cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Giriraj Bhojak <girira...@gmail.com>
Subject Unable to verify signature with Apache CXF and WSS4J on Websphere Application Server 8.5
Date Sun, 23 Feb 2014 07:41:47 GMT
Hello,

I am pretty sure someone must have faced this issue earlier.
I have a cxf client deployed under a web-module A on WAS 8.5 with versions
as cxf 2.7.8 and a wss4j 1.6.13.
The service provider B is on Tomcat with similar configuration.
I had to set the class loader policy for web project to parent last and I
also disabled Websphere's JAXWS engine.
I have been able to send a message from A to B without any issues.
UserNameToken profile worked as well.
But when I send a signature from A to B, I keep getting following during
verification on the provider on tomcat:

[2/23/14 2:32:31:347 EST] 000000d1 webapp        E
com.ibm.ws.webcontainer.webapp.WebApp logServletError SRVE0293E: [Servlet
Error]-[WSClientServlet]: javax.xml.ws.soap.SOAPFaultException: The
signature or decryption was invalid
    at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:157)
    at com.sun.proxy.$Proxy476.getResponse(Unknown Source)
    at com.test.controller.WSClientServlet.doGet(WSClientServlet.java:67)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:575)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:668)
    at
com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1225)
    at
com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:775)
    at
com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:457)
    at
com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:178)
    at
com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1032)
    at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3761)
    at
com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:304)
    at
com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:975)
    at
com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1662)
    at
com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:195)
    at
com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:459)
    at
com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:526)
    at
com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:312)
    at
com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:283)
    at
com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
    at
com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
    at
com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
    at
com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
    at
com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
    at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
    at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
    at
com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
    at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
    at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1815)
Caused by: org.apache.cxf.binding.soap.SoapFault: The signature or
decryption was invalid
    at
org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:84)
    at
org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:51)
    at
org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:40)
    at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
    at
org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:113)
    at
org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
    at
org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
    at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
    at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:835)
    at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1612)
    at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1503)
    at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1310)
    at
org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:50)
    at
org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:223)
    at
org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
    at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:628)
    at
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
    at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
    at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:565)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)
    at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
    at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135)

Using in and out interceptors, I compared the outbound message on A and
inbound message on B.
Both are identical. So I am at a loss to understand why this does not work.
Using a unit test, I am able to send the same message with a signature and
the provider is able to verify the signature as well. There are no errors.
I am using X509 certificates.

I found the problem in the class
org.apache.jcp.xml.dsig.internal.dom.DOMSignatureMethod at method
verify(Key, SignedInfo, byte[], XMLValidateContext) from xmlsec-1.5.6.jar.
The call  'return signature.verify(sig); ' returns false.

I am not sure what went wrong when using the same client on Websphere.

Could someone please provide me assistance?

Thanks,
Giriraj.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message