aspose file tools*
The moose likes Web Services and the fly likes Problem while Encrypting SOAP body using Metro Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Web Services
Bookmark "Problem while Encrypting SOAP body using Metro" Watch "Problem while Encrypting SOAP body using Metro" New topic
Author

Problem while Encrypting SOAP body using Metro

somia razzaq
Ranch Hand

Joined: Jan 26, 2010
Posts: 44
Hi
I have developed a contract-first web service and its client. I have used Metro to implement ws-security at both ends. I am using Netbeans 6.0.1 and server Glassfish V2. My client is authenticated properly but i am facing problem in encryption of body of SOAP messages. The request SOAP message body is encrypted but i have found the following error for SOAP response message. Please help me. I am trying to solve the error from many days but invain.


Thanks
R Srini
Ranch Hand

Joined: Feb 19, 2010
Posts: 215
Hi. Did you find an answer to this? From the error message (com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.impl.PolicyViolationException: Expected Signature Element as per receiver requirements, found ReferenceList), it sounds like the web service is expecting a Signature element. Does your request have the Signature element? From the message, this looks like an authentication and XML message validation problem, not encryption. Can you post some relevant portions of the request?

Have you already seen these:
- http://blogs.sun.com/swchan/entry/troubleshooting_jaxws_message_level_security
- http://forums.java.net/jive/message.jspa?messageID=246400
- http://msdn.microsoft.com/en-us/library/ms996951.aspx#wssecauthwse_topic5 (Microsoft documentation with some good examples, but I am sure you can get corresponding Java docs)
somia razzaq
Ranch Hand

Joined: Jan 26, 2010
Posts: 44
Hi
First of all thanks for your reply. The request message is given below. I have used the metro tutorial to implement the ws-security using link "http://netbeans.org/kb/docs/websvc/wsit.html" . This tutorial do authenticatin, signature and encryption. Please help me, if you know any solution. If there is need to read WSDL file, i can send it.
Waiting for your reply.



Thanks
R Srini
Ranch Hand

Joined: Feb 19, 2010
Posts: 215
Hi. I tried with Glassfish v3, NetBeans 6.8 with JDK 1.6. It worked fine for me. So I would urge you do delete the project and try one more time, and maybe using 6.8 and glassfish v3. This is what I did in case you want to compare:

1. Select the SecureCalculator project and create it (steps 1 and 2 in your tutorial)
2. Doubleclick the CalculatorWS web service as instructed in step 3. Observe that Secure Service is selected
3. Click Advanced... button (step 4)
4. Click the Use Development Defaults checkbox (did you miss this? I think its important. The system needs a uid/pwd for the authentication, and checking this checkbox tells NetBeans to use the development defaults - not sure what those are though.)
5. Click to select SecureCalculatorApp project
6. Select Run menu, Clean and Build Main Project (you will see an error about the wsdl not being found, but the build will be successful)
7. Right-click SecureCalculatorApp and select Deploy to deploy the application (enter the userid/password) for Glassfish server when prompted)
8. Right-click SecureCalculatorClientApp and select Run
9. Observe the file SecureCalculatorApp->Web Pages->WEB-INF->wsit-org.me.calculatorWS.xml. Seems to me that all of the other web service code is the same as in a non-secure web service. This file contains the configuration information - vendor-specific I would guess - required to add the security pieces.

Ok hold on ... I just noticed on the page that the tutorial requires NetBeans 6.5/6.7/6.8 ... Ok I think that explains it then. Earlier versions of NetBeans probably do not have the necessary Glassfish tooling to generate the proper WSIT tags in the file from #9 above.
somia razzaq
Ranch Hand

