ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WSS-520) Searching in wrong path for the message.
Date Mon, 22 Dec 2014 10:41:14 GMT

    [ https://issues.apache.org/jira/browse/WSS-520?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14255623#comment-14255623
] 

Colm O hEigeartaigh commented on WSS-520:
-----------------------------------------

If WSS4J is initialised correctly, it loads the WSS4J ResourceBundle + wraps the XML Security
ResourceBundle with it. Hence the code you referenced should work fine, as it should check
the WSS4J ResourceBundle first for the error message. 

So I'll ask again - how are you configuring WSS4J? Are you using CXF or some custom code?
If the latter, are you calling WSSConfig.init() before you do any work with the library?

Colm.

> Searching in wrong path for the message.
> ----------------------------------------
>
>                 Key: WSS-520
>                 URL: https://issues.apache.org/jira/browse/WSS-520
>             Project: WSS4J
>          Issue Type: Bug
>            Reporter: renu
>            Assignee: Colm O hEigeartaigh
>
>  Getting exception:
> Caused by: org.apache.wss4j.common.ext.WSSecurityException: No message with ID "certpath"
found in resource bundle "org/apache/xml/security/resource/xmlsecurity". Original Exception
was a java.security.cert.CertPathValidatorException and message basic constraints check failed:
this is not a CA certificate 
> Original Exception was java.security.cert.CertPathValidatorException: basic constraints
check failed: this is not a CA certificate 
>  at org.apache.wss4j.common.crypto.Merlin.verifyTrust(Merlin.java:933) 
>  at org.apache.wss4j.dom.validate.SignatureTrustValidator.verifyTrustInCerts(SignatureTrustValidator.java:108)

>  at org.apache.wss4j.dom.validate.SignatureTrustValidator.validate(SignatureTrustValidator.java:64)

>  at org.apache.wss4j.dom.validate.SamlAssertionValidator.verifySignedAssertion(SamlAssertionValidator.java:130)

>  at org.apache.wss4j.dom.validate.SamlAssertionValidator.validate(SamlAssertionValidator.java:109)

> Instead of searching the message in the resource bundle of wss4j , message is searched
in xml security and thus causing the exception.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message