Announcement Announcement Module
Collapse
No announcement yet.
Wss4jSecurityInterceptor does not accept key-word "Token" any more Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Wss4jSecurityInterceptor does not accept key-word "Token" any more

    Hi,

    As of spring-ws-2.1 (2.1.0 & 2.1.1) the key-word "Token" is no longer accepted as a securementSignatureParts by the Wss4jSecurityInterceptor.
    This key-word was meant to add a signature reference to the BinarySecurityToken element generated during the same signature process.

    If you try to use this key-word, you now get a nice WSSecurityException, however to use of this key-word is still documented in the spring documentation, chapter 7.3.5.2. Signing Messages, as well as in the Wss4jSecurityInterceptor javadoc for the securementSignatureParts setter.

    This problem seem to come from the upgrade of apache wss4j from version 1.5 to 1.6, but the documentation for apache wss4j doesn’t looks to mention how to achieve the same kind of signature with the new version.

    Is there a way to have this kind of signature (signing the BinarySecurityToken) working again with spring-ws-2.1 ?

    For reference, here is our securityInterceptor configuration in the context file (which was working with spring-ws 2.0 and no longer with 2.1)

    Code:
        
    <bean id="securityInterceptor"
            class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
            <property name="securementActions" value="Timestamp Signature" />
            <property name="securementSignatureKeyIdentifier" value="DirectReference" />
            <property name="securementUsername"
                value="${infrahd.ws.client.security.securementUsername}" />
            <property name="securementPassword"
                value="${infrahd.ws.client.security.securementPassword}" />
            <property name="securementMustUnderstand" value="false" />
            <property name="securementSignatureCrypto">
                <bean
                    class="org.springframework.ws.soap.security.wss4j.support.CryptoFactoryBean">
                    <property name="keyStorePassword"
                        value="${infrahd.ws.client.security.keyStorePassword}" />
                    <property name="keyStoreLocation"
                        value="${infrahd.ws.client.security.keyStoreLocation}" />
                </bean>
            </property>
            <property name="securementSignatureParts"
                value="{}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;
                 {}{http://ServiceProvider.bouyguestelecom.fr/CommonTypes/Mediation/MsgHeader}msgHeader;
                 Token" />
        </bean>
    Thanks,

    Fred.
Working...
X