Joined: Jan 26, 2010
Posts: 44
Hi
Really! you have run this tutorial. But i am facing problem still.
I have installed netbeans 6.8, server "Personal Glassfish V3 Domain" and JDK 1.6 to run this tutorial as you told. My first question is that in step 7 as you described "(enter the userid/password) for Glassfish server when prompted" , i am not prompted to enter userid/password for Glassfish server. But i have successfully deployed and run the SecureCalculatorApp service.
Secondly I am getting error during deploying SecureCalculatorClientApp that is as follows.
There is a node named "Generated sources(jax-ws)" when i expand the SecureCalculatorClientApp node. In this node there are six java classes, Add.java, AddResponse.java, CalculatorWS.java, CalculatorWSService.java, ObjectFactory.java and package-info.java. I am getting following error in CalculatorWSService.java class
"Compiling 2 source files to C:\Users\user\Documents\NetBeansProjects\SecureCalculator1\SecureCalculatorClientApp\build\web\WEB-INF\classes
C:\Users\user\Documents\NetBeansProjects\SecureCalculator1\SecureCalculatorClientApp\build\generated-sources\jax-ws\org\me\calculator\client\CalculatorWSService.java:68: cannot find symbol
symbol : method getPort(javax.xml.namespace.QName,java.lang.Class<org.me.calculator.client.CalculatorWS>,javax.xml.ws.WebServiceFeature[])
location: class javax.xml.ws.Service
return super.getPort(new QName("http://calculator.me.org/", "CalculatorWSPort"), CalculatorWS.class, features);
1 error"

Have you faced this error when you tried this tutorial. Please help me how can i remove this error.
waiting for your reply as usual.

Thanks
R Srini
Ranch Hand

Joined: Feb 19, 2010
Posts: 215
Hi. Yes, I think you are almost there now. I don't have NetBeans/Glassfish at work, but let me take a guess because I did get the error.

Note that you are referring to generated sources in the SecureCalculatorClientApp project, which is the client application. This client code is referring to a service class (CalculatorWS.class). In order to resolve this error, you need to clean and build (from the Run menu) the web service project. This will generate the CalculatorWS.class. Sounds like you have done this since you have deployed the service.

First, please make sure that you can see the wsdl. But you probably can't run call the service yet using tools like SOAP UI because they will not generate the security policy headers for a successful call to the web service.

Did you clean and build the client project also while the web service is deployed? I forgot to mention that.
somia razzaq
Ranch Hand

Joined: Jan 26, 2010
Posts: 44
Hi
i have followed all the instructions given by you and in this tutorial before. Also clean and build project option. But the error is there. If you know any other solution. kindly guide me.
Thanks
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42263
    
  64
somia razzaq,
please drop the habit of fully quoting every single post you reply to. Quoting is for short, relevant excerpts; otherwise, there's no point in it.


Ping & DNS - my free Android networking tools app
R Srini
Ranch Hand

Joined: Feb 19, 2010
Posts: 215
Ok. Lets do it one last time.

1. Uninstall other versions of glassfish. Keep v3
2. Uninstall other versions of Netbeans. Keep 6.8.
3. Use java 1.6
4. If you have multiple versions of the above installed then check the path environment variable and ensure that the desired versions' bin directories are in the path before the older versions' bin directories.
5. Go to the Services tab, Servers->GlassFish v3. Rightclick and start Glassfish
6. Go to the Services tab, Servers->GlassFish v3->Applications, and undeploy the SecureCalculator service and client applications
Note: At some point, I am prompted for the GlassFish user/password so Eclipse can login and undeploy the application. So make sure that this happens.
7. Delete the applications
Now, hopefully we have a clean slate.
8. File->New Project
9. In Samples->Web Services, select Secure Calculator and click Next
10. Ensure in the "New Sample Web Application" screen that "GlassFish v3" is selected for the server
11. Click Finish

Now, in the Tasks tab, I see the following two errors in ClientServlet.java (SecureCalculatorClientApp project):
a. Cannot find symbol: class CalculatorWSService location: class org.me.calculator.client.ClientServlet
b. Cannot find symbol: class CalculatorWS location: package org.me.calculator.client

