axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Davanum Srinivas (JIRA)" <axis-...@ws.apache.org>
Subject [jira] Assigned: (AXIS-1458) Signature verification with WSS4J fails due to (guess) serialization bug in Axis
Date Sun, 01 May 2005 22:36:13 GMT
     [ http://issues.apache.org/jira/browse/AXIS-1458?page=all ]

Davanum Srinivas reassigned AXIS-1458:
--------------------------------------

    Assign To: Venkat Reddy

another one...

> Signature verification with WSS4J fails due to (guess) serialization bug in Axis
> --------------------------------------------------------------------------------
>
>          Key: AXIS-1458
>          URL: http://issues.apache.org/jira/browse/AXIS-1458
>      Project: Axis
>         Type: Bug
>   Components: Serialization/Deserialization
>     Versions: beta-1, beta-2
>  Environment: SuSE 9.1, JDK 1.4.2-b28
>     Reporter: Yves Langisch
>     Assignee: Venkat Reddy

>
> Here the problem description from my mail to the list:
> *********************
> All,
> I have following situation:
> - Client with WSDoAllSender (just signing)
> - Web Service with WSDOAllReceiver
> Client-side I read an XML instance document, manipulate it and send it
> over the signing handler to the web service. If I manipulate the
> document then the verification fails server-side. This is very strange
> since the signing process is at the very end of the handler chain. In
> order to manipulate the document I transform the file to a JDOM
> document, manipulate it, transform it back to a W3C document
> and add it to the body of the envelope. It seems to be this transformation from JDOM
to W3C which causes the verification to fail at server-side.
> Example:
> <snip1>
> InputStream i = new BufferedInputStream(new
> FileInputStream(declaration));
> envelope.addBodyElement(new SOAPBodyElement(i));
> response = call.invoke(envelope)
> </snip1>
> <snip2>
> // just do a transformation without any data manipulation
> org.jdom.Document aSDDoc =
> XMLHelper.getJDomDocumentFromFile(declaration);
> org.w3c.dom.Document d =
> XMLHelper.getW3CDocumentFromJDOMDocument(aSDDoc);
> envelope.addBodyElement(new SOAPBodyElement(d.getDocumentElement()));
> response = call.invoke(envelope)
> </snip2>
> The first one works fine (with Beta1, not with Beta2 -> same issue), the second one
fails at verification. Tracing the whole stuff I just found one difference between the two
calls. The second call has a duplicate namespace entry (with beta2 both calls have these duplicate
entries) in the body element which is valid though:
> <soapenv:Body wsu:Id="id-7719486" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><SDRequest
xmlns="http://xyz" xmlns:ns1="http://xyz">
> The W3C document hasn't yet this duplicate namespace but the printout of the envelope
before invoking the call already has this duplicate namespace entry. I saw that there are
different forms of representation of content in the SOAPEnvelope class thus I have the very
vague guess that the digest calculation is made on another representation (w/o the duplicate
ns) than the message which arrives at the other end.
> Any ideas where problem could be? My mistake? Axis or WSS4 problem?
> **************

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message