axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boon (JIRA)" <j...@apache.org>
Subject [jira] Created: (AXIS2-2930) AXIS2 - signature verification failed in Axis2 with Rampart
Date Tue, 10 Jul 2007 02:31:04 GMT
AXIS2 - signature verification failed in Axis2 with Rampart
-----------------------------------------------------------

                 Key: AXIS2-2930
                 URL: https://issues.apache.org/jira/browse/AXIS2-2930
             Project: Axis 2.0 (Axis2)
          Issue Type: Bug
    Affects Versions: 1.0
         Environment: Window Xp, Tomcat 5.5.20
            Reporter: Boon


AXIS2 - signature verification failed in Axis2 with Rampart

I encountered the signature verification problem when I tried to build a Axis2 client to access
an .NET WS and a Axis WS. 

I believe this is the same issue/problem raised by Allen in April 2007. I've follow the issue
raised by Allen but have not come across the solution for the issue.

Issue details:  The signature verification failed in Axis2 in axis-dev mailing list on 17
Apr 2007 & 18 Apr 2007.

The message exchange in the above mailing list mentioned that the issue could be cause by
some pretty printing that cause some additional chars being inserted into the message and
which subsequently lead to Signature verification problem.

Could someone from AXIS2/Rampart confirm whether this is the cause of the problem and if it
is, how can  I resolve this or any solution to get around this problem.

Your assistance on this will be very much appreciated. Thank you very much.

Best regards,
Boon


The exception that get thrown back to me is as follow:

org.apache.axis2.AxisFault: WSDoAllReceiver: security processing failed; nested exception
is: 
==========================================================================================
	org.apache.ws.security.WSSecurityException: The signature verification failed

	at org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:287)
	at itree.iacd.webservice.axis2.iap_sp.ServiceProviderStub.notifyRejection(ServiceProviderStub.java:120)
	at itree.iacd.webservice.axis2.iap_sp.ServiceProviderClient.notifyRejection(ServiceProviderClient.java:183)
	at itree.iacd.webservice.axis2.iap_sp.ServiceProviderClient.main(ServiceProviderClient.java:108)

==========================================================================================

I have appended the discussion from the above mailing list for your convenience:

===========================================================================================

Hi Allen,

Since its the response from the .NET server that causes the signature
failure I need that particular message in it original form (without
any xml formatting).

Thanks,
Ruchith

On 4/19/07, Liu, Xiao-Tao (Allen, HPIT-GADSC) <xiaotao.liu@hp.com> wrote:
>
>
> Hi Ruchith,
>
> Do you have any update on this issue? I have searched all the document I
> could find, but all didn't work. Hope you can help me.
>
> Thanks,
> Allen
>
>
>  ________________________________
>  From: Liu, Xiao-Tao (Allen, HPIT-GADSC)
> Sent: 2007��4��18�� 19:19
> To: 'rampart-dev@ws.apache.org'
> Subject: RE: The signature verification failed in Axis2 with Rampart
>
>
>
>
> Hi  Ruchith,
>
> I send out my client source code with all necessary configurations/keystore.
> I created the request message inside the client, using AXIOM. The web
> service is written in .net and running on IIS.
>
> Thanks,
> Allen
>
> -----Original Message-----
> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> Sent: 2007��4��18�� 19:08
> To: rampart-dev@ws.apache.org
> Subject: Re: The signature verification failed in Axis2 with Rampart
>
> Hi Allen,
>
> Can you please send the message that caused the exception (with out xml
> formatting) and also send the public key cert of the key that was used to
> sign the message. I'll try to recreate your issue.
>
> Thanks,
> Ruchith
>
> On 4/18/07, Liu, Xiao-Tao (Allen, HPIT-GADSC) <xiaotao.liu@hp.com> wrote:
> > Hi,
> >
> > I am taking use of Axis2 to build a client to access a .net ws with
> > X509 certificate signature. All the steps are fine except when I
> > receive the response from .net, the signature verification always failed.
> >
> > Warning: Verification failed for URI
> > "#Id-c59b2f2c-9d10-4107-bea9-e8eb690dd67d"
> > Exception in thread "main" org.apache.axis2.AxisFault: WSDoAllReceiver:
> > security processing failed; nested exception is:
> >         org.apache.ws.security.WSSecurityException: The
> signature
> > verification failed
> >         at
> >
> org.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.
> > java:259)
> >         at
> >
> org.apache.rampart.handler.WSDoAllReceiver.processMessage(WSDoAllRecei
> > ve
> > r.java:91)
> >         at
> >
> org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:74)
> >         at
> org.apache.axis2.engine.Phase.invoke(Phase.java:382)
> >         at
> >
> org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:522)
> >         at
> >
> org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:487)
> >         at
> >
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOp
> > er
> > ation.java:276)
> >         at
> >
> org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxi
> > sO
> > peration.java:202)
> >         at
> >
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:5
> > 79
> > )
> >         at
> >
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:5
> > 08
> > )
> >         at ws.axis2.DotNetWSRClient.main(DotNetWSRClient.java:45)
> > Caused by: org.apache.ws.security.WSSecurityException:
> The signature
> > verification failed
> >         at
> >
> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature
> > (S
> > ignatureProcessor.java:332)
> >         at
> >
> org.apache.ws.security.processor.SignatureProcessor.handleToken(Signat
> > ur
> > eProcessor.java:79)
> >         at
> >
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecuri
> > ty
> > Engine.java:279)
> >         at
> >
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecuri
> > ty
> > Engine.java:201)
> >         at
> >
> org.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.
> > java:256)
> >         ... 10 more
> >
> > I am suspecting that's probably caused by some PrettyXML or
> > NamespacePrefixOptimization mechanism when Axis modified the response
> > body with new lines/breaks/spaces to let it looks better. And I found
> > there was some specific parameter in Axis configuration for Axis1:
> >
> >  <globalConfiguration>
> >   <!-- MUST turn off pretty printing otherwise signature verification
> > fails -->
> >   <parameter name="enableNamespacePrefixOptimization"
> value="false"/>
> >   <parameter name="disablePrettyXML" value="true"/>
> >
> >  </globalConfiguration>
> >
> >
> > But I didn't find there is corresponding parameters in Axis2. Has
> > somebody faced the same problem? I have been struggling with it for
> > over
> > 2 days...
> >
> > Thanks,
> > Allen
> >
> >
>
>
> --
> www.ruchith.org
> www.wso2.org

==============================================================================================





-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-dev-help@ws.apache.org


Mime
View raw message