12. Expand SecureCalculatorApp->Web Services->CalculatorWS
13. Rightclick CalculatorWS, select Edit Web Service Attributes, check Use Development Defaults and click OK
14. Rightclick SecureCalculatorApp (not the client) and select Clean and Build. The output should indicate that it worked ok.
15. Rightclick SecureCalculatorClientApp (the client this time) and select Clean and Build. The output will say this when parsing WSDL:
-->Failed to read schema document 'http://localhost:8080/SecureCalculatorApp/CalculatorWSService?xsd=1'
The error occurs because its trying to read the xsd from localhost:8080, but we haven't deployed it yet. However, the two errors are now gone from the Tasks tab.
16. Rightclick SecureCalculatorApp and select Deploy. This should work.
17. Now do step 14 again. The WSDL is parsed correctly this time, and it also generates six java source files.
18. Rightclick SecureCalculatorApp and select Run. The web application should open up in the default browser. If it does not, go to http://localhost:8080/SecureCalculatorClientApp/ and you should see it.

You can see the wsdl here: http://localhost:8080/SecureCalculatorApp/CalculatorWSService?wsdl
And the xsd here: http://localhost:8080/SecureCalculatorApp/CalculatorWSService?xsd=1

Hope it works out for you. Best of luck!
somia razzaq
Ranch Hand

Joined: Jan 26, 2010
Posts: 44
Hi
Thanks for your detailed reply. I have followed all the steps, everything is going fine. But i am facing the same error when i deploy the SecureCalculatorClientApp project i.e.

Compiling 6 source files to C:\Users\user\Documents\NetBeansProjects\SecureCalculator\SecureCalculatorClientApp\build\web\WEB-INF\classes
C:\Users\user\Documents\NetBeansProjects\SecureCalculator\SecureCalculatorClientApp\build\generated-sources\jax-ws\org\me\calculator\client\CalculatorWSService.java:68: cannot find symbol
symbol : method getPort(javax.xml.namespace.QName,java.lang.Class<org.me.calculator.client.CalculatorWS>,javax.xml.ws.WebServiceFeature[])
location: class javax.xml.ws.Service
return super.getPort(new QName("http://calculator.me.org/", "CalculatorWSPort"), CalculatorWS.class, features);
1 error

Secondly I am not prompted for the GlassFish user/password as you described in your step 6.
Please see again why this error come.
Waiting for your reply.

Thanks a lot
R Srini
Ranch Hand

Joined: Feb 19, 2010
Posts: 215
Hi. Do you know if the application was deployed? Can you see the WSDL and the XSD using the links from my previous post? I very much doubt that the web service application was deployed because this should not be so hard. I don't know if this will actually help you, but I think this is the problem in your case:

method getPort(javax.xml.namespace.QName,java.lang.Class<org.me.calculator.client.CalculatorWS>,javax.xml.ws.WebServiceFeature[])

The compiler is not able to find this method in any library in the path. A method with this signature exists in Java EE 6 (http://java.sun.com/javaee/6/docs/api/index.html?javax/xml/ws/Service.html) but not in Java EE 5 (http://java.sun.com/javaee/5/docs/api/javax/xml/ws/Service.html). So I think that your old GlassFish libraries are still in effect.

1. Expand SecureCalculatorClientApp->Libraries. In mine, I see "JDK 1.6 (default)" and "GlassFish v3". Do you see this?
2. In NetBeans, select Libraries from the Tools menu. Look at the entry for Server Libraries. I see "Java-EE-GlassFish-v3", and it has all the jar files from the <Glassfish install directory>/glassfish/modules directory. Maybe you don't have the libraries setup.

Please check in the NetBeans and GlassFish forums on a) how to start GlassFish server from within NetBeans, and b) how to update the GlassFish libraries to v3 in a NetBeans project. Then things will work out.
R Srini
Ranch Hand

Joined: Feb 19, 2010
Posts: 215
Hi Somia Razzaq. Were you able to get this to work?
somia razzaq
Ranch Hand

Joined: Jan 26, 2010
Posts: 44
Hi
Sorry i am not able to do this. Still facing the same problem. I have developed my own service, in that i am facing the same error. I am trying to solve it. I think i have problem in configuration of server. If you have any idea, please help me.

