Return-Path: X-Original-To: apmail-cxf-issues-archive@www.apache.org Delivered-To: apmail-cxf-issues-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 8C85BE2F5 for ; Tue, 12 Feb 2013 14:15:13 +0000 (UTC) Received: (qmail 62942 invoked by uid 500); 12 Feb 2013 14:15:13 -0000 Delivered-To: apmail-cxf-issues-archive@cxf.apache.org Received: (qmail 62898 invoked by uid 500); 12 Feb 2013 14:15:13 -0000 Mailing-List: contact issues-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list issues@cxf.apache.org Received: (qmail 62874 invoked by uid 99); 12 Feb 2013 14:15:13 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 12 Feb 2013 14:15:13 +0000 Date: Tue, 12 Feb 2013 14:15:13 +0000 (UTC) From: "Colm O hEigeartaigh (JIRA)" To: issues@cxf.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (CXF-4823) CXF - Rampart interoperability issue: order of signature and encrypted key elements in XML MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/CXF-4823?page=3Dcom.atlassian.j= ira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=3D135766= 29#comment-13576629 ]=20 Colm O hEigeartaigh commented on CXF-4823: ------------------------------------------ Have you tried changing the Rampart configuration so that "Encrypt" is befo= re "Signature"? Colm. =20 > CXF - Rampart interoperability issue: order of signature and encrypted k= ey elements in XML=20 > -------------------------------------------------------------------------= ------------------- > > Key: CXF-4823 > URL: https://issues.apache.org/jira/browse/CXF-4823 > Project: CXF > Issue Type: Bug > Components: WS-* Components > Reporter: Sergey > > We have a CXF web service secured with WS-Security. The problem is that A= xis2 client which uses Rampart module cannot handle response generated by C= XF. Rampart expects that xenc:EncryptedKey goes first, and ds:Signature is= next. CXF puts elements in the opposite order. The workaround is > to re-order actions in Axis2 config file: > {code:xml} > > > Encrypt Signature Timestamp > > > {code} > The question is: how to make CXF to change the order of signature and enc= rypted key elements in security header of the SOAP response to make it comp= atible with Axis2 clients? Since the order of action is the same in both Ax= is and CXF configuration files *Signature Encrypt Timestamp*, then it shoul= d work out of