Announcement Announcement Module
Collapse
No announcement yet.
Problems Signing Messages Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Problems Signing Messages

    Hello,

    I am working with Spring-WS 1.5.0-m2 and am trying to send a Signed message from my client with a UsernameToken. I am using the XwsSecurityInterceptor for both the client and the service. I have successfully got the UsernameToken authentication working but when I try to Sign the message and send it to the server I get the error message below, on the client side.
    I am not an expert by any means when it comes to certificates, etc but I have carefully followed the reference manual and I cannot find where I have made a mistake. Does anyone have any idea what the problem might be? I have pasted my security policy file and spring configuration below the error message. If anyone has any idea I would be greatful for the help. Thanks.


    Feb 19, 2008 4:03:09 PM org.springframework.ws.soap.security.AbstractWsSec urityInterceptor handleSecurementException
    SEVERE: Could not secure response: com.sun.xml.wss.XWSSecurityException: java.lang.NullPointerException: signingKey cannot be null; nested exception i
    s com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.XWSSecurityException: java.lang.NullPointerException: signingKey cannot be null
    org.springframework.ws.soap.security.xwss.XwsSecur itySecurementException: com.sun.xml.wss.XWSSecurityException: java.lang.NullPointerException: signin
    gKey cannot be null; nested exception is com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.XWSSecurityException: java.lang.NullPointerException: s
    igningKey cannot be null
    at org.springframework.ws.soap.security.xwss.XwsSecur ityInterceptor.secureMessage(XwsSecurityIntercepto r.java:135)
    at org.springframework.ws.soap.security.AbstractWsSec urityInterceptor.handleRequest(AbstractWsSecurityI nterceptor.java:175)
    at org.springframework.ws.client.core.WebServiceTempl ate.doSendAndReceive(WebServiceTemplate.java:474)
    at org.springframework.ws.client.core.WebServiceTempl ate.sendAndReceive(WebServiceTemplate.java:434)
    at org.springframework.ws.client.core.WebServiceTempl ate.marshalSendAndReceive(WebServiceTemplate.java: 295)
    at org.springframework.ws.client.core.WebServiceTempl ate.marshalSendAndReceive(WebServiceTemplate.java: 283)
    at org.springframework.ws.client.core.WebServiceTempl ate.marshalSendAndReceive(WebServiceTemplate.java: 275)
    at com.amfam.policyservice.Client.main(Client.java:52 )
    Caused by: com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.XWSSecurityException: java.lang.NullPointerException: signingKey cannot be null
    at com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.sec ureOutboundMessage(XWSSProcessor2_0Impl.java:98)
    at org.springframework.ws.soap.security.xwss.XwsSecur ityInterceptor.secureMessage(XwsSecurityIntercepto r.java:131)
    ... 7 more
    Caused by: com.sun.xml.wss.XWSSecurityException: java.lang.NullPointerException: signingKey cannot be null
    at com.sun.xml.wss.impl.dsig.SignatureProcessor.sign( SignatureProcessor.java:328)
    at com.sun.xml.wss.impl.filter.SignatureFilter.proces s(SignatureFilter.java:313)
    at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy( HarnessUtil.java:83)
    at com.sun.xml.wss.impl.HarnessUtil.processDeep(Harne ssUtil.java:237)
    at com.sun.xml.wss.impl.SecurityAnnotator.processMess agePolicy(SecurityAnnotator.java:162)
    at com.sun.xml.wss.impl.SecurityAnnotator.secureMessa ge(SecurityAnnotator.java:137)
    at com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.sec ureOutboundMessage(XWSSProcessor2_0Impl.java:96)
    ... 8 more

    Code:
    <!-- Security Policy File -->
    <?xml version="1.0" encoding="UTF-8"?>
    <xwss:SecurityConfiguration xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">	
    	<xwss:Sign id="signature">
    		<xwss:X509Token certificateAlias="mykey"/>
    	</xwss:Sign>
    	<xwss:UsernameToken useNonce="true"	digestPassword="true" />
    </xwss:SecurityConfiguration>
    Code:
    <!-- Spring client configuration -->
    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
    
    	<bean id="policyService"
    		class="org.springframework.ws.client.core.WebServiceTemplate">
    		<property name="defaultUri"
    			value="http://localhost:8081/PolicyService/ws/PolicyService" />
    		<property name="marshaller" ref="jibxMarsheller" />
    		<property name="unmarshaller" ref="jibxMarsheller" />
    		<property name="faultMessageResolver">
    			<bean
    				class="com.amfam.policyservice.SaveFaultMessageResolver">
    				<property name="unmarshaller" ref="jibxMarsheller" />
    			</bean>
    		</property>
    		<property name="interceptors">
    			<list>
    				<ref bean="wsSecurityInterceptor" />
    			</list>
    		</property>
    	</bean>
    
    	<!-- Marshellers and Unmarshellers for PolicyService binding file -->
    
    	<!-- The targetClass is used to locate the binding file to be loaded. Once the file is loaded all classes defined
    		in the binding file are loaded. Therefore, only one jibx marsheller needs to be defined per binding file. -->
    	<bean id="jibxMarsheller"
    		class="org.springframework.oxm.jibx.JibxMarshaller">
    		<property name="targetClass"
    			value="com.amfam.policyservice.model.Save" />
    	</bean>
    
    	<!-- WS-Security Interceptor -->
    	<bean id="wsSecurityInterceptor"
    		class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor">
    		<property name="policyConfiguration"
    			value="classpath:securityPolicy.xml" />
    		<property name="callbackHandlers">
    			<list>
    				<ref bean="usernamePasswordHandler" />
    				<ref bean="signatureKeyStoreHandler" />				
    			</list>
    		</property>
    	</bean>
    
    	<!-- Authentication CallbackHandler -->
    	<bean id="usernamePasswordHandler"
    		class="org.springframework.ws.soap.security.xwss.callback.SimpleUsernamePasswordCallbackHandler">
    		<property name="username" value="swanjr" />
    		<property name="password" value="1234" />
    	</bean>
    	
    	<!-- KeyStoreCallbackHandler -->
    	<bean id="signatureKeyStoreHandler"
    		class="org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler">
    		<property name="keyStore" ref="keyStore" />
    		<property name="privateKeyPassword" value="123456" />
    	</bean>
    
    	<!-- Signature Keystore -->
    	<bean id="keyStore"
    		class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean">
    		<property name="location" value="classpath:keystore.jks" />
    		<property name="password" value="234567" />
    	</bean>
    </beans>

  • #2
    Try to define your alias on your 'signatureKeyStoreHandler':
    Code:
    <bean id="signatureKeyStoreHandler" class="org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler">
    	<property name="keyStore" ref="keyStore"></property>
    	<property name="privateKeyPassword" value="123456"></property>
    	<property name="defaultAlias" value="mykey"></property>
    </bean>
    instead in your security policy file.

    Comment


    • #3
      Still not working

      I declared my alias in the spring context file instead of the security policy file but I get the same error. Thanks for the reply, though.

      Comment


      • #4
        Solved

        I figured out what the problem was. I mistakenly created the certificate in the truststore on the service side and exported it to the keystore on the client side instead of the other way around. Thanks for the help.

        Comment

        Working...
        X