Thanks a lot for your cooperation
R Srini
Ranch Hand

Joined: Feb 19, 2010
Posts: 215
Hi. Please, this is not so difficult.

- Uninstall any existing GlassFish software currently on your machine
- Uninstall any Netbeans on your machine
- Now check each directory in the PATH variable to make sure that none of the paths points to GlassFish, etc.
- Download the Netbeans package for Java with GlassFish bundled. From this webpage http://netbeans.org/downloads/index.html Its the one with 216 MB
- Now install it. At some point in the process, it may ask you for a GlassFish user id and password. Remember the values you specify.
- After installation is complete, start GlassFish from the Servers tab in Netbeans. If it asks for a user/password, provide that.
- Once it is started, go to http://localhost:4848 from your browser. If this works, then you know that GlassFish started fine, and it will take you to the Admin console.
- First, try deploying the Calculator app - the one that is not secure. See if that works. Make sure you can see the wsdl (using earlier link). If you can't see the wsdl, then for your purposes, it probably doesn't work.
- Now follow the earlier instructions to deploy the sample secure calculator application.

It must work! These are samples. They are designed to work out of the box. Best of luck!
somia razzaq
Ranch Hand

Joined: Jan 26, 2010
Posts: 44
Hi
I have done all the steps that you wrote. The result is very surprising. I deploy/run both Calculator and SecureCalculator application, both are giving the same error as before. But when i tried to make my own contract-first service and client from scratch, it works fine. My service takes two inputs, age and name and returns both as an object. The code of my web service is given below:

@WebService(serviceName = "simple_WSDLService", portName = "simple_WSDLPort", endpointInterface = "org.netbeans.j2ee.wsdl.simple_wsdl.SimpleWSDLPortType", targetNamespace = "http://j2ee.netbeans.org/wsdl/simple_WSDL", wsdlLocation = "WEB-INF/wsdl/simple_ws/simple_WSDL.wsdl")
public class simple_ws implements SimpleWSDLPortType{

public org.netbeans.xml.schema.simple_schema.StdentInfo simpleWSDLOperation(int age, java.lang.String name) {
//TODO implement this method
//throw new UnsupportedOperationException("Not implemented yet.");
StdentInfo s=new StdentInfo();
//s.setAge(28);
//s.setName("hello");
return s;

}}

Now i have some questions with you. Please answer these.

1. When you have run the SecureCalculator application, either body of the SOAP request and response message was in encrypted form or not? Because when i run my own service and client, body is not encrypted. I am sending you both SOAP request and Response messages given below for help.

