Announcement Announcement Module
Collapse
No announcement yet.
security policy configuration. Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • security policy configuration.

    I'm getting an error trying to run a test case against a simple webservice where I'm trying to turn on signing security.

    "INFO: 2007-11-04 19:14:54,370 WARN [org.springframework.ws.soap.security.xwss.XwsSecur ityInterceptor] - Could not validate request: com.sun.xml.wss.XWSSecurityException: Message does not conform to configured policy (found Signature) : Additional security than required found"

    On the client side, I am using <xwss:Sign includeTimestamp="false" />
    in the policy file. The soap message is coming out with the signature. I'm outputting the soap message from the server and it looks ok (if anyone cares to look at it):

    Code:
    <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
    	<SOAP-ENV:Header>
    		<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
    			SOAP-ENV:mustUnderstand="1">
    			<wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
    				EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
    				ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
    				wsu:Id="XWSSGID-1194221692635-1999714895">
    				MIICzjCCAbagAwIBAgIERy5FijANBgkqhkiG9w0BAQUFADApMQswCQYDVQQGEwJVUzEaMBgGA1UE
    				AwwRY29tLnNjZC53cy5jbGllbnQwHhcNMDcxMTA0MjIxOTUzWhcNMTAxMTAzMjIxOTUzWjApMQsw
    				CQYDVQQGEwJVUzEaMBgGA1UEAwwRY29tLnNjZC53cy5jbGllbnQwggEiMA0GCSqGSIb3DQEBAQUA
    				A4IBDwAwggEKAoIBAQCurt6+1+Z5ufZHwkRvui2p2gtKevhsPqdDo/QXnRKVtK6E90ggZiKGe2au
    				nC+NZULvlc8cxZB0v3T1mGBrmlveFUytEGeG9mge/UMvj4zc9PCQrLB45x9V+QkboswiSN0a8Hra
    				wmMpDp9hQFcSSdbHOi3k4vYuGFY94QRiWh0nQJD3fQL8kn0QJp6x0mZj9VU4z5Ae8Xs2iSNLyJ/H
    				yMcn1Y1jhJSg5Zi698jcNsQOUExSNt7OWzoRczjveeyUIis+GhOYE6Ilwqtk0U+AnZ08DlH+hF1z
    				ilBxPcqrskgzQV2quwUw2s3dpi0BxdE0QcdhhsNHDPYT3eI+mcbLQla/AgMBAAEwDQYJKoZIhvcN
    				AQEFBQADggEBAFMjGFwmU/pQMTv9OYU87dBdjyEkdDufON/rkQTc28XcjKzwmS8xrRKnxdcmrrZ1
    				qHz04VviQVt/4ANNfVlRa6AX0HUEaMloh6Tw/NqiYAZhgtHXtNodB8bmyTgcS3KvU7DV0m6rp17u
    				LtYgQDBJEDEDIt8aQj63g0V0be7je5L4ns1FKba1MeaQ2570mCx5S/GiA0byvQ9orSlyY+78hyXe
    				ONIlV+0jacaDF7lX3xhC2BKUtrNrOfk2lpWzwq9VPhI4Qbv9BIq1QfmGMauI3/nFgBzatTxr9ULS
    				b1sgBa2GPnaeJdB+qgmo+SRIV3PxITN6QwcZ9nDZyaPsVz1SKXE=
    			</wsse:BinarySecurityToken>
    			<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    				<ds:SignedInfo>
    					<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
    					<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
    					<ds:Reference URI="#XWSSGID-1194221692652-1805862999">
    						<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
    						<ds:DigestValue>pWz6A5c6B4RqLH4a3dSEDYFmT5g=</ds:DigestValue>
    					</ds:Reference>
    				</ds:SignedInfo>
    				<ds:SignatureValue>
    					gDqh1ByYf1h/L3Pl9pgewoQzXMUZCVzgFNiajXc0OotkqsonHMeOIBUnyOlpPSCvyiz7dEnKrw+N
    					URBY5EViB2BOP5z4t179UIxsk8ptPNqp2I90JD3WfnZphlfbLIEj4PPoEBjYMCJRP/QKYmzCKbFl
    					xrHoE5viwLzdY9GOfdAdM5qTZL1ZVoump3EAkNC8CwjlNjNK5QFkOKvu0AoBLu6jWUq0IcoBDXHn
    					fKem6/cZGM8xgaNd/Wox4fEH4SxNaZpGti4VnylN3hQTiA4YqD/Looi7HIOzxY+HPYYFdnkd4YeT GzQl6WSlFhzwd+rr17nQxCthiiP+dcvVGaRIAQ==
    				</ds:SignatureValue>
    				<ds:KeyInfo>
    					<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
    						wsu:Id="XWSSGID-1194221692633-660378838">
    						<wsse:Reference URI="#XWSSGID-1194221692635-1999714895"
    							ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
    					</wsse:SecurityTokenReference>
    				</ds:KeyInfo>
    			</ds:Signature>
    		</wsse:Security>
    	</SOAP-ENV:Header>
    	<SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
    		wsu:Id="XWSSGID-1194221692652-1805862999">
    			<!-- BODY DETAILS GOES HERE -->
    	</SOAP-ENV:Body>
    </SOAP-ENV:Envelope>

    On the server side I have <xwss:RequireSignature requireTimestamp="false" /> in the policy file.