the box, shouldn't it ? > Response sample: > {code:xml} > > > > xmlns:wsu=3D"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-= wssecurity-utility-1.0.xsd" > soap:mustUnderstand=3D"1"> > > 2013-02-10T20:22:51.879Z > 2013-02-10T20:27:51.879Z > =20 > Id=3D"SIG-8"> > > > > > > > > > > otiRAVkSs777jSOZqqwBJlFILJo=3D > > > > > > > > wAJxVtTNvbPX6aHqrrX7/SOPplQ=3D > > > > Dy/OVbJOTr1lfqzbZCGxUlanJ0YKVmnyDV9F3Z1aJtB093rXffnKX35o4CxfWqVY/= k1COF1TG6mfDZ6nbd1PqM6Vlbk8hBL5iSUFZAKe6RgilD9nYZmWPl2KaLAVrHS66jdmczWGWUh/= 15YTWB1s8cyNbBSVrwcyKx9FlOgI3pY=3D > > > ValueType=3D"http://docs.oasis-open.org/wss/oasis-wss-soap-me= ssage-security-1.1#ThumbprintSHA1"> > 4ZQm/eQOxdcAHohj09+Uk4ex3Lw=3D > > > > Id=3D"EK-6029833839643E518513605277718755"> > > > > ValueType=3D"http://docs.oasis-open.org/wss/oasis-wss-soap-me= ssage-security-1.1#ThumbprintSHA1"> > mxCXzekKZqaJcrE3UmHFGOswTnI=3D > > > > > SQWm0I/90/iJUEDAts1jBPC4/W67aDTwrWGzZn1sYYRKyiFx/SxaGj3rtO3Nx85= 48I0e0ymfGN78ukjcytsUZHoABSNPmJb773Ou4r1l/S7oPqrGCW87A3OpFj3ri62u+iVP3c0u58= tnjdIyKXqyeuZTpjtRETlTviH7O4YyInk=3D > > > > > > > > http://service.resadapter.myidtravel.lhsystems.com/RESAdapterServiceP= ortType/getAvailabilityResponse > > urn:uuid:f8f2570d-cd35-404a-b413-e5322ca92d01 > > http://www.w3.org/2005/08/addressing/anonymous > > urn:uuid:65935AD1BEED993E3D1360527858578 > > wsu:Id=3D"id-7"> > Id=3D"ED-5" Type=3D"http://www.w3.org/2001/04/xmlenc#Content"> > > > xmlns:wsse11=3D"http://docs.oasis-open.org/wss/oasis-wss-wssecuri= ty-secext-1.1.xsd" > wsse11:TokenType=3D"http://docs.oasis-open.org/wss/oasis-wss-soap= -message-security-1.1#EncryptedKey"> > > > > > > hk6afclqW40YD/Lt91WdResuoUwzUwB9HYmcmmnMS2O3TdqOm7UC09l4h5Y2BCYoq= M6+eBw8C1aS3Pg8TCYVksfVDRUW8Oai5VT+Hk7ihs/ABE2xZBeo2h50Nnx1EGVhizJfm2Be37yy= JFz4i0MhI51Lto2LZvRppChyywe9GBdmxyC3+X+lM5cgSBRWPPi11KYgdNhcy6+FHaij5ZW4TjI= lbg98gNGaGq8/5tR2H0luYadEq02bzMj0Qqjqxze7ixND9n750+BM89amhsnOXWCAbN9DXBjvA5= 7qJSqmDRyyejUgj6srHV2n7VRMof75JpcmIdB0kfKMRPGXq0Jcd6LZIjjeG8+nit7HoJBRPk7VN= 3BO2A+5VZEjPW4Csb+4+KSx5+cmquIX+dxJvJ6M86iglkUVb+M+syekJffOVwOgFlZcZx54JL9O= 2VJIzsongff3KtYBg6Hxfhsx80ZfwTtH/6T8pf68rWF3MG6xSbP+cv6UjTegjQ/j84b7D2Gga5V= v5y+9c9PYlgpUIFX91Bx1RzmR+gkgEZ5EVG8OfhIlM6DGFyayXhSi0en4vpuRYu9qhOJKIgEjA7= egc2G6rH81RQhObp4p9m1mlJrBakiUzxzayMsYXbzPduXTXdU7q2gEo/ZzjABnD9VVUY5oyMIGc= lnNDCNOtrVnnKm3zsM2xYlMhjIxUdTSFGHJmZXbGeApkZUef/b69hXvy3d0d6MP0L5zQatECj8N= oOdIx5oJo26jsJId0wpPshkEAx+sgOu7Dnt+6sTnKg4zYQIKm4951d0nz9qP1bp3iWaRuid4oiZ= XfjBioqMom1teORmm1tEldTBen8Qa1p65y6sutb0D9B3E/j6ovHuaMs2J76+eU5q82N8fjkIPak= vElVMBlvHIrgnyiburB9iCRjaI9SBcPbIlS1N6HExcdJSoB4o+glQb54o0KwV57919HvaZKii7t= iIpDBMBPV7q3dyi5iXc0xYc7dFifwlxOyboH0ZlMBv2jmzo+sMZB7sN9BwAkJzRWKu9Bj44vZAq= BSWL3dLIyKWSzDFchOV7xu8BBREr2sJKk2v0eFlIFwO8rfAowpgt0JLex0txXqIRx8gMq94lrAj= quv4ADu91ImckDI8x7bURCax3O1YYA0un/oM5xH+kCuBk6dJNj+mUGOtM7qaJJEqGNpfMIIhoOC= nc2BVP8WIt7CMVHM71DxOCWBZkQPFH+HlNs8MilXxWUFEjOFF5Fao8Cx62erSK3JBauiCdeMzVV= yX8Xewwhg4pklYS/6fEpvovxgAt6DijH5cWfUDcwJIUMwY0JAMzC7uDB6kjTgYyphtcxHnS01xZ= ISJeLqpPn8XOoQW1V2eUpcrITFHFgXd+85uCnP+vfVS9Z0Uv/ZNmYDqOnm837Y7VRNb9NIlUlgb= 6HNFVUThhqm6w0QzYMT3Vc304sc4LrvL/kfrLtqVzQwAT8zoikyOEj3kUOUdehJNWu4/yvyxZsy= eQn436m/bPiZcYxQaN596VGRTOk8sYL5wDP7hWolBijswT9MFLb/lyK6fUinFc84pgq7gt8u7Mo= PWl4fxtzoMgyBvr85Rgtoyqopb0h+1XGcXd6rdC2JkEr3fCeM6M7CBAO/VycaLzDOkLW7TWlWEZ= DN/bQRGaV6QphY1l7qN3IpS8g1tnPSvbW0ots8OtLgyjIDidb6kPRKIzT16q8cTUuUZT8cO3NXM= aIOwfbEKPN928pkQF8V15Bma2KBdMCWN5jHmLmLJZGWhXVi/flgo86Eoy8GpCJmr5IowrDfYOZZ= Zbsw6m4bdTUsksDLpdXczlsY+8m6N1kQNwxXOJHbnbEb/e/qHAXmjgJ+fDVRjBd3MrJEZkcOf+b= KP7NGjbY8AQzUgpZ/RdOfJ19WlwpvfPPG9f3UbifcUBliDTHFD2igeal3IUBVgYaGzmsw1fzT+G= 5nip64MadaVAF33TTMqFgQ3Pm/U+f/f0jKnJ9DnV4eH/k9XQyyvpbm58wHwBauI99vqWmce9gRk= OwSc4X8eURM9I4ajCwod7iUUugbXvUegh9VckQncZPromBwL3R55RCPfj7XcbfjhSIrPbSbM+/T= gP+0yTnwdJogm6F26IlfoPbbxWBhjgaGOW8P42ytJupbnVZUzChaC1Xip6UHDaYdy6WOsoasbp2= LExY+LTmOrt/m1dy18z2DkO4nmlGBB8+KjjFh+7bD71a0shOoXImmW3paIudcDLMyhjUp0VfwXP= UwiQnmgBLqj0FEF3yvul5ptJvzq6ZYWJ293IOVZFbxKmhyJVYctl2EmfaPtEYUMak3QIntWYr6P= T5FRj2YBqiuhqsqOwA7CGSetbJ+9ArRd8JKZS5KEmsPlVloESzD7kwCjfkto+l+rb/dkDa5Bjk3= X29dQC/U9vyxb5YZ8zxAYNii67e+LhfpxoCkFi22WXjFPsmRctFwpIVuTgObObRAqAcwNwk5QGr= b9hNdCQZZ8RyVBx3T1m6k+5ZdRUkv9Vo/gdrh5WQa5oONa0J7e5jO/Ursim1/z86xbs0Wupu/90= XHRuAtmxBBbvCv6ja2DquhvUFldhPueW+B1Ltr11OlZZ9jrGwmfGlwr5Z83v/PK9+nOvai9ibbO= Ae9j02uZBurigBPMRo0lBtcqu2Pj90WlR00HHZ8gPuxhL5siPr9f5aPWaVoPJtbACA+ukQveq50= 94B59Ez2vEFf3fZySHqgqMXtP+E19chT32mkF/ggq9I84jKurvDlmRRlFt/D/UAqVpON3W/0+CI= 