INFO: ==== Received Message Start ====
<?xml version="1.0" encoding="UTF-8"?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<S:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" S:mustUnderstand="1">
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1274368650148-293348825">
<wsu:Created>2010-05-20T15:17:31Z</wsu:Created>
<wsu:Expires>2010-05-20T15:22:31Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="XWSSGID-1274368650173-667410281">MIICkDCCAfmgAwIBAgIESxdtcDANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLU2FudGEgQ2xhcmExGTAXBgNVBAoTEFN1biBNaWNyb3N5c3RlbXMxEjAQBgNVBAsTCUdsYXNzRmlzaDESMBAGA1UEAxMJbG9jYWxob3N0MB4XDTA5MTIwMzA3NDkwNFoXDTE5MTIwMTA3NDkwNFowezELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENsYXJhMRkwFwYDVQQKExBTdW4gTWljcm9zeXN0ZW1zMRIwEAYDVQQLEwlHbGFzc0Zpc2gxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsQjbCMsiQXAAAdVU8o2mjATUAM89LBdS6YFQ89RHfM0ZeFwLhsLFN/yDdQv6M80V/2jiev4TTGMrBdRkw2K/wlPQDe5STFupaNVXu+1Ibm8ciuXsBziTh/LMj/EKZqPWT/9CRcYseqL1RxXhYOLgwAPzRlV/OsmasKm3KQGrbIMCAwEAAaMhMB8wHQYDVR0OBBYEFBuO9qJISbB4NeIdFGc/cXrZ2rh5MA0GCSqGSIb3DQEBBQUAA4GBAFs4T2Kqcg3ky7BipsoSrwQimG5XxXl6BoUuyzeWci4p30D4XJ97LN3pDqyKCHsBzi+9eJ102NmBhJnULNZ8oA6hLKg4lJSve3hCQ6NU1udtxGQbr6mHjcpJHEJvC60akSPrE/paTfU6sOBwuoAferkNkG2IN9c4R7y1elIQ5n6Z</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="XWSSGID-1274368650173407781375">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse S"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#XWSSGID-12743686517771373251115">
<dsigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsigestValue>WgUdoUInZPY0UVfCCS1cTTEC3fg=</dsigestValue>
</ds:Reference>
<ds:Reference URI="#XWSSGID-1274368650148-293348825">
<dsigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsigestValue>IR6suhdQDaA12PpbLmM3A3RBEXM=</dsigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>BShxZgiLHWpnHhjl6DjAivh/ovu+95y8C0foTo2yk9YvnnEe6+nY4fdcskDtSEwAWNDv24dpT781
g0qNM3N/L+qhMbAac02EHjDoR7vEc8z9loxDGfRe8NYt4pxhWl1fi5lacUgKL5MCXln6rKTHCwQA
z6AnUYbSV9mvPAHT4FM=</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1274368651681577569689">
<wsse:Reference URI="#XWSSGID-1274368650173-667410281" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<To xmlns="http://www.w3.org/2005/08/addressing">http://localhost:8080/simple/simple_WSDLService</To>
<Action xmlns="http://www.w3.org/2005/08/addressing">http://j2ee.netbeans.org/wsdl/simple_WSDL/simple_WSDLPortType/simple_WSDLOperationRequest</Action>
<ReplyTo xmlns="http://www.w3.org/2005/08/addressing">
<Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
</ReplyTo>
<MessageID xmlns="http://www.w3.org/2005/08/addressing">uuid:e7a3bcaf-5df5-47be-8b8c-a0a5ec306dce</MessageID>
</S:Header>
<S:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-12743686517771373251115">
<ns2:simple_WSDLOperation xmlns:ns2="http://j2ee.netbeans.org/wsdl/simple_WSDL" xmlns:ns3="http://xml.netbeans.org/schema/simple_schema">
<Age>23</Age>
<Name>jj</Name>
</ns2:simple_WSDLOperation>
</S:Body>
</S:Envelope>
==== Received Message End ====



