File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Web Services and the fly likes apache cxf ws_security bugs in version 2.7.4 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Web Services
Bookmark "apache cxf ws_security bugs in version 2.7.4" Watch "apache cxf ws_security bugs in version 2.7.4" New topic
Author

apache cxf ws_security bugs in version 2.7.4

Luca Carletti
Greenhorn

Joined: Jun 15, 2010
Posts: 12
Hello, I want implement web service whit cxf using ws_security.

I have download apache cxf 2.3.3 and apache cxf 2.7.4.

I have test the

apache-cxf-2.3.3\samples\ws_security\sign_enc :

(apache-cxf-2.3.4\lib) use soap11
the sample (apache-cxf-2.3.3\samples\ws_security\sign_enc) use soap11

and this is OK

........

but,

apache-cxf-2.7.4\samples\ws_security\sign_enc

there is problem because the library(apache-cxf-2.7.4\lib) use soap12, but

the sample (apache-cxf-2.7.4\samples\ws_security\sign_enc) use soap11

Post the exception:
Caused by: org.apache.ws.security.WSSecurityException: General security error (WSEncryptBody/WSSignEnvelope: Element to encrypt/sign not found: http://schemas.xmlsoap.org/soap/envelope/, Body)
at org.apache.ws.security.message.WSSecSignatureBase.addReferencesToSign(WSSecSignatureBase.java:160)
... 25 more

I have made this change:

this code(soap11):

private static final String WSU_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
outProps.put("encryptionParts", "{Element}{" + WSU_NS + "}Timestamp;"
+ "{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body");
outProps.put("signatureParts", "{Element}{" + WSU_NS + "}Timestamp;"
+ "{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body");

whith(soap12):

private static final String WSU_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
outProps.put("encryptionParts", "{Element}{" + WSU_NS + "}Timestamp;"
+ "{Content}{http://www.w3.org/2003/05/soap-envelope}Body");
outProps.put("signatureParts", "{Element}{" + WSU_NS + "}Timestamp;"
+ "{Element}{http://www.w3.org/2003/05/soap-envelope}Body");

But i have this warning:

WARNING: Interceptor for {http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01}Discovery#{http://cxf.apache.org/jaxws/provider}invoke has thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers: [{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] are not understood.
at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$MustUnderstandEndingInterceptor.handleMessage(MustUnderstandInterceptor.java:281)
at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$MustUnderstandEndingInterceptor.handleMessage(MustUnderstandInterceptor.java:259)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.udp.UDPDestination$MCastListener$2.run(UDPDestination.java:106)
at org.apache.cxf.workqueue.AutomaticWorkQueueImpl$3.run(AutomaticWorkQueueImpl.java:428)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at org.apache.cxf.workqueue.AutomaticWorkQueueImpl$AWQThreadFactory$1.run(AutomaticWorkQueueImpl.java:353)
at java.lang.Thread.run(Unknown Source)

anybody have a idea?

Thank you












 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: apache cxf ws_security bugs in version 2.7.4