ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marcin.Markiew...@fiducia.de
Subject Compatibility problems with the TokenType in the SecurityTokenReference element between wss4j1.5 and 1.6.0
Date Thu, 19 May 2011 14:00:08 GMT


Hello,

we are slowly migrating our project from wss4j 1.5.7 to wss4j 1.6.0 (and
later 1.6.1 when it will support CRL check). If our client and server are
both using the same version, then all works fine. But if there are
differences (ex. server at 1.5.7, client with 1.6.0), then wss4j 1.6.0
throws an exception while executing the "processSecurityHeader" method: "An
invalid security token was provided (Bad TokenType "")".
If I look in the messages, I can see just one relevant difference: 1.6.0
writes the attribute "wsse11:TokenType="..."" into the
SecurityTokenReference element, while 1.5.7 doesn't. The concerned line is
marked with "--->>>":
wss4j1.5:
---
...
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
 soapenv:mustUnderstand="1">
	<wsse:BinarySecurityToken ...>...</wsse:BinarySecurityToken>
	<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
Id="Signature-9">
		<ds:SignedInfo>...</ds:SignedInfo>
		<ds:SignatureValue>...</ds:SignatureValue>
		<ds:KeyInfo Id="KeyId-92E7CECF9963FFCEA413058113612858">
			<wsse:SecurityTokenReference
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
 wsu:Id="STRId-92E7CECF9963FFCEA413058113612859">
				<wsse:Reference
URI="#CertId-92E7CECF9963FFCEA413058113612847"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1"/>
			</wsse:SecurityTokenReference>
		</ds:KeyInfo>
	</ds:Signature>
</wsse:Security>
...
---

wss4j 1.6.0:
---
...
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"

xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
 soapenv:mustUnderstand="1">
	<wsse:BinarySecurityToken ...>...</wsse:BinarySecurityToken>
	<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
Id="SIG-6">
		<ds:SignedInfo>...</ds:SignedInfo>
		<ds:SignatureValue>...</ds:SignatureValue>
		<ds:KeyInfo Id="KI-F274414FEBA072C84313058113504242">
			<wsse:SecurityTokenReference
xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"

 --->>>
wsse11:TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1"

			     wsu:Id="STR-F274414FEBA072C84313058113504263">
				<wsse:Reference
URI="#X509-F274414FEBA072C84313058113504161"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1"/>
			</wsse:SecurityTokenReference>
		</ds:KeyInfo>
	</ds:Signature>
</wsse:Security>
...
---

The problem is, that 1.6 apparently requires this attribute to be there. Or
can I tell 1.6 (per configuration/programmaticaly) that it should handle
this Element the old way?
The compatibility between 1.5.x and 1.6 is unfortunatly a must have. There
are some other houses that are using their software based on 1.5.x and they
must be allowed to communicate with us. 1.5.7 has no problems zu understand
the messages secured by wss4j 1.6.0. Only the other way makes us some
trouble.
Is there a workaround? Or is it a bug and I should register it in JIRA?

Many greetings,
Marcin Markiewicz



----------------------------------------------------------------------------------------------------------------------------------------------


Fiducia IT AG
Fiduciastra├če 20
76227 Karlsruhe

Sitz der Gesellschaft: Karlsruhe
AG Mannheim HRB 100059

Vorsitzender des Aufsichtsrats: Gregor Scheller
Vorsitzender des Vorstands: Michael Krings
Stellv. Vorsitzender des Vorstands: Klaus-Peter Bruns
Vorstand: Jens-Olaf Bartels, Hans-Peter Straberger

Umsatzsteuer-ID.Nr. DE143582320, http://www.fiducia.de
----------------------------------------------------------------------------------------------------------------------------------------------

Mime
View raw message