7CeJ2/70IWgvdPghCuu70/sGXnXLX7EpdAnzDSwuCdt1KU5ZXvWKyWH86pizkRXNx3drSsLYVz1= zbA5Y189aE4TvbYVvvxfxfe1CehLsJxzOmtmgu5fOUEEAyv6386PNPOBapsOW0Py46xpzAF9C9o= qG4T+FHukaJGnMhk/oLMwIpruWfJt5qV2ydhCgQcWDf/biTQUUomK6mo+Bs/KuShUo+z0Ki4Ybd= jtQtYhNeqJqFYMKUSmBVqf+Pm5e63SuxXUBNqAaJtF9k4ZeolYoTfIILuNBytuuk6a5BGNhJ3gl= +AKQBxFs8tjiharbLC0ckoECSheAPdb2OT7aCP5dxQfP5ovgRNQXIWlQJj7gxXQQjzIS3BcbaLe= gbi3VIt569bUiLT0wMnLgseBGmW9W+ue8pGEq/hqejgaaHn44qW7eNNwWojhSSjPq3FBQb0L3Oe= dyYPom/w/F62fFTpe1WxTr3xMFOMp0JtXnAMx+tJvW1pI04wqXaIzV8AdBBGMvqTtJZ0pVgtxI3= bBcIZP9ymIIIQ/odC96cZbM9ywVNknJHtptH0VUq2r0iWM62BHrSDYHJd+6rBwRQf9/LOk/JkVE= PfggKkYkVPGMix3DB3ZvNUGxjbuZO/ReT+1XktijvOJX5sCcGn/pFIWKIxepiB5dtZ5AJeNqrbn= c8asHb+bh5rPn/RkUCTcyEFCKGjgqpX5df9h+To0f5mkaTZP84g2dKDG+O08PojTdXr+QOHug5y= PlC1cABbpkpnUbqnpJAh+lWl48GugnoIZZTbTISeGOFPNy4wdRKWaoFNITTnuST+X8HLGsybQPH= hB0PaCDz8VKxq2gQw3rgNND78I6aLdNfaV9hZnOZuCX2qDNH34zXl4zCZd09r77mFQyCLO7lgQl= TUT+tt+8+VAe6yTje34xX7W3jreDoVjVeL/+rzJmS6geg0RCYjE5I8OScYbx3vDyy8ONP+w0TBy= hOqb8LHEqfHSjUki3rQ9/2KZHJhHt7ZZ7bMCVJdzlEZOh/SF8auL83FKLkMxv9kdH9b8noZMtZz= u1U7Q8j77J6kRx3wfJI3PCPzI7OOy7TN0w+/uqEwQSQ/LEqwdkBZKL9R68ngCKjxeIOEctqI0wc= 1fc/IwQ6iTZujYwdZNmMbiDKxM9gbklUOL4+iLrpmAOiaTXamAkrN7Xh29XGMvxtv7uC2derda0= LszlGejRJISAqX1vkPclLU1q5UEUB6CrF0ilPQ7fkuJVaL920ooOW2LZoXBvUJ1Kl1OvqoRbbfi= ZIWzNZXTujRcwOOo9mxbWt5YBiLZN84tBWySeDuSqeNX4dXOs2rFz7IVBgLQH//64hSCG4GIBs0= 0RElF8Fg/FqLg8wEowJA1OpZn49/j3Y9ZeNjGsBboRd7ZsOZjIY9w9Tn2wxpP3rXWMaKgUQkYU0= 3cHdiSefQO4qGgpbQq8CQrBMQY1ZahEVPVPP33BST8XgDB9wQh5E7r8BqeDTMSpYmaObCnv3xRQ= zvZ6SBtWtkco/XbkEPNgMleFu0e3Lte/PmsstvNABfGbA=3D=3D > > > > > {code} > Rampart configuration :=20 > {code:xml} > > > Signature Encrypt Timestamp > > > {code} > CXF configuration: > {code:xml} > > xmlns:xsi=3D"http://www.w3.org/2001/XMLSchema-instance" > xmlns:jaxws=3D"http://cxf.apache.org/jaxws" > xmlns:wsa=3D"http://cxf.apache.org/ws/addressing" > xsi:schemaLocation=3D"http://www.springframework.org/schema/beans htt= p://www.springframework.org/schema/beans/spring-beans.xsd > http://cxf.apache.org/jaxws http://cxf.apache.org= /schemas/jaxws.xsd > http://cxf.apache.org/ws/addressing http://cxf.ap= ache.org/schemas/ws-addr-conf.xsd"> > > > > > > > > > > id=3D"TimestampSignEncrypt_Request" > class=3D"org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> > > > > > > > > > > > id=3D"TimestampSignEncrypt_Response" > class=3D"org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > {code} -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrato= rs For more information on JIRA, see: http://www.atlassian.com/software/jira