Announcement Announcement Module
Collapse
No announcement yet.
WSS4J - binary security token problem Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • WSS4J - binary security token problem

    Hello,
    I'm using this environment:
    • JDK 1.4.2_19
    • Spring 2.5.6
    • spring-ws 1.5.9
    • wss4j-1.5.12
    • xmlsec 1.4.7
    This is my spring-ws configuration
    Code:
    <bean id="messageFactory" class="org.springframework.ws.soap.saaj.SaajSoapMessageFactory">
    <bean id="wss4jSecurityInterceptor"
    		class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
    		<property name="securementActions" value="Timestamp Signature"  />
    		<property name="securementUsername" value="mykey" />
    		<property name="securementPassword" value="changeit" />
    		<property name="securementSignatureCrypto">
    		       <bean class="org.springframework.ws.soap.security.wss4j.support.CryptoFactoryBean">
    		    	<property name="keyStorePassword" value="changeit" />
    		      	<property name="keyStoreLocation" value="classpath:/cacerts" />
    		      	<property name="keyStoreType" value="JKS" />
    		      	<property name="defaultX509Alias" value="mykey" />
    		    </bean>
    		</property>
    		<property name="securementSignatureKeyIdentifier" value="DirectReference" />
      		<property name="securementSignatureParts" value="{}{http://schemas.xmlsoap.org/soap/envelope/} Body"/>
    </bean>
    By using this simple code:
    Code:
    getWebServiceTemplate().marshalSendAndReceive(uri, request);
    the generated SOAP request is (tcpmonitor)
    Code:
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
        xmlns:xsd="http://www.w3.org/2001/XMLSchema"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <soapenv:Header>
            <wsse:Security
                xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
                mustUnderstand="0" actor="" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
                soapenv:mustUnderstand="1">
                <wsse:BinarySecurityToken
                    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
                    EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
                    ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
                    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
                    wsu:Id="CertId-CFC4AC8C1036FD76D213667016886331"
                    >MIIFDzCCA/egAwIBAgIBATANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJJVDEQMA4GA1UECgwHRGlnaXRQQTEuMCwGA1UECwwlU2Vydml6aSBkaSBTaWN1cmV6emEgZSBDZXJ0aWZpY2F6aW9uZTETMBEGA1UEAwwKU1BDb29wIENBMTAeFw0xMTAxMjQxMDA4MzJaFw0yMTAxMjQxMTA4MzJaMGQxCzAJBgNVBAYTAklUMRAwDgYDVQQKDAdEaWdpdFBBMS4wLAYDVQQLDCVTZXJ2aXppIGRpIFNpY3VyZXp6YSBlIENlcnRpZmljYXppb25lMRMwEQYDVQQDDApTUENvb3AgQ0ExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2m4X6yIFLSX316QSjdVDWivMDHaLY2KTKE3AlmKMTqkv2WLELg9OMJQvQETbr1FPWXrmeCzktusSuJ0vWn0s6JQjdVQeBykeb1+EUiFZPNFXDMUIP9Z1Lq6JSanwWjGZigmGxEEfp46qYQsHi8oZoJHGATKVfEn15BpJJ1BEhXK7UQ353mrQoftYlcXySjLiRt0shugigsoPoRMtEjA2o401J7zb/wKkcmLyhRPTp+Nh3pIz0pObBkq11ScltdwNgUXPy+h5cq/l7CYIToVYKiT7WR3mldmTN+OipO7PDN25oGcotbmuApTrchv2sj8+gz7KawLXY6bYlqK9d7JmQIDAQABo4IByjCCAcYwDwYDVR0TAQH/BAUwAwEB/zBNBgNVHSAERjBEMEIGBitMEAMEATA4MDYGCCsGAQUFBwIBFipodHRwOi8vY2EuU1BDb29wLmdvdi5pdC9DUFMvU1BDb29wX0NQUy5odG0wgaMGA1UdHwSBmzCBmDCBlaCBkqCBj4aBjGxkYXA6Ly9sZGFwY2EyLnNwY29vcC5nb3YuaXQvY24lM0RTUENvb3AlMjBDQTEsb3UlM0RTZXJ2aXppJTIwZGklMjBzaWN1cmV6emElMjBlJTIwY2VydGlmaWNhemlvbmUsbyUzRERpZ2l0UEEsQyUzRElUP2F1dGhvcml0eVJldm9jYXRpb25MaXN0MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUC+EvY8gCZUQeAL3pkYpDzrNvXhkwgY4GA1UdIwSBhjCBg4AUC+EvY8gCZUQeAL3pkYpDzrNvXhmhaKRmMGQxCzAJBgNVBAYTAklUMRAwDgYDVQQKDAdEaWdpdFBBMS4wLAYDVQQLDCVTZXJ2aXppIGRpIFNpY3VyZXp6YSBlIENlcnRpZmljYXppb25lMRMwEQYDVQQDDApTUENvb3AgQ0ExggEBMA0GCSqGSIb3DQEBBQUAA4IBAQCvVCh1GgYQU3nryxw6LMoBeCxXnwhJPQUbIkLErmhXu53ZJi8SznGj+etVXXyYtPcigzL6YA4N+VEe4XDorCz/Vr98azRbRwFUEUhuw5zKS8r/KCgYB9vohVMX5H5ReEQji0rDDeTL2UJQJTTOU6HBI3Z154q8BD3jNONQr0IszqOFCbc8/jOkztxX6jtmcGN61wRgLVQzZKUdAkGoR8Q5DRMNwdmdOsycFRZtdcnWI4y562IXKZicfwLFIyJC7Y703h/KUEXek4MVcpOkgNIkWuPZb5w2gmZHqfcF1uXK5pDUKR1WU0qCWOo2cR58LMIunuss1X0RSWfrHTENPcQl</wsse:BinarySecurityToken>
                <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-2">
                    <ds:SignedInfo>
                        <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                        <ds:Reference URI="#id-3">
                            <ds:Transforms>
                                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                            </ds:Transforms>
                            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                            <ds:DigestValue/>
                        </ds:Reference>
                    </ds:SignedInfo>
                    <ds:SignatureValue/>
                    <ds:KeyInfo Id="KeyId-CFC4AC8C1036FD76D213667016886422">
                        <wsse:SecurityTokenReference
                            xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
                            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
                            wsu:Id="STRId-CFC4AC8C1036FD76D213667016886433">
                            <wsse:Reference
                                xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
                                URI="#CertId-CFC4AC8C1036FD76D213667016886331"
                                ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
                            />
                        </wsse:SecurityTokenReference>
                    </ds:KeyInfo>
                </ds:Signature>
                <wsu:Timestamp
                    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
                    wsu:Id="Timestamp-1">
                    <wsu:Created>2013-04-23T07:21:28.628Z</wsu:Created>
                    <wsu:Expires>2013-04-23T07:26:28.628Z</wsu:Expires>
                </wsu:Timestamp>
            </wsse:Security>
        </soapenv:Header>
        <soapenv:Body
            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
            wsu:Id="id-3">
            <sch:getAssistibileInAnagrafe xmlns:sch="http://www.nsisr.puglia.it/Schemas/">
                <request xmlns="">
                    <codAssistito xmlns="">personalCode</codAssistito>
                    <dataRiferimento xmlns="">12/12/2010</dataRiferimento>
                </request>
            </sch:getAssistibileInAnagrafe>
        </soapenv:Body>
    </soapenv:Envelope>
    The problem is that I need to add some custom elements in the SOAP Header; I'm adding them by using this code:
    Code:
    getWebServiceTemplate().marshalSendAndReceive(uri, request, new WebServiceMessageCallback() {
    	public void doWithMessage(WebServiceMessage message) throws IOException, TransformerException {
    	        String xmlns1 = "http://www.nsisr.puglia.it/Schemas/";
    		String xmlns2 = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
    		String xmlnsAddressing = "http://www.w3.org/2005/08/addressing";
    
