• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

WS-Security with XWSS and SoapUI

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi!

I've got a JAX-WS web service with a trasport handler that checks requests are signed and make signes on responses.
This security handler uses XWSS (from Glassfish), configuration:


I've got a ws client too which uses the handler but configured with client certificate. Everything is fine.

When I invoke the service with SoapUI I got signature verification fault. I've dumped request messages from my working client and SoapUI, there were no substantial differences only in namespace prefixes, namespace declaration locations and Id values. On the server log I see excepted and actual digestes doesn't match so I think there is problem with XML canonicalization. I've switched on debugging in SoapUI but it uses wss4j for ws security and it doesn't log the canonicalized form of xml.

Any idea what should I do now?

Invalid request:


Valid request:

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm having the same problem. digests do not match. did you figure out a way to see their c14n version of the xml they're digesting?
 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Until about one hour ago, I was facing the exact same problem while testing a self-made Netbeans/GlassFish/Metro webservice using soapUI.

I broke down the WS to be nothing more than a demo based on the Calculator sample from Netbeans. But still I was presented a WSS1717 exception, whenever the WS was called from soapUI.

The article at String Digest Verification Failure in Java WS-Security client was pointing me in a direction of a workaround in the canonicalization section, where 0x0D/0x0A line terminations are discussed.

So if I change the "PrettyPrinted" soapUI request from
to a request with a one-line Body
everything works fine.

Please note, that making the Body a one-liner inside soapUI does not always work, because the xml sent over the line might still contain line termination characters inside the Body element. So do a cut'n'paste the Body element into your favorite code editor and make it a one-liner there, then paste it back into soapUI. This worked for me.

I am absolutely not a WSS guru, so I will not argue about whether it is soapUI or Metro that fails. So I am hoping for someone else to figure this out, and encourage him or her to place a bug report in the right place.

Best regards
Ernst Mikkelsen

 
Listen. That's my theme music. That's how I know I'm a super hero. That, and this tiny ad told me:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic