cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CXF-4587) Signature Confirmation does not work with TransportBinding and EndorsingSupportingToken
Date Mon, 22 Oct 2012 08:38:13 GMT

     [ https://issues.apache.org/jira/browse/CXF-4587?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Colm O hEigeartaigh updated CXF-4587:
-------------------------------------

    Affects Version/s: 2.5.6
                       2.7.0
        Fix Version/s: 2.7.1
                       2.6.4
                       2.5.7
    
> Signature Confirmation does not work with TransportBinding and EndorsingSupportingToken
> ---------------------------------------------------------------------------------------
>
>                 Key: CXF-4587
>                 URL: https://issues.apache.org/jira/browse/CXF-4587
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.6.2, 2.5.6, 2.7.0
>            Reporter: Sunil Bapat
>            Assignee: Colm O hEigeartaigh
>            Priority: Minor
>             Fix For: 2.5.7, 2.6.4, 2.7.1
>
>         Attachments: patch.txt
>
>
> This is based on the discussion in http://cxf.547215.n5.nabble.com/TransportBinding-and-SignatureConfirmation-td5715655.html.

> Signature Confirmation does not work on the client side, when the web service is secured
by TransportBinding with EndorsingSupportingToken. 
> The response from the server contains a Signature Confirmation element, and the response
fails with the error:
> Received a SignatureConfirmation element, but there are no stored signature values
> Debugging through the CXF code, here's what is happening:
> - After configuring the client, the WSS11Builder calls setRequireSignatureConfirmation(true)
based on the policy (<sp:RequireSignatureConfirmation/>).
> - In the constructor of AbstractBindingBuilder, it initializes the signatures array property
with an empty array, and puts it in the message as follows:
> message.getExchange().put(WSHandlerConstants.SEND_SIGV, signatures)
> - In the TransportBindingHandler.handleEndorsingToken (line 300), it calls addSig, which
eventually calls the doSignature. However, the signature is never added to the signatures
array. (SymmetricBindingHandler and AsymmetricBindingHandler do a signatures.add)
> - As a result when the service response comes to the WSS4JInInterceptor, it calls checkSignatureConfirmation
in WSHandler, which retrieves the savedSignatures using
> List<byte[]> savedSignatures = 
>             (List<byte[]>) getProperty(reqData.getMsgContext(), WSHandlerConstants.SEND_SIGV);
> - This array is empty, since the signature was never added by TransportBindingHandler.
Therefore it throws the above exception.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message