axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Nielsen" ...@systematic.dk>
Subject Axis namespace rewriting on web service responses and WS-Security
Date Thu, 03 May 2007 10:46:02 GMT
Hi.

I have a problem with Axis 1.4 regarding namespace rewriting and WS-Security.

I call a BEA ALSB Proxy Service that signs the response message. The response message includes
WS-Addressing elements, using the namespace prefix "wsa", and they are included in the signature.
If I verify the signature using WSS4J directly (no Axis is involved) everything is fine. However,
if I use WSS4J with Axis, the signature references to the WS-Adressing elements results in
"Verification failed" (as seen in the WSS4J log). All other references in the signature results
in "Verification successful". The difference in the two scenarios are that Axis seems to rewrite
the "wsa" prefix to "ns1", "ns2" and so on for each WS-Addressing element. This obviously
would cause the signature to become invalid. The funny thing is that only WS-Addressing elements
are rewritten.

Below are snippets from the response in the two scenarios.

Is there anything I can do to avoid this problem other than changing the policy file on the
ALSB to not include WS-Addressing in the signature?`
I have already inserted
<parameter name="enableNamespacePrefixOptimization"
           value="false" />
in the client-config.wsdd file.


Snippet from response without Axis (i.e. what BEA ALSB sends as a response):

           <soapenv:Header
                      xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
                      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                      xmlns:xsd="http://www.w3.org/2001/XMLSchema">
                      <tns:eFPIHeader wsu:Id="eFPIHeader_EhIeyih0WH3Lv2Zm"
                                 xmlns:tns="http://xsd.efpi.dk/2007/03/30/eFPI-DokUdv/Header-eFPI-Kvittering"
                                 xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
                                 <ToAktoerID>AfsenderAktoer</ToAktoerID>
                                 <eFPIsagsID>
                                            uuid:6d9d75a0-f88b-11db-9403-cce216df29cd
                                 </eFPIsagsID>
                                 <ToAktoersSagsReference>
                                            Afsender
Reference
                                 </ToAktoersSagsReference>
                      </tns:eFPIHeader>
                      <wsa:MessageID soapenv:mustUnderstand="0">
                                 uuid:38adc450-f8b6-11db-b677-abd29d2f5002
                      </wsa:MessageID>
                      <wsa:To soapenv:mustUnderstand="0" wsu:Id="To_lQbzP9FIe8j4eOYE"
                                 xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
                                 http://localhost:7001/DokUdv.eFPI
                      </wsa:To>
                      <wsa:Action soapenv:mustUnderstand="0">
                                 http://service.efpi.dk/2007/03/30/DokUdv.eFPI/SendDokPak
                      </wsa:Action>
                      <wsa:From soapenv:mustUnderstand="0">
                                 <wsa:Address>
                                            http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                                 </wsa:Address>
                      </wsa:From>


Snippet from response using Axis client:

<?xml version="1.0" encoding="us-ascii"?>
<soapenv:Envelope
           xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
           <soapenv:Header>
                      <tns:eFPIHeader wsu:Id="eFPIHeader_K9TlAs8dvbW9xaCs"
                                 xmlns:tns="http://xsd.efpi.dk/2007/03/30/eFPI-DokUdv/Header-eFPI-Kvittering"
                                 xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
                                 <ToAktoerID>AfsenderAktoer</ToAktoerID>
                                 <eFPIsagsID>
                                            uuid:6d9d75a0-f88b-11db-9403-cce216df29cd
                                 </eFPIsagsID>
                                 <ToAktoersSagsReference>
                                            Afsender
Reference
                                 </ToAktoersSagsReference>
                      </tns:eFPIHeader>
                      <ns1:MessageID soapenv:mustUnderstand="0"
                                 xmlns:ns1="http://schemas.xmlsoap.org/ws/2004/08/addressing">
                                 uuid:4c4954e0-f8cd-11db-b9e2-a3c96c42c75e
                      </ns1:MessageID>
                      <ns2:To wsu:Id="id-20870565" soapenv:mustUnderstand="0"
                                 xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
                                 xmlns:ns2="http://schemas.xmlsoap.org/ws/2004/08/addressing">
                                 http://localhost:7001/DokUdv.eFPI
                      </ns2:To>
                      <ns3:Action wsu:Id="id-27109735" soapenv:mustUnderstand="0"
                                 xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
                                 xmlns:ns3="http://schemas.xmlsoap.org/ws/2004/08/addressing">
                                 http://service.efpi.dk/2007/03/30/DokUdv.eFPI/SendDokPak
                      </ns3:Action>
                      <ns4:From soapenv:mustUnderstand="0"
                                 xmlns:ns4="http://schemas.xmlsoap.org/ws/2004/08/addressing">
                                 <ns4:Address>
                                            http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                                 </ns4:Address>
                      </ns4:From>


Regards,

Brian Nielsen


---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org


Mime
View raw message