    What am I missing?

  • #2
    Seems OK, or at least identical to the stuff I have in the WS-security unit tests. Try asking in the XWSS mailing lists, see https://xwss.dev.java.net/servlets/P...ailingListList. They are pretty helpful.

    Comment


    • #3
      &quot;Additional security than required found&quot; error

      I have the same problem and have posted to xwss.dev.java.net as suggested by Arjen. If anybody has a solution for this, I would like to hear it.

      My request:
      Code:
      <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
        <SOAP-ENV:Header>
          <wsse:Security
            xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
            SOAP-ENV:mustUnderstand="1">
            <wsse:BinarySecurityToken
              xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
              EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
              ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
              wsu:Id="XWSSGID-1244653352022614773950"
              xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
              MIIC/jCCAmegAwIBAgICAR4wDQYJKoZIhvcNAQEFBQAwgZgxCzAJBgNVBAYTAlVTMREwDwYDVQQI
              EwhWaXJnaW5pYTERMA8GA1UEBxMIU3RlcmxpbmcxEzARBgNVBAoTCkhSV29yWCBMTEMxEjAQBgNV
              BAsTCUNvcnBvcmF0ZTEWMBQGA1UEAxMNSFJXb3JYIFJvb3RDQTEiMCAGCSqGSIb3DQEJARYTc2Vj
              dXJpdHlAaHJ3b3J4LmNvbTAeFw0wOTA2MDgxNjMwMDRaFw0xMDA2MDgxNjMwMDRaMHMxCzAJBgNV
              BAYTAlVTMREwDwYDVQQIEwhWaXJnaW5pYTERMA8GA1UEBxMIU3RlcmxpbmcxEzARBgNVBAoTCkhS
              V29yWCBMTEMxEjAQBgNVBAsTCUNvcnBvcmF0ZTEVMBMGA1UEAxMMaHJ3b3J4Y2xpZW50MIGfMA0G
              CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCg+PXCkcmGSSd1TVDAHG4PJirTsISF/lU4a9OIMfJ+Y2/j
              VN9i1GAPwdP2znqx/kHZfC5pgvuyKs2Z7jkSek7wOybpMhIJIDyNFE0QsjLh7obOYi2Re+tJS4bq
              5iu5kjxPNhWKckb1Wq1t+VvUMKqr4QJCf6ijWMw7e7fJhK+AeQIDAQABo3sweTAJBgNVHRMEAjAA
              MCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU
              63CqMDkG2dsJuBajeePf2MJGmukwHwYDVR0jBBgwFoAUsa1+p800toyDK8gBK3VQy5HyJyowDQYJ
              KoZIhvcNAQEFBQADgYEAH7jyy2Y+l2Q09OdZiLaCxl9ErsPf9uOcfbIAjDzxtb8B1thoQvncxz/B
              J2yGOFJIt9Iq9AXeSKzp63Ril5G0l6wDxL8wE8CNddauKDfUJ/aRouUpTVbGylZ4/kPEWOnT031O
              +hXRYakLk4yeqIVvFICBu0CRJh9U6lNaVCCMlbc=
            </wsse:BinarySecurityToken>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
              <ds:SignedInfo>
                <ds:CanonicalizationMethod
                  Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                <ds:SignatureMethod
                  Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                <ds:Reference URI="#XWSSGID-1244653353166435706421">
                  <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                  <ds:DigestValue>57wKFIJFhu8ULRCWxCVw+qlzNI4=
                  </ds:DigestValue>
                </ds:Reference>
              </ds:SignedInfo>
              <ds:SignatureValue>
                ekEMQOoPWfJ1e12rE2g8QmVufFebx2GA0eoSmmBjRX2BwnLO0LngPi4R7PTQANHU1V4jD4YVyZwm
                4cEWcS02BuFQFawshi3PkjlZ3fdRIgIRVeYNxQskCCvrZVD9PpJ1vZBKYyiXVdo9l1kkzhAOhXcP
                id/K10mCqFYPjPw0IXI=</ds:SignatureValue>
              <ds:KeyInfo>
                <wsse:SecurityTokenReference
                  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
                  wsu:Id="XWSSGID-1244653353122-578847870">
                  <wsse:Reference URI="#XWSSGID-1244653352022614773950"
                    ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
                    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" />
                </wsse:SecurityTokenReference>
              </ds:KeyInfo>
            </ds:Signature>
          </wsse:Security>
        </SOAP-ENV:Header>
        <SOAP-ENV:Body
          xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
          wsu:Id="XWSSGID-1244653353166435706421">
        ... my body details ...
        </SOAP-ENV:Body>
      </SOAP-ENV:Envelope>

      Comment

      Working...
      X