INFO: ==== Sending Message Start ====
<?xml version="1.0" encoding="UTF-8"?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<S:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" S:mustUnderstand="1">
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1274368653061501120783">
<wsu:Created>2010-05-20T15:17:34Z</wsu:Created>
<wsu:Expires>2010-05-20T15:22:34Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="XWSSGID-1274368653061-121652692">MIICkDCCAfmgAwIBAgIESxdtcDANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLU2FudGEgQ2xhcmExGTAXBgNVBAoTEFN1biBNaWNyb3N5c3RlbXMxEjAQBgNVBAsTCUdsYXNzRmlzaDESMBAGA1UEAxMJbG9jYWxob3N0MB4XDTA5MTIwMzA3NDkwNFoXDTE5MTIwMTA3NDkwNFowezELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENsYXJhMRkwFwYDVQQKExBTdW4gTWljcm9zeXN0ZW1zMRIwEAYDVQQLEwlHbGFzc0Zpc2gxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsQjbCMsiQXAAAdVU8o2mjATUAM89LBdS6YFQ89RHfM0ZeFwLhsLFN/yDdQv6M80V/2jiev4TTGMrBdRkw2K/wlPQDe5STFupaNVXu+1Ibm8ciuXsBziTh/LMj/EKZqPWT/9CRcYseqL1RxXhYOLgwAPzRlV/OsmasKm3KQGrbIMCAwEAAaMhMB8wHQYDVR0OBBYEFBuO9qJISbB4NeIdFGc/cXrZ2rh5MA0GCSqGSIb3DQEBBQUAA4GBAFs4T2Kqcg3ky7BipsoSrwQimG5XxXl6BoUuyzeWci4p30D4XJ97LN3pDqyKCHsBzi+9eJ102NmBhJnULNZ8oA6hLKg4lJSve3hCQ6NU1udtxGQbr6mHjcpJHEJvC60akSPrE/paTfU6sOBwuoAferkNkG2IN9c4R7y1elIQ5n6Z</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="XWSSGID-1274368653061-850795818">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse S"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#XWSSGID-12743686542051750876130">
<dsigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsigestValue>hMYQvuqEkE1WYgAZMc6WZE0QFWU=</dsigestValue>
</ds:Reference>
<ds:Reference URI="#XWSSGID-1274368653061501120783">
<dsigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsigestValue>a0BF9dtQSvnYAFga4xe/Xrzfxdw=</dsigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>YGHaMkYXAluR67qxi/7r8TSf6dB+Ab9JFBUtPnljiCcGBxk2omffzIY013OXrArAWNeCHTp9ynwQ
R3TVH8cBhG1X/ADZj6HnjAfeKs0O2o9+gNMKNOeqfREaIoRy2870WNbH/UBrCex6BhysbeGF0Saq
bBravYxntHils3BYjOY=</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1274368654204-451426427">
<wsse:Reference URI="#XWSSGID-1274368653061-121652692" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</S:Header>
<S:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-12743686542051750876130">
<ns2:simple_WSDLOperationResponse xmlns:ns2="http://j2ee.netbeans.org/wsdl/simple_WSDL" xmlns:ns3="http://xml.netbeans.org/schema/simple_schema">
<student_object>
<ns3:Age>0</ns3:Age>
</student_object>
</ns2:simple_WSDLOperationResponse>
</S:Body>
</S:Envelope>
==== Sending Message End ====

2. In first question, the client is also a web application. I have developed a java SE client for SecureCalculatorApp. In this the SOAP request message body is encrypted (as given in my earlier posts) but error in SOAP response message (as given in my earlier post i.e.
SEVERE: WSS0265: Primary Policy Violation occured
SEVERE: com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.impl.PolicyViolationException: Expected Signature Element as per receiver requirements, found )

Please guide me if you have any suggestion. Actually i have to encrypt the body of SOAP messages. Also different parts of SOAP body not all the body.
Waiting for your answer eagerly!!

Thanks a lot
R Srini
Ranch Hand

Joined: Feb 19, 2010
Posts: 215
Hi. Congratulations on getting your own example working!! Very good news So you can stop worrying about getting the secure calculator sample to work. Now, before going too far, its important to understand what this whole security thing is about. This article has a decent introduction. And this one has more information. So please read these first in case you are not familiar with the subject. The simple calculator examples will not get you very far by themselves.

I gathered the following from the article:
- WS-Security addresses Encryption, Authentication and Signatures.
- When you see a UsernameToken or BinarySecurityToken, this has to do with Authentication and Signing the SOAP message. It has nothing to do with Encryption.
- When you see the DataReference, CipherData and EncryptedData tags (in the appropriate namespace, of course), this has to do with Encryption.

Now, back to your questions:
- In (1), the XML from the web app client ... I only see signature-related tags. I don't see any tags indicating encryption. So it can't be encrypted. Play around with different options in NetBeans to see how you can enable this.
- In (2), the Java SE client, it sounds like its expecting a Signature element. Maybe the encryption is in place, but not the signing?

Look at the messages one tag at a time, and compare them with some examples from the web, and I am sure you will find the problem yourself, though it will take some investigation. All the best!
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Problem while Encrypting SOAP body using Metro