You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Raghu Kishore Kasturi <au...@gmail.com> on 2007/11/26 17:07:08 UTC
Problem with SOAP Message - Axis2
Hi,
I am using WSS4J with Axis2, using WSS4J just for signing and verification
of signing.
I am able to sign SOAP message successfully, the problem is with
verification of the signature at the service. When I send a SOAP message
from client it looks something similar to below:
<?xml version="1.0" encoding="utf-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<wsse:Security xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
">
<wsse:UsernameToken xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="UsernameToken-24737685">
<wsse:Username>wernerd</wsse:Username>
<wsse:Password Type="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest
">RzdB4Ur1SBLWCfdRlUeM8jhyIRw=</wsse:Password>
<wsse:Nonce>aaMV3pWSVnzq+hutuYaVfA==</wsse:Nonce>
<wsu:Created>2007-11-23T18:36:33.437Z</wsu:Created>
</wsse:UsernameToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
Id="Signature-6427893">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="
http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="
http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-31116492">
<ds:Transforms>
<ds:Transform Algorithm="
http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="
http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>mb2J2O4njheowdiX2qm4hR+Dxms=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
niLp9WWgpctet396SfSuwOg8x2M8P+ZX/e0wM7rUrvhRqMB/kAw+5LFhJ6Wjya9x5aSyPOTKMFxp
fin7CTljKA==
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-5076660">
<wsse:SecurityTokenReference xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="STRId-26598747">
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=dims</ds:X509IssuerName>
<ds:X509SerialNumber>44369778256217224370984914847992022613</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="id-31116492">
<ac:PostRq xmlns:ac="
http://www.ACORD.org/Standards/AcordMsgSvc/1.4.0" xmlns:wsa="
http://www.w3.org/2005/08/addressing" xmlns="
http://www.ACORD.org/Standards/AcordMsgSvc/Inbox" xsi:schemaLocation="
http://www.ACORD.org/Standards/AcordMsgSvc/1.4.0AcordMsgSvc_v-1-4-0.xsd">
<ac:Sender>
<ac:PartyId>urn:duns:123456789</ac:PartyId>
<ac:PartyRoleCd>xyz.com</ac:PartyRoleCd>
<ac:PartyName>Company Common Name</ac:PartyName>
</ac:Sender>
<ac:Receiver>
<ac:PartyId>urn:duns:123456789</ac:PartyId>
<ac:PartyRoleCd>Broker</ac:PartyRoleCd>
<ac:PartyName>Company Common Name</ac:PartyName>
</ac:Receiver>
<ac:Application>
<ac:ApplicationCd>Jv-Ins-Reinsurance</ac:ApplicationCd>
<ac:SchemaVersion>
http://www.ACORD.org/Standards/Jv-Ins-Reinsurance/2003-1</ac:SchemaVersion>
</ac:Application>
<ac:TimeStamp>2003-01-18T13:10:00-05:00</ac:TimeStamp>
<wsa:EndpointReference>
<wsa:Address>urn:xyz.com:department:abc</wsa:Address>
</wsa:EndpointReference>
<wsa:EndpointReference>
<wsa:Address>mailto:joe@xyz.com</wsa:Address>
</wsa:EndpointReference>
</ac:PostRq>
</soapenv:Body>
</soapenv:Envelope>
But when I try to print the message at the service is as below:
<?xml version="1.0" encoding="utf-8"?>
<soapenv:Envelope xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:soapenv="
http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/
">
<wsse:Security xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
">
<wsse:UsernameToken xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="UsernameToken-24737685">
<wsse:Username xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
">wernerd</wsse:Username>
<wsse:Password xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
Type="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest
">RzdB4Ur1SBLWCfdRlUeM8jhyIRw=</wsse:Password>
<wsse:Nonce xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
">aaMV3pWSVnzq+hutuYaVfA==</wsse:Nonce>
<wsu:Created xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
">2007-11-23T18:36:33.437Z</wsu:Created>
</wsse:UsernameToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
