axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jaime Hablutzel Egoavil <hablutz...@gmail.com>
Subject Re: MTOM, DOOM and axis 2
Date Tue, 10 Jan 2012 21:29:47 GMT
glad to hear that bug has been fixed.

On Sat, Jan 7, 2012 at 12:06 PM, Andreas Veithen
<andreas.veithen@gmail.com>wrote:

> I've fixed AXIOM-408 and that solves the signature issue. Fresh
> 1.6.2-SNAPSHOT builds including that change are available here:
>
>
> https://builds.apache.org/job/axis2-1.6/lastBuild/org.apache.axis2$distribution/
>
> https://builds.apache.org/job/rampart-1.6/lastBuild/org.apache.rampart$rampart-dist/
>
> Andreas
>
> On Sat, Jan 7, 2012 at 12:20, Andreas Veithen <andreas.veithen@gmail.com>
> wrote:
> > Thanks for the code, Jaime.
> >
> > I think that I have identified the root cause of the issue:
> > https://issues.apache.org/jira/browse/AXIOM-408
> >
> > Andreas
> >
> > On Fri, Jan 6, 2012 at 00:43, Jaime Hablutzel Egoavil
> > <hablutzel1@gmail.com> wrote:
> >> OK, the client code that generates two different signatures but
> transports
> >> the equivalent thing over the network is:
> >>
> >> DOOM enabled
> >>
> >> public class BinaryClient {
> >>
> >>     public static void main(String[] args) throws Exception {
> >>
> >>         ConfigurationContext ctx =
> >>
> ConfigurationContextFactory.createConfigurationContextFromFileSystem("D:\\software\\axis2-1.6.1\\repository",
> >> "D:\\software\\axis2-1.6.1\\samples\\mtom\\src\\client.axis2-2.xml");
> >>         RPCServiceClient client = new RPCServiceClient(ctx, null);
> >>         Options opts = new Options();
> >>         opts.setAction("ns:echo");
> >>         EndpointReference to = new EndpointReference();
> >>         to.setAddress("http://localhost:8080/anywhere");
> >>         opts.setTo(to);
> >>
> >> opts.setProperty(org.apache.axis2.Constants.Configuration.ENABLE_MTOM,
> >> org.apache.axis2.Constants.VALUE_TRUE);
> >>         //Set the rampart parameters
> >>         opts.setProperty(WSSHandlerConstants.OUTFLOW_SECURITY,
> >> getOutflowConfiguration());
> >>         opts.setProperty(WSSHandlerConstants.INFLOW_SECURITY,
> >> getInflowConfiguration());
> >>        opts.setProperty(WSSHandlerConstants.USE_DOOM,
> >> org.apache.axis2.Constants.VALUE_TRUE);
> >>         client.setOptions(opts);
> >>
> >>         //Engage rampart
> >>         client.engageModule("rampart");
> >>
> >>         DataHandler dh = new DataHandler(new
> >> FileDataSource("D:\\software\\axis2-1.6.1\\samples\\mtom\\build.xml"));
> >>
> >>         client.invokeRobust(new QName("http://client.mtom.sample",
> "echo"),
> >> new Object[]{dh});
> >>     }
> >>
> >>     public static Parameter getOutflowConfiguration() {
> >>         OutflowConfiguration ofc = new OutflowConfiguration();
> >>         ofc.setActionItems("Signature");
> >>         ofc.setUser("client");
> >>         ofc.setPasswordCallbackClass("sample.mtom.client.PWCBHandler");
> >>         ofc.setSignaturePropFile("client.properties");
> >>
> >> ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
> >>
> ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.ISSUER_SERIAL);
> >>         ofc.setEncryptionUser("service");
> >>         return ofc.getProperty();
> >>     }
> >>
> >>     public static Parameter getInflowConfiguration() {
> >>         InflowConfiguration ifc = new InflowConfiguration();
> >>         ifc.setActionItems("Signature");
> >>         ifc.setSignaturePropFile("client.properties");
> >>         return ifc.getProperty();
> >>     }
> >>
> >> }
> >>
> >>
> >>
> >> Without DOOM
> >>
> >> public class BinaryClient {
> >>
> >>     public static void main(String[] args) throws Exception {
> >>
> >>         ConfigurationContext ctx =
> >>
> ConfigurationContextFactory.createConfigurationContextFromFileSystem("D:\\software\\axis2-1.6.1\\repository",
> >> "D:\\software\\axis2-1.6.1\\samples\\mtom\\src\\client.axis2-2.xml");
> >>         RPCServiceClient client = new RPCServiceClient(ctx, null);
