cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <>
Subject [jira] [Assigned] (CXF-4587) Signature Confirmation does not work with TransportBinding and EndorsingSupportingToken
Date Mon, 22 Oct 2012 08:38:12 GMT


Colm O hEigeartaigh reassigned CXF-4587:

    Assignee: Colm O hEigeartaigh
> Signature Confirmation does not work with TransportBinding and EndorsingSupportingToken
> ---------------------------------------------------------------------------------------
>                 Key: CXF-4587
>                 URL:
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.6.2, 2.5.6, 2.7.0
>            Reporter: Sunil Bapat
>            Assignee: Colm O hEigeartaigh
>            Priority: Minor
>             Fix For: 2.5.7, 2.6.4, 2.7.1
>         Attachments: patch.txt
> This is based on the discussion in

> Signature Confirmation does not work on the client side, when the web service is secured
by TransportBinding with EndorsingSupportingToken. 
> The response from the server contains a Signature Confirmation element, and the response
fails with the error:
> Received a SignatureConfirmation element, but there are no stored signature values
> Debugging through the CXF code, here's what is happening:
> - After configuring the client, the WSS11Builder calls setRequireSignatureConfirmation(true)
based on the policy (<sp:RequireSignatureConfirmation/>).
> - In the constructor of AbstractBindingBuilder, it initializes the signatures array property
with an empty array, and puts it in the message as follows:
> message.getExchange().put(WSHandlerConstants.SEND_SIGV, signatures)
> - In the TransportBindingHandler.handleEndorsingToken (line 300), it calls addSig, which
eventually calls the doSignature. However, the signature is never added to the signatures
array. (SymmetricBindingHandler and AsymmetricBindingHandler do a signatures.add)
> - As a result when the service response comes to the WSS4JInInterceptor, it calls checkSignatureConfirmation
in WSHandler, which retrieves the savedSignatures using
> List<byte[]> savedSignatures = 
>             (List<byte[]>) getProperty(reqData.getMsgContext(), WSHandlerConstants.SEND_SIGV);
> - This array is empty, since the signature was never added by TransportBindingHandler.
Therefore it throws the above exception.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message