axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [jira] Commented: (AXIS-1458) Signature verification with WSS4J fails due to (guess) serialization bug in Axis
Date Mon, 30 Aug 2004 08:39:26 GMT
The following comment has been added to this issue:

     Author: Gregor Karlinger
    Created: Mon, 30 Aug 2004 1:38 AM
I am facing the following problem with using Axis 1.2beta3 (nightly Build from 2004-08-15)
as a webservice client, which seems to be related to this problem:

The SOAP message, which comes from the webservice over the wire, is the following:

<?xml version="1.0" encoding="UTF-8"?>

However, if I take the soap body from the soap response with axis as follows:

  Vector responses = (Vector) call.invoke(params);
  SOAPBodyElement response = (SOAPBodyElement) responses.get(0);
  Document root_response = response.getAsDocument();

then the namespace declaration from element dsig:Signature disappears, i.e. serializing root_response
leads to

<?xml version="1.0" encoding="UTF-8"?> <CreateXMLSignatureResponse 
    <dsig:Signature Id="signature-1-1">

Although the resulting XML document is still perfectly well-formed, this behaviour of Axis
is really bad in my context, since the CreateXMLSignatureResponse acts only as a container
and is thrown away later in the processing. Then the subtree starting at the SignatureEnvironment
element is not well-formed XML any more.

I suggest to change the behaviour since it is poison in lots of contexts, especially when
dealing with XML signatures.

Best Regards,

View this comment:

View the issue:

Here is an overview of the issue:
        Key: AXIS-1458
    Summary: Signature verification with WSS4J fails due to (guess) serialization bug in Axis
       Type: Bug

     Status: Unassigned
   Priority: Major

    Project: Axis

   Reporter: Yves Langisch

    Created: Fri, 16 Jul 2004 12:51 AM
    Updated: Mon, 30 Aug 2004 1:38 AM
Environment: SuSE 9.1, JDK 1.4.2-b28

Here the problem description from my mail to the list:

I have following situation:

- Client with WSDoAllSender (just signing)
- Web Service with WSDOAllReceiver

Client-side I read an XML instance document, manipulate it and send it
over the signing handler to the web service. If I manipulate the
document then the verification fails server-side. This is very strange
since the signing process is at the very end of the handler chain. In
order to manipulate the document I transform the file to a JDOM
document, manipulate it, transform it back to a W3C document
and add it to the body of the envelope. It seems to be this transformation from JDOM to W3C
which causes the verification to fail at server-side.

InputStream i = new BufferedInputStream(new
envelope.addBodyElement(new SOAPBodyElement(i));
response = call.invoke(envelope)

// just do a transformation without any data manipulation
org.jdom.Document aSDDoc =
org.w3c.dom.Document d =
envelope.addBodyElement(new SOAPBodyElement(d.getDocumentElement()));
response = call.invoke(envelope)

The first one works fine (with Beta1, not with Beta2 -> same issue), the second one fails
at verification. Tracing the whole stuff I just found one difference between the two calls.
The second call has a duplicate namespace entry (with beta2 both calls have these duplicate
entries) in the body element which is valid though:

<soapenv:Body wsu:Id="id-7719486" xmlns:wsu=""><SDRequest
xmlns="http://xyz" xmlns:ns1="http://xyz">

The W3C document hasn't yet this duplicate namespace but the printout of the envelope before
invoking the call already has this duplicate namespace entry. I saw that there are different
forms of representation of content in the SOAPEnvelope class thus I have the very vague guess
that the digest calculation is made on another representation (w/o the duplicate ns) than
the message which arrives at the other end.

Any ideas where problem could be? My mistake? Axis or WSS4 problem?

This message is automatically generated by JIRA.

If you think it was sent incorrectly contact one of the administrators:

If you want more information on JIRA, or have a bug to report see:

View raw message