> >>         Options opts = new Options();
> >>         opts.setAction("ns:echo");
> >>         EndpointReference to = new EndpointReference();
> >>         to.setAddress("http://localhost:8080/anywhere");
> >>         opts.setTo(to);
> >>
> >> opts.setProperty(org.apache.axis2.Constants.Configuration.ENABLE_MTOM,
> >> org.apache.axis2.Constants.VALUE_TRUE);
> >>         //Set the rampart parameters
> >>         opts.setProperty(WSSHandlerConstants.OUTFLOW_SECURITY,
> >> getOutflowConfiguration());
> >>         opts.setProperty(WSSHandlerConstants.INFLOW_SECURITY,
> >> getInflowConfiguration());
> >> //        opts.setProperty(WSSHandlerConstants.USE_DOOM,
> >> org.apache.axis2.Constants.VALUE_TRUE);
> >>         client.setOptions(opts);
> >>
> >>         //Engage rampart
> >>         client.engageModule("rampart");
> >>
> >>         DataHandler dh = new DataHandler(new
> >> FileDataSource("D:\\software\\axis2-1.6.1\\samples\\mtom\\build.xml"));
> >>
> >>         client.invokeRobust(new QName("http://client.mtom.sample",
> "echo"),
> >> new Object[]{dh});
> >>     }
> >>
> >>     public static Parameter getOutflowConfiguration() {
> >>         OutflowConfiguration ofc = new OutflowConfiguration();
> >>         ofc.setActionItems("Signature");
> >>         ofc.setUser("client");
> >>         ofc.setPasswordCallbackClass("sample.mtom.client.PWCBHandler");
> >>         ofc.setSignaturePropFile("client.properties");
> >>
> >> ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
> >>
> ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.ISSUER_SERIAL);
> >>         ofc.setEncryptionUser("service");
> >>         return ofc.getProperty();
> >>     }
> >>
> >>     public static Parameter getInflowConfiguration() {
> >>         InflowConfiguration ifc = new InflowConfiguration();
> >>         ifc.setActionItems("Signature");
> >>         ifc.setSignaturePropFile("client.properties");
> >>         return ifc.getProperty();
> >>     }
> >>
> >> }
> >>
> >>
> >> And given that the server after canonicalization will only expect one
> type
> >> of signature it fails.
> >>
> >>
> >>
> >>
> >> On Thu, Dec 29, 2011 at 1:26 PM, Andreas Veithen <
> andreas.veithen@gmail.com>
> >> wrote:
> >>>
> >>> Can you sent use the code that produces the message causing the
> >>> problems, including everything you do to configure Rampart? That
> >>> should allow us to reproduce the problem.
> >>>
> >>> Andreas
> >>>
> >>> On Thu, Dec 29, 2011 at 17:16, Jaime Hablutzel Egoavil
> >>> <hablutzel1@gmail.com> wrote:
> >>> > Axis 1.6.1, rampart 1.6.1, axiom 1.2.12
> >>> > By the way I discovered that this problem only arises when using
> >>> >
> >>> > client.invokeRobust(new QName("http://client.mtom.sample", "echo"),
> new
> >>> > Object[]{dh});
> >>> >
> >>> > And not with
> >>> >
> >>> >  client.sendReceive(elem)
> >>> >
> >>> > And I'm looking that the first one creates
> >>> >
> >>> > <soapenv:Body
> >>> >
> >>> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> >>> > wsu:Id="id-2"><echo xmlns="http://client.mtom.sample"><arg0
> >>> > xmlns=""><xop:Include xmlns:xop="
> http://www.w3.org/2004/08/xop/include"
> >>> > href="
> cid:0710aab4c96720a1886956170b3b109376c02d3e09c5233e@apache.org"
> >>> > /></arg0></echo></soapenv:Body>
> >>> >
> >>> > And the second one:
> >>> >
> >>> > <soapenv:Body
> >>> >
> >>> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> >>> > wsu:Id="id-2"><ns1:echo
> >>> > xmlns:ns1="http://client.mtom.sample"><arg0><xop:Include
> >>> > xmlns:xop="http://www.w3.org/2004/08/xop/include"
> >>> > href="
> cid:ff5f2e1026b6fe4b08a45687431ea67221606586a337e626@apache.org"
> >>> > /></arg0></ns1:echo></soapenv:Body>
> >>> >
> >>> >
> >>> > Anyway using the second it is working but with the first the stripped
> >>> > xmlns="" makes the signature value different so the server after
> >>> > canonicalization produces a different value and validation fails
> >>> >
