cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hrvoje Slavicek (JIRA)" <>
Subject [jira] [Created] (CXF-7172) Error Validating Signed MTOM Message CXF 3.0.6 and up
Date Fri, 09 Dec 2016 09:51:58 GMT
Hrvoje Slavicek created CXF-7172:

             Summary: Error Validating Signed MTOM Message CXF 3.0.6 and up
                 Key: CXF-7172
             Project: CXF
          Issue Type: Bug
          Components: WS-* Components
    Affects Versions: 3.1.8, 3.0.6
            Reporter: Hrvoje Slavicek

As explained :

I created a simple web service using CXF that has MTOM enabled, it also expects a time stamp
and the body to be signed, it configured like this:

@ImportResource({ "classpath:META-INF/cxf/cxf.xml" })
public class CXFConfig {
    Bus cxfBus;
    MyService ws;

    public Endpoint endpoint() {
        EndpointImpl endpoint = new EndpointImpl(cxfBus, ws);
        SOAPBinding binding = (SOAPBinding)endpoint.getBinding();
        Map<String, Object> inProps = new HashMap<String, Object>();
        inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE+" "+WSHandlerConstants.TIMESTAMP);
        inProps.put(WSHandlerConstants.SIG_PROP_FILE, "");
        WSS4JInInterceptor inc = new WSS4JInInterceptor(inProps);
        return endpoint;
My Service Interface is:

public interface MyService {

    public String doStuff(@WebParam(name="FileData") MTOMMessage message) throws IOException;
My Data Type is:

public class MTOMMessage {

     @XmlElement(name = "data", required = true)
     protected DataHandler data;

     @XmlElement(name = "FileName", required = true)
     protected String fileName;
    //Getters and Setters
I then have a client to call it:

public static void main(String[] args) throws IOException {
    String xmlLoc = "classpath:com/avum/dasn/ws/test/client-context.xml";
    ClassPathXmlApplicationContext ctx = new ClassPathXmlApplicationContext(xmlLoc);
    MyService svc = ctx.getBean(MyService.class);
    MTOMMessage msg = new MTOMMessage();
    msg.setXmlData(new DataHandler(getURLForTestFile()));
The client-context.xml looks like this:

  <entry key="mtom-enabled" value="true"/>
    <bean class="">
               <entry key="action" value="Signature Timestamp"/>
               <entry key="signaturePropFile" value=""/>
               <entry key="user" value="ws-security" />
               <entry key="passwordCallbackClass" value=""/>
    <bean class="org.apache.cxf.interceptor.LoggingOutInterceptor" />
If I’m using CXF version 3.0.5 or lower this works fine. However if I use 3.0.6 or later
I get “A security error was encountered when verifying the message.”. On the server I’m
getting messages like “Couldn't validate the References”. This is because the server doesn’t
get the same DigestValue that comes across in the ds:DigestValue element.

I think it has something to do with the way MTOM message are handled by the server side code
because if I disable MTOM (on the client and server) then it works fine. I’m not sure how
to get this working in later versions of CXF. Does anyone have any ideas what I’m doing

This message was sent by Atlassian JIRA

View raw message