXNzd29yZD1hcGFjaGUKb3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ubWVybGluLmZpbGU9Y2xpZW50Lmprcw==</arg0></echo></soapenv:Body>
>> >> >
>> >> > But when DOOM is disabled the data is:
>> >> >
>> >> > <soapenv:Body
>> >> > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
>> >> >
>> >> >
>> >> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>> >> > wsu:Id="id-2"><echo xmlns="http://client.mtom.sample"><arg0
>> >> >
>> >> >
>> >> > xmlns="">b3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ucHJvdmlkZXI9b3JnLmFwYWNoZS53cy5zZWN1cml0eS5jb21wb25lbnRzLmNyeXB0by5NZXJsaW4Kb3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ubWVybGluLmtleXN0b3JlLnR5cGU9amtzCm9yZy5hcGFjaGUud3Muc2VjdXJpdHkuY3J5cHRvLm1lcmxpbi5rZXlzdG9yZS5wYXNzd29yZD1hcGFjaGUKb3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ubWVybGluLmZpbGU9Y2xpZW50Lmprcw==</arg0></echo></soapenv:Body>
>> >> >
>> >> > Look at the difference in red color. This causes the digest value to
>> >> > be
>> >> > different so the server gets confused and is unable to validate the
>> >> > signature when using DOOM in the client. A workaround seems to be to
>> >> > use
>> >> > only namespaced elements so the xmlns="" doesn't get generated never.
>> >> >
>> >> > I would like to know if someone has reached this problem when using
>> >> > MTOM
>> >> > +
>> >> > WS-Signature in axis 2.
>> >> >
>> >> > Other thing, DOOM option is not really well documented anywhere in
>> >> > axis2
>> >> > website and I just found that it was available to make real MTOM with
>> >> > WS-Signature debugging the source code for three days u.u.
>> >> >
>> >> > Good bye
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> > Jaime Hablutzel - 9-9956-3299
>> >> >
>> >> > (tildes omitidas intencionalmente)
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
>> >> For additional commands, e-mail: java-dev-help@axis.apache.org
>> >>
>> >
>> >
>> >
>> > --
>> > Jaime Hablutzel - 9-9956-3299
>> >
>> > (tildes omitidas intencionalmente)
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
>> For additional commands, e-mail: java-dev-help@axis.apache.org
>>
>
>
>
> --
> Jaime Hablutzel - 9-9956-3299
>
> (tildes omitidas intencionalmente)
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org