> >>> > On Thu, Dec 29, 2011 at 4:31 AM, Andreas Veithen
> >>> > <andreas.veithen@gmail.com>
> >>> > wrote:
> >>> >>
> >>> >> What are the Axis2, Rampart and Axiom versions that you are using?
> >>> >>
> >>> >> Andreas
> >>> >>
> >>> >> On Tue, Dec 27, 2011 at 23:18, Jaime Hablutzel Egoavil
> >>> >> <hablutzel1@gmail.com> wrote:
> >>> >> > Hi I want to post an apparent bug when DOOM option is activated
in
> >>> >> > the
> >>> >> > client, so the SOAP message include xop:Include even when
using
> >>> >> > WS-Signature
> >>> >> > and doesn't send the message in base64, this way getting
> advantage of
> >>> >> > MTOM.
> >>> >> >
> >>> >> > When using DOOM the canonicalized data to create the digest
is:
> >>> >> >
> >>> >> > <soapenv:Body
> >>> >> > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
> >>> >> >
> >>> >> >
> >>> >> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> >>> >> > wsu:Id="id-2"><echo
> >>> >> >
> >>> >> >
> >>> >> > xmlns="http://client.mtom.sample
> "><arg0>b3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ucHJvdmlkZXI9b3JnLmFwYWNoZS53cy5zZWN1cml0eS5jb21wb25lbnRzLmNyeXB0by5NZXJsaW4Kb3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ubWVybGluLmtleXN0b3JlLnR5cGU9amtzCm9yZy5hcGFjaGUud3Muc2VjdXJpdHkuY3J5cHRvLm1lcmxpbi5rZXlzdG9yZS5wYXNzd29yZD1hcGFjaGUKb3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ubWVybGluLmZpbGU9Y2xpZW50Lmprcw==</arg0></echo></soapenv:Body>
> >>> >> >
> >>> >> > But when DOOM is disabled the data is:
> >>> >> >
> >>> >> > <soapenv:Body
> >>> >> > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
> >>> >> >
> >>> >> >
> >>> >> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> >>> >> > wsu:Id="id-2"><echo xmlns="http://client.mtom.sample"><arg0
> >>> >> >
> >>> >> >
> >>> >> >
> xmlns="">b3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ucHJvdmlkZXI9b3JnLmFwYWNoZS53cy5zZWN1cml0eS5jb21wb25lbnRzLmNyeXB0by5NZXJsaW4Kb3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ubWVybGluLmtleXN0b3JlLnR5cGU9amtzCm9yZy5hcGFjaGUud3Muc2VjdXJpdHkuY3J5cHRvLm1lcmxpbi5rZXlzdG9yZS5wYXNzd29yZD1hcGFjaGUKb3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ubWVybGluLmZpbGU9Y2xpZW50Lmprcw==</arg0></echo></soapenv:Body>
> >>> >> >
> >>> >> > Look at the difference in red color. This causes the digest
value
> to
> >>> >> > be
> >>> >> > different so the server gets confused and is unable to validate
> the
> >>> >> > signature when using DOOM in the client. A workaround seems
to be
> to
> >>> >> > use
> >>> >> > only namespaced elements so the xmlns="" doesn't get generated
> never.
> >>> >> >
> >>> >> > I would like to know if someone has reached this problem when
> using
> >>> >> > MTOM
> >>> >> > +
> >>> >> > WS-Signature in axis 2.
> >>> >> >
> >>> >> > Other thing, DOOM option is not really well documented anywhere
in
> >>> >> > axis2
> >>> >> > website and I just found that it was available to make real
MTOM
> with
> >>> >> > WS-Signature debugging the source code for three days u.u.
> >>> >> >
> >>> >> > Good bye
> >>> >> >
> >>> >> >
> >>> >> >
> >>> >> > --
> >>> >> > Jaime Hablutzel - 9-9956-3299
> >>> >> >
> >>> >> > (tildes omitidas intencionalmente)
> >>> >>
> >>> >>
> ---------------------------------------------------------------------
> >>> >> To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
> >>> >> For additional commands, e-mail: java-dev-help@axis.apache.org
> >>> >>
> >>> >
> >>> >
> >>> >
> >>> > --
> >>> > Jaime Hablutzel - 9-9956-3299
> >>> >
> >>> > (tildes omitidas intencionalmente)
> >>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
> >>> For additional commands, e-mail: java-dev-help@axis.apache.org
> >>>
> >>
> >>
> >>
> >> --
> >> Jaime Hablutzel - 9-9956-3299
> >>
> >> (tildes omitidas intencionalmente)
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
> For additional commands, e-mail: java-dev-help@axis.apache.org
>
>


-- 
Jaime Hablutzel - 9-9956-3299

(tildes omitidas intencionalmente)

Mime
View raw message