    		SoapMessage soapMessage = (SoapMessage) message;
    		SoapHeader soapHeader = SoapMessage.getEnvelope().getHeader();//soapMessage.getSoapHeader();
    							DOMResult result = (DOMResult) soapHeader.getResult();
    							Node n = result.getNode();
    							NodeList nodi = n.getChildNodes();
    							for (int i = 0; i < nodi.getLength(); i++) {
    								
    								Node nodo = nodi.item(i);
    								logger.info("nodo.getNodeName() "+nodo.getNodeName()+" nodo.getNodeValue() "+nodo.getNodeValue());
    							}
    							Element attributiAutorizzativi = n.getOwnerDocument().createElementNS(xmlns1, "attributiAutorizzativi");
    
    							...
    							n.appendChild(attributiAutorizzativi);
    
    							Element to = n.getOwnerDocument().createElementNS(xmlnsAddressing, "To");
    							to.appendChild(n.getOwnerDocument().createTextNode("http://lnx04svim:9090/nsisr/AssistibileInAnagrafeService"));
    .........							
    						}
    					});
    
    By using the listed code in the generated SOAP request I no more find the BinarySecurityToken and all the security information; the message is something like this one:
    Code:
    <soapenv:Envelope ....>
        <soapenv:Header>
            <wsse:Security
                xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
                xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" soapenv:mustUnderstand="1">
                <wsu:Timestamp
                    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
                    wsu:Id="Timestamp-1">
    ....
                </wsu:Timestamp>
            </wsse:Security>
            <ns1:attributiAutorizzativi Id="attributiAutorizzativi" soapenv:mustUnderstand="0"
                xmlns:ns1="http://www.nsisr.puglia.it/Schemas/">
    .....
            </ns1:attributiAutorizzativi>
            <ns2:To Id="tagTo" soapenv:mustUnderstand="0"
                xmlns:ns2="http://www.w3.org/2005/08/addressing"
                >http://lnx04svim:9090/nsisr/AssistibileInAnagrafeService</ns2:To>
            .....
        </soapenv:Header>
    ...
    </soapenv:Envelope>
    As you can see in the SOAP Header I no more have the BinarySecurityToken. Does anybody know why I lose this information? Any tips?
    Thanks
    Last edited by relax; Apr 24th, 2013, 02:28 AM.
Working...
X