Id="Signature-6427893">
<ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#
">
<ds:CanonicalizationMethod xmlns:ds="
http://www.w3.org/2000/09/xmldsig#" Algorithm="
http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod xmlns:ds="
http://www.w3.org/2000/09/xmldsig#" Algorithm="
http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference xmlns:ds="
http://www.w3.org/2000/09/xmldsig#" URI="#id-31116492">
<ds:Transforms xmlns:ds="
http://www.w3.org/2000/09/xmldsig#">
<ds:Transform xmlns:ds="
http://www.w3.org/2000/09/xmldsig#" Algorithm="
http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod xmlns:ds="
http://www.w3.org/2000/09/xmldsig#" Algorithm="
http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue xmlns:ds="
http://www.w3.org/2000/09/xmldsig#
">mb2J2O4njheowdiX2qm4hR+Dxms=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue xmlns:ds="
http://www.w3.org/2000/09/xmldsig#">
niLp9WWgpctet396SfSuwOg8x2M8P+ZX/e0wM7rUrvhRqMB/kAw+5LFhJ6Wjya9x5aSyPOTKMFxp
fin7CTljKA==
</ds:SignatureValue>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
Id="KeyId-5076660">
<wsse:SecurityTokenReference xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="STRId-26598747">
<ds:X509Data xmlns:ds="
http://www.w3.org/2000/09/xmldsig#">
<ds:X509IssuerSerial xmlns:ds="
http://www.w3.org/2000/09/xmldsig#">
<ds:X509IssuerName xmlns:ds="
http://www.w3.org/2000/09/xmldsig#">CN=dims</ds:X509IssuerName>
<ds:X509SerialNumber xmlns:ds="
http://www.w3.org/2000/09/xmldsig#
">44369778256217224370984914847992022613</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
wsu:Id="id-31116492">
<ac:PostRq xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:ac="http://www.ACORD.org/Standards/AcordMsgSvc/1.4.0" xmlns="
http://www.ACORD.org/Standards/AcordMsgSvc/Inbox" xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="
http://www.ACORD.org/Standards/AcordMsgSvc/1.4.0AcordMsgSvc_v-1-4-0.xsd">
<ac:Sender xmlns:ac="
http://www.ACORD.org/Standards/AcordMsgSvc/1.4.0">
<ac:PartyId xmlns:ac="
http://www.ACORD.org/Standards/AcordMsgSvc/1.4.0
">urn:duns:123456789</ac:PartyId>
<ac:PartyRoleCd xmlns:ac="
http://www.ACORD.org/Standards/AcordMsgSvc/1.4.0">eReinsure.com,
Inc.</ac:PartyRoleCd>
<ac:PartyName xmlns:ac="
http://www.ACORD.org/Standards/AcordMsgSvc/1.4.0">Company Common
Name</ac:PartyName>
</ac:Sender>
<ac:Receiver xmlns:ac="
http://www.ACORD.org/Standards/AcordMsgSvc/1.4.0">
<ac:PartyId xmlns:ac="
http://www.ACORD.org/Standards/AcordMsgSvc/1.4.0
">urn:duns:123456789</ac:PartyId>
<ac:PartyRoleCd xmlns:ac="
http://www.ACORD.org/Standards/AcordMsgSvc/1.4.0">Broker</ac:PartyRoleCd>
<ac:PartyName xmlns:ac="
http://www.ACORD.org/Standards/AcordMsgSvc/1.4.0">Company Common
Name</ac:PartyName>
</ac:Receiver>
<ac:Application xmlns:ac="
http://www.ACORD.org/Standards/AcordMsgSvc/1.4.0">
<ac:ApplicationCd xmlns:ac="
http://www.ACORD.org/Standards/AcordMsgSvc/1.4.0
">Jv-Ins-Reinsurance</ac:ApplicationCd>
<ac:SchemaVersion xmlns:ac="
http://www.ACORD.org/Standards/AcordMsgSvc/1.4.0">
http://www.ACORD.org/Standards/Jv-Ins-Reinsurance/2003-1</ac:SchemaVersion>
</ac:Application>
<ac:TimeStamp xmlns:ac="
http://www.ACORD.org/Standards/AcordMsgSvc/1.4.0
">2003-01-18T13:10:00-05:00</ac:TimeStamp>
<wsa:EndpointReference xmlns:wsa="
http://www.w3.org/2005/08/addressing">
<wsa:Address xmlns:wsa="http://www.w3.org/2005/08/addressing
">urn:xyz.com:department:abc</wsa:Address>
</wsa:EndpointReference>
<wsa:EndpointReference xmlns:wsa="
http://www.w3.org/2005/08/addressing">
<wsa:Address xmlns:wsa="http://www.w3.org/2005/08/addressing
">mailto:joe@xyz.com</wsa:Address>
</wsa:EndpointReference>
</ac:PostRq>
</soapenv:Body>
</soapenv:Envelope>
If you observer closely Axis2 adds namespaces to each element in the soap
message, this is what causing for signature check failure. Can anyone
suggest me how to go ahead or some way to remove the namespaces from each
element.
Help in this regards is appreciated.
Thanks,
Raghu