Announcement Announcement Module
Collapse
No announcement yet.
XWSS Security Verification Error. Please help! Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • XWSS Security Verification Error. Please help!

    I am having problems sending and receiving signed messages. I get a Signature Verification Error. I have checked my truststore and keystore several times along with the configuration and I can't seem to find the issue. I have been trying for a couple of days. Can anyone help me. Here is my configurations

    Server:

    spring-ws-servlet.xml:

    <bean id="keyStoreHandler" class="org.springframework.ws.soap.security.xwss.c allback.KeyStoreCallbackHandler">
    <property name="trustStore" ref="trustStore"/>
    </bean>

    <bean id="trustStore" class="org.springframework.ws.soap.security.suppor t.KeyStoreFactoryBean">
    <property name="location" value="classpath:trust_store.jks"/>
    <property name="password" value="test"/>
    </bean>

    securityPolicy.xml:

    <xwss:SecurityConfiguration xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
    <xwss:RequireSignature requireTimestamp="false" />
    </xwss:SecurityConfiguration>




    Client:
    applicationContext.xml:
    <bean id="signMessageCallback" class="com.truewind.ws.SignMessageCallback">
    <constructor-arg value="securityPolicy.xml" />
    <constructor-arg>
    <bean
    class="org.springframework.ws.soap.security.xwss.c allback.KeyStoreCallbackHandler">
    <property name="keyStore">
    <bean class="org.springframework.ws.soap.security.suppor t.KeyStoreFactoryBean">
    <property name="location" ref="signatureKeyStoreFile"/>
    <property name="password" value="@{signature.keystore.password}"/>
    </bean>
    </property>
    <property name="defaultAlias" value="@{default.alias}"/>
    <property name="privateKeyPassword" value="@{privateKey.password}"/>
    </bean>
    </constructor-arg>
    <property name="soapAction" value="@{soap.action}" />
    </bean>

    securityPolicy.xml:
    <xwss:SecurityConfiguration dumpMessages="false" xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
    <xwss:Sign includeTimestamp="false" />
    </xwss:SecurityConfiguration>

    The soap message seems to contain the signature when I send it and when I receive it. Attached is the trust store and key store files I am using. The keystore has the X509 certificate key/pair. I exported the certificate and created created the trust store with the certificate in it. I am signing the message with the keystore and hoping the trust store will accept it. Instead I am getting the Security Verification Error.

    Can someone please help me figure out what I am doing wrong?

    Thanks
    Hisham

  • #2
    Can you please help me?

    I am stuck in a bad situation. I am 2 weeks late delivering a simple web service to my customer. I am stuck trying to accept a signed soap message.

    I have looked at the examples and the documentation and the forums with no luck. I think my issue may be in the securityPolicy.xml but I am not sure. For the server, I have the truststore configured to accept the certificate that is being sent. The client application is configured to pull the certificate from the keystore and include it in the Binary Security Token.

    From the log files I see the PEM that is added to the soap header and confirm that it is in the trust store. Yet, I keep getting Security Verification Error despite it all. My tech stack is:

    Tomcat 5.5.25
    JDK 1.6.0 on Mac
    Spring WS 1.0.3 and even tried 1.5.0-m1

    I would be deeply indebted to you if you could assist me.

    Thanks,
    Hisham

    Comment

    Working...
    X